Download Print this page

H3C S3600 Series Operation Manual

H3C S3600 Series Operation Manual

Hide thumbs Also See for S3600 Series:

Command manual (1277 pages)

,

Installation manual (98 pages)

,

Operation manual (60 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

H3C S3600 Series Ethernet Switches

Operation Manual

Hangzhou H3C Technologies Co., Ltd.

http://www.h3c.com

Manual Version: T2-08163G-20070724-C-1.04

Product Version: Release 1510

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the S3600 Series and is the answer not in the manual?

Questions and answers

Summary of Contents for H3C S3600 Series

Page 1 H3C S3600 Series Ethernet Switches Operation Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: T2-08163G-20070724-C-1.04 Product Version: Release 1510...
Page 2 Copyright © 2006-2007, Hangzhou H3C Technologies Co., Ltd. and its licensors All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.
Page 3 About This Manual Related Documentation In addition to this manual, each H3C S3600 Series Ethernet Switches-Release 1510 documentation set includes the following: Manual Description H3C S3600 Series Ethernet Switches It is used for assisting the users in using Command Manual-Release 1510 various commands.
Page 4 Part Contents 9 Port Basic Configuration Introduces basic port configuration. Introduces link aggregation and the 10 Link Aggregation related configuration. Introduces port isolation and the related 11 Port Isolation configuration. Introduces port security, port binding, 12 Port Security-Port Binding and the related configuration. Introduces DLDP and the related 13 DLDP configuration.
Page 5 Part Contents Introduces Web cache redirection and 27 Web Cache Redirection the related configuration. Introduces port mirroring and the related 28 Mirroring configuration. Introduces IRF fabric-related 29 IRF Fabric configuration. Introduces the configuration to form 30 Cluster clusters using HGMP V2. Introduces PoE, PoE profile and the 31 PoE-PoE Profile related configuration.
Page 6 Conventions The manual uses the following conventions: I. Command conventions Convention Description Boldface The keywords of a command line are in Boldface. italic Command arguments are in italic. Items (keywords or arguments) in square brackets [ ] are optional. Alternative items are grouped in braces and separated by { x | y | ...
Page 7 III. Symbols Convention Description Means reader be extremely careful. Improper operation Warning may cause bodily injury. Means reader be careful. Improper operation may cause data loss or damage to equipment. Caution Note Means a complementary description.
Page 8 Operation Manual – Product Overview H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Obtaining the Documentation ..................1-1 1.1 CD-ROM ..........................1-1 1.2 H3C Website........................1-1 1.3 Software Release Notes ....................1-2 Chapter 2 Product Overview ......................2-1 2.1 Preface..........................
Page 9 Software release notes 1.1 CD-ROM H3C delivers a CD-ROM together with each device. The CD-ROM contains a complete product document set, including the operation manual, command manual, installation manual, and compatibility manual. After installing the reader program provided by the CD-ROM, you can search for the desired contents in a convenient way through the reader interface.
Page 10 Operation Manual – Product Overview H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Obtaining the Documentation 1.3 Software Release Notes With software upgrade, new software features may be added. You can acquire the information about the newly added software features through software release notes.
Page 11 Chapter 2 Product Overview 2.1 Preface H3C S3600 Series Ethernet switches are Ethernet equipment capable of multilayer switching. They come in two series: S3600-SI and S3600-EI. In addition to the basic service features, S3600 Series Ethernet switches support abundant Layer 3 features and enhanced extended functions.
Page 12 (SFP) ports -PWR-SI (electrical) 2.3 Software Features S3600 Series Ethernet Switches have abundant software features and can meet the requirements of different applications. Table 2-2 summarizes the features provided by each module. Table 2-2 Service features of the S3600 series...
Page 13 Operation Manual – Product Overview H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Product Overview Part Features 5 IP Address and Configuring an IP address for a switch Performance Configuring the TCP attributes for a switch Configuration Management VLAN configuration...
Page 14 Operation Manual – Product Overview H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Product Overview Part Features Authentication, authorization, and accounting (AAA) Remote authentication dial-In user service (RADIUS) AAA-RADIUS-H Huawei terminal access controller access control system WTACACS-EAD (HWTACACS) Endpoint admission defense (EAD)
Page 15 Operation Manual – Product Overview H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Product Overview Part Features Secure shell (SSH) 35 SSH Terminal Service Secure FTP (SFTP) File system management 36 File System Configuration file backup and restoration Management FTP/TFTP lighting...
Page 16 H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Networking Applications Chapter 3 Networking Applications You can deploy S3600 series on many types of networks, such as enterprise networks and broadband access networks. Following are several typical networking applications. 3.1 Broadband Ethernet Access for Residential Communities On the broadband access network of a residential community, an S3600 series switch is located in the center.
Page 17 3.3 Application in Large Enterprise and Campus Networks In a large enterprise or campus network, the S3600 series switches can operate on the convergence layer. They are downlinked to layer 2 switches, S3000 Series for example; and uplinked to a layer 3 switch through GE expansion modules. These switches together provide a network-wide intranet solution that covers Gigabit-to-backbone and 100 Mbps-to-desktop.
Page 18 Operation Manual – Product Overview H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Networking Applications Figure 3-3 S3600 series application in large enterprise and campus network...
Page 19 Operation Manual – CLI H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 CLI Configuration ......................1-1 1.1 Introduction to the CLI ....................... 1-1 1.2 Command Level/Command View ..................1-1 1.2.1 Switching between User Levels ................1-2 1.2.2 Configuring a Level for a Specific Command in a Specific View ......
Page 20 Chapter 1 CLI Configuration Chapter 1 CLI Configuration 1.1 Introduction to the CLI S3600 series Ethernet switches provide a command line interface (CLI) and commands for you to configure and manage your switches. The CLI is featured by the following: Commands are grouped by level.
Page 21 Operation Manual – CLI H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Configuration 1.2.1 Switching between User Levels You can switch from one user level to another by executing a related command and set a password for the switching as required after logging in to a switch.
Page 22 Operation Manual – CLI H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Configuration 1.2.2 Configuring a Level for a Specific Command in a Specific View You can configure a level for a specific command in a specific view. Commands fall into four levels: visit, monitor, system, and manage, which are identified as 0, 1, 2, and 3 respectively.
Page 23 Operation Manual – CLI H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Configuration RIP view OSPF view OSPF area view Routing policy view Basic ACL view Advanced ACL view Layer 2 ACL view User-defined ACL view QoS profile view...
Page 24 Operation Manual – CLI H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Configuration Available View Prompt Enter method Quit method operation Execute quit command to return Execute Configure to system view. VLAN vlan VLAN [H3C-vlan1] view command Execute the return parameters system view.
Page 25 Operation Manual – CLI H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Configuration Available View Prompt Enter method Quit method operation Execute quit command to return Execute Configure to system view. Cluster [H3C-cluste cluster cluster view command Execute the return parameters system view.
Page 26 Operation Manual – CLI H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Configuration Available View Prompt Enter method Quit method operation Execute quit command to return Execute Configure [H3C-ospf-1 to OSPF view. OSPF area OSPF area -area-0.0.0. area view...
Page 27 Operation Manual – CLI H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Configuration Available View Prompt Enter method Quit method operation Execute quit Execute command to return RADIUS Configure radius to system view. [H3C-radius scheme RADIUS scheme Execute the return...
Page 28 Operation Manual – CLI H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Configuration 1.3 CLI Features 1.3.1 Online Help CLI provides two types of online help: complete online help and partial online help. You can obtain help information necessary for the switch configuration.
Page 29 Operation Manual – CLI H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Configuration II. Partial online help Enter a character string followed by a "?" character on your terminal to display all the commands beginning with the string. For example: <H3C>...
Page 30 Operation Manual – CLI H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Configuration Table 1-6 Access history commands Operation Operation Description Execute display Display history This command displays history-command commands valid history commands. command This operation recalls the Recall...
Page 31 Operation Manual – CLI H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Configuration 1.3.5 Command Edit The CLI provides basic command edit functions and supports multi-line editing. The maximum number of characters a command can contain is 254. Table 1-8 lists the CLI edit operations.
Page 32 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Logging into an Ethernet Switch ................1-1 1.1 Logging into an Ethernet Switch ..................1-1 1.2 Introduction to the User Interface ..................1-1 1.2.1 Supported User Interfaces ..................
Page 33 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Chapter 4 Logging in Using Modem.................... 4-1 4.1 Introduction ........................4-1 4.2 Configuration on the Administrator Side................4-1 4.3 Configuration on the Switch Side..................4-1 4.3.1 Modem Configuration....................4-1 4.3.2 Switch Configuration ....................
Page 34 SSH users VTY users. Note: The AUX port and the Console port of a H3C series Ethernet switch are the same port. You will be in the AUX user interface if you log in through this port. 1.2.2 User Interface Number Two kinds of user interface index exist: absolute user interface index and relative user interface index.
Page 35 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Logging into an Ethernet Switch A relative user interface index can be obtained by appending a number to the identifier of a user interface type. It is generated by user interface type. The...
Page 36 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Logging into an Ethernet Switch Operation Command Description Display the information about the current user display users [ all ] interface/all user interfaces Display physical Optional attributes display user-interface...
Page 37 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Chapter 2 Logging in through the Console Port 2.1 Introduction To log in through the Console port is the most common way to log into a switch. It is also the prerequisite to configure other login methods.
Page 38 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port the configuration shown in Figure 2-2 through Figure 2-4 for the connection to be created. Normally, the parameters of a terminal are configured as those listed in Table 2-1.
Page 39 Figure 2-4 Set port parameters Turn on the switch. You will be prompted to press the Enter key if the switch successfully completes POST (power-on self test). The prompt (such as <H3C>) appears after you press the Enter key. You can then configure the switch or check the information about the switch by executing the corresponding commands.
Page 40 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Table 2-2 Common configuration of Console port login Configuration Remarks Optional Baud rate The default baud rate is 9,600 bps. Optional By default, the check mode of the Console Check mode port is set to “none”, which means no check...
Page 41 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Table 2-3 Console port login configurations for different authentication modes Authentication Console port login Remarks mode configuration Optional Perform common Perform configuration for...
Page 42 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port 2.4 Console Port Login Configuration with Authentication Mode Being None 2.4.1 Configuration Procedure Table 2-4 Console port login configuration with the authentication mode being none...
Page 43 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Operation Command Description Optional The default history command Set the history command history-command buffer size is 10. That is, a buffer size...
Page 44 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port The screen can contain up to 30 lines. The history command buffer can contain up to 20 commands. The timeout time of the AUX user interface is 6 minutes.
Page 45 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port 2.5 Console Port Login Configuration with Authentication Mode Being Password 2.5.1 Configuration Procedure Table 2-6 Console port login configuration with the authentication mode being...
Page 46 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Operation Command Description Optional By default, the screen can contain maximum screen-length up to 24 lines. number of lines the screen-length You can use the screen-length 0...
Page 47 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port 2.5.2 Configuration Example I. Network requirements Assume the switch is configured to allow you to login through Telnet, and your user level is set to the administrator level (level 3). After you telnet to the switch, you need to limit the console user at the following aspects.
Page 48 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port [H3C-ui-aux0] set authentication password simple 123456 # Specify commands of level 2 are available to users logging into the AUX user interface.
Page 49 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Operation Command Description Required Create a local user local-user user-name (Enter local user view.) No local user exists by default. Set the authentication...
Page 50 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Operation Command Description Optional By default, the screen can maximum contain up to 24 lines. screen-length number of lines the You can use the screen-length...
Page 51 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port 2.6.2 Configuration Example I. Network requirements Assume the switch is configured to allow you to login through Telnet, and your user level is set to the administrator level (level 3). After you telnet to the switch, you need to limit the console user at the following aspects.
Page 52 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port # Set the service type to Terminal, Specify commands of level 2 are available to users logging into the AUX user interface.
Page 53 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Chapter 3 Logging in through Telnet 3.1 Introduction You can manage and maintain a switch remotely by Telneting to the switch. To achieve this, you need to configure both the switch and the Telnet terminal accordingly.
Page 54 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Configuration Description Optional Make terminal services By default, terminal services are available available in all user interfaces Optional Set the maximum number of lines the screen can...
Page 55 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Authenticatio Telnet configuration Description n mode Optional Specify AAA configuration perform local specifies whether Local authentication authenticatio to perform local performed by default. n or RADIUS...
Page 56 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet 3.2 Telnet Configuration with Authentication Mode Being None 3.2.1 Configuration Procedure Table 3-4 Telnet configuration with the authentication mode being none Operation Command Description...
Page 57 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Operation Command Description Optional The default timeout time of a user interface is 10 minutes. With the timeout time being 10 minutes, the connection to...
Page 58 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet II. Network diagram RS-232 RS-232 Console port Console port Console cable Console cable Figure 3-1 Network diagram for Telnet configuration (with the authentication mode being none) III.
Page 59 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet 3.3 Telnet Configuration with Authentication Mode Being Password 3.3.1 Configuration Procedure Table 3-6 Telnet configuration with the authentication mode being password Operation Command Description...
Page 60 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Operation Command Description Optional The default timeout time of a user interface is 10 minutes. With the timeout time being 10 minutes, the connection to...
Page 61 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet The timeout time of VTY 0 is 6 minutes. II. Network diagram RS-232 RS-232 Console port Console port Console cable Console cable Figure 3-2 Network diagram for Telnet configuration (with the authentication mode being password) III.
Page 62 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet 3.4 Telnet Configuration with Authentication Mode Being Scheme 3.4.1 Configuration Procedure Table 3-8 Telnet configuration with the authentication mode being scheme Operation Command Description...
Page 63 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Operation Command Description Required The specified AAA scheme Configure authentication-mode determines whether authenticate users scheme [ command- authenticate users locally or locally or remotely authorization ] remotely.
Page 64 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Note that if you configure to authenticate the users in the scheme mode, the command level available to users logging into a switch depends on the authentication-mode...
Page 65 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Scenario Command Authenticati level User type Command on mode The user privilege level level command is executed, and the service-type command specifies the available command level.
Page 66 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Only Telnet protocol is supported in VTY 0. The screen can contain up to 30 lines. The history command buffer can store up to 20 commands.
Page 67 HyperTerminal in Windows 9X) on the PC, with the baud rate set to 9,600 bps, data bits set to 8, parity check set to none, and flow control set to none. Turn on the switch and press Enter as prompted. The prompt (such as <H3C>) appears, as shown in the following figure.
Page 68 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Perform the following operations in the terminal window to assign an IP address to the management VLAN interface of the switch. # Enter system view <H3C>...
Page 69 If all VTY user interfaces of the switch are in use, you will fail to establish the connection and receive the message that says “All user interfaces are used, please try later!”. A H3C series Ethernet switch can accommodate up to five Telnet connections at same time.
Page 70 You can use the ip host to assign a host name to a switch. Enter the password. If the password is correct, the CLI prompt (such as <H3C>) appears. If all VTY user interfaces of the switch are in use, you will fail to establish the connection and receive the message that says “All user interfaces are used,...
Page 71 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 Logging in Using Modem Chapter 4 Logging in Using Modem 4.1 Introduction The administrator can log into the Console port of a remote switch using a modem through PSTN (public switched telephone network) if the remote switch is connected to the PSTN through a modem to configure and maintain the switch remotely.
Page 72 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 Logging in Using Modem AT&K0 ----------------------- Disable flow control AT&R1 ----------------------- Ignore RTS signal AT&S0 ----------------------- Set DSR to high level by force ATEQ1&W ----------------------- Disable the modem from returning command response and the result, save the changes You can verify your configuration by executing the AT&V command.
Page 73 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 Logging in Using Modem III. Configuration on switch when the authentication mode is scheme Refer to section 2.6 “Console Port Login Configuration with Authentication Mode Being Scheme”. 4.4 Modem Connection Establishment Before using Modem to log in the switch, perform corresponding configuration for different authentication modes on the switch.
Page 74 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 Logging in Using Modem Serial cable Serial cable Modem Modem Telephone line Telephone line PSTN PSTN Modem Modem Console port Console port Telephone number: 8 Telephone number: 8...
Page 75 Provide the password when prompted. If the password is correct, the prompt (such as <H3C>) appears. You can then configure or manage the switch. You can also enter the character ? at anytime for help. Refer to the following chapters for information about the configuration commands.
Page 76 Operation Manual – Login Chapter 5 Logging in through Web-based Network H3C S3600 Series Ethernet Switches-Release 1510 Management System Chapter 5 Logging in through Web-based Network Management System 5.1 Introduction An S3600 Ethernet switch has a Web server built in. You can log into an S3600 Ethernet switch through a Web browser and manage and maintain the switch intuitively by interacting with the built-in Web server.
Page 77 Operation Manual – Login Chapter 5 Logging in through Web-based Network H3C S3600 Series Ethernet Switches-Release 1510 Management System [H3C-luser-admin] password simple admin Establish an HTTP connection between your PC and the switch, as shown in the following figure. Sw itch...
Page 78 Operation Manual – Login Chapter 5 Logging in through Web-based Network H3C S3600 Series Ethernet Switches-Release 1510 Management System Table 5-2 Shut down/start up Web server Operation Command Description Required Shut down ip http shutdown Web server Execute this command in system view.
Page 79 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 6 Logging in through NMS Chapter 6 Logging in through NMS 6.1 Introduction You can also log into a switch through an NMS (network management station), and then configure and manage the switch through the agent module on the switch.
Page 80 Operation Manual – Login Chapter 7 Configuring Source IP Address for Telnet H3C S3600 Series Ethernet Switches-Release 1510 Service Packets Chapter 7 Configuring Source IP Address for Telnet Service Packets You can configure source IP address or source interface for the Telnet server and Telnet client.
Page 81 Operation Manual – Login Chapter 7 Configuring Source IP Address for Telnet H3C S3600 Series Ethernet Switches-Release 1510 Service Packets Note: To perform the configurations listed in Table 7-1 and Table 7-2, make sure that: The IP address specified is that of the local device.
Page 82 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 User Control Chapter 8 User Control 8.1 Introduction A switch provides ways to control different types of login users, as listed in Table 8-1. Table 8-1 Ways to control different types of login users...
Page 83 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 User Control Table 8-2 Control Telnet users by source IP addresses Operation Command Description Enter system view system-view — number Create a basic ACL number acl-number command, config...
Page 84 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 User Control Operation Command Description rule [ rule-id ] { permit | deny } protocol [ source { source-addr wildcard | destination { dest-addr wildcard | any } ]...
Page 85 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 User Control Operation Command Description rule [ rule-id ] { permit | deny } [ [ type protocol-type type-mask | lsap lsap-type type-mask ] | format-type | Required...
Page 86 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 User Control <H3C> system-view [H3C] acl number 2000 match-order config [H3C-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [H3C-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [H3C-acl-basic-2000] rule 3 deny source any [H3C-acl-basic-2000] quit # Apply the ACL.
Page 87 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 User Control Operation Command Description snmp-agent community Optional Apply read write while configuring By default, SNMPv1 and community-name [ mib-view SNMP SNMPv2c community view-name community name name to access.
Page 88 [H3C] snmp-agent community read aaa acl 2000 [H3C] snmp-agent group v2c groupa acl 2000 [H3C] snmp-agent usm-user v2c usera groupa acl 2000 8.4 Controlling Web Users by Source IP Address You can manage an S3600 Ethernet switch remotely through Web. Web users can access a switch through HTTP connections.
Page 89 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 User Control 8.4.1 Prerequisites The controlling policy against Web users is determined, including the source IP addresses to be controlled and the controlling actions (permitting or denying). 8.4.2 Controlling Web Users by Source IP Addresses Controlling Web users by source IP addresses is achieved by applying basic ACLs, which are numbered from 2000 to 2999.
Page 90 Operation Manual – Login H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 User Control II. Network diagram Internet Internet Sw itch Sw itch Figure 8-3 Network diagram for controlling Web users using ACL III. Configuration procedure # Define a basic ACL.
Page 91 Operation Manual – Configuration File Management H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Configuration File Management ................. 1-1 1.1 Introduction to Configuration File..................1-1 1.2 Configuration File-Related Operations ................1-1...
Page 92 Operation Manual – Configuration File Management H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Configuration File Management Chapter 1 Configuration File Management 1.1 Introduction to Configuration File A configuration file records and stores user configurations performed to a switch. It also enables users to check switch configurations easily.
Page 93 Operation Manual – Configuration File Management H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Configuration File Management Table 1-1 Configure a configuration file Operation Command Description Save current configuration Optional specified configuration save [ cfgfile | [ safely ] The save command...
Page 94 Operation Manual – Configuration File Management H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Configuration File Management In the following conditions, it may be necessary for you to remove the configuration files from the Flash: The system software does not match the configuration file after the software of the Ethernet switch is updated.
Page 95 Operation Manual – VLAN H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 VLAN Overview ......................1-1 1.1 VLAN Overview........................1-1 1.1.1 Introduction to VLAN ....................1-1 1.1.2 VLAN Principles ...................... 1-2 1.2 Port-Based VLAN....................... 1-3 1.3 Protocol-Based VLAN......................
Page 96 Operation Manual – VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VLAN Overview Chapter 1 VLAN Overview 1.1 VLAN Overview 1.1.1 Introduction to VLAN The traditional Ethernet is a broadcast network, where all hosts are in the same broadcast domain and connected with each other through hubs or switches. The hub is a physical layer device without the switching function, so it forwards the received packet to all ports.
Page 97 Operation Manual – VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VLAN Overview A VLAN can span across multiple switches, or even routers. This enables hosts in a VLAN to be dispersed in a looser way. That is, hosts in a VLAN can belong to different physical network segment.
Page 98 VLAN of the inbound port for transmission. For the details about setting the default VLAN of a port, refer to section “Port Basic Configuration” in H3C S3600 Series Ethernet Switches Operation Manual .
Page 99 0xFFFF. Notes: Presently, H3C S3600 series switches recognize packets with the value of the type field being in the range 0x05DD to 0x05FF as 802.2/802.3 encapsulated packets. The switch identifies whether a packet is an Ethernet II packet or an 802.2/802.3 packet according to the ranges of the two fields.
Page 100 Operation Manual – VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VLAN Overview Only the IPX protocol supports 802.3 raw encapsulation format currently. This format is identified by the two bytes whose value is 0xFFFF after the length field.
Page 101 Operation Manual – VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VLAN Overview 1.3.3 Procedure for the Switch to Judge Packet Protocol Receive packets Ethernet II Type(Length) 0x0600 ~0xFFFF Encapsulation field 0x0000 to 0x05FF Match the 802.2/802.3 type value Encapsulation 802.3 raw...
Page 102 1.3.5 Implementation of Protocol-Based VLAN S3600 series Ethernet switches assign the packet to the specific VLAN by matching the packet with the protocol template. The protocol template is the standard to determine the protocol to which a packet belongs.
Page 103 Operation Manual – VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 VLAN Configuration Chapter 2 VLAN Configuration 2.1 VLAN Configuration 2.1.1 Basic VLAN Configuration Table 2-1 Basic VLAN configuration Operation Command Description Enter system view system-view — Create multiple...
Page 104 Operation Manual – VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 VLAN Configuration II. Configuration procedure Table 2-2 Basic VLAN interface configuration Operation Command Description Enter system view system-view — Create VLAN Required interface and enter interface Vlan-interface The vlan-id argument ranges...
Page 105 VLAN, you can use the port trunk permit vlan command or the port hybrid vlan command in Ethernet port view. For the configuration procedure, refer to the section "Port Basic Configuration – Operation" in H3C S3600 Series Ethernet Switches Operation Manual .
Page 106 Operation Manual – VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 VLAN Configuration II. Network diagram itch itch E1/0/1 E1/0/1 E1/0/2 E1/0/2 E1/0/3 E1/0/3 E1/0/4 E1/0/4 VLAN2 VLAN2 VLAN2 VLAN2 VLAN2 VLAN2 VLAN2 VLAN2 VLAN3 VLAN3 VLAN3 VLAN3 VLAN3...
Page 107 Operation Manual – VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 VLAN Configuration Operation Command Description protocol-vlan [ protocol-index ] { at | ip | ipx { ethernetii | llc | raw | Create protocol snap } | mode { ethernetii etype...
Page 108 Operation Manual – VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 VLAN Configuration II. Configuration procedure Table 2-6 Associate a port with the protocol-based VLAN Operation Command Description Enter system view system-view — Enter port view interface interface-type interface-number...
Page 109 VLAN 7. Configuration procedure # Create VLAN 7 and enter its view. <H3C> system-view [H3C] vlan 7 [H3C-vlan7] # Configure index 1 of VLAN 7 according to the network requirement. [H3C-vlan7] protocol-vlan 1 mode llc dsap 01 ssap ac...
Page 110 # Add the port to VLAN 7, and add VLAN 7 to the list of untagged VLANs permitted to pass through the port. [H3C-Ethernet1/0/7] port hybrid vlan 7 untagged # Associate the port with the two indexes of VLAN 7. [H3C-Ethernet1/0/7] port hybrid protocol-vlan vlan 7 1 to 2...
Page 111 Operation Manual – IP Address and Performance Confiugration H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 IP Address Configuration ................... 1-1 1.1 IP Address Overview ......................1-1 1.1.1 IP Address Classification and Representation............1-1 1.1.2 Subnet and Mask ....................
Page 112 Operation Manual – IP Address and Performance Confiugration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IP Address Configuration Chapter 1 IP Address Configuration 1.1 IP Address Overview 1.1.1 IP Address Classification and Representation An IP address is a 32-bit address allocated to a device connected to the Internet. It consists of two fields: net-id and host-id.
Page 113 Operation Manual – IP Address and Performance Confiugration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IP Address Configuration Table 1-1 Classes and ranges of IP addresses IP network Network Address range Description type range available for users An IP address with all 0s host ID is a network address and is used for network routing.
Page 114 Operation Manual – IP Address and Performance Confiugration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IP Address Configuration 1.1.2 Subnet and Mask The traditional IP address classification method wastes IP addresses greatly. In order to make full use of the available IP addresses, the concepts of mask and subnet were introduced.
Page 115 Operation Manual – IP Address and Performance Confiugration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IP Address Configuration Manually configured by using the IP address configuration command Allocated by the BOOTP server Allocated by the DHCP server The three methods are mutually exclusive and the use of a new method will result in the IP address obtained by the old method being released.
Page 116 Operation Manual – IP Address and Performance Confiugration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IP Address Configuration Table 1-3 Display IP address configuration Operation Command Description You can execute Display VLAN display interface brief display interface [ interface-type [ interface-number ] ] |...
Page 117 Operation Manual – IP Address and Performance Confiugration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IP Address Configuration If the configuration is correct, enable ARP debugging on the switch, and check whether the switch can correctly send and receive ARP packets. If it can only send...
Page 118 Operation Manual – IP Address and Performance Confiugration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IP Performance Configuration Chapter 2 IP Performance Configuration 2.1 IP Performance Configuration 2.1.1 Introduction to IP Performance Configuration IP performance configuration mainly refers to TCP attribute configuration. The TCP attributes that can be configured include: synwait timer: This timer is started when TCP sends a syn packet.
Page 119 Operation Manual – IP Address and Performance Confiugration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IP Performance Configuration Operation Command Description Required Configure timeout time for timer fin-timeout By default, the timeout the finwait timer in TCP time-value time of the TCP finwait timer is 675 seconds.
Page 120 Operation Manual – IP Address and Performance Confiugration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IP Performance Configuration Table 2-3 Display IP performance Operation Command Description Display connection display tcp status status Display connection display tcp statistics statistics Display UDP traffic statistics...
Page 121 Operation Manual – IP Address and Performance Confiugration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IP Performance Configuration 2.3 Troubleshooting Symptom: IP packets are forwarded normally, but TCP and UDP cannot work normally. Solution: Enable the corresponding debugging information output to view the debugging information.
Page 122 Operation Manual – Management VLAN H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Management VLAN Configuration ................1-1 1.1 Introduction to Management VLAN..................1-1 1.1.1 Management VLAN ....................1-1 1.1.2 Static Route......................1-1 1.2 Management VLAN Configuration ..................1-2 1.2.1 Prerequisites ......................
Page 123 1.1.1 Management VLAN To manage an Ethernet switch remotely through Telnet or the built-in Web server, the switch need to be assigned an IP address. On H3C S3600 series Ethernet swithes, you can specify a management VLAN through related command.
Page 124 Operation Manual – Management VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Management VLAN Configuration 1.2 Management VLAN Configuration 1.2.1 Prerequisites Before configuring the management VLAN, make sure the VLAN operating as the management VLAN exists. If VLAN 1 (the default VLAN) is the management VLAN, just go ahead.
Page 125 Operation Manual – Management VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Management VLAN Configuration Operation Command Description Shut down Optional management VLAN shutdown By default, a management VLAN interface interface is down if all the Ethernet ports management VLAN are down; a...
Page 126 Operation Manual – Management VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Management VLAN Configuration # Configure the IP address of VLAN 10 interface to be 1.1.1.1. [H3C-Vlan-interface10] ip address 1.1.1.1 255.255.255.0 [H3C-Vlan-interface10] quit # Configure the default route.
Page 127 Operation Manual – Management VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP/BOOTP Client Configuration Chapter 2 DHCP/BOOTP Client Configuration 2.1 Introduction to DHCP Client As the network scale expands and the network complexity increases, the network configurations become more and more complex accordingly. It is usually the case that the computer locations change (such as the portable computers in wireless networks) or the number of the computers exceeds that of the available IP addresses.
Page 128 Operation Manual – Management VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP/BOOTP Client Configuration DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client DHCP Server DHCP Server DHCP Client DHCP Client DHCP Client...
Page 129 DHCP_Request packets to the DHCP server when half of the lease period expires. The DHCP server, in turn, responds with a DHCP_ACK packet to notify the DHCP client of the new lease if the IP address is still available. An S3600 series switch operating as a DHCP support this lease auto-update process.
Page 130 IP address after sending three successive BOOTP request packets. 2.3 DHCP/BOOTP Client Configuration An S3600 series Ethernet switch can operate as a DHCP client or BOOTP client. In this case, the IP address of the management VLAN interface is obtained through DHCP or BOOTP.
Page 131 Operation Manual – Management VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP/BOOTP Client Configuration Caution: Note that as a DHCP client, an S3600 switch can occupy an IP address for up to 24 days. That is, even if the lease period of the address pool on the DHCP server is longer than 24 days, the DHCP client can only obtain a 24-day lease.
Page 132 Operation Manual – Management VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP/BOOTP Client Configuration 2.4 Displaying the Information about a DHCP/BOOTP Client Table 2-2 Display the information about a DHCP/BOOTP client Operation Command Description Display the information Optional...
Page 133 Operation Manual – Voice VLAN H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Voice VLAN Configuration..................1-1 1.1 Voice VLAN Overview ....................... 1-1 1.1.1 Configuring Operation Mode for Voice VLAN ............1-1 1.1.2 Supporting Information of Voice VLAN on Various Ports ........1-2 1.2 Configuring Voice VLAN ....................
Page 134 VLANs, you can perform QoS-related configuration for voice data, ensuring the transmission priority of voice traffic and voice quality. S3600 series Ethernet switches determine whether a received packet is a voice packet by checking its source MAC address. If the source MAC addresses of packets comply with the organizationally unique identifier (OUI) addresses configured by the system, the packets are determined as voice packets and transmitted in voice VLAN.
Page 135 Operation Manual – Voice VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration I. Processing mode of untagged packets sent by IP voice devices Automatic mode: an S3600 Ethernet switch automatically adds a port connecting an IP voice device to the voice VLAN by learning the source MAC address in the untagged packet sent by the IP voice device when it is powered on.
Page 136 Operation Manual – Voice VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration Table 1-2 Matching relationship between port modes and voice traffic types Port voice Voice VLAN Port type Supported or not traffic type mode Access...
Page 137 Operation Manual – Voice VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration Caution: If the voice traffic transmitted by an IP voice device is with VLAN tag, and the port which the IP voice device is attached to is enabled with 802.1x authentication and 802.1x guest VLAN, assign different VLAN IDs for the voice VLAN, the default...
Page 138 Operation Manual – Voice VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration Operation Command Description Optional Enable the voice VLAN voice vlan security By default, the voice VLAN security mode enable security mode is enabled. Optional...
Page 139 Operation Manual – Voice VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration 1.2.3 Configuring a Voice VLAN to Operate in Manual Mode Table 1-4 Configure a voice VLAN to operate in manual mode Operation Command Description —...
Page 140 VLAN does not operate in security mode. Note: To add a Trunk port or a Hybrid port to the voice VLAN, refer to the Port Basic Configurations part of the H3C S3600 Series Ethernet Switches Command Manual for the related command.
Page 141 Operation Manual – Voice VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration 1.3 Displaying Voice VLAN After the above configurations, you can execute the display command in any view to view the running status and verify the configuration effect.
Page 142 [H3C-Ethernet1/0/3] voice vlan enable [H3C-Ethernet1/0/3] undo voice vlan mode auto [H3C-Ethernet1/0/3] quit # Specify an OUI address. [H3C] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000 description test # Enable the voice VLAN function globally. [H3C] voice vlan 3 enable # Display voice VLAN-related configurations.
Page 143 Operation Manual – Voice VLAN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration Voice Vlan aging time: 1440 minutes Current voice vlan enabled port mode: PORT MODE ---------------------------------------- Ethernet1/0/3 MANUAL # Remove Ethernet1/0/3 port from the voice VLAN.
Page 144 Operation Manual – GVRP H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 GVRP Configuration ....................1-1 1.1 Introduction to GVRP......................1-1 1.1.1 GVRP Mechanism....................1-1 1.1.2 GVRP Packet Format....................1-3 1.1.3 Protocol Specifications.................... 1-4 1.2 GVRP Configuration ......................
Page 145 Operation Manual – GVRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration Chapter 1 GVRP Configuration 1.1 Introduction to GVRP GARP VLAN registration protocol (GVRP) is an implementation of generic attribute registration protocol (GARP). It maintains dynamic VLAN registration information and propagates the information to other switches by adopting the same mechanism as that of GARP.
Page 146 Operation Manual – GVRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration attribute information to be registered can be propagated to all the switches in the same switched network. GARP uses the following timers: Hold: When a GARP entity receives a piece of registration information, it does not send out a Join message immediately.
Page 147 Operation Manual – GVRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration them by their destination MAC addresses and delivers them to different GARP application (for example, GVRP) for further processing. 1.1.2 GVRP Packet Format The GVRP packets are in the following format: Figure 1-1 Format of GVRP packets The following table describes the fields of a GVRP packet.
Page 148 Operation Manual – GVRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration Field Description Value 0: LeaveAll Event 1: JoinEmpty 2: JoinIn Attribute Event The event described by the attribute 3: LeaveEmpty 4: LeaveIn 5: Empty The attribute value of...
Page 149 Operation Manual – GVRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration Operation Command Description Required Enable GVRP globally gvrp default, GVRP disabled globally. Enter Ethernet port interface interface-type — view interface-number Required default, GVRP disabled on the port.
Page 150 Operation Manual – GVRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration Timer Lower threshold Upper threshold This lower threshold is greater than the timeout time of the Leave LeaveAll timer. You can change threshold 32,765 centiseconds by changing the timeout time of the Leave timer.
Page 151 Operation Manual – GVRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration 1.4.3 Configuration procedure Configure switch A. # Enable GVRP globally. <H3C> system-view [H3C] gvrp GVRP is enabled globally. # Configure Ethernet1/0/1 to be a trunk port and to permit the packets of all the VLANs.
Page 152 Operation Manual – Port Basic Configuration H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Port Basic Configuration .................... 1-1 1.1 Ethernet Port Overview...................... 1-1 1.1.1 Types and Numbers of Ethernet Ports..............1-1 1.1.2 Link Types of Ethernet Ports................... 1-2 1.1.3 Configuring the Default VLAN ID for an Ethernet Port..........
Page 153 Chapter 1 Port Basic Configuration 1.1 Ethernet Port Overview 1.1.1 Types and Numbers of Ethernet Ports Table 1-1 lists the types and numbers of the ports available on the H3C S3600 series Ethernet switches. Table 1-1 Models in the S3600 series...
Page 154 Operation Manual – Port Basic Configuration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Number of Number of Number of 100 service 1000 Mbps Model Console port Mbps ports ports uplink ports 48 10/100 Mbps S3600-52P 4 (SFP)
Page 155 Operation Manual – Port Basic Configuration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Table 1-2 Processing of incoming/outgoing packets Processing of an incoming packet If the Port Processing of an outgoing packet If the packet carries a...
Page 156 Operation Manual – Port Basic Configuration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Note: The access ports or hybrid ports must be added to an existing VLAN. 1.2 Ethernet Port Configuration 1.2.1 Initially Configuring a Port...
Page 157 Operation Manual – Port Basic Configuration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration 1.2.2 Limiting Traffic on individual Ports By performing the following configurations, you can limit different types of incoming traffic on individual ports. When a type of incoming traffic exceeds the threshold you set, the system drops the packets exceeding the traffic limit to reduce the traffic ratio of this type to the reasonable range, so as to keep normal network service.
Page 158 Operation Manual – Port Basic Configuration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Table 1-5 Enable flow control on a port Operation Command Remarks Enter system view system-view — interface interface-type Enter Ethernet port view —...
Page 159 Operation Manual – Port Basic Configuration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Operation Command Remarks Optional For a hybrid port, you can port hybrid vlan configure whether Add the current hybrid vlan-id-list { tagged |...
Page 160 Operation Manual – Port Basic Configuration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Link aggregation control protocol (LACP) configuration: includes LACP enable/disable status; Note: The copy command can only be used to copy the configuration of LACP’s enable state, but not to copy the configuration of aggregation group, i.e., you can not add a port to the...
Page 161 Operation Manual – Port Basic Configuration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration After you enable loopback detection on Ethernet ports, the switch can monitor if external loopback occurs on them. If there is a loopback port found, the switch will put it under control.
Page 162 Operation Manual – Port Basic Configuration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Caution: To enable loopback detection on a specific port, you must use the loopback-detection enable command in both system view and the specific port view.
Page 163 Operation Manual – Port Basic Configuration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration 1.2.10 Enabling the System to Test Connected Cable You can enable the system to test the cable connected to a specific port. The test result will be returned in five seconds.
Page 164 Operation Manual – Port Basic Configuration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Table 1-14 Enable the giant-frame statistics function Operation Command Description Enter system view system-view — Optional Enable the giant-frame giant-frame statistics default, statistics function...
Page 165 # Allow packets of VLAN 2, VLAN 6 through VLAN 50 and VLAN 100 to pass Ethernet1/0/1. [H3C-Ethernet1/0/1] port trunk permit vlan 2 6 to 50 100 # Configure the default VLAN ID of Ethernet1/0/1 to 100. [H3C-Ethernet1/0/1] port trunk pvid vlan 100...
Page 166 Operation Manual – Port Basic Configuration H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration 1.4 Troubleshooting Ethernet Port Configuration Symptom: Fail to configure the default VLAN ID of a port. Solution: Take the following steps. Use the display interface or display port command to check if the port is a trunk port or a hybrid port.
Page 167 Operation Manual – Link Aggregation H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Link Aggregation Configuration ................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to Link Aggregation ................1-1 1.1.2 Introduction to LACP ....................1-2 1.1.3 Operation Key ......................
Page 168 Hybrid or Access). The ports for a manual or static aggregation group must have the same link type, and the ports for a dynamic aggregation group must have the same rate, duplex mode and link type. Note: S3600 series Ethernet switches support cross-device link aggregation if IRF fabric is enabled.
Page 169 Operation Manual – Link Aggregation H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration 1.1.2 Introduction to LACP The purpose of link aggregation control protocol (LACP) is to implement dynamic link aggregation and deaggregation. This protocol is based on IEEE802.3ad and uses LACPDUs (link aggregation control protocol data unit) to interact with its peer.
Page 170 Operation Manual – Link Aggregation H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration The selected port with the smallest port number serves as the master port of the group, and other selected ports serve as member ports of the group.
Page 171 Operation Manual – Link Aggregation H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration automatically adding/removing ports to/from it). Each static aggregation group must contain at least one port. When a static aggregation group contains only one port, you cannot remove the port unless you remove the whole aggregation group.
Page 172 Operation Manual – Link Aggregation H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration 1.1.6 Dynamic LACP Aggregation Group I. Introduction to dynamic LACP aggregation group A dynamic LACP aggregation group is automatically created and removed by the system.
Page 173 Operation Manual – Link Aggregation H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration III. Configuring system priority LACP determines the selected and unselected states of the dynamic aggregation group members according to the priority of the port ID on the end with the preferred device ID.
Page 174 Operation Manual – Link Aggregation H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration In general, the system only provides limited load-sharing aggregation resources (currently N/2 load-sharing aggregation groups can be created at most, N is the number of ports), so the system needs to reasonably allocate the resources among different aggregation groups.
Page 175 Operation Manual – Link Aggregation H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration Caution: A load-sharing aggregation group contains at least two selected ports, but a non-load-sharing aggregation group can only have one selected port at most, while others are unselected ports.
Page 176 Operation Manual – Link Aggregation H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration 1.2.1 Configuring a Manual Aggregation Group You can create a manual aggregation group, or remove an existing manual aggregation group (after that, all the member ports in the group are removed from the ports).
Page 177 Operation Manual – Link Aggregation H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration Note: When you add an LACP-enabled port to a manual aggregation group, the system will automatically disable LACP on the port. Similarly, when you add an LACP-disabled port to a static aggregation group, the system will automatically enable LACP on the port.
Page 178 Operation Manual – Link Aggregation H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration You need to enable LACP on the ports which you want to participate in dynamic aggregation of the system, because, only when LACP is enabled on those ports at both ends, can the two parties reach agreement in adding/removing ports to/from dynamic aggregation groups.
Page 179 Operation Manual – Link Aggregation H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration Table 1-4 Display and maintain link aggregation configuration Operation Command Description Display summary display information link-aggregation aggregation groups summary Display detailed display information of a specific...
Page 180 Operation Manual – Link Aggregation H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration III. Configuration procedure The following only lists the configuration on Switch A; you must perform the similar configuration on Switch B to implement link aggregation.
Page 181 Operation Manual – Port Isolation H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Port Isolation Configuration ..................1-1 1.1 Port Isolation Overview...................... 1-1 1.2 Port Isolation Configuration ....................1-1 1.3 Displaying Port Isolation Configuration................1-2...
Page 182 Thus, you can construct your network in a more flexible way and improve your network security. Currently, an S3600 Series Ethernet Switch supports only one isolation group, but does not limit the number of Ethernet ports in the unique isolation group.
Page 183 Operation Manual – Port Isolation H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Isolation Configuration 1.3 Displaying Port Isolation Configuration After the above configuration, you can execute the display command in any view to display the result of your port isolation configuration, thus verifying your configuration.
Page 184 Operation Manual – Port Isolation H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Isolation Configuration III. Configuration procedure # Add Ethernet1/0/2, Ethernet1/0/3, and Ethernet1/0/4 to the isolation group. <H3C> system-view System View: return to User View with Ctrl+Z. [H3C] interface ethernet1/0/2...
Page 185 Operation Manual – Port Security-Port Binding H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Port Security Configuration..................1-1 1.1 Port Security Overview ...................... 1-1 1.1.1 Introduction......................1-1 1.1.2 Port Security Features .................... 1-1 1.1.3 Port Security Modes....................1-1 1.2 Port Security Configuration....................
Page 186 Operation Manual – Port Security-Port Binding H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration Chapter 1 Port Security Configuration 1.1 Port Security Overview 1.1.1 Introduction Port security is a security mechanism for network access control. It is an expansion to the current 802.1x and MAC address authentication.
Page 187 Operation Manual – Port Security-Port Binding H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration Table 1-1 Description of port security modes Security Description Feature mode In this mode, the port automatically learns MAC addresses and changes them to security MAC addresses.
Page 188 Operation Manual – Port Security-Port Binding H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration Security Description Feature mode The port is enabled only after an access user passes the 802.1x authentication. When the port is enabled, only the packets of the successfully authenticated user can pass through the port.
Page 189 Operation Manual – Port Security-Port Binding H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration 1.2 Port Security Configuration 1.2.1 Configuring Port Security Table 1-2 Configure port security Operation Command Description Enter system view system-view — Enable port...
Page 190 Operation Manual – Port Security-Port Binding H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration Operation Command Description Set the time during Optional which a port is port-security timer temporarily disableport timer By default, it is 20 seconds.
Page 191 Operation Manual – Port Security-Port Binding H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration If the amount of security MAC addresses has not yet reach the maximum number, the port will learn new MAC addresses and turn them to security MAC addresses;...
Page 192 Operation Manual – Port Security-Port Binding H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration Link aggregation Configurate Mirror Reflector port The port-security max-mac-count count-value command cannot be configured together with the mac-address max-mac-count count command. 1.3 Displaying Port Security Configuration After the above configuration, you can use the display command in any view to display port security information and verify your configuration.
Page 193 Operation Manual – Port Security-Port Binding H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration III. Configuration procedure Configure switch A as follows: # Enter system view. <S3600> system-view # Enable port security. [S3600] port-security enable # Enter Ethernet1/0/1 port view.
Page 194 Operation Manual – Port Security-Port Binding H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Port Binding Configuration Chapter 2 Port Binding Configuration 2.1 Port Binding Overview 2.1.1 Introduction Port binding enables the network administrator to bind the MAC and IP addresses of a legal user to a specific port.
Page 195 Operation Manual – Port Security-Port Binding H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Port Binding Configuration Table 2-2 Display port binding configuration Operation Command Description display user-bind Display port interface interface-type You can execute the display binding interface-number | mac-addr command in any view.
Page 196 Operation Manual – DLDP H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 DLDP Configuration ....................1-1 1.1 DLDP Overview ......................... 1-1 1.1.1 DLDP Fundamentals....................1-2 1.1.2 Precautions during DLDP Configuration ..............1-6 1.2 DLDP Configuration......................1-7 1.2.1 DLDP Configuration Tasks..................
Page 197 Operation Manual – DLDP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Chapter 1 DLDP Configuration 1.1 DLDP Overview You may have encountered unidirectional links, namely, one-way audio, in networking. When a unidirectional link occurs, the local device can receive packets from the peer device through the link layer, but the peer device cannot receive packets from the local device.
Page 198 Operation Manual – DLDP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration SwitchA SwitchA SwitchA SwitchA GE2/1/3 GE2/1/3 GE2/1/3 GE2/1/3 GE2/1/4 GE2/1/4 GE2/1/4 GE2/1/4 GE2/1/3 GE2/1/3 GE2/1/3 GE2/1/3 GE2/1/4 GE2/1/4 GE2/1/4 GE2/1/4 SwitchB SwitchB SwitchB SwitchB Figure 1-2 Fiber broken or not connecte...
Page 199 Operation Manual – DLDP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Status Description DHCP sends packets to check whether the link is a unidirectional. Probe It enables the probe sending timer and an echo waiting timer for each target neighbor.
Page 200 Operation Manual – DLDP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Timer Description When a new neighbor joins, a neighbor entry is created and the corresponding entry aging timer is enabled When an advertisement packet is received from a neighbor, the...
Page 201 Operation Manual – DLDP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Table 1-3 DLDP operating mode and neighbor entry aging DLDP detects whether The entry aging timer The enhanced DLDP neighbors exist is enabled or not timer is enabled or...
Page 202 Operation Manual – DLDP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Table 1-5 Process received DLDP packets Packet type Processing procedure If this neighbor entry does not exist on the local device, DLDP creates the neighbor entry,...
Page 203 Operation Manual – DLDP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration To ensure unidirectional links can be detected, you must make sure that DLDP is enabled on both sides, and that the interval between sending advertisement packets, authentication mode, and password are consistent on both sides.
Page 204 Operation Manual – DLDP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Operation Command Description Optional. Set the DLDP handling mode dldp By default, the when an unidirectional link is unidirectional-shutdown handling mode detected { auto | manual } is auto.
Page 205 Operation Manual – DLDP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration 1.2.2 Resetting DLDP State Note: After a port is down due to the detection of unidirectional link, you can use the dldp reset command to restore the DLDP state to perform DLDP detection.
Page 206 Operation Manual – DLDP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration II. Network diagram SwitchA SwitchA SwitchA SwitchA GE2/1/3 GE2/1/3 GE2/1/3 GE2/1/3 GE2/1/4 GE2/1/4 GE2/1/4 GE2/1/4 GE2/1/3 GE2/1/3 GE2/1/3 GE2/1/3 GE2/1/4 GE2/1/4 GE2/1/4 GE2/1/4 SwitchB SwitchB SwitchB...
Page 207 Operation Manual – DLDP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Note: When two switches are connected through fibers in a crossed way, two or three ports may be in the disable state, and the rest in the inactive state.
Page 208 Operation Manual – MAC Address Table H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 MAC Address Table Management................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to MAC Address Learning ..............1-1 1.1.2 Entries in a MAC Address Table ................1-3 1.2 Configuring MAC Address Table Management ..............
Page 209 This chapter describes the management of static, dynamic, and blackhole MAC address entries. For information about the management of multicast MAC address entries, refer to the section related to multicast protocol in H3C S3600 Series Ethernet Switches Operation Manual. 1.1 Overview 1.1.1 Introduction to MAC Address Learning...
Page 210 Operation Manual – MAC Address Table H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MAC Address Table Management MAC Address MAC Address Port Port MACA MACA MACB MACB MACC MACC MACD MACD MACD MACD MACA MACA .... Port 1...
Page 211 Operation Manual – MAC Address Table H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MAC Address Table Management Note: The switch learns only unicast addresses by using the MAC address learning mechanism but directly drops any packet with a broadcast source MAC address.
Page 212 Operation Manual – MAC Address Table H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MAC Address Table Management Configuring the maximum number of MAC addresses a port can learn 1.2.1 Configuring a MAC Address Entry You can add, modify, or remove one MAC address entry, remove all MAC address entries (unicast MAC addresses only) concerning a specific port, or remove specific type of MAC address entries (dynamic or static MAC address entries).
Page 213 Operation Manual – MAC Address Table H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MAC Address Table Management Caution: When you add a MAC address entry, the current port must belong to the VLAN specified by the vlan argument in the command. Otherwise, the entry will not be added.
Page 214 Operation Manual – MAC Address Table H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MAC Address Table Management can dynamically maintain. When the number of the MAC address entries learnt from a port reaches the set value, the port stops learning MAC addresses.
Page 215 <H3C> system-view [H3C] # Add a MAC address, with the VLAN, ports, and states specified. [H3C] mac-address static 000f-e235-dc71 interface Ethernet 1/0/2 vlan 1 # Set the aging time of dynamic MAC addresses to 500 seconds. [H3C] mac-address timer aging 500 # Display the information about the MAC address entries in system view.
Page 216 Operation Manual – Auto Detect H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Auto Detect Configuration ..................1-1 1.1 Introduction to the Auto Detect Function ................1-1 1.1.1 Configuring the Auto Detect Function ..............1-1 1.1.2 Displaying Auto Detect Configuration ..............
Page 217 Operation Manual – Auto Detect H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Auto Detect Configuration Chapter 1 Auto Detect Configuration 1.1 Introduction to the Auto Detect Function The auto detect function uses ICMP request/reply packets to test the connectivity of a network regularly.
Page 218 # Create detecting group 10. [H3C] detect-group 10 # Specify to detect the IP address of 10.1.1.4, taking the IP address of 192.168.1.2 as the next hop and setting the detecting number to 1. [H3C-detect-group-10] detect-list 1 ip address 10.1.1.4 nexthop 192.168.1.2...
Page 219 Operation Manual – Auto Detect H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Auto Detect Configuration # Specify to detect the IP address of 192.168.2.2, setting the detecting number to 2. [H3C-detect-group-10] detect-list 2 ip address 192.168.2.2 # Specify to return reachable as the detecting result if one of the two IP addresses is reachable.
Page 220 Operation Manual – Auto Detect H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation Chapter 2 Auto Detect Implementation 2.1 Introduction The results of auto detect operations (reachable or unreachable) can be used to trigger other functions, such as:...
Page 221 Operation Manual – Auto Detect H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation Table 2-1 Configure the auto detect function for a static route Operation Command Description Enter system view system-view — ip route-static ip-address { mask |...
Page 222 Operation Manual – Auto Detect H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation [H3C-detect-group-8] detect-list 1 ip address 10.1.1.4 nexthop 192.168.1.2 [H3C-detect-group-8] quit # Enable the static route when the detecting group is reachable. Disable the static route when the detecting group is unreachable.
Page 223 Operation Manual – Auto Detect H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation 2.3.2 Configuration Example I. Network requirements Switch B and switch D form VRRP backup group 1, whose virtual IP address is 192.168.1.10. Packets sourced from Switch A and destined for Switch C is forwarded by Switch B under normal situations.
Page 224 # Set the backup group priority of switch B to 110, and specify to decrease the priority by 20 when the result of detecting group 9 is unreachable. [H3C-Vlan-interface1] vrrp vrid 1 priority 110 [H3C-Vlan-interface1] vrrp vrid 1 track detect-group 9 reduced 20 Configure Switch D. # Assign an IP address to VLAN 1 interface.
Page 225 Operation Manual – Auto Detect H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation 2.4.1 Configuring the Auto Detect Function for VLAN Interface Backup Note: You need to create the detecting group and perform configurations concerning VLAN interfaces before the following operations.
Page 226 Operation Manual – Auto Detect H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation II. Network diagram 192.168.1.2 192.168.1.2/24 192.168.1.2 192.168.1.2/24 192.168.1.2 192.168.1.2/24 192.168.1.2 192.168.1.2/24 10.1.1.3 10.1.1.3/24 10.1.1.3 10.1.1.3/24 10.1.1.3 10.1.1.3/24 10.1.1.3 10.1.1.3/24 VLAN 1 VLAN 1 VLAN 1...
Page 227 IP address, with the IP address of 192.168.1.2 as the next hop, and the detecting number set to 1. [H3C-detect-group-10] detect-list 1 ip address 10.1.1.4 nexthop 192.168.1.2 [H3C-detect-group-10] quit # Specify to enable VLAN 2 interface when the result of detecting group 10 is unreachable.
Page 228 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 MSTP Configuration ....................1-1 1.1 MSTP Overview ......................... 1-1 1.1.1 MSTP Protocol Data Unit ..................1-1 1.1.2 Basic MSTP Terminologies..................1-2 1.1.3 Principle of MSTP....................1-5 1.1.4 MSTP Implementation on Switches ................
Page 229 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents 1.5.2 Configuration Prerequisites................... 1-35 1.5.3 Configuring BPDU Protection................1-35 1.5.4 Configuring Root Protection .................. 1-35 1.5.5 Configuring Loop Prevention................. 1-36 1.5.6 Configuring TC-BPDU Attack Prevention ............. 1-37 1.5.7 Configuring the Function of Dropping BPDU Packets ..........
Page 230 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Chapter 1 MSTP Configuration 1.1 MSTP Overview Spanning tree protocol (STP) cannot enable Ethernet ports to transit their states rapidly. It costs two times of the forward delay for a port to turn to the forwarding state even if the port is on a point-to-point link or the port is an edge port.
Page 231 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.1.2 Basic MSTP Terminologies Figure 1-1 illustrates basic MSTP terms (assuming that MSTP is enabled on each switch in this figure). Region A0 Region A0 CIST: Common and Internal...
Page 232 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration III. VLAN mapping table A VLAN mapping table is a property of an MST region. It contains information about how VLANs are mapped to MSTIs. For example, in Figure 1-1, the VLAN mapping table of region A0 is: VLAN 1 is mapped to MSTI 1;...
Page 233 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration A master port connects an MST region to the common root. The path from the master port to the common root is the shortest path between the MST region and the common root.
Page 234 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Forwarding state: Ports in this state can forward user packets and receive/send BPDU packets. Learning state: Ports in this state can receive/send BPDU packets. Discarding state: Ports in this state can only receive BPDU packets.
Page 235 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Each switch sends out its configuration BPDUs and operates in the following way when receiving a configuration BPDU on one of its ports from another switch:...
Page 236 MSTP is compatible with both STP and RSTP. That is, MSTP-enabled switches can recognize the protocol packets of STP and RSTP and use them for spanning tree calculation. In addition to the basic MSTP functions, H3C series switches also provide the following functions for the convenience of users to manage their switches:...
Page 237 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Operation Description Related section Section 1.2.6 Configure MSTP Optional “Configuring the MSTP operation mode Operation Mode” Section 1.2.7 Configure the maximum “Configuring Optional hops of MST region Maximum Hops of MST Region”...
Page 238 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.2.2 Configuring the MST Region I. Configuration procedure Table 1-3 Configure an MST region Operation Command Description Enter system view — system-view Enter MST region view —...
Page 239 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Note: Switches belong to the same MST region only when they have the same MST region name, VLAN mapping table, and MSTP revision level. II. Configuration example # Configure an MST region, with the name being “info”, the MSTP revision level being...
Page 240 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Operation Command Description stp [ instance instance-id ] root Specify the current switch primary bridge-diameter as the root bridge of a Required bridgenumber hello-time specified spanning tree centi-seconds ] II.
Page 241 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Note: You can configure a switch as the root bridges of multiple spanning tree instances. But you cannot configure two or more root bridges for one spanning tree instance.
Page 242 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Caution: Once you specify a switch as the root bridge or a secondary root bridge by using the stp root primary or stp root secondary command, the bridge priority of the switch cannot be configured any more.
Page 243 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration I. Configuration procedure Table 1-7 Configure MSTP packet format for the port Operation Command Description Enter system view — system-view interface interface-type Enter Ethernet port view —...
Page 244 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration I. Configuration procedure Table 1-8 Configure the MSTP operation mode Operation Command Description Enter system view — system-view Required Configure MSTP stp mode { stp | rstp |...
Page 245 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration The bigger the maximum hops are in an MST region, the larger the MST region is. Note that only the maximum hop settings on the switch operating as a region root can limit the size of the MST region.
Page 246 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Link failures in a network result in the spanning tree recalculation and spanning tree structure change. As the newly calculated configuration BPDUs cannot be advertised across the entire network immediately when the new spanning trees are calculated, temporary loops may occur if the new root ports and designated ports begin to forward packets immediately.
Page 247 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Caution: The forward delay parameter and the network diameter are correlated. Normally, a large network diameter corresponds to a large forward delay. A too small forward delay parameter may result in temporary redundant paths.
Page 248 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration its upstream switch faulty if the former does not receive any protocol packets from the latter in a period three times of the hello time and then initiates the spanning tree recalculation process.
Page 249 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration I. Configure the maximum transmitting speed for specified ports in system view Table 1-13 Configure the maximum transmitting speed for specified ports in system view Operation...
Page 250 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.2.12 Configuring the Current Port as an Edge Port Edge ports are ports that neither directly connects to other switches nor indirectly connects to other switches through network segments. After a port is configured as an edge port, the rapid transition mechanism is applicable to the port.
Page 251 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration III. Configuration example # Configure Ethernet1/0/1 as an edge port. Configure Ethernet1/0/1 as an edge port in system view. <H3C> system-view [H3C] stp interface Ethernet1/0/1 edged-port enable Configure Ethernet1/0/1 as an edge port in Ethernet port view.
Page 252 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration II. Specify whether the link connected to a port is point-to-point link in Ethernet port view Table 1-18 Specify whether the link connected to a port is point-to-point link in Ethernet...
Page 253 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration [H3C] stp interface Ethernet1/0/1 point-to-point force-true Perform this configuration in Ethernet port view. <H3C> system-view [H3C] interface Ethernet1/0/1 [H3C-Ethernet1/0/1] stp point-to-point force-true 1.2.14 Enabling the MSTP Feature I.
Page 254 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Operation Command Description Optional default, MSTP enabled on all ports after enable MSTP system view. To enable a switch to Disable the MSTP feature operate more flexibly, you...
Page 255 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Operation Description Related section Section 1.2.2 Configure the MST region Required “Configuring Region” Section 1.2.5 Configure MSTP “Configuring the MSTP Optional operation mode Packet Format” Section 1.2.10...
Page 256 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.3.3 Configuring the MSTP Operation Mode Refer to section 1.2.6 “Configuring the MSTP Operation Mode”. 1.3.4 Configuring the Timeout Time Factor Refer to section 1.2.10 “Configuring the Timeout Time Factor”.
Page 257 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Table 1-23 Transmission speeds and the corresponding path costs Operation Transmissio mode Proprietary 802.1D-1998 IEEE 802.1t n speed standard (half-/full-dup lex) 65,535 200,000,000 200,000 — Half-duplex/F...
Page 258 # Configure the path cost of Ethernet1/0/1 in spanning tree instance 1 to be 2,000. Perform this configuration in system view. <H3C> system-view [H3C] stp interface Ethernet1/0/1 instance 1 cost 2000 Perform this configuration in Ethernet port view. <H3C> system-view...
Page 259 # Configure the path cost of Ethernet1/0/1 in spanning tree instance 1 to be calculated by the MSTP-enabled switch according to the IEEE 802.1D-1998 standard. Perform this configuration in system view. <H3C> system-view [H3C] undo stp interface Ethernet1/0/1 instance 1 cost [H3C] stp pathcost-standard dot1d-1998 Perform this configuration in Ethernet port view. <H3C> system-view...
Page 260 # Configure the port priority of Ethernet1/0/1 in spanning tree instance 1 to be 16. Perform this configuration in system view. <H3C> system-view [H3C] stp interface Ethernet1/0/1 instance 1 port priority 16 Perform this configuration in Ethernet port view. <H3C> system-view...
Page 261 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration mode. In this case, you can force the port to transit to the MSTP mode by performing the mCheck operation on the port. Similarly, a port on an RSTP-enabled switch operating as an upstream switch turns to the STP-compatible mode when it has an STP-enabled switch connected to it.
Page 262 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Perform this configuration in Ethernet port view. <H3C> system-view [H3C] interface Ethernet1/0/1 [H3C-Ethernet1/0/1] stp mcheck 1.5 Configuring Protection Function 1.5.1 Introduction The following protection functions are available on an MSTP-enabled switch: BPDU protection, root protection, loop prevention, and TC-BPDU attack prevention.
Page 263 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration III. Loop prevention A switch maintains the states of the root port and other blocked ports by receiving and processing BPDUs from the upstream switch. These BPDUs may get lost because of network congestions or unidirectional link failures.
Page 264 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration and forward any BPDU packets. In this way, the switch is protected again the BPDU packet attack so that the STP calculation is assured to be right.
Page 265 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Operation Command Description Required interface Enable the root protection interface-list The root protection function function on specified ports root-protection is disabled by default. Table 1-32 Enable the root protection function in Ethernet port view...
Page 266 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration II. Configuration example # Enable the loop prevention function on Ethernet1/0/1. <H3C> system-view [H3C] interface Ethernet1/0/1 [H3C-Ethernet1/0/1] stp loop-protection 1.5.6 Configuring TC-BPDU Attack Prevention I. Configuration procedure...
Page 267 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.6 Configuring Digest Snooping 1.6.1 Introduction According to IEEE 802.1s, two interconnected switches can interwork with each other through MSTIs in an MST region only when the two switches have the same MST region-related configuration.
Page 268 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration II. Configuration procedure Table 1-36 Configure digest snooping Operation Command Description Enter system view — system-view interface interface-type Enter Ethernet port view — interface-number Required Enable...
Page 269 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.7 Configuring Rapid Transition 1.7.1 Introduction Designated ports of RSTP-enabled or MSTP-enabled switches use the following two types of packets to implement rapid transition: Proposal packets: Packets sent by designated ports to request rapid transition...
Page 270 RSTP in the way to implement rapid transition on designated ports. When a switch of this kind operating as the upstream switch connects with a H3C series switch running MSTP, the upstream designated port fails to change its state rapidly.
Page 271 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Other manufacturers Switch Other manufacturers Switch Port 1 Port 1 Port 2 Port 2 H3C Switch H3C Switch Figure 1-5 Network diagram for rapid transition configuration II.
Page 272 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Note: The rapid transition feature can be enabled on only root ports or alternate ports. If you configure the rapid transition feature on a designated port, the feature does not take effect on the port.
Page 273 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.8.2 Configuring VLAN-VPN tunnel Table 1-39 Configure VLAN-VPN tunnel Operation Command Description Enter system view — system-view Enable MSTP globally — stp enable Enable the VLAN-VPN...
Page 274 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.10 MSTP Configuration Example I. Network requirements Implement MSTP in the network shown in Figure 1-7 to enable packets of different VLANs to be forwarded along different spanning tree instances. The detailed configurations are as follows: All switches in the network belong to the same MST region.
Page 275 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration # Configure the MST region. [H3C-mst-region] region-name example [H3C-mst-region] instance 1 vlan 10 [H3C-mst-region] instance 3 vlan 30 [H3C-mst-region] instance 4 vlan 40 [H3C-mst-region] revision-level 0 # Activate the settings of the MST region manually.
Page 276 1.11 VLAN-VPN tunnel Configuration Example I. Network requirements S3600 series Ethernet switches operate as the access devices of the operator’s network, that is, Switch C and Switch D in the network diagram. S3100 series switches operate as the access devices of the user’s network, that is, Switch A and Switch B in the network diagram.
Page 277 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration III. Configuration procedure Configure Switch A # Enable MSTP. <H3C> system-view [H3C] stp enable # Add Ethernet 1/0/1 to VLAN 10. [H3C] vlan 10 [H3C-Vlan10] port Ethernet 1/0/1 Configure Switch B # Enable MSTP.
Page 278 Operation Manual – MSTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Configure Switch D # Enable MSTP. <H3C> system-view [H3C] stp enable # Enable the VLAN-VPN tunnel function. [H3C] vlan-vpn tunnel # Add Ethernet1/0/2 to VLAN 10.
Page 279 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 IP Routing Protocol Overview ..................1-1 1.1 Introduction to IP Route and Routing Table ..............1-1 1.1.1 IP Route and Route Segment ................. 1-1 1.1.2 Route Selection through the Routing Table ............
Page 280 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents 4.1.1 Introduction to OSPF....................4-1 4.1.2 OSPF Route Calculation ..................4-2 4.1.3 Basic OSPF Concepts .................... 4-2 4.1.4 OSPF Network Type ....................4-4 4.1.5 OSPF Packets......................4-6 4.1.6 LSA Types.......................
Page 281 Chapter 6 Route Capacity Configuration ..................6-1 6.1 Route Capacity Configuration Overview................6-1 6.1.1 Introduction......................6-1 6.1.2 Route Capacity Limitation on the S3600 Series ............. 6-1 6.2 Route Capacity Configuration.................... 6-2 6.2.1 Configuring the Lower Limit and the Safety Value of the Switch Memory ....6-2 6.2.2 Enabling/Disabling Automatic Protocol Recovery...........
Page 282 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IP Routing Protocol Overview Chapter 1 IP Routing Protocol Overview Note: When running a routing protocol, the Ethernet switch also functions as a router. The word “router” and the router icons covered in the following text represent routers in common sense and Ethernet switches running a routing protocol.
Page 283 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IP Routing Protocol Overview Route Segment Host A Host C Host B Figure 1-1 Route segment The number of route segments on the path between a source and destination can be used to measure the "length"...
Page 284 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IP Routing Protocol Overview “logical AND” between destination address and network mask, you can get the address of the network segment where the destination host or router resides. For example, if the destination address is 129.102.8.10 and the mask is 255.255.0.0,...
Page 285 12.0.0.0 Figure 1-2 Routing table The H3C S3600 Series Ethernet Switches (hereinafter referred to as S3600 series) support the configuration of static routes as well as a series of dynamic routing protocols such as RIP and OSPF. Moreover, the switches in operation can automatically obtain some direct routes according to interface status and user configuration.
Page 286 II. Route backup The S3600 series support route backup. When the primary route fails, the system automatically switches to a backup route to improve network reliability. To achieve route backup, you can configure multiple routes to the same destination according to actual situation.
Page 287 As the algorithms of various routing protocols are different, different routing protocols may discover different routes. This brings about the problem of how to share the discovered routes between routing protocols. The S3600 series can import (with the import-route command) the routes discovered by one routing protocol to another routing protocol.
Page 288 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Static Route Configuration Chapter 2 Static Route Configuration Note: When running a routing protocol, the Ethernet switch also functions as a router. The word “router” and the router icons covered in the following text represent routers in common sense and Ethernet switches running a routing protocol.
Page 289 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Static Route Configuration 2.1.2 Default Route A default route is a special route. You can manually configure a default route by using a static route. Some dynamic routing protocols, such as OSPF, can automatically generate a default route.
Page 290 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Static Route Configuration Note: If the destination IP address and the mask of a route are both 0.0.0.0, the route is the default route. Any packet for which the router fails to find a matching entry in the routing table will be forwarded through the default route.
Page 291 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Static Route Configuration 2.4 Static Route Configuration Example I. Network requirements As shown in Figure 2-1, the masks of all the IP addresses in the figure are 255.255.255.0.
Page 292 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Static Route Configuration # Configure the default gateway of Host B to 1.1.4.1. Detailed configuration procedure is omitted. # Configure the default gateway of Host C to 1.1.1.1. Detailed configuration procedure is omitted.
Page 293 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Chapter 3 RIP Configuration Note: When running a routing protocol, the Ethernet switch also functions as a router. The word “router” and the router icons covered in the following text represent routers in common sense and Ethernet switches running a routing protocol.
Page 294 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Routing time: Time elapsed after the routing entry is updated last time. This time is reset to 0 whenever the routing entry is updated. III. RIP timers As defined in RFC 1058, RIP is controlled by three timers: Period update, Timeout, and Garbage-collection.
Page 295 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration 3.2 RIP Configuration Tasks Table 3-1 RIP configuration tasks Configuration task Description Related section Section 3.3.2 I. “Enabling RIP globally and on the Enabling RIP...
Page 296 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Configuration task Description Related section Configuring Section 3.5.2 Optional timers “Configuring RIP timers” Configuring split Section 3.5.2 Optional horizon “Configuring split horizon” Configuring RIP-1 Section 3.5.2...
Page 297 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Note: Related RIP commands configured in interface view can take effect only after RIP is enabled. RIP operates on the interface of a network segment only when it is enabled on the interface.
Page 298 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration 3.4 RIP Route Control In actual implementation, it may be needed to control RIP routing information more accurately to accommodate complex network environments. By performing the...
Page 299 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Operation Command Description Optional additional routing metric to be By default, the additional routing rip metricout value added for outgoing RIP metric added for outgoing routes routes on this interface on an interface is 1.
Page 300 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Table 3-7 Disable the receiving of host route Operation Command Description Enter system view system-view — Enter RIP view — Optional Disable the receiving of...
Page 301 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Note: The filter-policy import command filters the RIP routes received from neighbors, and the routes being filtered out will neither be added to the routing table nor be advertised to any neighbors.
Page 302 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Operation Command Description Optional When Set the default cost for import-route command RIP to import routes default cost value without specifying the cost of from other protocols imported routes, the default cost you set here will be used.
Page 303 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Note: When configuring the values of RIP timers, you should take network performance into consideration and perform consistent configuration on all routers running RIP to avoid unnecessary network traffic and network route oscillation.
Page 304 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration IV. Setting RIP-2 packet authentication mode RIP-2 supports two authentication modes: simple authentication and MD5 authentication. Simple authentication cannot provide complete security, because the authentication keys sent along with packets that are not encrypted.
Page 305 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration 3.6 Displaying and Maintaining RIP Configuration After the above configuration, you can use the display command in any view to display the running status of RIP and verify the RIP configuration. You can use the reset command in RIP view to reset the system configuration related to RIP.
Page 306 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration III. Configuration procedure Note: Only the configuration related to RIP is listed below. Before the following configuration, make sure the Ethernet link layer works normally and the IP addresses of VLAN interfaces are configured correctly.
Page 307 When running a routing protocol, the Ethernet switch also functions as a router. The words “router” and the router icons covered in the following text represent routers in common sense and Ethernet switches running a routing protocol. Among S3600 series, only S3600-EI series support OSPF protocol. 4.1 OSPF Overview 4.1.1 Introduction to OSPF Open shortest path first (OSPF) is a link state-based interior gateway protocol developed by IETF.
Page 308 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration 4.1.2 OSPF Route Calculation Taking no account of area partition, the routing calculation process of the OSPF protocol is as follows: Each OSPF-capable router maintains a link state database (LSDB), which describes the topology of the whole AS.
Page 309 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration II. Area If all the routers on an ever-growing huge network run OSPF, the large number of routers will result in an enormous LSDB, which will consume an enormous storage space, complicate the running of SPF algorithm, and increase CPU load.
Page 310 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration For example, in Figure 4-1, there are three intra-area routes in Area 19: 19.1.1.0/24, 19.1.2.0/24, and 19.1.3.0/24. If route summary is configured, the three routes are aggregated into one route 19.1.0.0/16, and only one corresponding LSA, which...
Page 311 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Some special configurations need to be done on an NBMA network. In an NBMA network, an OSPF router cannot discover an adjacent router by broadcasting Hello packets.
Page 312 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration In Figure 4-2, the solid lines represent physical Ethernet connections and the dotted lines represent adjacencies established. The figure shows that, with the DR/BDR mechanism adopted, seven adjacencies suffice among the five routers.
Page 313 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration I. Hello packet: Hello packets are most commonly used OSPF packets, which are periodically sent by a router to its neighbors. A Hello packet contains the values of some timers, the DR, the BDR and the known peers.
Page 314 LSAs into Type-5 LSAs and advertise the Type-5 LSAs. Type-7 LSAs are not directly advertised to other areas (including the backbone area). 4.1.7 OSPF Features S3600 series support the following OSPF features: Stub area: Stub area is defined to reduce the cost for the routers in the area to receive ASE routes.
Page 315 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration 4.2 OSPF Configuration Tasks Table 4-1 OSPF configuration tasks Related Configuration task Description section Basic OSPF configuration Required OSPF area attribute configuration Optional Configuring the network Optional 4.5.2...
Page 316 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Related Configuration task Description section Configuring OSPF timers Optional 4.7.2 Configuring Optional 4.7.3 transmission delay Configuring Optional 4.7.4 calculation interval Disabling OSPF packet transmission Optional 4.7.5...
Page 317 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration AS. A common practice is to set the router ID to the IP address of an interface on the router. Enabling OSPF Comware supports multiple OSPF processes. To enable multiple OSPF processes on a router, you need to specify different process IDs.
Page 318 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Note: In router ID selection, the priorities of the router IDs configured with the ospf [ process-id [ router-id router-id ] ] command, the router id command, and the priorities of the router IDs automatically selected are in a descending order.
Page 319 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration 4.4.2 Configuring OSPF Area Attributes Table 4-3 Configure OSPF area attributes Operation Command Description Enter system view system-view — ospf process-id Enter OSPF view —...
Page 320 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration However, in many cases, this cannot be implemented and you need to use a command to change the network type forcibly. Configure the interface type as P2MP if not all the routers are directly accessible on an NBMA network.
Page 321 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration 4.5.3 Configuring an NBMA Neighbor Some special configurations need to be done on an NBMA network. Since an NBMA interface cannot discover the adjacent router by broadcasting Hello packets, you must manually specify the IP address of the adjacent router for the interface and whether the adjacent router has the right to vote.
Page 322 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Note: The DR priorities configured by the ospf dr-priority command and the peer command have different purpose: The priority set with the ospf dr-priority command is used for actual DR election.
Page 323 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Operation Command Description Required abr-summary This command takes effect only Enable ABR route ip-address mask when it is configured on an ABR. summary advertise By default, this function is disabled not-advertise ] on an ABR.
Page 324 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration 4.6.4 Configuring the Cost for Sending Packets on an OSPF Interface Table 4-10 Configure the cost for sending packets on an OSPF interface Operation Command...
Page 325 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Operation Command Description ospf process-id Enter OSPF view Required [ router-id router-id ] ] Configure maximum number of OSPF equal-cost multi-path-number value Optional routes 4.6.7 Configuring OSPF to Import External Routes...
Page 326 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Operation Command Description Optional Configure the default type By default, the type of of external routes that default type { 1 | 2 } imported external routes OSPF will import is Type-2.
Page 327 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration 4.7.2 Configuring OSPF Timers The Hello intervals for OSPF neighbors must be consistent. The value of Hello interval is in inverse proportion to route convergence speed and network load.
Page 328 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Note: Default Hello and Dead timer values will be restored once the network type is changed. Do not set an LSA retransmission interval that is too short. Otherwise, unnecessary retransmission will occur.
Page 329 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Operation Command Description Optional Configure the SPF spf-schedule-interval default, calculation interval interval calculation interval is five seconds. 4.7.5 Disabling OSPF Packet Transmission on an Interface...
Page 330 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration 4.7.6 Configuring OSPF Authentication Table 4-18 Configure OSPF authentication Operation Command Description Enter system view system-view — ospf process-id Enter OSPF view Required [ router-id router-id ] ]...
Page 331 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Table 4-19 Configure to fill the MTU field when an interface transmits DD packets Operation Command Description Enter system view system-view — Enter Ethernet interface...
Page 332 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Operation Command Description snmp-agent trap enable ospf [ process-id ] [ ifauthfail | Optional ifcfgerror ifrxbadpkt You can configure OSPF ifstatechange | iftxretransmit | to send diversified SNMP...
Page 333 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Table 4-22 Display and maintain configuration Operation Command Description Display brief information display ospf [ process-id ] about one or all OSPF brief processes display ospf [ process-id ]...
Page 334 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration 4.9 OSPF Configuration Example 4.9.1 Configuring DR Election Based on OSPF Priority I. Network requirements Four S3600 switches, SwitchA, SwitchB, SwitchC, and SwitchD, which run OSPF, are on the same segment, as shown in Figure 4-3.
Page 335 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration [SwitchB-Vlan-interface1] quit [SwitchB] router id 2.2.2.2 [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255 # Configure SwitchC. <SwitchC> system-view [SwitchC] interface Vlan-interface 1 [SwitchC-Vlan-interface1] ip address 196.1.1.3 255.255.255.0...
Page 336 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration If all Ethernet Switches on the network are removed from and then added to the network again, SwitchB will be elected as the DR (with a priority of 200), and SwitchA will be the BDR (with a priority of 100).
Page 337 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration [SwitchB-Vlan-interface1] ip address 196.1.1.2 255.255.255.0 [SwitchB-Vlan-interface1] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] ip address 197.1.1.2 255.255.255.0 [SwitchB-Vlan-interface2] quit [SwitchB] router id 2.2.2.2 [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255...
Page 338 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Use the display ospf interface command to view the OSPF information on an interface. Check whether the physical connection is correct and the lower layer protocol operates normally.
Page 339 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration A virtual link cannot pass through a stub area. The backbone area (Area 0) cannot be configured as a stub area. So, if a virtual link has been set up between RTB and RTC, neither Area 1 nor Area 0 can be configured as a stub area.
Page 340 The matching rules can be set in advance and then used in the routing policies to advertise, receive, and import routes. The S3600 series provide three kinds of filters (Route-policy, ACL, and ip-prefix), which can be referenced by routing protocols. The following sections introduce these filters.
Page 341 II. ACL The S3600 series support four types of ACLs: advanced, basic, user-defined, and layer 2 ACLs. Normally, a basic ACL is used to filter routing information. You can specify a range of IP addresses or subnets when defining a basic ACL so as to match the destination network segment addresses or next-hop addresses of routing information.
Page 342 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 5 IP Routing Policy Configuration Related Configuration task Description section ip-prefix configuration — Displaying IP routing policy — 5.3 Route-Policy Configuration A route-policy is used to match given routing information or some attributes of routing information and change the attributes of the routing information if the conditions are met.
Page 343 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 5 IP Routing Policy Configuration Note: The permit argument specifies the matching mode for a defined node in the route-policy to be in permit mode. If a route matches the rules for the node, the apply clauses for the node will be executed and the test of the next node will not be taken.
Page 344 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 5 IP Routing Policy Configuration Operation Command Description Optional Define rule if-match ip next-hop { acl By default, no matching is match the next-hop acl-number ip-prefix performed on the next-hop...
Page 345 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 5 IP Routing Policy Configuration 5.4.1 Configuration Prerequisites Before configuring a filter list, prepare the following data: ip-prefix name Range of addresses to be matched Extended community attribute list number 5.4.2 Configuring an ip-prefix list...
Page 346 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 5 IP Routing Policy Configuration 5.5 Displaying IP Routing Policy After the above configuration, execute the display command in any view to display and verify the routing policy configuration.
Page 347 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 5 IP Routing Policy Configuration [SwitchA-Vlan-interface100] ip address 10.0.0.1 255.0.0.0 [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] ip address 12.0.0.1 255.0.0.0 [SwitchA-Vlan-interface200] quit # Configure three static routes.
Page 348 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 5 IP Routing Policy Configuration [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 10.0.0.0 0.255.255.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit # Display the OSPF routing table on SwitchB and check if route policy takes effect.
Page 349 However, upgrading may not always solve the problem. To solve this problem, the S3600 series provide a mechanism to control the size of the routing table; that is, monitoring the free memory in the system to determine whether to add new routes to the routing table and whether to keep the connection of a routing protocol.
Page 350 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 6 Route Capacity Configuration When the free memory of the switch is equal to or lower than the lower limit, OSPF connection will be disconnected and OSPF routes will be removed from the routing table.
Page 351 Operation Manual – Routing Protocol H3C S3600 Series Ethernet Switches-Release 1510 Chapter 6 Route Capacity Configuration Table 6-3 Disable automatic protocol recovery Operation Command Description Enter system view system-view — Optional Disable automatic protocol memory auto-establish default, automatic recovery disable...
Page 352 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Multicast Overview ...................... 1-1 1.1 Multicast Overview......................1-1 1.1.1 Information Transmission in the Unicast Mode............1-1 1.1.2 Information Transmission in the Broadcast Mode........... 1-2 1.1.3 Information Transmission in the Multicast Mode.............
Page 353 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents 4.3 Displaying and Maintaining Multicast MAC Address ............4-2 Chapter 5 Unknown Multicast Packet Drop Configuration ............5-1 5.1 Overview ..........................5-1 5.2 Unknown Multicast Packet Drop Configuration ..............5-1 Chapter 6 IGMP Configuration .....................
Page 354 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents 7.6.2 PIM-SM Configuration Example................7-21 7.7 Troubleshooting PIM......................7-24 Chapter 8 MSDP Configuration....................8-1 8.1 Overview ..........................8-1 8.1.1 MSDP Working Mechanism ..................8-4 8.2 Configuring MSDP Basic Functions................... 8-6 8.2.1 Configuration Prerequisites..................
Page 355 Chapter 1 Multicast Overview Note: Among S3600 series Ethernet switches, S3600-EI series support all the multicast protocols listed in this manual, while S3600-SI series only support IGMP Snooping. When running IP multicast protocols, Ethernet switches also provide the functions of routers.
Page 356 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview User A User A User B User B Unicast Unicast Unicast User C User C User D User D Server Server Server User E User E Figure 1-1 Information transmission in the unicast mode Assume that users B, D and E need this information.
Page 357 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview the same network need the information, the utilization ratio of the network resources is very low and the bandwidth resources are greatly wasted. Therefore, broadcast is disadvantageous in transmitting data to specified users;...
Page 358 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview In the multicast mode, network components can be divided in to the following roles: An information sender is referred to as a multicast source. Multiple receivers receiving the same information form a multicast group. Multicast group is not limited by physical area.
Page 359 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview II. Application of multicast The multicast technology effectively addresses the issue of point-to-multipoint data transmission. By enabling high-efficiency point-to-multipoint data transmission, over an IP network, multicast greatly saves network bandwidth and reduces network load.
Page 360 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview Addressing mechanism: Information is sent from a multicast source to a group of receivers through multicast addresses. Host registration: A receiving host joins and leaves a multicast group dynamically to implement membership registration.
Page 361 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview A multicast group whose addresses are assigned by IANA is a permanent multicast group. It is also called reserved multicast group. Note that: The IP addresses of a permanent multicast group keep unchanged, while the members of the group can be changed.
Page 362 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview Class D address range Description 224.0.0.7 Shared tree routers 224.0.0.8 Shared tree hosts 224.0.0.9 RIP-2 routers 224.0.0.11 Mobile agents 224.0.0.12 DHCP server/relay agent 224.0.0.13 All protocol independent multicast (PIM) routers 224.0.0.14...
Page 363 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview Figure 1-5 Mapping relationship between multicast IP address and multicast MAC address The high-order four bits of the IP multicast address are 1110, representing the multicast ID.
Page 364 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview II. Multicast routing protocols A multicast routing protocol operates between multicast routers to establish and maintain multicast routes and forward multicast packets accurately and effectively. A multicast route establishes a loop-free data transport path from a data source to multiple receivers.
Page 365 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Chapter 2 IGMP Snooping Configuration 2.1 Overview 2.1.1 IGMP Snooping Fundamentals Internet group management protocol snooping (IGMP Snooping) is a multicast control mechanism running on Layer 2 switches. It is used to manage and control multicast groups.
Page 366 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Multicast packet transmission Multicast packet transmission Multicast packet transmission Multicast packet transmission without IGMP Snooping without IGMP Snooping when IGMP Snooping runs when IGMP Snooping runs...
Page 367 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration II. Layer 2 multicast with IGMP Snooping The switch runs IGMP Snooping to listen to IGMP messages, based on which the multicast forward table is established.
Page 368 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Recei Purpo Switch action sage If yes, add the IP multicast group address to the MAC multicast group table. yes, If not, add the yes,...
Page 369 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Recei Purpo Switch action sage If no response is received from the port before the timer times out, the switch will check whether the port...
Page 370 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Caution: An IGMP-Snooping-enabled S3600 Ethernet switch judges whether the multicast group exists when it receives an IGMP leave packet sent by a host in a multicast group.
Page 371 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Table 2-5 Enable IGMP Snooping Operation Command Description Enter system view system-view — Required Enable IGMP Snooping default, IGMP igmp-snooping enable globally Snooping disabled globally.
Page 372 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Operation Command Description Optional igmp-snooping Configure query By default, the query max-response-time response timer response timeout time is seconds 10 seconds. Optional Configure the aging timer...
Page 373 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Operation Command Description Required Enable the fast leave from igmp-snooping By default, the fast leave the multicast groups of fast-leave vlan from the multicast group...
Page 374 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Operation Command Description Optional igmp-snooping You can configure the ACL to Configure group-policy filter IP addresses multicast filtering acl-number vlan corresponding multicast group. feature on the port...
Page 375 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Table 2-11 Configure IGMP Snooping querier Operation Command Description Enter system view system-view — Required Enable IGMP IGMP Snooping Snooping feature igmp-snooping enable feature is disabled by system view default.
Page 376 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Table 2-12 Configure multicast VLAN on Layer 3 switch Operation Command Description Enter system view system-view — Create a multicast VLAN Create multicast vlan vlan-id and enter VLAN view VLAN to be configured.
Page 377 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Operation Command Description Define the port as a trunk port link-type { trunk | — or hybrid port hybrid } port hybrid vlan vlan-list Specify the VLANs to be...
Page 378 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Table 2-14 Display information about IGMP Snooping Operation Command Description Display the current IGMP display igmp-snooping Snooping configuration configuration execute Display IGMP Snooping display igmp-snooping...
Page 379 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration <H3C> system-view [H3C] igmp-snooping enable # Enable IGMP Snooping on VLAN 10 where no Layer 3 multicast protocol is enabled. [H3C] vlan 10 [H3C-vlan10] igmp-snooping enable 2.4.2 Example 2...
Page 380 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration II. Network diagram Figure 2-4 Network diagram for multicast VLAN configuration III. Configuration procedure The following configuration is based on the prerequisite that the devices are properly connected and all the required IP addresses are already configured.
Page 381 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration [SwitchA] vlan 3 [SwitchA-vlan3] quit [SwitchA] interface Ethernet 1/0/6 [SwitchA-Ethernet1/0/6] port hybrid vlan 3 # Define Ethernet1/0/10 as a hybrid port, add the port to VLAN 2, VLAN 3, and VLAN 10, and configure the port to include VLAN tags in its outbound packets of VLAN 2, VLAN 3, and VLAN 10.
Page 382 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration # Define Ethernet1/0/2 as a hybrid port, add the port to VLAN 3 and VLAN 10, and configure the port to exclude VLAN tags in its outbound packets of VLAN 3 and VLAN 10, and set VLAN 3 as the default VLAN of the port.
Page 383 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Common Multicast Configuration Chapter 3 Common Multicast Configuration 3.1 Overview Common multicast configuration tasks are the common contents of multicast group management protocol and multicast routing protocol. You must enable the common multicast configuration on the switch before enabling the two protocols.
Page 384 256 Note: To guard against attacks on any socket not in use, S3600 series provide the following functions to achieve enhanced security: The system opens RAW Socket used by multicast routing only if multicast routing is enabled.
Page 385 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Common Multicast Configuration 3.2.2 Configuring Suppression on the Multicast Source Port I. Configure suppression on the multicast source port in system view Table 3-3 Configure suppression on the multicast source port in system view...
Page 386 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Common Multicast Configuration Operation Command Description reset multicast routing-table { all | { group-address [ mask { group-mask | Clear the route Clear the route group-mask-length } ] | source-address...
Page 387 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Common Multicast Configuration Operation Command Description display multicast routing-table [ group-address [ mask group-mask Display mask-length information about source-address [ mask multicast group-mask routing table mask-length incoming-interface interface-type...
Page 388 Operation Manual – Multicast Chapter 4 Multicast MAC Address Entry H3C S3600 Series Ethernet Switches-Release 1510 Configuration Chapter 4 Multicast MAC Address Entry Configuration 4.1 Overview In Layer 2 multicast, the system can add multicast forwarding entries dynamically through a Layer 2 multicast protocol. Alternatively, you can statically bind a port to a multicast address entry by configuring a multicast MAC address entry manually.
Page 389 Operation Manual – Multicast Chapter 4 Multicast MAC Address Entry H3C S3600 Series Ethernet Switches-Release 1510 Configuration Note: If the multicast MAC address entry to be created already exists, the system gives you a prompt. If you want to add a port to a multicast MAC address entry created through the mac-address multicast command, you need to remove the entry first, create this entry again, and then add the specified port to the forwarding ports of this entry.
Page 390 Operation Manual – Multicast Chapter 5 Unknown Multicast Packet Drop H3C S3600 Series Ethernet Switches-Release 1510 Configuration Chapter 5 Unknown Multicast Packet Drop Configuration 5.1 Overview Generally, if the multicast address of the multicast packet received on the switch is not registered on the local switch, the packet will be broadcast in the VLAN.
Page 391 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Chapter 6 IGMP Configuration 6.1 Overview 6.1.1 Introduction to IGMP Internet group management protocol (IGMP) is responsible for the management of IP multicast members. It is used to establish and maintain membership between IP hosts and their directly connected neighboring routers.
Page 392 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration querier election mechanism is required to determine which router will act as the IGMP querier on the subnet. In IGMPv1, the designated router (DR) elected by the Layer 3 multicast routing protocol (such as PIM) serves as the IGMP querier.
Page 393 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration router forwards the data to the local subnet so that the receivers on the subnet can receive the data. As IGMPv1 does not specifically define a Leave Group message, upon leaving a multicast group, an IGMPv1 host stops sending reports with the destination address being the address of that multicast group.
Page 394 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Up receiving this group-specific query, each of the other members of that group, if any, will send a membership report within the maximum response time specified in the query.
Page 395 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration On VLAN-interface2, configure VLAN-interface1 as the outbound IGMP Proxy interface to external networks. You must enable the IGMP protocol on the interface first, and then configure the igmp proxy command.
Page 396 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Operation Description Related section Section 6.2.6 "Removing the Remove the joined IGMP Optional Joined IGMP Groups from the groups from the interface Interface" 6.2.1 Configuring IGMP Version...
Page 397 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration II. IGMP group-specific packets The query router (querier for short) maintains the IGMP join packets on the interface on the shared network. After the related features are configured, the IGMP querier will send IGMP group-specific query packets at the user-defined interval for the user-defined times when it receives the IGMP leave packets from the hosts.
Page 398 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration IV. The maximum query time of IGMP packets When the host receives a query message, it will set a timer for each of its multicast groups. The timer value is selected from 0 to the maximum response time at random.
Page 399 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Caution: When there are multiple multicast routers in a network segment, the querier is responsible for sending IGMP query messages to all the hosts in the network segment.
Page 400 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Operation Command Description Optional By default, the filter is not configured, that is, any multicast group is permitted on a port. If the port keyword is...
Page 401 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Caution: If the number of joined multicast groups on the interface exceeds the user-defined limit, new groups are not allowed to join. If you configure the number of IGMP groups on the interface to 1, the new group takes precedence.
Page 402 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Operation Command Description interface interface-type Enter Ethernet port view — interface-number Optional igmp host-join Configure router ports to By default, the router port group-address vlan join a multicast group...
Page 403 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Caution: Both the multicast routing protocol and the IGMP protocol must be enabled on the proxy interface. You must enable the PIM protocol on the interface before configuring the igmp proxy command.
Page 404 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Table 6-8 Display IGMP Operation Command Description display igmp group Display the membership group-address information of the IGMP interface interface-type multicast group execute interface-number ] display command in any...
Page 405 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Chapter 7 PIM Configuration 7.1 PIM Overview Protocol independent multicast (PIM) means that the unicast routing protocols providing routes for the multicast could be static routes, RIP, OSPF, IS-IS, or BGP. The multicast routing protocol is independent of unicast routing protocols as long as unicast routing protocols can generate route entries.
Page 406 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration 7.1.2 Work Mechanism of PIM-DM The working procedure of PIM-DM is summarized as follows: Neighbor discovery SPT establishing Graft RPF check Assert mechanism I. Neighbor discovery In a PIM-DM network, a multicast router needs to use Hello messages to perform neighbor discovery and maintain the neighbor relation when it is started.
Page 407 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration User A Receiver User B Source Prune User C Multicast Receiver Prune Server User D packets Receiver User E Prune Figure 7-1 Diagram for SPT establishment in PIM-DM The above-mentioned process is called "Flooding and Pruning".
Page 408 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration V. Assert mechanism In a shared network such as Ethernet, the same packets may be sent repeatedly. For example, the LAN network segment contains multiple multicast routers, A, B, C, and D.
Page 409 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration In order that the receiver can receive the multicast data streams of the specific IGMP group, PIM-SM adopts rendezvous points (RP) to forward multicast information to all PIM-SM routers with receivers.
Page 410 Note: S3600 Series Ethernet Switches do not support DR priority. In a network containing S3600 Series Ethernet Switches, the DR is elected by IP addresses. In a PIM-SM network, DR mainly serves as the querier of IGMPv1.
Page 411 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration must be elected dynamically through the auto-election mechanism and BootStrap router (BSR) must be configured. BSR is the core management device in a PIM-SM network. It is responsible for: Collecting the Advertisement messages sent by the Candidate-RP (C-RP) in the network.
Page 412 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Only one BSR can be elected in a network or management domain, while multiple candidate BSRs (C-BSRs) can be configured. In this case, once the BSR fails, other C-BSRs can elect a new BSR through auto-election.
Page 413 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration V. Multicast source registration In order to inform RP about the existence of multicast source S, when multicast source S sends a multicast packet to the multicast group G, the router directly connected to S...
Page 414 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration 7.2 Common PIM Configuration You can configure the PIM feature of the switch in interface view. The configuration includes: Table 7-1 Configuration tasks Operation Description Related section...
Page 415 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Table 7-3 Configure the interval of sending Hello packets Operation Command Description Enter system view system-view — Enable multicast multicast Required routing protocol routing-enable Enter VLAN...
Page 416 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Operation Command Description Enter VLAN interface interface Vlan-interface — view interface-number Required Enable PIM-DM/PIM-SM Configure pim dm / pim sm on the current interface protocol type...
Page 417 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Operation Command Description reset neighbor Perform Clear PIM neighbors neighbor-address interface configuration interface-type interface-number } * } user view. 7.3 PIM-DM Configuration Perform the following configuration to configure PIM-DM. When the router runs in a PIM-DM domain, you are recommended to enable PIM-DM on all the interfaces of non-boarder routers.
Page 418 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Table 7-7 Configuration tasks Operation Description Section Configure filtering policies Section 7.4.1 "Configuring Filtering multicast Optional Policies for Multicast Source/Group" sources/groups Configure BSR/RP Optional Section 7.4.2 "Configuring BSR/RP"...
Page 419 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Operation Command Description Optional You can configure to filter the IP addresses static-rp rp-address some multicast Configure static RPs [ acl-number ] groups in ACL. By default, static RPs are not set for the switch.
Page 420 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Caution: Only one candidate BSR can be configured on a Layer 3 switch. The BSR configuration on another interface will replace the former configuration. You are recommended to configure both the candidate BSR and candidate RP on the Layer 3 switch in the backbone.
Page 421 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Operation Command Description Required Configure PIM-SM default, domain pim bsr-boundary domain boundary boundary is not set for the switch. Caution: After the PIM-SM domain boundary is set, Bootstrap messages cannot pass the boundary in any direction.
Page 422 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Operation Command Description Required You can configure to filter the IP addresses Configure to filter the some multicast register-policy registration packets from groups in ACL. acl-number...
Page 423 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Note: When you execute the spt-switch-threshold command on an S3600 Ethernet switch, the traffic-rate argument can only be set to 0. That is, the threshold can be set to 0 or infinity.
Page 424 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration 7.6 PIM Configuration Example 7.6.1 PIM-DM Configuration Example I. Network requirements Lanswitch1 is connected to Multicast Source through VLAN-interface10, to Lanswitch2 through VLAN-interface11 and to Lanswitch3 through VLAN-interface12. Through PIM-DM, multicast is implemented among Receiver 1, Receiver 2, and Multicast Source.
Page 425 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration [H3C-Vlan-interface10] pim dm [H3C-Vlan-interface10] quit [H3C] interface Vlan-interface 11 [H3C-Vlan-interface11] ip address 2.2.2.2 255.255.0.0 [H3C-Vlan-interface11] pim dm [H3C-Vlan-interface11] quit [H3C] interface Vlan-interface 12 [H3C-Vlan-interface12] ip address 3.3.3.3 255.255.0.0 [H3C-Vlan-interface12] pim dm Configure Lanswitch2.
Page 426 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Host A is the receiver of the multicast group whose multicast IP address is 225.0.0.1. Host B begins to send data to the destination 225.0.0.1 and LS_A receives the multicast data from Host B through LS_B.
Page 427 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration [H3C] interface Vlan-interface 11 [H3C-Vlan-interface11] igmp enable [H3C-Vlan-interface11] pim sm [H3C-Vlan-interface11] quit [H3C] vlan 12 [H3C-vlan12] port Ethernet 1/0/6 to Ethernet 1/0/7 [H3C-vlan12] quit [H3C] interface Vlan-interface 12...
Page 428 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration [H3C-pim] quit # Configure PIM domain boundary [H3C] interface Vlan-interface 12 [H3C-Vlan-interface12] pim bsr-boundary After VLAN-interface 12 is configured as the PIM domain boundary, LS_D cannot receive BSR information from LS_B any more;...
Page 429 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Use the display pim neighbor command to check whether the neighboring relationship is correctly established. 7-25...
Page 430 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Chapter 8 MSDP Configuration Note: Because multicast source discovery protocol (MSDP) does not support the IRF feature, MSDP cannot be configured in Fabric. Routers and router icons in this chapter represent routers in the common sense and Ethernet switches running routing protocols.
Page 431 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration user PIM-SM 2 user PIM-SM 4 Join Source PIM-SM 1 user PIM-SM 3 SA message Join MSDP peers Figure 8-1 MSDP peering relationship Note: MSDP peers are interconnected over TCP connections (through port 639). A TCP...
Page 432 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration (SPT) based on the multicast source S. However, a rendezvous point tree (RPT) exists between RP4 and receivers in the PIM-SM4 domain. Note: Through MSDP, a PIM-SM domain receiving information from the multicast source S does not rely on RPs in other PIM-SM domains;...
Page 433 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration As described above, RPs exchange information among one another through MSDP, a multicast source registers with the nearest RP, and receivers join the nearest RPT. In this way, RP load balancing can be achieved.
Page 434 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration source, the multicast group address, the address of the RP that has generated the SA message, and the first multicast data received by the RP in the PIM-SM1 domain.
Page 435 SA message and forwards it to other peers. The receiver does not accept or forward other SA messages. Note: S3600 series switches do not support inter-domain routing (BGP protocol); therefore, the fifth rule described above is adopted in RPF check. 8.2 Configuring MSDP Basic Functions...
Page 436 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Before configuring static RPF peers, you must create an MSDP peering connection. If you configure only one MSDP peer on a router, the MSDP peer will act as a static RPF peer.
Page 437 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Operation Command Description Required To establish an MSDP peer connection, must peer peer-address configure the parameters on Create an MSDP peer connect-interface both peers. The peers are...
Page 438 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Table 8-2 Configuration tasks Operation Description Related section Configure description Section 8.3.2 "Configuring information MSDP Required Description Information for MSDP peers Peers" Configure Anycast Section 8.3.3 "Configuring...
Page 439 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Operation Command Description peer peer-address Create an MSDP peer connect-interface Required connection interface-type interface-number Required Configure the RP address originating-rp default, carried interface-type address in SA messages...
Page 440 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration 8.3.5 Configuring MSDP Peer Connection Control The connection between MSDP peers can be flexibly controlled. You can disable the MSDP peering relationships temporarily by shutting down the MSDP peers. As a result, SA messages cannot be transmitted between these two peers.
Page 441 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration 8.4.1 Configuration Prerequisites Before you configure SA message transmission, perform the following tasks: Configuring a unicast routing protocol. Configuring basic IP multicast functions. Configuring basic PIM-SM functions.
Page 442 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Table 8-8 Configure the transmission and filtering of SA request messages Operation Command Description Enter system view system-view — Enter MSDP view msdp — Optional Enable SA message...
Page 443 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration 8.4.4 Configuring a Rule for Filtering Received and Forwarded SA Messages Besides the creation of source information, controlling multicast source information allows you to control the forwarding and reception of source information. You can control the reception of SA messages using the MSDP inbound filter (corresponding to the import keyword);...
Page 444 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration You can configure the number of SA entries cached in each MSDP peer on the router by executing the following command, but the number must be within the system limit.
Page 445 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Table 8-12 Display and debug MSDP configuration Operation Command Description Display brief information of MSDP display msdp brief peer state Display detailed display msdp peer-status information of MSDP...
Page 446 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration You can locate message loss and configuration errors by tracing the network path of the specified (S, G, RP) entries. Once the transmission path of SA messages is determined, correct configuration can prevent the flooding of SA messages.
Page 447 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration # Enable multicast on SwitchC and enable PIM-SM on all interfaces. The configuration procedures on other switches are similar to that on SwitchC. The details are omitted here.
Page 448 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration 8.7 Troubleshooting MSDP Configuration 8.7.1 MSDP Peer Always in the Down State I. Symptom An MSDP peer is configured, but it is always in the down state.
Page 449 Operation Manual – Multicast H3C S3600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration III. Solution Check the connectivity of the route between the routers. Use the display ip routing-table command to check that the unicast route between the routers is correct.
Page 450 1.1.3 Encapsulation of EAPoL Messages ................ 1-3 1.1.4 802.1x Authentication Procedure ................1-6 1.1.5 Timers Used in 802.1x .................... 1-9 1.1.6 802.1x Implementation on an S3600 Series Switch ..........1-10 1.2 802.1x Configuration......................1-12 1.3 Basic 802.1x Configuration....................1-13 1.3.1 Prerequisites ......................1-13 1.3.2 Configuring Basic 802.1x Functions..............
Page 451 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Chapter 1 802.1x Configuration 1.1 Introduction to 802.1x The 802.1x protocol (802.1x for short) was developed by IEEE802 LAN/WAN committee to address security issues of wireless LANs. It was then used in Ethernet as a common access control mechanism for LAN ports to address mainly authentication and security problems.
Page 452 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration The authenticator system is an entity residing at one end of a LAN segment. It authenticates the supplicant systems connecting to the other end of the LAN segment.
Page 453 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration By default, a controlled port is a unidirectional port. IV. The way a port is controlled A port of a H3Cseries switch can be controlled in the following two ways.
Page 454 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration through LANs, EAP protocol packets are encapsulated in EAPoL format. The following figure illustrates the structure of an EAPoL packet. PAE Ethernet type PAE Ethernet type...
Page 455 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration In an EAP packet: The Code field indicates the EAP packet type, which can be Request, Response, Success, or Failure. The Identifier field is used to match a Response packets with the corresponding Request packet.
Page 456 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Message-authenticator field. Otherwise, the packet is regarded as invalid and is discarded. type=80 type=80 length=18 length=18 Figure 1-7 The format of an Message-authenticator fiel 1.1.4 802.1x Authentication Procedure A H3C3600 series Ethernet switch can authenticate supplicant systems in EAP terminating mode or EAP relay mode.
Page 457 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration EAPoR EAPoR EAPoR EAPoR EAPoR EAPoR EAPoR EAPoL EAPoL EAPoL EAPoL EAPoL EAPoL EAPoL Supplicant Supplicant RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server...
Page 458 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Upon receiving the key (encapsulated in an EAP-request/MD5 challenge packet) from the switch, the client program encrypts the password of the supplicant system with the key and sends the encrypted password (contained in an EAP-response/MD5 challenge packet) to the RADIUS server through the switch.
Page 459 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration EAPOL EAPOL EAPOL RADIUS RADIUS RADIUS RADIUS ser ver RADIUS ser ver RADIUS ser ver Supplicant Supplicant Supplicant Switc h Switc h Switc h syst em...
Page 460 1.1.6 802.1x Implementation on an S3600 Series Switch In addition to the earlier mentioned 802.1x features, an S3600 series switch is also capable of the following: Checking supplicant systems for proxies, multiple network adapters, and so on (This function needs the cooperation of a CAMS server.)
Page 461 Note: The client-checking function needs the support of H3C’s 802.1x client program. To implement the proxy detecting function, you need to enable the function on both the 802.1x client program and the CAMS server in addition to enabling the client version detecting function on the switch by using the dot1x version-check command.
Page 462 H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Note: The 802.1x client version-checking function needs the support of H3C’s 802.1x client program. III. The Guest VLAN function The Guest VLAN function enables supplicant systems that that are not authenticated to access network resources in a restrained way.
Page 463 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration If you specify to adopt the RADIUS scheme, the supplicant systems are authenticated by a remote RADIUS server. In this case, you need to configure user names and passwords on the RADIUS server and perform RADIUS client-related configuration on the switches.
Page 464 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Operation Command Description Optional dot1x port-control port access authorized-force By default, an 802.1x-enabled control mode for unauthorized-force | auto } port operates in the auto specified ports [ interface interface-list ] mode.
Page 465 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration 1.4 Timer and Maximum User Number Configuration Table 1-2 Configure 802.1x timers and the maximum number of users Operation Command Description Enter system view — system-view...
Page 466 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Note: As for the dot1x max-user command, if you execute it in system view without specifying the interface-list argument, the command applies to all ports. You can also use this command in port view.
Page 467 { logoff | trap } Note: The proxy checking function needs the cooperation of H3C's 802.1x client program. The configuration listed in Table 1-3 takes effect only when it is performed on CAMS as well as on the switch. In addition, the client version checking function needs to be enabled on the switch too (by using the dot1x version-check command).
Page 468 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Note: As for the dot1x version-user command, if you execute it in system view without specifying the interface-list argument, the command applies to all ports. You can also execute this command in port view.
Page 469 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Caution: The Guest VLAN function is available only when the switch operates in the port-based authentication mode. Only one Guest VLAN can be configured for each switch.
Page 470 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration primary accounting server. The password for the switch and the authentication RADIUS servers to exchange message is “name”. And the password for the switch and the accounting RADIUS servers to exchange message is “money”. The...
Page 471 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration # Set the access control method to be MAC-address-based (This operation can be omitted, as MAC-address-based is the default). [H3C] dot1x port-method macbased interface Ethernet 1/0/1 # Create a RADIUS scheme named “radius1”...
Page 472 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration [H3C-isp-aabbcc.net] idle-cut enable 20 2000 [H3C-isp-aabbcc.net] quit # Set the default user domain to be “aabbcc.net”. [H3C] domain default enable aabbcc.net # Create a local access user account.
Page 473 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 HABP Configuration Chapter 2 HABP Configuration 2.1 Introduction to HABP With 802.1x enabled, a switch authenticates and then authorizes 802.1x-enabled ports. Packets can be forwarded only by authorized ports. For ports connected to the switch and are not authenticated and authorized by 802.1x, their received packets will be...
Page 474 Operation Manual – 802.1x H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 HABP Configuration Operation Command Description Optional Configure interval send The default interval for an HABP server habp timer interval HABP request to send HABP request packets is 20 packets.
Page 475 Operation Manual – AAA-RADIUS-HWTACACS-EAD H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 AAA & RADIUS & HWTACACS Configuration ............1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to AAA ....................1-1 1.1.2 Introduction to ISP Domain ..................1-2 1.1.3 Introduction to RADIUS...................
Page 476 Operation Manual – AAA-RADIUS-HWTACACS-EAD H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents 1.7.1 Remote RADIUS Authentication of Telnet/SSH Users ......... 1-42 1.7.2 Local Authentication of FTP/Telnet Users ............1-44 1.7.3 HWTACACS Authentication and Authorization of Telnet Users ......1-45 1.8 Troubleshooting AAA &...
Page 477 Remote authentication: Users are authenticated remotely through RADIUS or HWTACACS protocol. This device (for example, a H3C series switch) acts as the client to communicate with the RADIUS or TACACS server. For RADIUS protocol, you can use extended RADIUS protocol as well as standard RADIUS protocol.
Page 478 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration combined together, and authorization cannot be performed alone without authentication. HWTACACS authorization: Users are authorized by a TACACS server. III. Accounting AAA supports the following accounting methods: None accounting: No accounting is performed for users.
Page 479 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Server: RADIUS Server runs on a computer or workstation at the center. It stores and maintains user authentication information and network service access information.
Page 480 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS Server server Server server Server server...
Page 481 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Identifier Identifier Length Length Code Code Authenticator Authenticator Attributes Attributes Figure 1-3 RADIUS message format The Code field (one byte) decides the type of RADIUS message, as shown in Table 1-1.
Page 482 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration The Identifier field (one byte) is used to match requests and responses. It changes whenever the content of the Attributes field change, and whenever a valid response has been received for a previous request, but remains unchanged for message retransmission.
Page 483 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Type field Type field Attribute type Attribute type value value Login-Service Framed-AppleTalk-Link Login-TCP-Port Framed-AppleTalk-Network (unassigned) Framed-AppleTalk-Zone Reply-Message 40-59 (reserved for accounting) Callback-Number...
Page 484 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Table 1-3 Differences between HWTACACS and RADIUS HWTACACS RADIUS Adopts TCP, providing more reliable Adopts UDP. network transmission. Encrypts the entire message except the Encrypts only the password field in HWTACACS header.
Page 485 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration HWTACACS HWTACACS HWTACACS HWTACACS HWTACACS HWTACACS HWTACACS HWTACACS User User User User Client Client Server Server Client Client Server Server Requests to log in...
Page 486 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration The TACACS server returns an authorization response, indicating that the user has passed the authorization. After receiving the response indicating an authorization success, the TACACS client pushes the configuration interface of the switch to the user.
Page 487 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration 1.2 Configuration Task Table 1-4 Configuration tasks Configuration task Description Related section Creating Section 1.3.2 “Creating Required domain an ISP Domain” Section 1.3.3...
Page 488 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Configuration task Description Related section Creating a RADIUS Section 1.4.1 “Creating a Required scheme RADIUS Scheme” Section 1.4.2 Configuring RADIUS “Configuring RADIUS...
Page 489 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Configuration task Description Related section Creating Section 1.5.1 “Creating a Required HWTACAS scheme HWTACAS Scheme” Configuring Section 1.5.2 HWTACACS Required “Configuring HWTACACS authentication Authentication Servers”...
Page 490 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration 1.3.2 Creating an ISP Domain Table 1-5 Create an ISP domain Operation Command Description Enter system view system-view — Required Create an ISP domain...
Page 491 Caution: On an S3600 series switch, each access user belongs to an ISP domain. You can configure up to 16 ISP domains on the switch. When a user logs in, if no ISP domain name is carried in the user name, the switch assumes that the user belongs to the default ISP domain.
Page 492 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration I. Configuring a combined AAA scheme You can use the scheme command to specify an AAA scheme for an ISP domain. If...
Page 493 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Caution: You can execute the scheme radius-scheme radius-scheme-name command to adopt an already configured RADIUS scheme to implement all the three AAA functions.
Page 494 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Table 1-8 Configure separate AAA schemes Operation Command Description Enter system view system-view — Create an ISP domain and enter its view, or enter...
Page 495 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Currently, the switch supports the following two types of assigned VLAN IDs: integer and string. Integer: If the RADIUS authentication server assigns integer type of VLAN IDs, you can set the VLAN assignment mode to integer on the switch (this is also the default mode on the switch).
Page 496 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Caution: In string mode, if the VLAN ID assigned by the RADIUS server is a character string containing only digits (for example, 1024), the switch first regards it as an integer VLAN ID: the switch transforms the string to an integer value and judges if the value is in the valid VLAN ID range;...
Page 497 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Required service-type Authorize the user to By default, the system lan-access | { telnet | access specified type(s) does not authorize the...
Page 498 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration 1.3.7 Cutting Down User Connections Forcibly Table 1-11 Cut down user connections forcibly Operation Command Description Enter system view system-view — cut connection { all | access-type { dot1x...
Page 499 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Note: Actually, the RADIUS protocol configuration only defines the parameters for information exchange between switch and RADIUS server. To make these parameters take effect, you must reference the RADIUS scheme configured with these parameters in an ISP domain view (refer to section 1.3 "AAA Configuration").
Page 500 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration 1.4.2 Configuring RADIUS Authentication/Authorization Servers Table 1-13 Configure RADIUS authentication/authorization servers Operation Command Description Enter system view system-view — Required By default, a RADIUS...
Page 501 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration 1.4.3 Configuring RADIUS Accounting Servers Table 1-14 Configure RADIUS accounting servers Operation Command Description Enter system view system-view — Required By default, a RADIUS...
Page 502 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Caution: In an actual network environment, you can specify one server as both the primary and secondary accounting servers, as well as specifying two RADIUS servers as the primary and secondary accounting servers respectively.
Page 503 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Set a shared key for RADIUS accounting Required key accounting string messages Caution: The authentication/authorization shared key and the accounting shared key you set on the switch must be respectively consistent with the shared key on the authentication/authorization server and the shared key on the accounting server.
Page 504 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration 1.4.6 Configuring to Support a Type of RADIUS Server Table 1-17 Configure to support a type of RADIUS server Operation Command Description...
Page 505 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description status state primary primary RADIUS authentication { block | authentication/authorizatio Optional active } n server By default, the primary...
Page 506 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description RADIUS scheme view Optional nas-ip ip-address By default, no source IP Set the source IP address address is set; and the IP...
Page 507 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Required By default, local RADIUS Configure local RADIUS local-server nas-ip authentication server is authentication server ip-address key password configured with an NAS IP address of 127.0.0.1.
Page 508 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration immediately restores the communication with the primary server instead of communicating with the secondary server, and at the same time restores the status of the primary server to active while keeping the status of the secondary server unchanged.
Page 509 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Note: This configuration takes effect on all RADIUS schemes. The switch considers a RADIUS server as being down if it has tried the configured maximum times to send a message to the RADIUS server but does not receive any response.
Page 510 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration If the switch does not receive any response from the CAMS after it has tried the configured maximum number of times to send the Accounting-On message, it will not send the Accounting-On message any more.
Page 511 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Table 1-24 Create a HWTACACS scheme Operation Command Description Enter system view system-view — Required Create HWTACACS hwtacacs scheme By default, no HWTACACS...
Page 512 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Caution: You are not allowed to configure the same IP address for both primary and secondary authentication servers. If you do this, the system will prompt that the configuration fails.
Page 513 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration 1.5.4 Configuring HWTACACS Accounting Servers Table 1-27 Configure HWTACACS accounting servers Operation Command Description Enter system view system-view — Required Create HWTACACS...
Page 514 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration The TACACS client and server adopt MD5 algorithm to encrypt HWTACACS messages before they are exchanged between the two parties. The two parties verify the validity...
Page 515 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description HWTACACS scheme Optional view By default, no source IP Set the source IP address nas-ip ip-address address is set; the IP...
Page 516 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Caution: To control the interval at which users are charge in real time, you can set the real-time accounting interval. After the setting, the switch periodically sends online users' accounting information to the TACACS server at the set interval.
Page 517 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Table 1-32 Display and maintain RADIUS protocol information Operation Command Description Display RADIUS message statistics about display local-server local RADIUS statistics authentication server...
Page 518 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description reset hwtacacs statistics Clear HWTACACS { accounting | authentication message statistics | authorization | all } reset stop-accounting-buffer You can execute the...
Page 519 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration II. Network diagram Authentication Server Authentication Server Authentication server Authentication Server Authentication Server Authentication Server Authentication server IP address: 10.110.91.164 IP address: 10.110.91.164 IP address: 10.110.91.164...
Page 520 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration A Telnet user logging into the switch by a name in the format of userid @cams belongs to the cams domain and will be authenticated according to the configuration of the cams domain.
Page 521 You only need to change the server IP address, the authentication password, and the UDP port number of the authentication server to 127.0.0.1, h3c, and 1645 respectively in the configuration step "Configure a RADIUS scheme" in section 1.7.1 , and configure local users (whether the names of local users carry domain names should be consistent with the configuration in the RADIUS scheme).
Page 522 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration III. Configuration procedure # Add a Telnet user. (Omitted here) # Configure a HWTACACS scheme. <H3C> system-view [H3C] hwtacacs scheme hwtac [H3C-hwtacacs-hwtac] primary authentication 10.110.91.164 49 [H3C-hwtacacs-hwtac] primary authorization 10.110.91.164 49...
Page 523 Operation Manual – AAA-RADIUS-HWTACACS-EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S3600 Series Ethernet Switches-Release 1510 Configuration The communication links (physical/link layer) between the switch and the RADIUS server is disconnected/blocked — Take measures to make the links connected/unblocked.
Page 524 Operation Manual – AAA-RADIUS-HWTACACS-EAD H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 EAD Configuration Chapter 2 EAD Configuration 2.1 Introduction to EAD Endpoint admission defense (EAD) is an attack defense solution. Using this solution, you can enhance the active defense capability of network endpoints, prevents viruses and worms from spreading on the network, and protects the entire network by limiting the access rights of insecure endpoints.
Page 525 Operation Manual – AAA-RADIUS-HWTACACS-EAD H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 EAD Configuration Authentication server Authentication server Authentication server Authentication server Virus patch server Virus/patch server Virus patch server Virus/patch server Virus patch server Virus patch server Virus patch server...
Page 526 In Figure 2-2: A user is connected to Ethernet1/0/1 on the switch. The user adopts 802.1x client supporting H3C extended function. You are required to configure the switch to use RADIUS server for remote user authentication and use security policy server for EAD control on users.
Page 527 (IP Address:10.110.91.166 ) (IP Address:10.110.91.166 ) Figure 2-2 EAD configuration III. Configuration procedure # Configure 802.1x on the switch. Refer to the 802.1x part in H3C S3600 Series Ethernet Switches Operation Manual for detailed description. # Configure a domain. <H3C> system-view...
Page 528 Operation Manual – VRRP H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 VRRP Configuration ....................1-1 1.1 VRRP Overview ......................... 1-1 1.1.1 Virtual Router Overview ..................1-2 1.1.2 Introduction to Backup Group ................. 1-4 1.1.3 Introduction to the Port Tracking Function ..............
Page 529 Operation Manual – VRRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Chapter 1 VRRP Configuration Note: The S3600-EI series switches support the VRRP feature, but not the S3600-SI series. 1.1 VRRP Overview Virtual router redundancy protocol (VRRP) is a fault-tolerant protocol.
Page 530 Operation Manual – VRRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Network Actual IP address10.100.10.2 Actu al IP address10.100.10.3 Master Backup Virtua l IP address10.100.10.1 Virtual IP address10.100.10.1 Ethernet 10.100.10.7 10.100.10.8 10.100.10.9 Host 1 Host 2 Host 3...
Page 531 Operation Manual – VRRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration A backup group is established if it is assigned an IP address for the first time. If you then add other IP addresses to the backup group, the IP addresses are added to the virtual router IP address list of the backup group.
Page 532 Operation Manual – VRRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration 1.1.2 Introduction to Backup Group I. Configurations available on switches in a backup group VRRP can group switches in a LAN into a virtual router, which is also known as a backup group.
Page 533 Operation Manual – VRRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration unless they operate in preemptive mode. The switch operating in preemptive mode will become the master switch when it finds its priority is higher than that of the current master switch, and the former master switch becomes a backup switch accordingly.
Page 534 Operation Manual – VRRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration You can adjust the frequency in which a master sends VRRP packets by setting the corresponding VRRP timers (that adver-interval argument). master-down-interval argument is usually three times of the adver-interval argument.
Page 535 Operation Manual – VRRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Restore the priority of a backup group when the result of the detecting group is reachable. Refer to Auto Detect Operation Manual for information about auto detect.
Page 536 Operation Manual – VRRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Operation Command Description Quit to system view quit — Enter VLAN interface vlan-interface — interface view vlan-id Configure a virtual vrrp vrid virtual-router-id Optional router IP address virtual-ip virtual-address 1.2.3 Configuring Backup Group-Related Parameters...
Page 537 Operation Manual – VRRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration 1.2.4 Configuring the Port Tracking Function Table 1-5 Configure the VRRP backup group port tracking function Operation Command Description Enter system view system-view — Create a VLAN...
Page 538 Operation Manual – VRRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Operation Command Description Enable the auto vrrp vrid virtual-router-id track detect function for detect-group group-number [ reduced Required VRRP value-reduced ] Note: A detecting group can be used to detect up to eight Layer 3 interfaces.
Page 539 Operation Manual – VRRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Table 1-8 Network description Switch Ethernet port IP address of priority in the Preemptive Switch connecting to the VLAN mode backup Host A interface group LSW-A Ethernet 1/0/6 202.38.160.1/24...
Page 540 Operation Manual – VRRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration # Create a backup group. [LSW-A] interface vlan 2 [LSW-A-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # Set the priority for the backup group. [LSW-A-Vlan-interface2] vrrp vrid 1 priority 110 # Configure the preemptive mode for the backup group.
Page 541 Operation Manual – VRRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Internet does not function properly. This can be implemented by enabling the VLAN interface tracking function. The VRRP backup group ID is set to 1, with configurations of authorization key and timer.
Page 542 Operation Manual – VRRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration # Set the priority for the backup group. [LSW-A-Vlan-interface2] vrrp vrid 1 priority 110 # Set the authentication type for the backup group to md5, and the password to abc123.
Page 543 Operation Manual – VRRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration 1.4.3 Multiple-VRRP Backup Group Configuration I. Network requirements A switch can function as backup switches of multiple backup groups. Multiple-backup group configuration can implement load balancing. For example, Switch A operates as the master switch of backup group 1 and a backup switch in backup group 2.
Page 544 Operation Manual – VRRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration # Create backup group 1. [LSW-A-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # Set the priority for backup group 1. [LSW-A-Vlan-interface2] vrrp vrid 1 priority 150 # Create backup group 2.
Page 545 [H3C-vlan2] quit # Enter Ethernet1/0/1 port view and enable the port tracking function. [H3C] interface Ethernet1/0/1 [H3C-Ethernet1/0/1] vrrp vlan-interface 2 vrid 1 track reduced 50 1.4.5 VRRP Auto Detect Configuration Example I. Network requirements Switch B and switch D form VRRP backup group 1, whose virtual IP address is 192.168.1.10.
Page 546 # Set the backup group priority of switch B to 110, and specify to decrease the priority by 20 when the result of detecting group 9 is unreachable. [H3C B-Vlan-interface1] vrrp vrid 1 priority 110 [H3C B-Vlan-interface1] vrrp vrid 1 track detect-group 9 reduced 20 Configure Switch D. # Assign an IP address to VLAN-interface1.
Page 547 Operation Manual – VRRP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration [H3C D] interface vlan-interface 1 [H3C D-Vlan-interface1] ip address 192.168.1.3 24 # Crate a backup group on VLAN-interface1 and assign a virtual IP address to the backup group.
Page 548 Operation Manual – Centralized MAC Address Authentication H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Centralized MAC Address Authentication Configuration........1-1 1.1 Centralized MAC Address Authentication Overview ............1-1 1.2 Centralized MAC Address Authentication Configuration ........... 1-2 1.2.1 Enabling Centralized MAC Address Authentication Globally........
Page 549 In this case, every user corresponds to a specific user name and password configured on the switch. As for S3600 series Ethernet switches, authentication can be performed locally or on a RADIUS server. When a RADIUS server is used for authentication, the switch serves as a RADIUS client.
Page 550 Operation Manual – Centralized MAC Address Authentication Chapter 1 Centralized MAC Address H3C S3600 Series Ethernet Switches-Release 1510 Authentication Configuration form. The input format should be the same as the configured format, or else, the authentication will fail. For fixed mode, configure the local user names and passwords as those for fixed mode.
Page 551 Operation Manual – Centralized MAC Address Authentication Chapter 1 Centralized MAC Address H3C S3600 Series Ethernet Switches-Release 1510 Authentication Configuration Table 1-2 Enable centralized MAC address authentication for a port in system view Operation Command Description Enter system view system-view —...
Page 552 Operation Manual – Centralized MAC Address Authentication Chapter 1 Centralized MAC Address H3C S3600 Series Ethernet Switches-Release 1510 Authentication Configuration Operation Command Description Required for fixed mode mac-authentication Set a user name for fixed By default, the user name authusername...
Page 553 Operation Manual – Centralized MAC Address Authentication Chapter 1 Centralized MAC Address H3C S3600 Series Ethernet Switches-Release 1510 Authentication Configuration Table 1-6 Configure the timers used in centralized MAC address authentication Operation Command Description Enter system view system-view — Optional...
Page 554 Operation Manual – Centralized MAC Address Authentication Chapter 1 Centralized MAC Address H3C S3600 Series Ethernet Switches-Release 1510 Authentication Configuration 1.4 Centralized MAC Address Authentication Configuration Example Note: Centralized MAC address authentication configuration is similar to that of 802.1x. In...
Page 555 Operation Manual – ARP H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 ARP Configuration....................... 1-1 1.1 Introduction to ARP......................1-1 1.1.1 Necessity of the Address Resolution ..............1-1 1.1.2 ARP Packet Structure ..................... 1-1 1.1.3 ARP Table .......................
Page 556 Operation Manual – ARP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration Chapter 1 ARP Configuration 1.1 Introduction to ARP Address resolution protocol (ARP) is used to map IP addresses to the corresponding MAC addresses so that packets can be delivered to their destinations correctly.
Page 557 Operation Manual – ARP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration Table 1-1 Description on the fields of an ARP packet Field Description Identifies the type of the hardware interface. Hardware Type Refer to Table 1-2 for the information about the field values.
Page 558 Note that this manual only introduces the basic implementation of the mapping table. Different products of different manufactures may provide more information about the mapping table. S3600 series Ethernet switches provide the display arp command to display the information about ARP mapping entries. Figure 1-2 shows the structure of an ARP mapping table.
Page 559 Operation Manual – ARP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration for the switch to look up entries in the ARP mapping table. For details, refer to Figure 1-3. Suppose there are two hosts on the same network segment: Host A and Host B.
Page 560 Operation Manual – ARP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration Figure 1-3 ARP work flow Normally, a device automatically triggers the ARP calculation in the IP addressing process. 1.1.5 Introduction to Gratuitous ARP The following are the characteristics of gratuitous ARP packets:...
Page 561 ARP packet. A switch operates like this whenever it receives a gratuitous ARP packet. 1.2 ARP Configuration ARP entries in an S3600 series Ethernet switch can either be static entries or dynamic entries, as described in Table 1-4. Table 1-4 ARP entries...
Page 562 Operation Manual – ARP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration Caution: Static ARP mapping entries are valid as long as the Ethernet switch operates. But some operations, which make the ARP entries invalid, result in ARP entries being removed, such as changing/removing a VLAN interface, removing a VLAN, or removing a port from a VLAN.
Page 563 1.3 Gratuitous ARP Packet Configuration 1.3.1 Configuring Sending of Gratuitous ARP Packets Sending of gratuitous ARP packets is enabled as long as an S3600 series switch operates. And no command is needed for this function. 1.3.2 Configuring the Gratuitous ARP packet Learning Function Table 1-8 lists the operations to configure the gratuitous ARP packet learning function.
Page 564 Operation Manual – ARP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration Operation Command Description reset arp [ dynamic | Clear specific static interface Execute this command in mapping entries interface-type user view. interface-number ]...
Page 565 Operation Manual – ARP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Resilient ARP Configuration Chapter 2 Resilient ARP Configuration 2.1 Introduction to Resilient ARP In intelligent resilient framework (IRF) network application, normally you need to connect redundancy links between the fabric and other devices to support the resilient network.
Page 566 Operation Manual – ARP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Resilient ARP Configuration Table 2-1 Configure the Resilient ARP function Operation Command Description — Enter system view system-view Required Enable the Resilient ARP resilient-arp enable By default, the Resilient function ARP function is enabled.
Page 567 Operation Manual – ARP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 Resilient ARP Configuration II. Network diagram Switch Switch Switch Switch Unit 1 Unit 1 Unit 1 Unit 1 Unit3 Unit3 Unit3 Unit3 Unit 4 Unit 4 Unit 4...
Page 568 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 DHCP Overview......................1-1 1.1 Introduction to DHCP......................1-1 1.2 DHCP IP Address Assignment ..................1-1 1.2.1 IP Address Assignment Policy ................1-1 1.2.2 Obtaining IP Addresses Dynamically ..............
Page 569 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents 2.4.2 Configuring Private DHCP Server Detecting ............2-21 2.4.3 Configuring IP Address Detecting ................. 2-21 2.5 Option 82 Supporting Configuration ................2-22 2.5.1 Introduction to DHCP-Server Option 82..............2-22 2.5.2 Configuration Prerequisites...................
Page 570 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DHCP Overview Chapter 1 DHCP Overview 1.1 Introduction to DHCP With networks getting larger in size and more complicated in structure, lack of available IP addresses becomes the common situation the network administrators have to face, and network configuration becomes a tough task for the network administrators.
Page 571 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DHCP Overview Dynamic assignment. The DHCP server assigns IP addresses to DHCP clients for predetermined period of time. In this case, a DHCP client must apply for an IP address again at the expiration of the period.
Page 572 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DHCP Overview By default, a DHCP client updates its IP address lease automatically by unicasting a DHCP-REQUEST packet to the DHCP server when half of the lease time elapses. The DHCP server responds with a DHCP-ACK packet to notify the DHCP client of a new IP lease if the server can assign the same IP address to the client.
Page 573 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DHCP Overview flags: The first bit is the broadcast response flag bit. It is used to identify that the DHCP response packet is sent in the unicast or broadcast mode. Other bits are reserved.
Page 574 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DHCP Overview RFC1542: Clarifications and Extensions for the Bootstrap Protocol...
Page 575 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Chapter 2 DHCP Server Configuration Note: The contents of this chapter are only applicable to the S3600-EI series among S3600 series switches. 2.1 Introduction to DHCP Server 2.1.1 Usage of DHCP Server...
Page 576 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration directly forwarded by hardware instead of being delivered to the DHCP server, or being redirected to the master unit by UDP HELPER. This idles the DHCP server.
Page 577 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration holds belong to the network segment the interface resides in and are available to the interface only. II. The structure of an address pool The address pools of a DHCP server are hierarchically organized in a tree-like structure.
Page 578 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration If no IP address is available, the DHCP server queries lease-expired and conflicted IP addresses. If the DHCP server finds such IP addresses, it assigns them;...
Page 579 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Table 2-2 Enable DHCP Operation Command Description Enter system view system-view — Required Enable DHCP dhcp enable By default, DHCP is enabled Note: To improve security and avoid malicious attack to the unused SOCKETs, S3600 Ethernet switches provide the following functions: UDP 67 and UDP 68 ports used by DHCP are enabled only when DHCP is enabled.
Page 580 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Table 2-3 Configure the global address pool mode on interface(s) Operation Command Description Enter system view system-view — interface interface-type nterface-number Configure Configure the specified...
Page 581 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Table 2-4 Configure to assign IP addresses by static binding Operation Command Description Enter system view system-view — Required default, Create a DHCP address pool and...
Page 582 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Note: To improve security and avoid malicious attack to the unused SOCKETs, S3600 Ethernet switches provide the following functions: UDP 67 and UDP 68 ports used by DHCP are enabled only when DHCP is enabled.
Page 583 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Operation Command Description Return to system — quit view Optional Specify dhcp server forbidden-ip By default, all IP addresses in addresses that are low-ip-address a DHCP address pool are...
Page 584 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Operation Command Description Required Configure domain-name domain name for By default, no domain name is domain-name DHCP clients configured for DHCP clients. Required Configure server addresses dns-list ip-address&<1-8>...
Page 585 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Table 2-7 Configure DHCP server to assign WINS server addresses Operation Command Description Enter system view system-view — Create a DHCP Required address pool and...
Page 586 2.2.9 Configuring Connection Between a DHCP Global Address Pool and a BIMS Server Branch intelligent management system (BIMS) is a kind of network management software, provided by H3C Technologies Co., Ltd. With BIMS you can manage and monitor network devices that dynamically obtain IP addresses universally and effectively.
Page 587 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration 2.3 Interface Address Pool-based DHCP Server Configuration Caution: In the interface address pool mode, after the addresses in the interface address pool have been assigned, the DHCP server picks IP addresses from the global interface address pool containing the segment of the interface address pool and assigns them to the DHCP clients.
Page 588 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Configuration task Description Related section Configure to bind must address choose Configure tically least one of assign P clients 2.3.4 "Configuring the addresses options. Mode...
Page 589 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Table 2-13 Configure to assign the IP addresses of interface address pools to DHCP clients Operation Command Description Enter system view — system-view interface interface-type...
Page 590 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration DHCP-DISCOVER packets. The DHCP server finds the corresponding IP addresses based on the client IDs and assigns them to the DHCP clients. Table 2-14 Configure to assign IP addresses by static binding...
Page 591 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Table 2-15 Configure to assign IP addresses dynamically Operation Command Description Enter system view system-view — interface interface-type interface-number Configure dhcp server expired { day...
Page 592 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration On the DHCP server, you can configure domain names to be used by DHCP clients for address pools. After you do this, the DHCP server provides the domain names to the DHCP clients while the DHCP server assigns IP addresses to the DHCP clients.
Page 593 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration host name of the destination node. After receiving the broadcast packet, the destination node returns its IP address to the source node. P-node. Nodes of this type establish their mappings by communicating with WINS servers (The character p stands for peer-to-peer).
Page 594 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration 2.3.7 Customizing DHCP Service With the evolution of DHCP, new options are constantly coming into being. You can add the new options as the properties of DHCP servers by performing the following configuration.
Page 595 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration 2.4 DHCP Security Configuration DHCP security configuration is needed to ensure the security of DHCP service. 2.4.1 Prerequisites Before configuring DHCP security, you should first complete the DHCP server configuration (either global address pool-based or interface address pool-based DHCP server configuration).
Page 596 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration address to the DHCP client only when no response is received during the whole course, thus ensuring that an IP address is assigned to one DHCP client exclusively.
Page 597 Option 184 is an RFC reserved option, and the information it carries can be customized. H3C defines four proprietary sub-options for this option, enabling the DHCP server to put the information required by a DHCP client in the response packet to the client.
Page 598 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Sub-option Feature Function Note The alternate NCP server identified by sub-option option 184 acts as the backup of the AS-IP NCP server. The The AS-IP sub-option...
Page 599 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Note: For the configurations specifying to add sub-option 2, sub-option 3, and sub-option 4 in the response packets to take effect, you must configure the DHCP server to add sub-option 1.
Page 600 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration I. Configuring the option 184 supporting function in system view Table 2-24 Configure the option 184 supporting function in system view Operation Command Description Enter system view system-view —...
Page 601 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration II. Configuring the option 184 supporting function in interface view Table 2-25 Configure the option 184 supporting function in interface view Operation Command Description Enter system view system-view —...
Page 602 A 3COM VCX device operating as a DHCP client requests the DHCP server for all sub-options of option 184. A H3C series switch operates as the DHCP server. The option 184 supporting function is configured for a global DHCP address pool. The sub-options of option 184 are as follows: NCP-IP: 3.3.3.3...
Page 603 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration AS-IP: 2.2.2.2 Voice VLAN configuration: voice VLAN: enabled; voice VLAN ID: 3 Fail-over routing: IP address: 1.1.1.1; dialer string: 99* II. Network diagram DHCP client...
Page 604 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration [H3C-dhcp-pool-123] voice-config as-ip 2.2.2.2 [H3C-dhcp-pool-123] voice-config voice-vlan 3 enable [H3C-dhcp-pool-123] voice-config fail-over 1.1.1.1 99* 2.7 Displaying and Debugging a DHCP Server You can verify your DHCP-related configuration by executing the display command in any view.
Page 605 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Note: Executing the save command will not save the lease information on a DHCP server to the flash memory. Therefore, the configuration file contains no lease information after the DHCP server restarts or you clear the lease information by executing the reset dhcp server ip-in-use command.
Page 606 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Note: If you use the inheriting relation of parent and child address pools, make sure that the number of the assigned IP addresses does not exceed the number of the IP addresses in the child address pool;...
Page 607 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration # Configure the IP addresses that are not dynamically assigned. (That is, the IP addresses of the DNS server, WINS server, and gateways.) [H3C] dhcp server forbidden-ip 10.1.1.2 [H3C] dhcp server forbidden-ip 10.1.1.4...
Page 608 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration on the network, with the conflicting IP address as the destination and an enough timeout time. The IP address is manually configured on a host if you receive a response packet of the ping operation.
Page 609 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration Chapter 3 DHCP Relay Configuration 3.1 Introduction to DHCP Relay 3.1.1 Usage of DHCP Relay Since the packets are broadcasted in the process of obtaining IP addresses, DHCP is...
Page 610 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration After receiving the packet, the network device providing the DHCP relay function unicasts the packet to the designated DHCP server based on the configuration. The DHCP server assigns IP addresses and sends the configuration information...
Page 611 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration RFC2131 Dynamic Host Configuration Protocol RFC3046 DHCP Relay Agent Information Option IV. Mechanism of option 82 supporting on DHCP relay The procedure for a DHCP client to obtain an IP address from a DHCP server through a DHCP relay is similar to that for the client to obtain an IP address from a DHCP server directly.
Page 612 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration 3.2 DHCP Relay Configuration Note: If a switch belongs to a fabric, you need to enable the UDP-helper function on it before configure it to be a DHCP relay.
Page 613 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration To enhance reliability, you can set multiple DHCP servers on the same network. These DHCP servers form a DHCP server group. When the interface establishes mapping relationship with the DHCP server group, the interface forwards the DHCP packets to all servers in the server group.
Page 614 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration Note: You can configure up to eight external DHCP server IP addresses in a DHCP server group. You can map multiple VLAN interfaces to one DHCP server group. But one VLAN interface can be mapped to only one DHCP server group.
Page 615 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration Operation Command Description Required default, address checking function is disabled. Enable the address address-check enable (Only S3600-EI series checking function switches among S3600 series switches...
Page 616 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration III. Configuring the dynamic user address entry updating function When a DHCP client obtains an IP address from a DHCP server with the help of a...
Page 617 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration Table 3-7 Configure private DHCP server detection function Operation Command Description Enter system view system-view — Required Enable private DHCP By default, the private dhcp-server detect...
Page 618 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration Note: By default, with the option 82 supporting function enabled on the DHCP relay, the DHCP relay will adopt the replace strategy to process the request packets containing option 82.
Page 619 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration the DHCP clients can obtain IP addresses and related configuration information from the DHCP server. II. Network diagram DHCP client DHCP client DHCP client DHCP client...
Page 620 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration 3.5 Troubleshooting DHCP Relay I. Symptom A client fails to obtain configuration information through a DHCP relay. II. Analysis This problem may be caused by improper DHCP relay configuration. When a DHCP...
Page 621 DHCP servers. Trusted ports forward any received DHCP packets to ensure that DHCP clients can obtain IP addresses from valid DHCP servers. Figure 4-1 illustrates a typical network diagram for DHCP snooping application, where Switch A is an S3600 series Ethernet switch.
Page 622 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 DHCP Snooping Configuration DHCP client DHCP client DHCP client DHCP client DHCP client DHCP client Switch A (DHCP snooping) Switch A (DHCP snooping) Switch A (DHCP snooping) Switch B (DHCP relay)
Page 623 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 DHCP Snooping Configuration DHCP snooping listens the following two types of packets to retrieve the IP addresses the DHCP clients obtain from DHCP servers and the MAC addresses of the DHCP...
Page 624 4.4 Configuration Example I. Network requirements As shown in Figure 4-1, the Ethernet1/0/1 port of Switch A (an S3600 series switch) is connected to Switch B (acting as a DHCP relay). A network segment containing some DHCP clients is connected to the Ethernet1/0/2 port of Switch A.
Page 625 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 5 DHCP Accounting Configuration Chapter 5 DHCP Accounting Configuration 5.1 Introduction to DHCP Accounting DHCP accounting allows a DHCP server to notify the RADIUS server of the start/end of accounting when it assigns/releases a lease.
Page 626 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 5 DHCP Accounting Configuration 5.2.2 Configuring DHCP Accounting Table 5-1 Configure DHCP accounting Operation Command Description Enter system view system-view — Enter address pool dhcp server ip-pool Required view...
Page 627 Operation Manual – DHCP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 5 DHCP Accounting Configuration [H3C] vlan 2 [H3C-vlan2] quit # Create VLAN 3. [H3C] vlan 3 [H3C-vlan3] quit # Enter Ethernet1/0/2 port view and add the port to VLAN 2.
Page 628 Operation Manual – ACL H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 ACL Configuration....................... 1-1 1.1 ACL Overview ........................1-1 1.1.1 Ways to Apply ACL on a Switch................1-1 1.1.2 ACL Matching Order ....................1-2 1.1.3 Time Range-based ACL..................
Page 629 Operation Manual – ACL H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Chapter 1 ACL Configuration 1.1 ACL Overview An access control list (ACL) is mainly used for traffic classification. To filter data packets, a network device needs to be configured with a series of ACLs to identify the packets to be filtered.
Page 630 Operation Manual – ACL H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration auto, where the rules in an ACL are matched in the order determined by the system, namely the “depth-first” order. When applying ACLs in this way, you can specify the order in which the rules in the ACL are matched.
Page 631 Note: An absolute time range on an H3C S3600 switch can be within the range 1970/1/1 00:00 to 2100/12/31 24:00. 1.2.1 Configuration Procedure...
Page 632 08:00 to 18:00 working-day # Define an absolute time range from 15:00 1/28/2000 to 15:00 1/28/2004. <H3C> system-view [H3C] time-range test from 15:00 1/28/2000 to 15:00 1/28/2004 [H3C] display time-range test Current time is 13:30:32 4/16/2005 Saturday Time-range : test ( Inactive ) From 15:00 Jan/28/2000 to 15:00 Jan/28/2004 1.3 Basic ACL Configuration...
Page 633 Operation Manual – ACL H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration A basic ACL can be numbered from 2000 to 2999. 1.3.1 Configuration Preparation To configure a time range-based basic ACL rule, you need to create the corresponding time range first.
Page 634 Operation Manual – ACL H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration 1.3.3 Configuration Example # Configure ACL 2000 to deny packets whose source IP addresses are 1.1.1.1. <H3C> system-view [H3C] acl number 2000 [H3C-acl-basic-2000] rule deny source 1.1.1.1 0...
Page 635 Operation Manual – ACL H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Operation Command Description Assign a description Optional rule rule-id comment text string to the ACL rule Assign a description description text Optional string to the ACL The rule-string argument of the rule command listed in Table 1-3 can be a combination of the argument/keywords described in Table 1-4.
Page 636 Operation Manual – ACL H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Arguments/Keywords Type Function Description precedence Packet precedence IP precedence argument ranges from 0 precedence priority to 7. Packet argument tos tos priority ranges from 0 to 15.
Page 637 Operation Manual – ACL H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Keyword DSCP value in decimal DSCP value in binary 011000 100000 101000 110000 111000 be (default) 000000 If you specify the precedence keyword, you can directly input a value ranging from 0 to 7 or input one of the keywords listed in Table 1-6 as the IP precedence.
Page 638 Operation Manual – ACL H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Table 1-8 TCP/UDP-specific ACL rule information Parameter Type Function Description Defines The value of operator can source-port source port be lt (less than), gt (greater Source port...
Page 639 Chapter 1 ACL Configuration Note: When advanced ACLs are applied to ports of the H3C S3600 series Ethernet switches, only the rules configured with the operator argument specified as eq are valid. If the protocol type is ICMP, you can also define the information listed in Table 1-10.
Page 640 # Configure ACL 3000 to permit the TCP packets sourced from the network 129.9.0.0 and destined for the network 202.38.160.0 and with the destination port number being <H3C> system-view [H3C] acl number 3000 [H3C-acl-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.0.255 destination-port eq 80 [H3C-acl-adv-3000] display acl 3000 Advanced ACL...
Page 641 Operation Manual – ACL H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration A Layer 2 ACL can be numbered from 4000 to 4999. 1.5.1 Configuration Preparation To configure a time range-based Layer 2 ACL rule, you need to create the corresponding time ranges first.
Page 642 ACL rule Note: An H3C S3600 Ethernet switch does not support the format-type argument for a layer 2 ACL. A rule with the lsap keyword specified can be applied to a port but does not take effect.
Page 643 Operation Manual – ACL H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Keyword CoS in decimal CoS in binary spare excellent-effort controlled-load video voice network-management When you define an ACL rule using the rule command with the rule-id argument...
Page 644 Operation Manual – ACL H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration A user-defined ACL can be numbered from 5000 to 5999. 1.6.1 Configuration Preparation To configure a time range-based user-defined ACL rule, you need to define the corresponding time ranges first.
Page 645 23:00 on each Saturday(The VLAN VPN function not enabled). <H3C> system-view [H3C] time-range t1 18:00 to 23:00 sat [H3C] acl number 5001 [H3C-acl-user-5001] rule 25 deny 06 ff 27 time-range t1 [H3C-acl-user-5001] display acl 5001 User defined ACL 5001, 1 rules...
Page 646 Operation Manual – ACL H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Operation Command Description Apply an ACL on packet-filter { inbound | outbound } Required the port acl-rule You can apply ACLs on a port in different ways, as listed in Table 1-17.
Page 647 Operation Manual – ACL H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Table 1-18 Display ACL configuration Operation Command Description Display a configured display acl { all | acl-number } ACL or all the ACLs These commands Display a time range...
Page 648 [H3C] acl number 2000 # Define an access rule to deny packets with their source IP addresses being 10.1.1.1, applying the time range to the ACL. [H3C-acl-basic-2000] rule 1 deny source 10.1.1.1 0 time-range test [H3C-acl-basic-2000] quit Apply the ACL on the port # Apply ACL 2000 on the port.
Page 649 # Create ACL 3000 or enter ACL 3000 view. [H3C] acl number 3000 # Define an ACL rule for requests destined for the wage server. [H3C-acl-adv-3000] rule 1 deny ip destination 192.168.1.2 255.255.255.0 time-range test [H3C-acl-adv-3000] quit Apply the ACL on the port.
Page 650 Operation Manual – ACL H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Define an ACL rule for packets with the source MAC address of 000f-e20f-0101 and destination MAC address of 000f-e20f-0303. # Create ACL 4000 or enter ACL 4000 view.
Page 651 # Create ACL 5000 or enter ACL 5000 view. [H3C] acl number 5000 # Define a rule for TCP packets(The VLAN VPN function not enabled). [H3C-acl-user-5000] rule 1 deny 06 ff 27 time-range aaa Apply the ACL on Ethernet1/0/1. # Apply the ACL 5000 on Ethernet1/0/1.
Page 652 1.1.10 Redirect ......................... 1-8 1.1.11 Queue Scheduling....................1-8 1.1.12 Traffic-based Traffic Statistics................1-11 1.2 QoS Supported by S3600 Series..................1-11 1.3 Configuring the Mapping between 802.1p Priority and Queues........1-12 1.4 Setting to Use the Port Priority or Packet Priority............1-13 1.5 Configuring Priority Remark.....................
Page 653 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents 1.10.1 Configuration Prerequisites................. 1-22 1.10.2 Configuration Procedure ..................1-22 1.10.3 Configuration Example..................1-23 1.11 Configuring Congestion Avoidance ................1-24 1.11.1 Configuration Prerequisites................. 1-24 1.11.2 Configuration Procedure ..................1-24 1.11.3 Configuration Example..................
Page 654 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Chapter 1 QoS Configuration 1.1 Overview QoS (Quality of Service) is a concept generally existing in occasions with service supply and demand. It evaluates the ability to meet the need of the customers in service.
Page 655 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration 1.1.3 Precedence IP precedence, ToS precedence, and DSCP precedence Figure 1-1 DS field and TOS byte The TOS field in an IP header contains eight bits: The first three bits indicate IP precedence in the range of 0 to 7.
Page 656 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration services with low delay, low packet loss ratio, low jitter, and assured bandwidth (such as virtual leased line); Assured forwarding (AF) class: This class is further divided into four subclasses (AF1/2/3/4) and a subclass is further divided into three drop priorities, so the AF service level can be segmented.
Page 657 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration 802.1p priority 802.1p priority lies in Layer 2 packet headers and is applicable to occasions where the Layer 3 packet header does not need analysis but QoS must be assured at Layer 2.
Page 658 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration The precedence is called 802.1p priority because the related applications of this precedence are defined in detail in the 802.1p specifications. 1.1.4 Priority of Protocol Packets Protocol packets carry their own priority.
Page 659 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration I. Traffic evaluation and the token bucket The token bucket can be considered as a container with a certain capacity to hold tokens. The system puts tokens into the bucket at the set rate. When the token bucket is full, the extra tokens will overflow and the number of tokens in the bucket stops increasing.
Page 660 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Peak information rate (PIR) Excess burst size (EBS) Two token buckets are used in this evaluation. Their rates of putting tokens into the buckets are CIR and PIR respectively, and their sizes are CBS and EBS respectively (the two buckets are called C bucket and E bucket respectively for short), representing different permitted burst levels.
Page 661 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Dynamic aggregation supported by queue scheduling modes on ports If the queue scheduling configuration information of some LACP-enabled ports in up state is the same, these ports can be aggregated into the same aggregation group.
Page 662 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration SP queueing high priority high priority high priority high priority high priority queue 7 queue 7 queue 7 queue 7 queue 7 queue 7 queue 7...
Page 663 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration WFQ queueing queue1 wei ght1 queue1 wei ght1 queue1 wei ght1 queue1 wei ght1 queue1 wei ght1 queue1 wei ght1 queue1 wei ght1 queue1 wei ght1...
Page 664 ACL rules. You can get the statistics of the packets you are interested in through this function. 1.2 QoS Supported by S3600 Series Table 1-4 QoS functions supported by S3600 series and related commands Specification Related command...
Page 665 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Specification Related command priority priority-level Port priority Supported priority trust — traffic-limit Priority remark — traffic-priority Redirect — traffic-redirect Support SP, WFQ, and WRR Queue...
Page 666 3, 2 to 4, 3 to 1, 4 to 7, 5 to 0, 6 to 5, and 7 to 6. Display the configuration results. Configuration procedure: <H3C> system-view System View: return to User View with Ctrl+Z. [H3C] qos cos-local-precedence-map 2 3 4 1 7 0 5 6 [H3C] dis qos cos-local-precedence-map cos-local-precedence-map: cos(802.1p) : -------------------------------------------------------------------------- local precedence(queue) : 1.4 Setting to Use the Port Priority or Packet Priority...
Page 667 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Operation Command Description Optional Set the port priority priority priority-level default, port priority is 0 Table 1-7 Set to use the packet priority Operation Command...
Page 668 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration 1.5.1 Configuration Prerequisites ACL rules used for traffic identifying are defined. Refer to the ACL module in the manual for defining ACL rules The type and value of the precedence that the packets matching ACL rules are...
Page 669 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration ACL combination Form of the acl-rule argument Apply a rule in a user-defined ACL user-group acl-number rule rule-id separately Apply a rule in an IP ACL and a rule in...
Page 670 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Operation Command Description Required protocol-priority You can modify the IP precedence protocol-type or DSCP precedence of protocol-type precedence of the protocol packet ip-precedence protocol packet...
Page 671 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration 1.7.2 Configuration Procedure Table 1-11 Configure port rate limit Operation Command Description Enter system system-view — view Enter Ethernet interface interface-type — port view interface-number...
Page 672 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration The ports that need this configuration are specified 1.8.2 Configuration Procedure of TP Table 1-12 Configure TP Operation Command Description Enter system view system-view —...
Page 673 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration 1.8.3 Configuration Example Ethernet1/0/1 of the switch is connected to the 10.1.1.1/24 network segment Perform TP on the packets from the 10.1.1.1/24 network segment and the rate of...
Page 674 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Operation Command Description Display the parameter display qos-interface configurations { interface-type interface-number Optional redirect | unit-id } traffic-redirect You can execute the display command in...
Page 675 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration 1.10.1 Configuration Prerequisites The queue-scheduling algorithm is specified: which queues adopt the WRR queue-scheduling algorithm, which queues adopt the WFQ queue-scheduling algorithm, and which queues adopt the SP queue-scheduling algorithm.
Page 676 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Operation Command Description Required queue-scheduler queue0-width queue1-width In WRR or WFQ mode, if queue2-width queue3-width weight value queue4-width queue5-width minimum bandwidth of one or more queues is set to 0,...
Page 677 H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration System View: return to User View with Ctrl+Z. [H3C] queue-scheduler wrr 2 2 3 3 4 4 5 5 [H3C]display queue-scheduler Queue scheduling mode: weighted round robin weight of queue 0: 2...
Page 678 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Operation Command Description Required Configure WRED wred queue-index The WRED function is disabled parameters qstart probability by default 1.11.3 Configuration Example Configure WRED parameters for queue 2 on Ethernet 1/0/1. Packets are dropped at random when the queue length is more than 64 packets, and the drop probability is 20%.
Page 679 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Operation Command Description display qos-interface Display traffic Optional { interface-type interface-number | statistics. unit-id } traffic-statistic You can execute display display qos-interface command in any...
Page 680 <H3C> system-view [H3C] acl number 3000 # Define ACL 3000 rules. [H3C-acl-adv-3000] rule 1 permit ip source 129.110.1.2 0.0.0.0 destination any [H3C-acl-adv-3000] quit Limit the outbound traffic of the salary query server # Limit the average rate of outbound traffic to be within 640 Kbps and set the precedence of packets exceeding the specification to 4.
Page 681 Define the traffic rules of PC packets # Enter number-identification-based basic ACL view identified. [H3C] acl number 2000 [H3C-acl-basic-2000] rule 0 permit source 1.0.0.1 0 time-range test [H3C-acl-basic-2000] quit Remark ef precedence on the packets that PC1 sends [H3C-Ethernet1/0/1] traffic-priority inbound ip-group 2000 dscp ef...
Page 682 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 QoS Profile Configuration Chapter 2 QoS Profile Configuration 2.1 Introduction to QoS Profile The switch can dynamically provide pre-defined QoS functions for one or one group of authenticated user(s) through the combination of QoS profile function and 802.1x...
Page 683 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 QoS Profile Configuration The following table describes the QoS profile configurations: Table 2-1 Configure QoS profile Device Configuration Configuration link Configure user authentication — information Configure matching...
Page 684 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 QoS Profile Configuration Operation Command Description traffic-priority { inbound | outbound } acl-rule { { dscp priority dscp-value | ip-precedence Optional remark actions { pre-value | from-cos } } | cos...
Page 685 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 QoS Profile Configuration QoS profile is “example” and the actions of the QoS profile is to limit the bandwidth of the traffic matching ACL rules to 128 k and remark the DSCP precedence to 46.
Page 686 [H3C-acl-adv-3000] quit # Define the QoS profile function [H3C] qos-profile example [H3C-qos-profile-example] traffic-limit inbound ip-group 3000 128 exceed drop [H3C-qos-profile-example] traffic-priority inbound ip-group 3000 dscp 46 2.4 Applying the QoS Profile to the Port Manually After this configuration, all the traffic actions in the QoS profile will be applied to the current port.
Page 687 Operation Manual – QoS-QoS Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 QoS Profile Configuration 2.5 Displaying QoS Profile After finishing the configurations mentioned above, you can execute the display command in any view to check the running state of the QoS profile. You can verify the configuration by checking the information on display.
Page 688 Operation Manual – Web Cache Redirection H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Web Cache Redirection Configuration..............1-1 1.1 Overview ..........................1-1 1.2 Web Cache Redirection Configuration ................1-2 1.2.1 Configuration Prerequisites..................1-2 1.2.2 Configuration Procedure ..................
Page 689 Operation Manual – Web Cache Redirection Chapter 1 Web Cache Redirection H3C S3600 Series Ethernet Switches-Release 1510 Configuration Chapter 1 Web Cache Redirection Configuration Note: The S3600-SI series switches do not support Web cache redirection. 1.1 Overview Hypertext transfer protocol (HTTP) is one of the most widely used approaches to access the Internet.
Page 690 Operation Manual – Web Cache Redirection Chapter 1 Web Cache Redirection H3C S3600 Series Ethernet Switches-Release 1510 Configuration 1.2 Web Cache Redirection Configuration 1.2.1 Configuration Prerequisites The route between the switch and Web cache is reachable, and the Web cache function is enabled on the Web cache.
Page 691 Operation Manual – Web Cache Redirection Chapter 1 Web Cache Redirection H3C S3600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description webcache address Configure ip-address Required cache parameters mac-address vlan vlan-id [ tcpport tcpport-num ] Quit to system view quit —...
Page 692 Operation Manual – Web Cache Redirection Chapter 1 Web Cache Redirection H3C S3600 Series Ethernet Switches-Release 1510 Configuration 10.15.19.1/24. The IP address of the Web cache is 10.15.20.2, MAC address is 000f-e20f-0101, and the Web cache VLAN is VLAN40. Ethernet3/0/4 of the switch connects to the Web cache.
Page 693 Operation Manual – Web Cache Redirection Chapter 1 Web Cache Redirection H3C S3600 Series Ethernet Switches-Release 1510 Configuration [H3C] vlan 40 [H3C-vlan40] port Ethernet 1/0/4 [H3C-vlan40] quit [H3C] interface Vlan-interface 40 [H3C-Vlan-interface40] ip address 10.15.20.1 255.255.255.0 # Enable Web cache redirection function on the switch.
Page 694 Operation Manual – Mirroring H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Mirroring Configuration ....................1-1 1.1 Mirroring Overview......................1-1 1.1.1 Traffic Mirroring ....................... 1-1 1.1.2 Port Mirroring......................1-1 1.1.3 Remote Port Mirroring — RSPAN................1-1 1.2 Mirroring Functions Supported by S3600 ................
Page 695 Operation Manual – Mirroring H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Chapter 1 Mirroring Configuration 1.1 Mirroring Overview Mirroring refers to the process of copying packets that meet the specified rules to a destination port. Generally, a destination port is connected to a data detect device, which users can use to analyze the mirrored packets for monitoring and troubleshooting the network.
Page 696 Operation Manual – Mirroring H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Remote-probe VLAN Remote-probe VLAN Source Source Intermediate Switch Intermediate Switch Switch Switch Destination Destination Switch Switch Trunk port Trunk port Reflector port Reflector port Source Port...
Page 697 Operation Manual – Mirroring H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Switch Ports involved Function Trunk port Receives remote mirrored packets. Destination switch Destination port Monitors remote mirrored packets To implement remote port mirroring, you need to define a special VLAN, called remote-probe VLAN, on a switch.
Page 698 Operation Manual – Mirroring H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration 1.2 Mirroring Functions Supported by S3600 Table 1-2 Mirroring functions supported by S3600-EI and related commands Function Specifications Related command Link monitor-port Supports traffic Section 1.3.1...
Page 699 Operation Manual – Mirroring H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration The destination port is determined. The port to be configured with traffic mirroring function and the direction of the traffic flow to be mirrored are determined.
Page 700 Operation Manual – Mirroring H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Combination mode Form of acl-rule Apply all sub-rules in a Layer 2 ACL link-group acl-number separately Apply one sub-rule in a Layer 2 ACL link-group acl-number rule rule-id...
Page 701 Operation Manual – Mirroring H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration The mirroring group number is determined. II. Configuring port mirroring in Ethernet port view Table 1-6 Configure port mirroring in Ethernet port view (1) Operation Command...
Page 702 Operation Manual – Mirroring H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Operation Command Description Enter Ethernet port interface interface-type view of the determined — interface-number destination port Required Define the current port mirroring-group group-id LACP and STP must be...
Page 703 Operation Manual – Mirroring H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Note: Configurations listed in Table 1-6 do not involve specifying a mirroring group. Therefore these mirroring settings made in Ethernet port view applies to mirroring group 1 only.
Page 704 Operation Manual – Mirroring H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration 1.3.3 Configuring RSPAN I. Configuration prerequisites The source switch, intermediate switch, and the destination switch are determined. The source port, the reflector port, the destination port, and the remote-probe VLAN are determined.
Page 705 Operation Manual – Mirroring H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Operation Command Description Required The remote reflector port must be of the Access type. LACP and STP must be disabled on this port. After a port is configured...
Page 706 Operation Manual – Mirroring H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Operation Command Description Define the current VLAN as a remote-probe vlan Required remote-probe VLAN enable Exit the current view quit — Enter Ethernet port view of the...
Page 707 Operation Manual – Mirroring H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Operation Command Description Required This configuration is necessary Configure Trunk port to port trunk permit for ports through which the permit packets from the vlan destination...
Page 708 Operation Manual – Mirroring H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration The purpose is to use the data detect device to monitor and analyze the packets sent by PC1. To meet the above purpose by using the RSPAN function, perform the following configuration: Define VLAN10 as the remote-probe VLAN.
Page 709 Operation Manual – Mirroring H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration [H3C] mirroring-group 1 reflector-port GigabitEthernet 1/1/3 [H3C] mirroring-group 1 remote-probe vlan 10 [H3C] display mirroring-group remote-source mirroring-group 1: type: remote-source status: active mirroring port: GigabitEthernet1/1/2 outbound...
Page 710 Operation Manual – Mirroring H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration 1.3.4 Displaying Mirroring Parameter Settings After the above configuration, you can use the display command in any view to view the mirroring running information, so as to verify the configurations you made.
Page 711 Operation Manual – Mirroring H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Operation Command Description Exit the current view quit — Enter Ethernet port view of interface determined source interface-type — port interface-number Define the current port as...
Page 712 Operation Manual – IRF Fabric H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 IRF Fabric Configuration..................... 1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to IRF....................1-1 1.1.2 Introduction to RMON on IRF.................. 1-2 1.2 Peer Fabric Port Detection ....................1-2 1.2.1 Introduction to the Peer Fabric Port Detection Function .........
Page 713 Operation Manual – IRF Fabric H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration Chapter 1 IRF Fabric Configuration 1.1 Overview 1.1.1 Introduction to IRF Several IRF (intelligent resilient framework) supported switches of the same model can be interconnected to form a fabric, in which each switch is a unit. The ports used to interconnect all the units are called fabric ports, and the other ports that are used to connect the fabric to users are called user ports.
Page 714 Operation Manual – IRF Fabric H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration Note: The S3600-SI series switches only support basic IRF fabric feature, that is, DDM (distributed device management) function. The S3600-EI series switches support enhanced IRF fabric feature, including DDM, DRR (distributed resilient routing) and DLA (distributed link aggregation).
Page 715 Operation Manual – IRF Fabric H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration information is released in the form of discovery packet (DISC). A new device can join a fabric only when its DISC packets pass the authentication performed by the existing devices in the fabric.
Page 716 Operation Manual – IRF Fabric H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration IV. Connection error Analysis: The port matching errors (as listed in Table 1-1) may occur if a switch prompts the “connection error” message. Solution: Take the measures listed in Table 1-1 accordingly.
Page 717 Operation Manual – IRF Fabric H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration Solution: Make sure the software version of the new device is the same as that of the fabric. VIII. Auth failure Analysis: The “auth failure” message indicates error occurs when the switch authenticates a directly connected device.
Page 718 Operation Manual – IRF Fabric H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration 1.3.2 Specifying the VLAN Used to Form an IRF Fabric Table 1-3 Specify the VLAN used to form an IRF fabric Operation Command Description...
Page 719 Operation Manual – IRF Fabric H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration After an IRF fabric is established, you can use the following command to change the unit IDs of the switches in the IRF fabric.
Page 720 Optional 1.3.4 Specifying the Fabric Port of a Switch The fabric port of an S3600 series Ethernet switch has the following features: An S3600 series Ethernet switch has four GigabitEthernet ports that can be used as fabric ports. The four ports fall into two groups according to the port number.
Page 721 Operation Manual – IRF Fabric H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration Note: Establishing an IRF system requires a high consistency of the configuration of each device. Hence, before you enable the fabric port, do not perform any configuration for the port, and do not enable some functions that affect the IRF (such as TACACAS and VLAN-VPN) for other ports or globally.
Page 722 Operation Manual – IRF Fabric H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration 1.3.7 Setting the IRF Fabric Authentication Mode Only the switches with the same IRF fabric authentication mode can form an IRF fabric. Table 1-10 Set the IRF fabric authentication mode for a switch...
Page 723 Operation Manual – IRF Fabric H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration Operation Command Description Execute this command in Clear the FTM statistics reset ftm statistics user view 1.5 IRF Fabric Configuration Example 1.5.1 Network Requirements Configure unit ID, unit name, IRF fabric name, and authentication mode for four switches to enable them to form an IRF fabric.
Page 724 Operation Manual – IRF Fabric H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration # Configure the authentication mode as simple password and the password as welcome. [hello] irf-fabric authentication-mode simple welcome Configure Switch B. # Configure the unit ID as 2.
Page 725 Operation Manual – Cluster H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Cluster........................... 1-1 1.1 Cluster Overview........................ 1-1 1.1.1 Introduction to HGMP V2 ..................1-1 1.1.2 Introduction to NDP....................1-2 1.1.3 Introduction to NTDP....................1-3 1.1.4 Introduction to Cluster .....................
Page 726 Operation Manual – Cluster H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Chapter 1 Cluster 1.1 Cluster Overview 1.1.1 Introduction to HGMP V2 The cluster function is implemented through Huawei group management protocol version 2 (HGMP V2). With HGMP V2, a network administrator can manage multiple switches through the public IP address of a switch known as a management device.
Page 727 Operation Manual – Cluster H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster devices through the management device without the need to log onto them one by one. It provides the topology discovery and display function, which assists in monitoring and maintaining the network.
Page 728 Operation Manual – Cluster H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster An NDP-enabled device regularly broadcasts NDP packet through all its active ports. An NDP packet carries a holdtime field, which indicates how long the receiving devices will keep the NDP packet data. The receiving devices store the information carried in the NDP packet into the NDP table but do not forward the NDP packet.
Page 729 Operation Manual – Cluster H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster configuring, managing, and monitoring, can only be implemented through the management device. The management device of the cluster recognizes and controls all the member devices in the cluster, no matter where they are located in the network and how they are connected.
Page 730 Operation Manual – Cluster H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster 1.1.5 Switch Roles for a Cluster From the point of view of a cluster, switches may play different roles, which depend on their functionality and status. You can specify the role of a switch, or change the role of a switch following some specific rules.
Page 731 Note: After a cluster is set up on an S3600 series switch, the switch will collect the topology information of the network at the topology collection interval you set and automatically add the candidate devices it discovers into the cluster. As a result, if the topology collection interval is too short (the default interval is 1 minute), the switches acting as candidate devices will not keep in candidate state for a long time –...
Page 732 Note: To reduce the risk of being attacked by malicious users against opened socket and enhance switch security, the S3600 series Ethernet switches provide the following functions, so that a cluster socket is opened only when it is needed: Opening UDP port 40000 (used for cluster) only when the cluster function is implemented, Closing UDP port 40000 at the same time when the cluster function is closed.
Page 733 Operation Manual – Cluster H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster 1.2.2 Enabling NDP Globally and on Specific Ports Table 1-3 Enable NDP globally and on specific ports Operation Command Description Enter system view system-view — Required Enable NDP globally...
Page 734 Operation Manual – Cluster H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Operation Command Description Enable NTDP on Required ntdp enable the Ethernet port 1.2.5 Configuring NTDP-Related Parameters Table 1-6 Configure NTDP-related parameters Operation Command Description Enter system view system-view —...
Page 735 Operation Manual – Cluster H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster 1.2.7 Configuring Cluster Parameters I. Manually building a cluster and configuring cluster parameters Table 1-8 Manually build a cluster and configure cluster parameters Operation Command Description Enter system view system-view —...
Page 736 Operation Manual – Cluster H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Operation Command Description Configure ip-pool cluster IP address Required administrator-ip-address range { ip-mask | ip-mask-length } Required Start automatic auto-build [ recover ] Follow prompts to build a cluster building cluster.
Page 737 Operation Manual – Cluster H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster 1.2.9 Configuring NM Interface for the Cluster I. Configuration prerequisites The cluster switches are properly connected; The shared servers are properly connected to the management switch. II. Configuration procedure...
Page 738 Note: To reduce the risk of being attacked by malicious users against opened socket and enhance switch security, the S3600 series Ethernet switches provide the following functions, so that a cluster socket is opened only when it is needed: Opening UDP port 40000 (used for cluster) only when the cluster function is implemented, Closing UDP port 40000 at the same time when the cluster function is closed.
Page 739 Operation Manual – Cluster H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Operation Command Description ndp enable interface In system view port-list Required Enable Enter interface You can choose to NDP on Ethernet interface-type enable NDP on some specified...
Page 740 Operation Manual – Cluster H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Operation Command Description Download a file from the shared tftp cluster source-file Optional TFTP server of the cluster [ destination-file ] Upload a file to the shared TFTP...
Page 741 1.6.1 Basic Cluster Configuration Example I. Network requirements Three switches compose a cluster, where: An S3600 series switch serves as the management device. The rest are member devices. Serving as the management device, the S3600 switch manages the two member devices.
Page 742 Operation Manual – Cluster H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Ethernet1/0/1 belongs to VLAN 2, whose interface IP address is 163.172.55.1. All the devices in the cluster share the same FTP server and TFTP server. The FTP server and TFTP server use the same IP address: 63.172.55.1.
Page 743 Operation Manual – Cluster H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster [H3C] cluster enable Configure the management device # Enable NDP globally and on Ethernet1/0/2 and Ethernet1/0/3. <H3C> system-view [H3C] ndp enable [H3C] interface Ethernet 1/0/2 [H3C-Ethernet1/0/2] ndp enable...
Page 744 Operation Manual – Cluster H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster # Name and build the cluster. [H3C-cluster] build aaa [aaa_0.H3C-cluster] # Add the attached two switches to the cluster. [aaa_0.H3C-cluster] add-member 1 mac-address 00e0-fc01-0011 [aaa_0.H3C-cluster] add-member 17 mac-address 00e0-fc01-0012 # Set the holdtime of member device information to 100 seconds.
Page 745 Operation Manual – Cluster H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Note: After completing the above configuration, you can execute the cluster switch-to { member-number | mac-address H-H-H } command on the management device to switch to member device view to maintain and manage a member device. After that, you can execute the cluster switch-to administrator command to return to management device view.
Page 746 Operation Manual – Cluster H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster II. Network diagram VLAN 2 VLAN 2 S3600 S3600 (IP Address192.168.4.22 (IP Address192.168.4.22 Port e1/0/2) Port e1/0/2) VLAN 3 VLAN 3 Sever Sever (IP Address 192.168.5.30 (IP Address 192.168.5.30...
Page 747 Operation Manual – PoE-PoE Profile H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 PoE Configuration ....................... 1-1 1.1 PoE Overview ........................1-1 1.1.1 Introduction to PoE....................1-1 1.1.2 PoE Features Supported by S3600 ................ 1-1 1.2 PoE Configuration Tasks ....................
Page 748 Operation Manual – PoE-PoE Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration Chapter 1 PoE Configuration 1.1 PoE Overview 1.1.1 Introduction to PoE Power over Ethernet (PoE) uses 10Base-T, 100Base-TX, and 1000Base-T twisted pairs to supply power to the remote powered devices (PD) in the network and implement power supply and data transmission simultaneously.
Page 749 Operation Manual – PoE-PoE Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration As the PSE, it supports the IEEE802.3af standard. It can also supply power to some PDs that do not support the 802.3af standard. It can deliver data and current simultaneously through data wires (1, 3, 2, and 6) of category-3/5 twisted pairs.
Page 750 Operation Manual – PoE-PoE Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration 1.2 PoE Configuration Tasks Table 1-1 PoE configuration tasks Operation Description Related section Enable the PoE feature Section 1.3 “Enabling the PoE Required on a port Feature on a Port”...
Page 751 Operation Manual – PoE-PoE Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration Caution: By default, the PoE function on a port is enabled by the default configuration file when the device is delivered. If you delete the default configuration file without specifying another one, the PoE function on a port will be disabled after you restart the device..
Page 752 Operation Manual – PoE-PoE Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration connected to the port with the lowest priority and turn to supply power to this new PD. IF more than one port has the same lowest priority, the switch will power down the PD connected to the port with larger logical port number.
Page 753 Operation Manual – PoE-PoE Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration 1.7 Configuring the PD Compatibility Detection Feature After the PD compatibility detection feature is enabled, the switch can supply power to the detected PDs that do not conform to the 802.3af standard.
Page 754 Operation Manual – PoE-PoE Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration 1.9 Upgrading the PSE Processing Software Online The online upgrading of PSE processing software can update the processing software or repair the software if it is damaged. After downloading the PSE processing software to the Flash of the switch, you can perform the following configuration.
Page 755 Operation Manual – PoE-PoE Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration Table 1-9 Display PoE information Operation Command Description Display the PoE status of a display interface specific port or all ports of the interface-type switch...
Page 756 Operation Manual – PoE-PoE Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration III. Configuration procedure # Upgrade the PSE processing software online. <H3C> system-view [H3C] poe update refresh 0290_021.s19 # Enable the PoE feature on Ethernet 1/0/1, Ethernet 1/0/2, and Ethernet 1/0/24.
Page 757 2.1 Introduction to PoE Profile On a large-sized network or a network with mobile users, to help network administrators to monitor the PoE features of the switch, S3600 series Ethernet switches provide the PoE profile features. Features of PoE profile: Various PoE profiles can be created.
Page 758 PoE profile. When the apply poe-profile command is used to apply a PoE profile to a port, some PoE features can be applied successfully while some PoE configurations in it cannot. PoE profiles are applied to S3600 series Ethernet switches according to the following rules:...
Page 759 Operation Manual – PoE-PoE Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 PoE Profile Configuration Caution: PoE profile configuration is a global configuration, and applies synchronously in the intelligent resilient framework (IRF) system. Combination of Unit creates a new Fabric. In the newly created Fabric, the PoE profile configuration of the Unit with the smallest Unit ID number will become the PoE profile configuration for the Fabric currently in use.
Page 760 Operation Manual – PoE-PoE Profile H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 PoE Profile Configuration S2600-28P-PWR-EI S2600-28P-PWR-EI S3600 S2600-28P-PWR-EI S2600-28P-PWR-EI S3600 Network Network Network Network Network Network Network Network Network Network Network Network Network Network Network Network Network Network...
Page 761 [H3C] display poe-profile name Profile2 # Apply the configured Profile1 to Ethernet1/0/1 through Ethernet1/0/5 ports. [H3C] apply poe-profile Profile1 interface Ethernet1/0/1 to Ethernet1/0/5 # Apply the configured Profile2 to Ethernet1/0/6 through Ethernet1/0/10 ports. [H3C] apply poe-profile Profile2 interface Ethernet1/0/6 to Ethernet1/0/10...
Page 762 Operation Manual – UDP Helper H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 UDP Helper Configuration ..................1-1 1.1 Introduction to UDP Helper....................1-1 1.2 Configuring UDP Helper ....................1-2 1.3 Displaying and Maintaining UDP Helper ................1-3 1.4 Configuration Example ......................
Page 763 Operation Manual – UDP Helper H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 UDP Helper Configuration Chapter 1 UDP Helper Configuration 1.1 Introduction to UDP Helper UDP Helper is to relay specified UDP packets. In other words, UDP Helper functions as a relay that converts UDP broadcast packets into unicast packets and forwards them to a specified server.
Page 764 Operation Manual – UDP Helper H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 UDP Helper Configuration 1.2 Configuring UDP Helper Table 1-2 Configure UDP Helper Operation Command Description Enter system view — system-view Required Enable UDP Helper udp-helper enable Disabled by default...
Page 765 Operation Manual – UDP Helper H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 UDP Helper Configuration If the destination server is configured on a VLAN interface, the broadcast packets from a VLAN interface to a specific UDP port will be unicast to the destination server configured on that VLAN interface after UDP Helper is enabled.
Page 766 Operation Manual – UDP Helper H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 UDP Helper Configuration 1.4.2 Network diagram PC1 192.168.1.1 PC1 192.168.1.1 PC1 192.168.1.1 PC1 192.168.1.1 PC1 192.168.1.1 PC1 192.168.1.1 PC1 192.168.1.1 10.2.72.1 10.2.72.1 10.2.72.1 10.2.72.1 10.2.72.1 10.2.72.1 10.2.72.1...
Page 767 Operation Manual – SNMP-RMON H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 SNMP Configuration....................1-1 1.1 SNMP Overview......................... 1-1 1.1.1 SNMP Operation Mechanism.................. 1-1 1.1.2 SNMP Versions ....................... 1-1 1.1.3 Supported MIBs....................... 1-2 1.2 Configuring Basic SNMP Functions................... 1-3 1.3 Configuring Trap ........................
Page 768 Operation Manual – SNMP-RMON H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Chapter 1 SNMP Configuration 1.1 SNMP Overview By far, the simple network management protocol (SNMP) has gained the most extensive application in the computer networks. SNMP has been put into use and widely accepted as an industry standard in practice.
Page 769 Operation Manual – SNMP-RMON H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration functions as password. It can limit accesses made by SNMP NMS to SNMP agent. You can perform the following community name-related configuration. Specifying MIB view that a community can access.
Page 770 Operation Manual – SNMP-RMON H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Table 1-1 Common MIBs MIB attribute MIB content Related RFC MIB II based on TCP/IP RFC1213 network device RFC1493 BRIDGE MIB RFC2675 RIP MIB RFC1724 Public MIB...
Page 771 Operation Manual – SNMP-RMON H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Operation Command Description Required By default, the contact information for system snmp-agent sys-info maintenance is "R&D { contact sys-contact | Hangzhou, location sys-location | Set system information...
Page 772 Operation Manual – SNMP-RMON H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Table 1-3 Configure basic SNMP functions (SNMP V3) Operation Command Description Enter system system-view — view Required By default, SNMP Agent is disabled. Enable SNMP You can enable SNMP...
Page 773 Operation Manual – SNMP-RMON H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Operation Command Description Optional Create snmp-agent mib-view { included | By default, the view name update the view excluded } view-name oid-tree is “ViewDefault” and OID information is 1.
Page 774 Operation Manual – SNMP-RMON H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration 1.3.2 Configuration Tasks Table 1-4 Configure Trap Operation Command Description Enter system view system-view — snmp-agent trap enable [ configuration | flash | ospf [ process-id ] [ ospf-trap-list ] |...
Page 775 Operation Manual – SNMP-RMON H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration 1.4 Enabling Logging for Network Management Table 1-5 Enable logging for network management Operation Command Description Enter system view — system-view Optional; snmp-agent Enable logging set-operation...
Page 776 Operation Manual – SNMP-RMON H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Table 1-6 Display SNMP Operation Command Description Display SNMP display snmp-agent sys-info information about [ contact | location | version ]* current device Display SNMP packet...
Page 777 10.10.10.1. The SNMP community name to be used is “public”. [H3C] snmp-agent trap enable standard authentication [H3C] snmp-agent trap enable standard coldstart [H3C] snmp-agent trap enable standard linkup [H3C] snmp-agent trap enable standard linkdown [H3C] snmp-agent target-host trap address udp-domain 10.10.10.1 udp-port 5000 params securityname public 1-10...
Page 778 Chapter 1 SNMP Configuration IV. Configuring the NMS The S3600 series Ethernet switches support H3C’s QuidView NMS. SNMPv3 adopts user name and password authentication. When you use H3C’s QuidView NMS, you need to set user names and choose the security level in [Quidview Authentication Parameter].
Page 779 Operation Manual – SNMP-RMON H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 RMON Configuration Chapter 2 RMON Configuration 2.1 Introduction to RMON Remote monitoring (RMON) is a kind of management information base (MIB) defined by Internet Engineering Task Force (IETF). It is the most important enhancement made to MIB II standards.
Page 780 Operation Manual – SNMP-RMON H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 RMON Configuration probe function. Through the RMON-capable SNMP agents running on the Ethernet switch, an NMS can obtain the information about the total traffic, error statistics and performance statistics of the network segments to which the ports of the managed network devices are connected.
Page 781 Operation Manual – SNMP-RMON H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 RMON Configuration IV. History group After a history group is configured, the Ethernet switch collects network statistics information periodically and stores the statistics information temporarily for later use. A history group can provide the history data of the statistics on network segment traffic, error packets, broadcast packets, and bandwidth utilization.
Page 782 Operation Manual – SNMP-RMON H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 RMON Configuration 2.2.2 Configuring RMON Table 2-1 Configure RMON Operation Command Description Enter system view system-view — rmon event event-entry [ description string ] { log | Add an event entry...
Page 783 Operation Manual – SNMP-RMON H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 RMON Configuration 2.3 Displaying RMON After the above configuration, you can execute the display command in any view to display the RMON running status, and to verify the configuration.
Page 784 Operation Manual – SNMP-RMON H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 RMON Configuration II. Network diagram ternet ternet Internet Internet Network Port Network Port Console Port Console Port itch itch Figure 2-1 Network diagram for RMON configuration III. Configuration procedures # Configure RMON.
Page 785 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 NTP Configuration ....................... 1-1 1.1 Introduction to NTP ......................1-1 1.1.1 Applications of NTP....................1-1 1.1.2 Implementation Principle of NTP................1-2 1.1.3 NTP Implementation Modes..................1-4 1.2 Configuring NTP Implementation Modes................
Page 786 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Chapter 1 NTP Configuration 1.1 Introduction to NTP Network time protocol (NTP) is a time synchronization protocol defined in RFC1305. It is used for time synchronization between a set of distributed time servers and clients.
Page 787 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Note: The clock stratum determines the accuracy, which ranges from 1 to 16. The stratum of a reference clock ranges from 1 to 15. The clock accuracy decreases as the stratum number increases.
Page 788 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration NTP packet 10:00:00 am NTP Packet NTP Packet NTP Packet NTP Packet NTP Packet NTP Packet NTP Packet 10:00:00 am 10:00:00 am 10:00:00 am 10:00:00am 10:00:00am...
Page 789 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration 1.1.3 NTP Implementation Modes According to the network structure and the position of the local Ethernet switch in the network, the local Ethernet switch can work in multiple NTP modes to synchronize the clock.
Page 790 Figure 1-5 Multicast mod Table 1-1 describes how the above mentioned NTP modes are implemented on S3600 series Ethernet switches. Table 1-1 NTP implementation modes on S3600 series Ethernet switches implementation Configuration on S3600 series switches mode Configure the local S3600 Ethernet switch to operate in the NTP server mode.
Page 791 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration implementation Configuration on S3600 series switches mode Configure the local S3600 Ethernet switch to operate in NTP broadcast server mode. In this mode, the local switch broadcasts NTP packets through the VLAN interface configured on the switch.
Page 792 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration 1.2.2 Configuration Procedure Table 1-2 Configure NTP implementation modes Operation Command Description Enter system view system-view — ntp-service unicast-server remote-ip Optional Configure the switch to server-name...
Page 793 Note: To reduce the risk of being attacked by malicious users against opened socket and enhance switch security, the S3600 series Ethernet switches provide the following functions, so that a socket is opened only when it is needed: Opening UDP port 123 (used for NTP) when NTP is enabled;...
Page 794 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration IV. NTP multicast server mode When an S3600 Ethernet switch operates in NTP multicast server mode, it multicasts clock synchronization packets periodically. The devices in the NTP multicast client mode will respond to these packets and start the clock synchronization process.
Page 795 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration 1.4.1 Configuration Prerequisites NTP authentication configuration involves: Configuring NTP authentication on the client Configuring NTP authentication on the server Observe the following principles when configuring NTP authentication:...
Page 796 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Note: NTP authentication requires that the authentication keys configured for the server and the client are the same. Besides, the authentication keys must be trusted keys.
Page 797 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Note: The procedure for configuring NTP authentication on the server is the same as that on the client. Besides, the client and the server must be configured with the same authentication key.
Page 798 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration 1.6 Displaying and Debugging NTP After the above configurations, you can execute display commands in any view to display the running status of switch, and verify the effect of the configurations.
Page 799 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration <S3600> display ntp-service status Clock status: unsynchronized Clock stratum: 16 Reference clock ID: none Nominal frequency: 60.0002 Hz Actual frequency: 60.0002 Hz Clock precision: 2^18 Clock offset: 0.0000 ms Root delay: 0.00 ms...
Page 800 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration 1.7.2 Configuring NTP Peer Mode I. Network requirements The local clock of H3C2 is set to the NTP master clock, with the clock stratum level of 2.
Page 801 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration [H3C3] ntp-service unicast-peer 3.0.1.33 The S3600 Ethernet switch and H3C3 are a pair of peers. H3C3 operates in active peer mode, while the S3600 Ethernet switch operates in passive peer mode. Because the stratum level of the local clock of H3C3 is 1, and that of the S3600 Ethernet switch is 3, the S3600 Ethernet switch is synchronized to H3C3.
Page 802 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Note: This example assumes that H3C3 is a switch that supports the local clock being the master clock. II. Network diagram 3.0.1.31/24 3.0.1.31/24 Vlan-inte Vlan-inte rface 2...
Page 803 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Configure S3600-2 # Enter system view. <S3600-2> system-view [S3600-2] # Enter Vlan-interface2 view. [S3600-2] interface Vlan-interface 2 [S3600-2-Vlan-interface2] # Set S3600-2 to a broadcast client. [S3600-2-Vlan-interface2] ntp-service broadcast-client...
Page 804 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration 1.7.4 Configuring NTP Multicast Mode I. Network requirements The local clock of H3C3 is set to the NTP master clock, with a clock stratum level of 2.
Page 805 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration [S3600-1] # Enter Vlan-interface2 view. [S3600-1] interface Vlan-interface 2 # Set S3600-1 to a multicast client. [S3600-1-Vlan-interface2] ntp-service multicast-client Configure S3600-2. # Enter system view. <S3600-2> system-view [S3600-2] # Enter Vlan-interface2 view.
Page 806 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration [1]3.0.1.31 127.127.1.0 15.4 note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured 1.7.5 Configuring NTP Server Mode with Authentication I. Network requirements The local clock of H3C1 is set to the NTP master clock, with a clock stratum level of 2.
Page 807 Operation Manual – NTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration [S3600] ntp-service unicast-server 1.0.1.11 authentication-keyid 42 After the above configurations, S3600 is ready to synchronize with H3C1. Because the NTP authentication function is not enabled on H3C1, S3600 will fail to be synchronized to H3C1.
Page 808 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 SSH Terminal Service....................1-1 1.1 SSH Terminal Service ....................... 1-1 1.1.1 Introduction to SSH ....................1-1 1.1.2 SSH Server Configuration..................1-3 1.1.3 Configuring the SSH Client ...................
Page 809 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Chapter 1 SSH Terminal Service 1.1 SSH Terminal Service 1.1.1 Introduction to SSH Secure shell (SSH) provides secure communication and powerful authentication for remote user login to a switch over an insecure network, thus preventing assaults such as IP address spoofing, plain-text password interception.
Page 810 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation...
Page 811 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Through the above steps, the server and the client get the same session key, which is to be used to encrypt and decrypt data exchanged between the server and the client later.
Page 812 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Table 1-1 SSH2.0 Server configuration tasks Operation Command Related section Section “Configuring Configure user interface(s) to user interface(s) to protocol inbound support specified protocol(s)
Page 813 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Operation Command Description Optional Configure user protocol inbound { all interface(s) support By default, both Telnet |ssh | telnet } specified protocol(s) and SSH are supported.
Page 814 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Caution: For a successful SSH login, you must first generate the RSA key pairs of the server. You just need to execute the rsa local-key-pair create command once, and need not execute the command again after the system is rebooted.
Page 815 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Table 1-5 Configure authentication type for a user Operation Command Description Enter system view system-view — ssh authentication-type Specify default default { password | rsa...
Page 816 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Caution: If RSA authentication type is configured for a user, the RSA public key of the client user must be configured on the switch.
Page 817 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Table 1-6 Configure SSH management Operation Command Description Enter system view system-view — Optional ssh server timeout authentication By default, the timeout time is 60...
Page 818 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Operation Command Description Required When you input the key data, spaces are allowed between characters input (because system Configure the client Enter the content of the...
Page 819 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Table 1-8 Automatic configuration Operation Command Description Enter system view system-view — Transform the format of the key in a client public filename...
Page 820 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Specifying the RSA private key file. On the server, if RSA authentication is enabled for an SSH user and a public key is set for the user, the private key file corresponding to the public key must be specified on the client.
Page 821 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Figure 1-4 Generating the client keys (2) After the key pair is generated, click Save public key and enter the name of the file for saving the public key (public in this case) to save the public key.
Page 822 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Figure 1-5 Generating the client keys (3) Likewise, to save the private key, click Save private key. A warning window pops up to prompt you whether to save the private key without any precaution.
Page 823 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Figure 1-7 Generating the client keys (5) II. Specifying the IP address of the Server Launch PuTTY.exe. The following window appears. 1-15...
Page 824 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Figure 1-8 SSH client configuration interface 1 In the Host Name (or IP address) text box, enter the IP address of the server, Note that there must be a route available between the IP address of the server and the client.
Page 825 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Figure 1-9 SSH client configuration interface 2 Under Protocol options, select 2 from Preferred SSH protocol version. Note: Some SSH client software, for example, Tectia client software, supports the DES algorithm only when the ssh1 version is selected.
Page 826 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Figure 1-10 SSH client configuration interface 3 Click Browse… to bring up the file selection window, navigate to the private key file and click OK.
Page 827 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Figure 1-11 SSH client interface Enter the username and password to establish an SSH connection. To log out, enter the quit command. 1.1.4 Configuring the Device as an SSH Client When the device connects to the SSH server as an SSH client, you can configure the SSH client to authenticate the SSH server during the first access.
Page 828 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service I. configure the device as an SSH client that supports first authentication Table 1-10 Configure the device as an SSH client that supports first authentication...
Page 829 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Operation Command Description — The input public keys are Quit to public key view public-key-code end saved when you quit the public key edit view.
Page 830 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service Table 1-13 Display SSH configuration Operation Command Description Display host and server display public keys local-key-pair public display Display client RSA public peer-public-key [ brief |...
Page 831 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service III. Configuration procedure The configuration procedure varies with login authentication modes. However, you must complete the following three configuration tasks before any configuration procedure.
Page 832 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service RSA public key authentication # Set AAA authentication on the user interfaces. [H3C] user-interface vty 0 4 [H3C-ui-vty0-4] authentication-mode scheme # Set the user interfaces to support SSH.
Page 833 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Service 1.1.7 SSH Client Configuration Example I. Network requirements As shown in Figure 1-13: Switch A serves as an SSH client, with a user name of client001.
Page 834 The Server is not authenticated. Do you continue to access it?(Y/N):y Do you want to save the server's public key?(Y/N):n Enter password: ************************************************************************* * Copyright(c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ************************************************************************* <H3C>...
Page 835 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 SFTP Service Chapter 2 SFTP Service 2.1 SFTP Service 2.1.1 Introduction to SFTP Secure FTP (SFTP) is a new feature introduced in SSH2.0. Since SFTP is based on SSH, it can provides security for remote users to log into the switch and perform file management and transfer operations (such as system update), thus providing more security for data transfer.
Page 836 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 SFTP Service II. Enabling SFTP Server Table 2-2 Enable SFTP Server Operation Command Description Enter system view system-view — Required Enable SFTP Server sftp server enable By default, SFTP Server is disabled.
Page 837 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 SFTP Service Command Operation View Description Keyword Change the current directory Return to the upper cdup directory Display the current SFTP directory directory SFTP client Optional...
Page 838 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 SFTP Service Table 2-5 Start SFTP Client Operation Command Description Enter system view system-view — sftp { host-ip | host-name } [ port-num ] prefer_kex dh_group1...
Page 839 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 SFTP Service Operation Command Description dir [ -a | -l ] [ remote-path ] Optional Display the file list of a The dir and ls commands...
Page 840 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 SFTP Service Table 2-9 Display help information about an SFTP client command Operation Command Description Enter system view system-view — Enter SFTP client view sftp { host-ip | host-name } —...
Page 841 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 SFTP Service III. Configuration procedure Configure Switch B (SFTP server) <H3C>system-view [H3C] rsa local-key-pair create # Create a VLAN interface on SwitchB and assign an IP address, which the SSH client uses as the destination for SSH connection.
Page 842 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 SFTP Service # Configure an IP address (192.168.0.2 in this case) for the VLAN interface on SwitchA. This IP address and that of the VLAN interface on SwitchB must be in the same network segment.
Page 843 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 SFTP Service sftp-client> mkdir new1 New directory created sftp-client> dir -rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg -rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2...
Page 844 Operation Manual – SSH Terminal Service H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 SFTP Service sftp-client> quit [H3C] 2-10...
Page 845 Operation Manual – File System Management H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 File System Management Configuration ..............1-1 1.1 File Attribute Configuration ....................1-1 1.1.1 Introduction to File Attributes .................. 1-1 1.1.2 Configuring File Attributes..................1-2 1.2 File System Configuration....................
Page 846 Operation Manual – File System Management Chapter 1 File System Management H3C S3600 Series Ethernet Switches-Release 1510 Configuration Chapter 1 File System Management Configuration 1.1 File Attribute Configuration 1.1.1 Introduction to File Attributes An app file is an executable file, with .bin as the extension. A configuration file is used to store and restore configuration, with .cfg as the extension.
Page 847 Operation Manual – File System Management Chapter 1 File System Management H3C S3600 Series Ethernet Switches-Release 1510 Configuration will not possess the main attribute. If you download a file with the same name as the original file with the main attribute to the flash memory, the file will possess the main attribute.
Page 848 Operation Manual – File System Management Chapter 1 File System Management H3C S3600 Series Ethernet Switches-Release 1510 Configuration Caution: Before configuring the main or backup attribute for a file in the fabric, make sure the file already exists on all devices in the fabric.
Page 849 Operation Manual – File System Management Chapter 1 File System Management H3C S3600 Series Ethernet Switches-Release 1510 Configuration Note: For Ethernet switches that support intelligent resilient framework (IRF), you can input a file path and file name in one of the following ways: In URL (universal resource locator) format and starting with “unit[No.]>flash:/”...
Page 850 Operation Manual – File System Management Chapter 1 File System Management H3C S3600 Series Ethernet Switches-Release 1510 Configuration 1.2.4 File Operations The file system also provides file-related functions, such as: Deleting a file Restoring a deleted file Deleting a file permanently...
Page 851 Operation Manual – File System Management Chapter 1 File System Management H3C S3600 Series Ethernet Switches-Release 1510 Configuration To do… Use the command… Remarks Display the information dir [ /all ] [ /fabric | about a directory or a Optional...
Page 852 Operation Manual – File System Management Chapter 1 File System Management H3C S3600 Series Ethernet Switches-Release 1510 Configuration 1.2.6 Prompt Mode Configuration You can set the prompt mode of the current file system to alert or quiet. In alert mode, the file system will give a prompt for confirmation if you execute a command which may cause data loss, for example, deleting or overwriting a file.
Page 853 Operation Manual – File System Management Chapter 1 File System Management H3C S3600 Series Ethernet Switches-Release 1510 Configuration Directory of unit1>flash:/ 1 (*) -rw- 5822215 Jan 01 1970 00:07:03 s3600.bin -rwh Apr 01 2000 23:55:49 snmpboots -rwh Apr 02 2000 00:47:30...
Page 854 Operation Manual – File System Management Chapter 1 File System Management H3C S3600 Series Ethernet Switches-Release 1510 Configuration 1.3.1 Operation Prerequisites Before performing the following operations, you must first ensure that: The relevant units support TFTP client. The TFTP server is started and reachable.
Page 855 Operation Manual – File System Management H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 FTP/TFTP Lighting Configuration Chapter 2 FTP/TFTP Lighting Configuration 2.1 FTP Lighting Configuration 2.1.1 Introduction to FTP File transfer protocol (FTP) is a commonly used protocol to transfer files over the Internet and IP networks.
Page 856 Operation Manual – File System Management H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 FTP/TFTP Lighting Configuration Figure 2-1 Clockwise rotating of the seven-segment digital LED Table 2-1 Configuration for file upload from an FTP client to the switch acting as FTP...
Page 857 Operation Manual – File System Management H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 FTP/TFTP Lighting Configuration Table 2-2 Configuration for file download from an FTP server to the switch acting as an FTP client Use the Device To do…...
Page 858 Operation Manual – File System Management H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 FTP/TFTP Lighting Configuration When a file needs to be downloaded, the client sends a read request to the TFTP server. It then receives data from the server and sends acknowledgement to the server.
Page 859 Operation Manual – File System Management H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 FTP/TFTP Lighting Configuration Table 2-3 Download file from an TFTP server to the switch acting as an TFTP client Device To do… Use the command… Remarks...
Page 860 Operation Manual – FTP and TFTP H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 FTP and TFTP Configuration ..................1-1 1.1 FTP Configuration......................1-1 1.1.1 Introduction to FTP....................1-1 1.1.2 FTP Configuration: A Switch Operating as an FTP Server........1-2 1.1.3 Configuration Example: A Switch Operating as an FTP Server ......
Page 861 Operation Manual – FTP and TFTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Chapter 1 FTP and TFTP Configuration 1.1 FTP Configuration 1.1.1 Introduction to FTP FTP (file transfer protocol) is commonly used in IP-based networks to transmit files.
Page 862 Operation Manual – FTP and TFTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Device Configuration Default Description Log into the switch through an FTP client — — application. Caution: The FTP-related functions require that the route between a FTP client and the FTP server is reachable.
Page 863 Operation Manual – FTP and TFTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Network Network Network Network Switch Switch Figure 1-1 Network diagram for FTP configurations The following configurations are performed on the FTP server:...
Page 864 Operation Manual – FTP and TFTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Note: Only one user can access an S3600 Ethernet switch at a given time when the latter operates as an FTP server. FTP services are implemented in this way: An FTP client sends FTP requests to the FTP server.
Page 865 Operation Manual – FTP and TFTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Table 1-4 Specify the source interface and source IP address for an FTP server Operation Command Description Enter system view system-view —...
Page 866 Operation Manual – FTP and TFTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration V. Displaying FTP server information After the above configurations, you can run the display command in any view to display the running information of the FTP server and verify your configurations.
Page 867 Operation Manual – FTP and TFTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration # Log into the switch. (You can log into a switch through the Console port or by Telneting to the switch. See the “Login” module for detailed information.) <H3C>...
Page 868 Flash memory to make room for the file. H3C series switch is not shipped with FTP client applications. You need to purchase and install it by yourself. After uploading the application, you can update the application on the switch.
Page 869 Operation Manual – FTP and TFTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Table 1-7 Basic configurations on an FTP client Operation Command Description cluster Enter FTP Client view remote-server — [ port-number ] ]...
Page 870 Operation Manual – FTP and TFTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Operation Command Description Terminate the current FTP connection without exiting Optional disconnect FTP client view Terminate the current FTP connection without exiting...
Page 871 Operation Manual – FTP and TFTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Operation Command Description Display the fixed source IP address used by a FTP This command can be display ftp source-ip client to connect to a FTP executed in any view.
Page 872 Operation Manual – FTP and TFTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration II. Network diagram Network Network Network Network Switch Switch Figure 1-3 Network diagram for FTP configurations III. Configuration procedure Perform FTP server–related configurations on the PC, that is, create a user account on the FTP server with user name “switch”...
Page 873 Operation Manual – FTP and TFTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration [ftp] cd switch # Run the put command to upload the configuration file named config.cfg to the FTP server. [ftp] put config.cfg # Run the get command to download the file named switch.bin to the Flash memory of...
Page 874 Operation Manual – FTP and TFTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration When you download a file that is larger than the free space of the switch’s flash memory: If the TFTP server supports file size negotiation, file size negotiation will be initiated between the switch and the server and the file download operation will be aborted if the free space of the switch’s flash memory is found to be insufficient.
Page 875 Operation Manual – FTP and TFTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Table 1-9 Configurations needed when a switch operates as a TFTP client Device Configuration Default Description Configure an IP address TFTP applies...
Page 876 Operation Manual – FTP and TFTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration III. Specifying the source interface and source IP address for a TFTP client You can specify the source interface and source IP address for a switch operating as a TFTP client, so that it can connect with a remote TFTP server through the IP address of the specified interface or the specified IP address.
Page 877 Operation Manual – FTP and TFTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Note: The specified interface must be an existing one, and otherwise a prompt appears to show the configuration fails. The value of argument ip-address must be an IP address on the device where the configuration is performed, and otherwise a prompt appears to show the configuration fails.
Page 878 Operation Manual – FTP and TFTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration III. Configuration procedure Start the TFTP server and configure the work directory on the PC. Configure the switch. # Log into the switch. (You can log into a switch through the Console port or by Telneting to the switch.
Page 879 Operation Manual – FTP and TFTP H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Note: For information about the boot boot-loader command and how to specify the startup file for a switch, refer to the “System Maintenance and Debugging” module of this manual.
Page 880 Operation Manual – Information Center H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Information Center....................... 1-1 1.1 Information Center Overview ..................... 1-1 1.2 Information Center Configuration..................1-4 1.2.1 Enabling Synchronous Terminal Output ..............1-5 1.2.2 Enabling Information Output to a Log Host.............
Page 881 Combined with the debugging program (debugging commands), it provides powerful support for network administrators and developers in network operation monitoring and fault diagnosis. Information items output by S3600 series switches are presented in the following format: <priority>timestamp sysname module/level/digest:content Here, angle brackets “<>”, spaces, slashes “/”...
Page 882 H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center It refers to the system name of the host, which is “H3C” by default. You can modify the host name with the sysname command. Refer to System Maintaining and Debugging part of the manual for detailed operations.
Page 883 Operation Manual – Information Center H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Module name Description MSTP Multiple spanning tree protocol module MTRACE Multicast traceroute query module Network address translation module Neighbor discovery protocol module NTDP Network topology discovery protocol module...
Page 884 Operation Manual – Information Center H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center output. Therefore, when the severity threshold is set to “debugging”, all information will be output. See Table 1-2 for description of severities and corresponding levels.
Page 885 Operation Manual – Information Center H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Output direction Channel number Default channel name Trap buffer trapbuffer Log buffer logbuffer SNMP snmpagent Note: Settings for the six output directions are independent. However, for any output direction, you must first enable the information center to make all other settings effective.
Page 886 Operation Manual – Information Center H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center 1.2.2 Enabling Information Output to a Log Host Table 1-5 lists the related configurations on the switch. Table 1-5 Enable information output to a log host...
Page 887 Operation Manual – Information Center H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Note: After the switches form a fabric, you can use the info-center switch-on command to enable the information output for the switch to make the log, debugging and trap information of each switch in the fabric synchronous.
Page 888 Operation Manual – Information Center H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center For example, to view log information of the switch on the console, you should not only enable log information output to the console, but also enable log information terminal display with the terminal logging command.
Page 889 Operation Manual – Information Center H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Operation Command Description info-center source { modu-name | default } Define channel { channel-number | Required information source channel-name } [ { log | trap...
Page 890 Operation Manual – Information Center H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Operation Command Description Enable Optional information terminal logging By default, log information terminal terminal display display is enabled. function Enable trap Optional information terminal trapping...
Page 891 Operation Manual – Information Center H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Note: To view debugging information of specific modules, you need to configure the information type as debug in the info-center source command, and enable debugging on corresponding modules with the debugging command as well.
Page 892 Operation Manual – Information Center H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Note: To view debugging information of specific modules, you need to set the information type as debug in the info-center source command, and enable debugging on corresponding modules with the debugging command as well.
Page 893 Operation Manual – Information Center H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center 1.3 Displaying and Debugging Information Center After the above configurations, you can execute the display command in any view to display the running status of the information center, and thus validating your configurations.
Page 894 [H3C] info-center loghost 202.38.1.10 facility local4 language english [H3C] info-center source arp channel loghost log level informational debug state off trap state off [H3C] info-center source ip channel loghost log level informational debug state off trap state off Configure the log host: The operations here are performed on SunOS 4.0.
Page 895 Operation Manual – Information Center H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Note: When you edit the file “/etc/syslog.conf”, note that: A note must start in a new line, starting with a “#” sign. In each pair, a tab should be used as a separator instead of a space.
Page 896 English. Permit all modules to output information with severity level higher than error to the log host. [H3C] info-center loghost 202.38.1.10 facility local7 language english [H3C] info-center source default channel loghost log level errors debug state off trap state off Configure the log host: Step 1: Execute the following commands as a super user (root user).
Page 897 Operation Manual – Information Center H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center # syslogd -r & Note: In case of Linux log host, the daemon “syslogd” must be started with the “-r” option. After all the above operations, the switch can record information in the corresponding log file.
Page 898 [H3C] info-center console channel console [H3C] info-center source arp channel console log level informational debug state off trap state off [H3C] info-center source ip channel console log level informational debug state off trap state off # Enable terminal display. <H3C> terminal monitor <H3C>...
Page 899 Operation Manual – System Maintenance and Debugging H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 BootROM and Host Software Loading ..............1-1 1.1 Introduction to Loading Approaches .................. 1-1 1.2 Local BootROM and Software Loading ................1-1 1.2.1 BOOT Menu ......................
Page 900 Operation Manual – System Maintenance and Debugging H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents 4.2.5 Upgrading the BootROM..................4-3 4.2.6 Upgrading the Host Software in the Fabric ............. 4-3 4.3 Displaying the Device Management Configuration............4-3 4.4 Remote Switch Upgrade Configuration Example .............. 4-4...
Page 901 Operation Manual – System Maintenance and Debugging Chapter 1 BootROM and Host Software H3C S3600 Series Ethernet Switches-Release 1510 Loading Chapter 1 BootROM and Host Software Loading Traditionally, switch software is loaded through a serial port. This approach is slow, time-consuming and cannot be used for remote loading.
Page 902 Operation Manual – System Maintenance and Debugging Chapter 1 BootROM and Host Software H3C S3600 Series Ethernet Switches-Release 1510 Loading Note: The loading process of the BootROM software is the same as that of the host software, except that during the former process, you should press <Ctrl+U> and <Enter> after entering the BOOT menu and the system gives different prompts.
Page 903 Operation Manual – System Maintenance and Debugging Chapter 1 BootROM and Host Software H3C S3600 Series Ethernet Switches-Release 1510 Loading Enter the correct BootROM password (no password is need by default). The system enters the BOOT Menu: BOOT MENU 1. Download application file to flash 2.
Page 904 Operation Manual – System Maintenance and Debugging Chapter 1 BootROM and Host Software H3C S3600 Series Ethernet Switches-Release 1510 Loading 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3): Step 2: Press 3 in the above menu to download the BootROM using XModem. The...
Page 905 Operation Manual – System Maintenance and Debugging Chapter 1 BootROM and Host Software H3C S3600 Series Ethernet Switches-Release 1510 Loading Figure 1-1 Properties dialog box Figure 1-2 Console port configuration dialog box Step 5: Click the <Disconnect> button to disconnect the HyperTerminal from the switch and then click the <Connect>...
Page 906 Operation Manual – System Maintenance and Debugging Chapter 1 BootROM and Host Software H3C S3600 Series Ethernet Switches-Release 1510 Loading Figure 1-3 Connect and disconnect buttons Note: The new baudrate takes effect after you disconnect and reconnect the HyperTerminal program.
Page 907 Operation Manual – System Maintenance and Debugging Chapter 1 BootROM and Host Software H3C S3600 Series Ethernet Switches-Release 1510 Loading Figure 1-5 Sending file page Step 9: After the sending process completes, the system displays the following information: Loading ...CCCCCCCCCC done! Step 10: Reset HyperTerminal’s baudrate to 9600 bps (refer to Step 4 and 5).
Page 908 Operation Manual – System Maintenance and Debugging Chapter 1 BootROM and Host Software H3C S3600 Series Ethernet Switches-Release 1510 Loading 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3): Step 2: Enter 3 in the above menu to load the host software by using XModem.
Page 909 Step2: Run the TFTP server program on the TFTP server, and specify the path of the program to be downloaded. Caution: TFTP server program is not provided with the H3C Series Ethernet Switches. Step 3: Run the HyperTerminal program on the configuration PC. Start the switch. Then enter the BOOT Menu.
Page 910 Operation Manual – System Maintenance and Debugging Chapter 1 BootROM and Host Software H3C S3600 Series Ethernet Switches-Release 1510 Loading Step 1: Select <1> in BOOT Menu and press <Enter>. The system displays the following information: 1. Set TFTP protocol parameter 2.
Page 911 Operation Manual – System Maintenance and Debugging Chapter 1 BootROM and Host Software H3C S3600 Series Ethernet Switches-Release 1510 Loading Note: You can use one computer as both configuration device and FTP server. Step 2: Run the FTP server program on the FTP server, configure an FTP user name and password, and copy the program file to the specified FTP directory.
Page 912 Operation Manual – System Maintenance and Debugging Chapter 1 BootROM and Host Software H3C S3600 Series Ethernet Switches-Release 1510 Loading Enter your choice(0-3): Enter 2 in the above menu to download the host software using FTP. The subsequent steps are the same as those for loading the BootROM, except for that the system gives the prompt for host software loading instead of BootROM loading.
Page 913 Operation Manual – System Maintenance and Debugging Chapter 1 BootROM and Host Software H3C S3600 Series Ethernet Switches-Release 1510 Loading <H3C> ftp 10.1.1.1 Trying ... Press CTRL+K to abort Connected. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user...
Page 914 Operation Manual – System Maintenance and Debugging Chapter 1 BootROM and Host Software H3C S3600 Series Ethernet Switches-Release 1510 Loading If the space of the Flash memory is not enough, you can delete the unused files in the Flash memory before software downloading.
Page 915 Operation Manual – System Maintenance and Debugging Chapter 1 BootROM and Host Software H3C S3600 Series Ethernet Switches-Release 1510 Loading [H3C] local-user test New local user added. [H3C-luser-test] password simple pass [H3C-luser-test] service-type ftp Step 4: Enable FTP client software on the PC. Refer to Figure 1-10 for the command line interface in Windows operating system.
Page 916 Operation Manual – System Maintenance and Debugging Chapter 1 BootROM and Host Software H3C S3600 Series Ethernet Switches-Release 1510 Loading Figure 1-11 Enter BootROM directory Step 6: Enter ftp 192.168.0.39 and enter the user name test, password pass, as shown in Figure 1-12, to log on to the FTP server.
Page 917 Operation Manual – System Maintenance and Debugging Chapter 1 BootROM and Host Software H3C S3600 Series Ethernet Switches-Release 1510 Loading Figure 1-13 Upload file S3600.btm to the switch Step 8: Configure S3600.btm to be the BootROM at next startup, and then restart the switch.
Page 918 Operation Manual – System Maintenance and Debugging Chapter 1 BootROM and Host Software H3C S3600 Series Ethernet Switches-Release 1510 Loading 1.3.2 Remote Loading Using TFTP The remote loading using TFTP is similar to that using FTP. The only difference is that TFTP is used to load software to the switch, and the switch can only act as a TFTP client.
Page 919 Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration H3C S3600 Series Ethernet Switches-Release 1510 & Debugging Chapter 2 Basic System Configuration & Debugging 2.1 Basic System Configuration 2.1.1 Basic System Configuration Tasks Table 2-1 Basic system configuration tasks...
Page 920 Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration H3C S3600 Series Ethernet Switches-Release 1510 & Debugging 2.1.3 Setting the System Name of the Switch Table 2-3 Set the system name of the switch Operation Command Description...
Page 921 Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration H3C S3600 Series Ethernet Switches-Release 1510 & Debugging Table 2-6 Set the summer time Operation Command Description Set the name and time clock summer-time zone_name range of the summer...
Page 922 Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration H3C S3600 Series Ethernet Switches-Release 1510 & Debugging Table 2-10 System information display commands Operation Command Description Display the current date display clock and time of the system...
Page 923 Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration H3C S3600 Series Ethernet Switches-Release 1510 & Debugging Debugging information Debugging information Debugging information Debugging information Protocol debugging setting Protocol debugging setting Terminal display setting Terminal display setting Figure 2-1 Debugging information outpu You can use the following commands to perform the settings.
Page 924 Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration H3C S3600 Series Ethernet Switches-Release 1510 & Debugging 2.3.2 Displaying Debugging Status Table 2-12 Display the current debugging status in the system Operation Command Description display debugging { fabric |...
Page 925 Operation Manual – System Maintenance and Debugging H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Network Connectivity Test Chapter 3 Network Connectivity Test 3.1 Network Connectivity Test 3.1.1 ping You can use the ping command to check the network connectivity and the reachability of a host.
Page 926 Operation Manual – System Maintenance and Debugging H3C S3600 Series Ethernet Switches-Release 1510 Chapter 3 Network Connectivity Test Table 3-2 The tracert command Operation Command Description Trace the gateways that a tracert [ -a source-ip ] [ -f execute packet passes from the...
Page 927 Operation Manual – System Maintenance and Debugging H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 Device Management Chapter 4 Device Management 4.1 Introduction to Device Management The device management function of the Ethernet switch enables the display of current status and event-debugging information of the system. Through this function, you can maintain and manage the status and communication of the physical devices, and restart the system when some functions of the system are exceptional.
Page 928 Operation Manual – System Maintenance and Debugging H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 Device Management Table 4-2 Reboot the Ethernet switch Operation Command Description Reboot the Ethernet switch reboot [ unit unit-id ] — 4.2.3 Scheduling a Reboot on the Switch After you schedule a reboot on the switch, the switch will reboot at the specified time.
Page 929: Upgrading The Bootrom
Operation Manual – System Maintenance and Debugging H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 Device Management 4.2.5 Upgrading the BootROM You can use the BootROM program saved in the Flash memory of the switch to upgrade the running BootROM. With this command, a remote user can conveniently upgrade the BootRom by uploading the BootROM to the switch through FTP and running this command.
Page 930: Remote Switch Upgrade Configuration Example
Operation Manual – System Maintenance and Debugging H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 Device Management Table 4-7 Display the operating status of the device management Operation Command Description Display the APP to be display boot-loader unit adopted at next startup...
Page 931 Operation Manual – System Maintenance and Debugging H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 Device Management Make configuration so that the IP address of a VLAN interface on the switch is 1.1.1.1, the IP address of the PC is 2.2.2.2, and the switch and the PC is reachable to each other.
Page 932 Operation Manual – System Maintenance and Debugging H3C S3600 Series Ethernet Switches-Release 1510 Chapter 4 Device Management <H3C> ftp 2.2.2.2 Trying ... Press CTRL+K to abort Connected. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(none):switch...
Page 933: Table Of Contents
Operation Manual – VLAN-VPN H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 VLAN-VPN Configuration.................... 1-1 1.1 VLAN-VPN Overview ......................1-1 1.1.1 Introduction to VLAN-VPN ..................1-1 1.1.2 Implementation of VLAN-VPN................. 1-1 1.1.3 Adjusting the TPID Values of VLAN-VPN Packets ..........1-2 1.2 VLAN-VPN Configuration ....................
Page 934: Chapter 1 Vlan-Vpn Configuration
Operation Manual – VLAN-VPN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VLAN-VPN Configuration Chapter 1 VLAN-VPN Configuration 1.1 VLAN-VPN Overview 1.1.1 Introduction to VLAN-VPN The VLAN-VPN function enables packets to be transmitted across the operators’ backbone networks with VLAN tags of private networks encapsulated in those of public networks.
Page 935: Adjusting The Tpid Values Of Vlan-Vpn Packets
TPID values (such as 0x9100 or 0x9200) in the outer tags of VLAN-VPN packets. To be compatible with devices coming from other vendors, S3600 series switches can adjust the TPID values of VLAN-VPN packets based on ports. You can configure the TPID value of a port connecting to the public network side by yourself.
Page 936: Vlan-Vpn Configuration
Operation Manual – VLAN-VPN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VLAN-VPN Configuration Protocol type Value IS-IS 0x8000 LACP 0x8809 802.1x 0x888E 1.2 VLAN-VPN Configuration 1.2.1 Configuration Prerequisites GARP VLAN registration protocol (GVRP), GARP multicast registration protocol (GMRP), intelligent resilient framework (IRF), neighbor topology discovery protocol (NTDP), spanning tree protocol (STP), 802.1x and centralized MAC...
Page 937: Inner Vlan Tag Priority Replication Configuration
Operation Manual – VLAN-VPN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 VLAN-VPN Configuration Operation Command Description Display VLAN This command can be configuration information display port vlan-vpn executed in any view. about all the ports Note: After you enable the VLAN-VPN function for a port, you cannot change the port to be a trunk port or hybrid port, nor can you enable GVRP, GMRP, IRF, NTDP, or STP, 802.1x...
Page 938: Tpid Adjusting Configuration
Caution: If you have configured the port priority, (refer to the QoS&QoS Profile part of H3C S3600 Series Ethernet Switches Operation Manual for more), after you configure to replicate the tag priority of the inner VLAN tag of a VLAN-VPN packet, the switch will prompt that the port priority configuration on the current port is invalid.
Page 939: Vlan-Vpn Configuration Example
1.5 VLAN-VPN Configuration Example I. Network requirements Switch A and Switch C are S3600 series switches. Switch B is a switch coming from another manufacturer, which uses the TPID value of 0x9100. Two user networks are connected to the Ethernet1/0/1 ports of Switch A and Switch C respectively.
Page 940 Configure Switch B Because Switch B comes from another manufacturer, the commands involved may differ from those for S3600 series switches. So only the operations are listed, as shown below: Configure Ethernet3/1/1 and Ethernet3/1/2 ports of Switch B to be trunk ports.
Page 941: Chapter 2 Bpdu Tunnel Configuration
Operation Manual – VLAN-VPN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 BPDU Tunnel Configuration Chapter 2 BPDU Tunnel Configuration 2.1 BPDU Tunnel Overview 2.1.1 Introduction to the BPDU Tunnel Function In MAN networking solutions, the requirements may arise that the branches of an enterprise be interconnected through the operator’s network.
Page 942: Bpdu Tunnel Configuration
Figure 2-3 The structure of a BPDU packet after it enters a BPDU tunnel 2.2 BPDU Tunnel Configuration You can establish BPDU tunnels between S3600 series Ethernet switches for the packets of the following protocols: ALCP (link aggregation control protocol)
Page 943: Configuration Prerequisites
Operation Manual – VLAN-VPN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 BPDU Tunnel Configuration 2.2.1 Configuration Prerequisites One or more protocols among LACP, NDP, CDP, and VTP operate properly on the devices. 2.2.2 Configuring BPDU Tunnel Table 2-1 Configure BPDU Tunnel...
Page 944 Operation Manual – VLAN-VPN H3C S3600 Series Ethernet Switches-Release 1510 Chapter 2 BPDU Tunnel Configuration Enable the BPDU Tunnel function for NDP packets on the Ethernet1/0/1 and Ethernet1/0/4 port shown in the Figure 2-4.Set the port Ethernet1/0/2 and Ethernet1/0/3 to be BPDU Tunnel uplink ports.
Page 945 Operation Manual – HWPing H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 HWPing Configuration ....................1-1 1.1 Introduction to HWPing ...................... 1-1 1.2 HWPing Configuration ....................... 1-1 1.2.1 Introduction to HWPing Configuration..............1-1 1.2.2 Configuring HWPing....................1-2 1.2.3 Displaying HWPing Configuration ................
Page 946: Chapter 1 Hwping Configuration
Operation Manual – HWPing H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 HWPing Configuration Chapter 1 HWPing Configuration 1.1 Introduction to HWPing HWPing is a network diagnostic tool used to test the performance of protocols (only ICMP by far) running on network. It is an enhanced alternative to the ping command.
Page 947: Configuring Hwping
Operation Manual – HWPing H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 HWPing Configuration Number of test packets to be sent in a test If this parameter is set to a number greater than 1, the system sends the second test...
Page 948: Displaying Hwping Configuration
Operation Manual – HWPing H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 HWPing Configuration Operation Command Description Optional By default, the automatic Configure the automatic frequency interval test interval zero, test interval. indicating no automatic test will be performed. Optional...
Page 949 Operation Manual – HWPing H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 HWPing Configuration [H3C-hwping-administrator-icmp] test-type icmp # Specify the destination IP address as 1.1.1.99. [H3C-hwping-administrator-icmp] destination-ip 1.1.1.99 # Set the number of test packets sent in a test to 10.
Page 950 Operation Manual – DNS H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 DNS Configuration....................... 1-1 1.1 DNS Overview ........................1-1 1.1.1 Static Domain Name Resolution ................1-1 1.1.2 Dynamic Domain Name Resolution ................ 1-1 1.2 Configuring Static Domain Name Resolution ..............
Page 951: Chapter 1 Dns Configuration
Operation Manual – DNS H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DNS Configuration Chapter 1 DNS Configuration 1.1 DNS Overview Domain name system (DNS) is a mechanism used for TCP/IP applications to provide domain name-to-IP address translation. With DNS, you can use memorizable and meaningful domain names in some applications and let the DNS server resolve it into correct IP addresses.
Page 952 Operation Manual – DNS H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DNS Configuration Request Request Request Request User program User program Resolver Resolver Response Response Response Response DNS Server DNS Server Save Save Read Read Cache Cache DNS Client...
Page 953: Configuring Static Domain Name Resolution
Operation Manual – DNS H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DNS Configuration 1.2 Configuring Static Domain Name Resolution Table 1-1 Configure static domain name resolution: Operation Command Description — Enter system view system-view Required Configure a mapping host...
Page 954: Dns Configuration Example
Operation Manual – DNS H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DNS Configuration 1.3.2 DNS Configuration Example I. Network requirements As shown in Figure 1-2, the switch serving as a DNS Client uses the dynamic domain name resolution feature to access the host with the domain name being host1 and the IP address being 3.1.1.1/16.
Page 955: Displaying And Maintaining Dns
Operation Manual – DNS H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DNS Configuration Execute the ping host1 command on the switch to verify that the communication between the switch and the host is normal and that the corresponding IP address is 3.1.1.1.
Page 956 Operation Manual – DNS H3C S3600 Series Ethernet Switches-Release 1510 Chapter 1 DNS Configuration Check that the mapping between the domain name and IP address is correct on the DNS Server.
Page 957 Operation Manual – Access Management H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Access Management Configuration ................1-1 1.1 Access Management Overview ..................1-1 1.2 Configure Access Management..................1-2 1.2.1 Enable Access Management Function ..............1-2 1.2.2 Configure the Access IP Address Pool Based on the Physical Port.......
Page 958: Chapter 1 Access Management Configuration
Operation Manual – Access Management Chapter 1 Access Management H3C S3600 Series Ethernet Switches-Release 1510 Configuration Chapter 1 Access Management Configuration 1.1 Access Management Overview One of the typical Ethernet access networking scenario is that the users access external network through the Ethernet switches. In this case, the external network is connected to the Ethernet switch.
Page 959: Configure Access Management
Operation Manual – Access Management Chapter 1 Access Management H3C S3600 Series Ethernet Switches-Release 1510 Configuration Isolation measure is required, because otherwise the PCs in two organizations may interwork with each other. The L2 isolation function at the switch port can ensure two ports do not receive the packets from the other port, so that only those PCs in the same organization can communicate with each other.
Page 960: Configure Layer 2 Isolation Between Ports
Operation Manual – Access Management Chapter 1 Access Management H3C S3600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Required Configure access By default, the IP address management IP address pools for access control am ip-pool address-list pool based on the physical...
Page 961: Enable Access Management Trap
Operation Manual – Access Management Chapter 1 Access Management H3C S3600 Series Ethernet Switches-Release 1510 Configuration When a port in an aggregation group is added in or removed from an isolation group, then all the other ports of this aggregation group on the same unit are automatically added in or removed from this isolation group.
Page 962: Access Management Configuration Example
Operation Manual – Access Management Chapter 1 Access Management H3C S3600 Series Ethernet Switches-Release 1510 Configuration 1.4 Access Management Configuration Example I. Networking requirements Organization 1 is connected to the port 1 of the switch, and organization 2 to the port 2.
Page 963 Operation Manual – Appendix H3C S3600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Appendix A Acronyms ........................A-1...
Page 964 Operation Manual – Appendix H3C S3600 Series Ethernet Switches-Release 1510 Appendix A Acronyms Appendix A Acronyms Authentication, Authorization and Accounting Area Border Router Access Control List Address Resolution Protocol Autonomous System ASBR Autonomous System Border Router Backup Designated Router Committed Access Rate...
Page 965 Operation Manual – Appendix H3C S3600 Series Ethernet Switches-Release 1510 Appendix A Acronyms ICMP Internet Control Message Protocol IGMP Internet Group Management Protocol Interior Gateway Protocol Internet Protocol Link State Advertisement LSDB Link State DataBase Medium Access Control Management Information Base...
Page 966 Operation Manual – Appendix H3C S3600 Series Ethernet Switches-Release 1510 Appendix A Acronyms TFTP Trivial File Transfer Protocol Type of Service Time To Live User Datagram Protocol VLAN Virtual LAN Video On Demand VRRP Virtual Router Redundancy Protocol Weighted Round Robin...

This manual is also suitable for:

S3600-28p-si S3600-28p-pwr-si S3600-28tp-si S3600-52p-si S3600-28p-ei S3600-28f-ei ... Show all