Page 1 H3C S3100 Series Ethernet Switches Operation Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: 20080710-C-1.05...
Page 2 Copyright © 2007-2008, Hangzhou H3C Technologies Co., Ltd. and its licensors All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd. Trademarks H3C, , Aolynk,...
Page 3: About This Manual
About This Manual Organization H3C S3100 Series Ethernet Switches Operation Manual is organized as follows: Part Contents Introduces the characteristics and 0 Product Overview implementations of the Ethernet switch. Introduces the command hierarchy, command 1 CLI view and CLI features of the Ethernet switch. Introduces the ways to log into an Ethernet 2 Login switch.
Page 4 Part Contents Introduces AAA, RADIUS, HWTACACS, EAD, 18 AAA and the related configurations. 19 MAC Address Introduces MAC address authentication and the Authentication related configuration. 20 ARP Introduces ARP and the related configuration. Introduces DHCP, DHCP-Snooping, and the 21 DHCP related configurations.
Page 5 Conventions The manual uses the following conventions: I. Command conventions Convention Description Boldface The keywords of a command line are in Boldface. italic Command arguments are in italic. Items (keywords or arguments) in square brackets [ ] are optional. Alternative items are grouped in braces and separated by { x | y | ...
Page 6 Convention Description Note Means a complementary description. Related Documentation In addition to this manual, each H3C S3100 Series Ethernet Switches documentation set includes the following: Manual Description H3C S3100 Series Ethernet Switches It provides information for the system Installation Manual installation.
Page 7: Table Of Contents
Operation Manual – Product Overview H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Obtaining the Documentation ..................1-1 1.1 CD-ROM ..........................1-1 1.2 H3C Website........................1-1 1.3 Software Release Notes ....................1-2 Chapter 2 Correspondence Between Documentation and Software ........2-1 2.1 Manual List.........................
Page 8 Operation Manual – Product Overview H3C S3100 Series Ethernet Switches Chapter 1 Obtaining the Documentation Chapter 1 Obtaining the Documentation Hangzhou H3C Technologies Co., Ltd. provides various ways for you to obtain documentation, through which you can obtain the product documentations and those concerning newly added new features.
Page 9: Software Release Notes
Operation Manual – Product Overview H3C S3100 Series Ethernet Switches Chapter 1 Obtaining the Documentation 1.3 Software Release Notes With software upgrade, new software features may be added. You can acquire the information about the newly added software features through software release notes.
Page 10: Chapter 2 Correspondence Between Documentation And Software
Operation Manual – Product Overview Chapter 2 Correspondence Between Documentation H3C S3600 Series Ethernet Switches and Software Chapter 2 Correspondence Between Documentation and Software 2.1 Manual List Corresponding Manual name Product H3C S3100 Series Ethernet Switches Installation Manual H3C S3100 Series Ethernet Switches Quick Start S3100-SI series H3C S3100 Series Ethernet Switches Compliance and Safety Manual...
Page 11 Operation Manual – Product Overview Chapter 2 Correspondence Between Documentation H3C S3600 Series Ethernet Switches and Software Table 2-2 Added features compared with the earlier software version of S3100-SI Software Added Features Compared With The Manual Version Earlier Version Assigning MAC Addresses for Ethernet 14-MAC Address Table Ports Management...
Page 12: Software Features
Operation Manual – Product Overview H3C S3100 Series Ethernet Switches Chapter 3 Product Overview Chapter 3 Product Overview Note: For the convenience of users, units of Mega bps/1000 Mega bps in the following chapters are simplified as M/G. 3.1 Overview The H3C S3100 Series Ethernet Switches are high-performance, high-density, easy-to-install, NMS-manageable intelligent Ethernet switches which support wire-speed Layer 2 switching.
Page 13 Operation Manual – Product Overview H3C S3100 Series Ethernet Switches Chapter 3 Product Overview Part Features 6 IP Address-IP Configuring an IP address for a switch Performance Configuring the TCP attributes for a switch Configuration Voice VLAN (Supported by only S3100-EI series 7 Voice VLAN switches) 8 GVRP...
Page 14 Operation Manual – Product Overview H3C S3100 Series Ethernet Switches Chapter 3 Product Overview Part Features Gratuitous ARP 20 ARP Manually configuring ARP entries DHCP Client DHCP Snooping 21 DHCP Using Option82 in DHCP Snooping (Supported by only S3100-EI series switches) Basic/Advanced ACLs (Only ACLs defined on S3100-EI Series switches can be applied to hardware directly)
Page 15 Operation Manual – Product Overview H3C S3100 Series Ethernet Switches Chapter 3 Product Overview Part Features VLAN-VPN (QinQ) VLAN Mapping (Supported by only S3100-EI series switches) Configuring TPID value (Supported only 34 VLAN-VPN S3100-EI series switches) Configuring BPDU Tunnel (Supported by only S3100-EI series switches) Selective QinQ (Supported by only S3100-EI series switches)
Page 16: Chapter 4 Network Design
Operation Manual – Product Overview H3C S3100 Series Ethernet Switches Chapter 4 Network Design Chapter 4 Network Design The S3100 series can be flexibly deployed in networks. They can be used in enterprise networks, or serve as broadband access points. The following examples are three typical networks using the S3100 series.
Page 17: Multi-Service Carrier Vlan Solution
Operation Manual – Product Overview H3C S3100 Series Ethernet Switches Chapter 4 Network Design router. This enables the users in the campus to exchange information and share resources in the scope of the education network. Sever Courseware Network center 1000/100M S5600 S3100 S3100...
Page 18 Operation Manual – Product Overview H3C S3100 Series Ethernet Switches Chapter 4 Network Design multi-service deployment. As broadband users increase explosively and services appear continuously, however, the traditional VLAN technology cannot meet the requirements of service deployments. In this situation, QinQ, VLAN mapping, etc become new choices.
Page 19 Operation Manual – Product Overview H3C S3100 Series Ethernet Switches Chapter 4 Network Design Figure 4-4 New vlan management scheme...
Page 20 Operation Manual – CLI H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 CLI Configuration ......................1-1 1.1 Introduction to the CLI ....................... 1-1 1.2 Command Hierarchy......................1-1 1.2.1 Command Level and User Privilege Level.............. 1-1 1.2.2 Modifying the Command Level................
Page 21: Introduction To The Cli
Operation Manual – CLI H3C S3100 Series Ethernet Switches Chapter 1 CLI Configuration Chapter 1 CLI Configuration 1.1 Introduction to the CLI A command line interface (CLI) is a user interface to interact with a switch. Through the CLI on a switch, a user can enter commands to configure the switch and check output information to verify the configuration.
Page 22: Modifying The Command Level
Operation Manual – CLI H3C S3100 Series Ethernet Switches Chapter 1 CLI Configuration Monitor level (level 1): Commands at this level are mainly used to maintain the system and diagnose service faults, and they cannot be saved in configuration file. Such commands include debugging and terminal.
Page 23: Switching User Level
Operation Manual – CLI H3C S3100 Series Ethernet Switches Chapter 1 CLI Configuration Caution: It is recommended not to change the level of a command arbitrarily, for it may cause inconvenience to maintenance and operation. When you change the level of a command with multiple keywords, you should input the keywords one by one in the order they appear in the command syntax.
Page 24 Operation Manual – CLI H3C S3100 Series Ethernet Switches Chapter 1 CLI Configuration super password authentication mode and HWTACACS authentication mode are available at the same time to provide authentication redundancy. The configuration of authentication mode for user level switching is performed by Level-3 users, as described in Table 1-3.
Page 25 Operation Manual – CLI H3C S3100 Series Ethernet Switches Chapter 1 CLI Configuration password is set, the system prompts “%Password is not set” when you attempt to switch to a higher user level. In this case, you cannot pass the super password authentication.
Page 26 Operation Manual – CLI H3C S3100 Series Ethernet Switches Chapter 1 CLI Configuration Note: When setting the HWTACACS authentication scheme for user level switching using the authentication super hwtacacs-scheme command, make sure the HWTACACS authentication scheme identified by the hwtacacs-scheme-name argument already exists.
Page 27: Cli Views
Operation Manual – CLI H3C S3100 Series Ethernet Switches Chapter 1 CLI Configuration # After configuring the switch, the general user switches back to user level 0. <Sysname> super 0 User privilege level is 0, and only those commands can be used whose level is equal or less than this.
Page 28 Operation Manual – CLI H3C S3100 Series Ethernet Switches Chapter 1 CLI Configuration Table 1-7 CLI views Available Prompt View Enter method Quit method operation example Display Execute the operation Enter user view once quit User status and <Sysname> logging into the command to view statistical...
Page 29 Operation Manual – CLI H3C S3100 Series Ethernet Switches Chapter 1 CLI Configuration Available Prompt View Enter method Quit method operation example Configure NULL Execute the interface NULL [Sysname-NU interface null command in interface LL0] view system view. parameters Local Configure Execute the [Sysname-lus...
Page 30 Operation Manual – CLI H3C S3100 Series Ethernet Switches Chapter 1 CLI Configuration Available Prompt View Enter method Quit method operation example Define rules Execute the Basic for a basic Execute the acl quit [Sysname-acl- ACL (with ID number command in command to basic-2000] view...
Page 31 Operation Manual – CLI H3C S3100 Series Ethernet Switches Chapter 1 CLI Configuration Available Prompt View Enter method Quit method operation example Configure PoE profile parameters Execute the [Sysname-poe Supported by profile poe-profile command -profile-a123] only view in system view. S3100-TP-P WR-EI series switches...
Page 32: Cli Features
Operation Manual – CLI H3C S3100 Series Ethernet Switches Chapter 1 CLI Configuration 1.4 CLI Features 1.4.1 Online Help When configuring the switch, you can use the online help to get related help information. The CLI provides two types of online help: complete and partial. I.
Page 33: Command History
Operation Manual – CLI H3C S3100 Series Ethernet Switches Chapter 1 CLI Configuration II. Partial online help Enter a character/string, and then a question mark (?) next to it. All the commands beginning with the character/string will be displayed on your terminal. For example: <Sysname>...
Page 34: Error Prompts
Operation Manual – CLI H3C S3100 Series Ethernet Switches Chapter 1 CLI Configuration and execute them again in a convenient way. By default, the CLI can store up to 10 latest executed commands for each user. You can view the command history by performing the operations listed in Table 1-9.
Page 35: Command Edit
Operation Manual – CLI H3C S3100 Series Ethernet Switches Chapter 1 CLI Configuration Error message Description Wrong parameter A parameter entered is wrong. found at '^' position An error is found at the '^' position. 1.4.5 Command Edit The CLI provides basic command edit functions and supports multi-line editing. The maximum number of characters a command can contain is 254.
Page 36 Operation Manual – Login H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Logging into an Ethernet Switch ................1-1 1.1 Logging into an Ethernet Switch ..................1-1 1.2 Introduction to the User Interface ..................1-1 1.2.1 Supported User Interfaces ..................
Page 37 Operation Manual – Login H3C S3100 Series Ethernet Switches Table of Contents Chapter 4 Logging in Using a Modem..................4-1 4.1 Introduction ........................4-1 4.2 Configuration on the Switch Side..................4-1 4.2.1 Modem Configuration....................4-1 4.2.2 Switch Configuration ....................4-2 4.3 Modem Connection Establishment ..................
Page 38: Logging Into An Ethernet Switch
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 1 Logging into an Ethernet Switch Chapter 1 Logging into an Ethernet Switch 1.1 Logging into an Ethernet Switch You can log into an S3100 Ethernet switch in one of the following ways: Logging in locally through the Console port Logging in locally or remotely through an Ethernet port by means of Telnet or SSH Telnetting to the Console port using a modem...
Page 39: User Interface Index
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 1 Logging into an Ethernet Switch 1.2.2 User Interface Index Two kinds of user interface index exist: absolute user interface index and relative user interface index. The absolute user interface indexes are as follows: The absolute AUX user interfaces is numbered 0.
Page 40 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 1 Logging into an Ethernet Switch Operation Command Description user-interface [ type ] Enter user interface — first-number view [ last-number ] Display the information about the current user display users [ all ] interface/all user interfaces...
Page 41: Logging In Through The Console Port
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port Chapter 2 Logging in through the Console Port 2.1 Introduction To log in through the Console port is the most common way to log into a switch. It is also the prerequisite to configure other login methods.
Page 42 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port If you use a PC to connect to the Console port, launch a terminal emulation utility (such as Terminal in Windows 3.X or HyperTerminal in Windows 9X/Windows 2000/Windows XP.
Page 43 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port Figure 2-4 Set port parameters Turn on the switch. You will be prompted to press the Enter key if the switch successfully completes POST (power-on self test). The prompt (such as <H3C>) appears after you press the Enter key, as shown in Figure 2-5.
Page 44: Console Port Login Configuration
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port 2.3 Console Port Login Configuration 2.3.1 Common Configuration Table 2-2 lists the common configuration of Console port login. Table 2-2 Common configuration of Console port login Configuration Remarks Optional...
Page 45: Console Port Login Configurations For Different Authentication Modes
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port Caution: The change to Console port configuration takes effect immediately, so the connection may be disconnected when you log in through a Console port and then configure this Console port.
Page 46: Console Port Login Configuration With Authentication Mode Being None
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port Authentication Console port login Remarks mode configuration Specify to AAA configuration Optional perform local specifies whether authenticatio Local authentication to perform local n or remote performed by default.
Page 47 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port Operation Command Description Required By default, users logging in Configure authentication-mode through the Console port authenticate users none (AUX user interface) are not authenticated.
Page 48: Configuration Example
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port Operation Command Description Optional The default timeout time of a user interface is 10 minutes. With the timeout time being 10 minutes, the connection to Set the timeout time for idle-timeout minutes a user interface is terminated...
Page 49: Console Port Login Configuration With Authentication Mode Being Password
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port III. Configuration procedure # Enter system view. <Sysname> system-view # Enter AUX user interface view. [Sysname] user-interface aux 0 # Specify not to authenticate users logging in through the Console port. [Sysname-ui-aux0] authentication-mode none # Specify commands of level 2 are available to users logging into the AUX user interface.
Page 50 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port Operation Command Description Required By default, users logging into a Configure switch through the Console port authenticate users authentication-mod are not authenticated; while using local e password...
Page 51 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port Operation Command Description Optional The default timeout time of a user interface is 10 minutes. With the timeout time being 10 minutes, the connection to a Set the timeout time for idle-timeout minutes user interface is terminated if no...
Page 52 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port III. Configuration procedure # Enter system view. <Sysname> system-view # Enter AUX user interface view. [Sysname] user-interface aux 0 # Specify to authenticate users logging in through the Console port using the local password.
Page 53: Console Port Login Configuration With Authentication Mode Being Scheme
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port 2.6 Console Port Login Configuration with Authentication Mode Being Scheme 2.6.1 Configuration Procedure Table 2-6 Console port login configuration with the authentication mode being scheme Operation Command Description...
Page 54 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port Operation Command Description Required The specified AAA scheme determines whether authentication-mod authenticate users locally or Configure to authenticate scheme remotely. users locally or remotely command- By default, users logging in authorization ]...
Page 55 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port Operation Command Description Optional The default timeout time of a user interface is 10 minutes. With the timeout time being 10 minutes, the connection to a Set the timeout time for idle-timeout minutes user interface is terminated if...
Page 56 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port II. Network diagram Ethernet1/0/1 Ethernet User PC running Telnet Figure 2-8 Network diagram for AUX user interface configuration (with the authentication mode being scheme) III.
Page 57 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port [Sysname-ui-aux0] idle-timeout 6 After the above configuration, you need to modify the configuration of the terminal emulation utility running on the PC accordingly in the dialog box shown in Figure 2-4 log into the switch successfully.
Page 58: Chapter 3 Logging In Through Telnet
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Chapter 3 Logging in through Telnet 3.1 Introduction S3100 series Ethernet switches support Telnet. You can manage and maintain a switch remotely by Telnetting to the switch. To log into a switch through Telnet, the corresponding configuration is required on both the switch and the Telnet terminal.
Page 59: Telnet Configurations For Different Authentication Modes
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Table 3-2 Common Telnet configuration Configuration Description Optional Configure the command level available to users By default, commands of level 0 are logging into the VTY user available to users logging into a VTY interface user interface.
Page 60 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Authenticati Telnet configuration Description on mode Specify configuration Optional perform local specifies whether to Local authentication is authentication perform local performed by default. remote authentication Refer to the AAA part for RADIUS RADIUS...
Page 61: Telnet Configuration With Authentication Mode Being None
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet 3.2 Telnet Configuration with Authentication Mode Being None 3.2.1 Configuration Procedure Table 3-4 Telnet configuration with the authentication mode being none Operation Command Description Enter system view system-view —...
Page 62 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Operation Command Description Optional The default timeout time of a user interface is 10 minutes. With the timeout time being 10 minutes, the connection to a Set the timeout time of idle-timeout minutes...
Page 63: Telnet Configuration With Authentication Mode Being Password
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet # Configure not to authenticate Telnet users logging into VTY 0. [Sysname-ui-vty0] authentication-mode none # Specify commands of level 2 are available to users logging into VTY 0. [Sysname-ui-vty0] user privilege level 2 # Configure Telnet protocol is supported.
Page 64 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Operation Command Description Optional Set the commands to be executed By default, no command is auto-execute command automatically after a executed automatically after text user login to the user a user logs into the VTY user interface successfully interface.
Page 65 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Authenticate users using the local password. Set the local password to 123456 (in plain text). Commands of level 2 are available to the users. Telnet protocol is supported. The screen can contain up to 30 lines.
Page 66: Telnet Configuration With Authentication Mode Being Scheme
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet 3.4 Telnet Configuration with Authentication Mode Being Scheme 3.4.1 Configuration Procedure Table 3-6 Telnet configuration with the authentication mode being scheme Operation Command Description Enter system view system-view —...
Page 67 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Operation Command Description Required The specified AAA scheme Configure authentication-mode determines whether authenticate users scheme [ command- authenticate users locally or locally or remotely authorization ] remotely.
Page 68 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Operation Command Description Optional The default timeout time of a user interface is 10 minutes. With the timeout time being 10 minutes, the connection to Set the timeout time for idle-timeout minutes...
Page 69 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Scenario Command Authenticati level User type Command on mode The user privilege level level command is not executed, and the service-type command does specify available command level.
Page 70 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet 3.4.2 Configuration Example I. Network requirements Assume current user logins through the Console port and the user level is set to the administrator level (level 3). Perform the following configurations for users logging into VTY 0 using Telnet.
Page 71: Telnetting To A Switch
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet [Sysname-ui-vty0] protocol inbound telnet # Set the maximum number of lines the screen can contain to 30. [Sysname-ui-vty0] screen-length 30 # Set the maximum number of commands the history command buffer can store to 20. [Sysname-ui-vty0] history-command max-size 20 # Set the timeout time to 6 minutes.
Page 72 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Figure 3-5 The terminal window Perform the following operations in the terminal window to assign IP address 202.38.160.92/24 to VLAN–interface 1 of the switch. <Sysname> system-view [Sysname] interface Vlan-interface 1 [Sysname-Vlan-interface1] ip address 202.38.160.92 255.255.255.0 Perform Telnet-related configuration on the switch.
Page 73: Telnetting To Another Switch From The Current Switch
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Launch Telnet on your PC, with the IP address of VLAN–interface 1 of the switch as the parameter, as shown in Figure 3-7. Figure 3-7 Launch Telnet If the password authentication mode is specified, enter the password when the Telnet window displays “Login authentication”...
Page 74 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet As shown in Figure 3-8, after Telnetting to a switch (labeled as Telnet client), you can Telnet to another switch (labeled as Telnet server) by executing the telnet command and then configure it.
Page 75: Configuration On The Switch Side
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 4 Logging in Using a Modem Chapter 4 Logging in Using a Modem 4.1 Introduction The administrator can log into the Console port of a remote switch using a modem through public switched telephone network (PSTN) if the remote switch is connected to the PSTN through a modem to configure and maintain the switch remotely.
Page 76: Switch Configuration
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 4 Logging in Using a Modem You can verify your configuration by executing the AT&V command. Note: The configuration commands and the output of different modems may differ. Refer to the user manual of the modem when performing the above configuration.
Page 77 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 4 Logging in Using a Modem Login Configuration with Authentication Mode Being None”, section 2.5 “Console Port Login Configuration with Authentication Mode Being Password”, and section 2.6 “Console Port Login Configuration with Authentication Mode Being Scheme”...
Page 78 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 4 Logging in Using a Modem Figure 4-3 Set the telephone number Figure 4-4 Call the modem If the password authentication mode is specified, enter the password when prompted. If the password is correct, the prompt (such as <Sysname>) appears. You can then configure or manage the switch.
Page 79: Establishing An Http Connection
Operation Manual – Login Chapter 5 Logging in through the Web-based H3C S3100 Series Ethernet Switches Network Management System Chapter 5 Logging in through the Web-based Network Management System 5.1 Introduction An S3100 Ethernet switch has a Web server built in. It enables you to log into an S3100 Ethernet switch through a Web browser and then manage and maintain the switch intuitively by interacting with the built-in Web server.
Page 80: Configuring The Login Banner
Operation Manual – Login Chapter 5 Logging in through the Web-based H3C S3100 Series Ethernet Switches Network Management System [Sysname-luser-admin] password simple admin Establish an HTTP connection between your PC and the switch, as shown in Figure 5-1. Figure 5-1 Establish an HTTP connection between your PC and the switch Log into the switch through IE.
Page 81 Operation Manual – Login Chapter 5 Logging in through the Web-based H3C S3100 Series Ethernet Switches Network Management System Table 5-2 Configure the login banner Operation Command Description Enter system view system-view — Required Configure the banner to be displayed when a user logs header login text By default, no login banner in through Web...
Page 82: Enabling/Disabling The Web Server
Operation Manual – Login Chapter 5 Logging in through the Web-based H3C S3100 Series Ethernet Switches Network Management System Figure 5-4 Banner page displayed when a user logs in to the switch through Web Click <Continue> to enter user login authentication page. You will enter the main page of the Web-based network management system if the authentication succeeds.
Page 83: Connection Establishment Using Nms
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 6 Logging in through NMS Chapter 6 Logging in through NMS 6.1 Introduction You can also log into a switch through a network management station (NMS), and then configure and manage the switch through the agent module on the switch. Simple network management protocol (SNMP) is applied between the NMS and the agent.
Page 84: Controlling Telnet Users
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 7 User Control Chapter 7 User Control Note: Refer to the ACL part for information about ACL. 7.1 Introduction A switch provides ways to control different types of login users, as listed in Table 7-1.
Page 85: Controlling Telnet Users By Source Ip Addresses
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 7 User Control 7.2.2 Controlling Telnet Users by Source IP Addresses Controlling Telnet users by source IP addresses is achieved by applying basic ACLs, which are numbered from 2000 to 2999. Table 7-2 Control Telnet users by source IP addresses Operation Command...
Page 86: Controlling Telnet Users By Source Mac Addresses
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 7 User Control Operation Command Description Quit to system view quit — user-interface [ type ] Enter user first-number — interface view [ last-number ] Required Apply the ACL to The inbound keyword specifies to control Telnet filter the users trying to Telnet to...
Page 87: Controlling Network Management Users By Source Ip Addresses
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 7 User Control 7.2.5 Configuration Example I. Network requirements Only the Telnet users sourced from the IP address of 10.110.100.52 are permitted to access the switch. II. Network diagram 10.110.100.46 Host A IP network Switch...
Page 88 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 7 User Control 7.3.1 Prerequisites The controlling policy against network management users is determined, including the source IP addresses to be controlled and the controlling actions (permitting or denying). 7.3.2 Controlling Network Management Users by Source IP Addresses Controlling network management users by source IP addresses is achieved by applying basic ACLs, which are numbered from 2000 to 2999.
Page 89: Controlling Web Users By Source Ip Address
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 7 User Control 7.3.3 Configuration Example I. Network requirements Only SNMP users sourced from the IP addresses of 10.110.100.52 are permitted to log into the switch. II. Network diagram 10.110.100.46 Host A IP network Switch...
Page 90: Controlling Web Users By Source Ip Addresses
Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 7 User Control 7.4.1 Prerequisites The controlling policy against Web users is determined, including the source IP addresses to be controlled and the controlling actions (permitting or denying). 7.4.2 Controlling Web Users by Source IP Addresses Controlling Web users by source IP addresses is achieved by applying basic ACLs, which are numbered from 2000 to 2999.
Page 91 Operation Manual – Login H3C S3100 Series Ethernet Switches Chapter 7 User Control II. Network diagram 10.110.100.46 Host A IP network Switch Host B 10.110.100.52 Figure 7-3 Network diagram for controlling Web users using ACLs III. Configuration procedure # Define a basic ACL. <Sysname>...
Page 92 Operation Manual – Configuration File Management H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Configuration File Management ................. 1-1 1.1 Introduction to Configuration File..................1-1 1.2 Management of Configuration File..................1-2 1.2.1 Saving the Current Configuration................1-2 1.2.2 Erasing the Startup Configuration File ..............
Page 93: Introduction To Configuration File
Operation Manual – Configuration File Management H3C S3100 Series Ethernet Switches Chapter 1 Configuration File Management Chapter 1 Configuration File Management 1.1 Introduction to Configuration File A configuration file records and stores user configurations performed to a switch. It also enables users to check switch configurations easily.
Page 94: Management Of Configuration File
Operation Manual – Configuration File Management H3C S3100 Series Ethernet Switches Chapter 1 Configuration File Management When saving the current configuration, you can specify the file to be a main or backup or normal configuration file. When removing a configuration file from a device, you can specify to remove the main or backup configuration file.
Page 95 Operation Manual – Configuration File Management H3C S3100 Series Ethernet Switches Chapter 1 Configuration File Management I. Modes in saving the configuration Fast saving mode. This is the mode when you use the save command without the safely keyword. The mode saves the file quicker but is likely to lose the original configuration file if the device reboots or the power fails during the process.
Page 96: Erasing The Startup Configuration File
Operation Manual – Configuration File Management H3C S3100 Series Ethernet Switches Chapter 1 Configuration File Management 1.2.2 Erasing the Startup Configuration File You can clear the configuration files saved on the device through commands. After you clear the configuration files, the device starts up without loading the configuration file the next time it is started up.
Page 97: Displaying Device Configuration
Operation Manual – Configuration File Management H3C S3100 Series Ethernet Switches Chapter 1 Configuration File Management I. Assign main attribute to the startup configuration file If you save the current configuration to the main configuration file, the system will automatically set the file as the main startup configuration file. You can also use the startup saved-configuration cfgfile [ main ] command to set the file as main startup configuration file.
Page 98 Operation Manual – Configuration File Management H3C S3100 Series Ethernet Switches Chapter 1 Configuration File Management Table 1-5 Display Device Configuration Operation Command Description Display the initial configuration display saved-configuration file saved in the storage [ unit unit-id ] [ by-linenum ] device Display the configuration file display startup [ unit unit-id ]...
Page 99 Operation Manual – VLAN H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 VLAN Overview ......................1-1 1.1 VLAN Overview........................1-1 1.1.1 Introduction to VLAN ....................1-1 1.1.2 Advantages of VLANs ..................... 1-2 1.1.3 VLAN Fundamentals ....................1-2 1.1.4 VLAN Interface ......................
Page 100: Vlan Overview
Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 1 VLAN Overview Chapter 1 VLAN Overview This chapter covers these topics: VLAN Overview Port-Based VLAN Protocol-Based VLAN 1.1 VLAN Overview 1.1.1 Introduction to VLAN The traditional Ethernet is a broadcast network, where all hosts are in the same broadcast domain and connected with each other through hubs or switches.
Page 101: Vlan Fundamentals
Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 1 VLAN Overview communicate with each other directly but need the help of network layer devices, such as routers and Layer 3 switches. Figure 1-1 illustrates a VLAN implementation. Figure 1-1 A VLAN implementation 1.1.2 Advantages of VLANs Compared with traditional Ethernet technology, VLAN technology delivers the following benefits:...
Page 102 Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 1 VLAN Overview Figure 1-2 Encapsulation format of traditional Ethernet frames IEEE 802.1Q inserts a four-byte VLAN tag after the DA&SA field, as shown in Figure 1-3. Figure 1-3 Format of VLAN tag A VLAN tag comprises four fields: tag protocol identifier (TPID), priority, canonical format indicator (CFI), and VLAN ID.
Page 103: Vlan Interface
Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 1 VLAN Overview II. MAC address learning mechanism of VLANs Switches forward packets according to the destination MAC addresses of the packets. So that switches maintain a table called MAC address forwarding table to record the source MAC addresses of the received packets and the corresponding ports receiving the packets for consequent packet forwarding.
Page 104: Vlan Classification
Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 1 VLAN Overview 1.1.5 VLAN Classification Depending on how VLANs are established, VLANs fall into the following six categories. Port-based VLANs MAC address-based VLANs Protocol-based VLANs IP-subnet-based VLANs Policy-based VLANs Other types At present, the S3100 series switches support the port-based and protocol-based VLANs.
Page 105: Assigning An Ethernet Port To Specified Vlans
Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 1 VLAN Overview 1.2.2 Assigning an Ethernet Port to Specified VLANs You can assign an Ethernet port to a VLAN to forward packets for the VLAN, thus allowing the VLAN on the current switch to communicate with the same VLAN on the peer switch.
Page 106: Protocol-Based Vlan
Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 1 VLAN Overview Table 1-2 Packet processing of a trunk port Processing of an incoming packet Processing of an outgoing packet For an untagged packet For a tagged packet If the port has already If the VLAN ID is one of If the VLAN ID is just been added to its default...
Page 107: Encapsulation Format Of Ethernet Data
Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 1 VLAN Overview values of specific fields. If a packet is matched, the switch will add a corresponding VLAN tag to it automatically. Thus, data of specific protocol is assigned automatically to the corresponding VLAN for transmission.
Page 108: Encapsulation Formats
Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 1 VLAN Overview 1.3.3 Encapsulation Formats Table 1-4 lists the encapsulation formats supported by some protocols. In brackets are type values of these protocols. Table 1-4 Encapsulation formats Encapsulation (left) 802.2 Ethernet II 802.3 raw...
Page 109: Vlan Configuration
Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 2 VLAN Configuration Chapter 2 VLAN Configuration When configuring a VLAN, go to these sections for information you are interested in: VLAN Configuration Configuring a Port-Based VLAN Configuring a Protocol-Based VLAN 2.1 VLAN Configuration 2.1.1 VLAN Configuration Task List Complete the following tasks to configure VLAN:...
Page 110: Basic Vlan Interface Configuration
Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 2 VLAN Configuration Caution: VLAN 1 is the system default VLAN, which needs not to be created and cannot be removed, either. The VLAN you created in the way described above is a static VLAN. On the switch, there are dynamic VLANs which are registered through GVRP.
Page 111: Displaying Vlan Configuration
Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 2 VLAN Configuration To do... Use the command... Remarks Optional By default, the VLAN interface is Disable the VLAN shutdown enabled. In this case, the VLAN interface interface’s status is determined by the status of the ports in the VLAN, that is, if all ports of the VLAN are down, the VLAN interface is down...
Page 112: Configuring A Hybrid-Port-Based Vlan
Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 2 VLAN Configuration To do… Use the command… Remarks Required If the specified VLAN does not exist, Enter VLAN view vlan vlan-id this command be created first creates the VLAN before entering its view.
Page 113: Configuring A Trunk-Port-Based Vlan
Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 2 VLAN Configuration To do… Use the command… Remarks Required Allow the specified VLANs port hybrid vlan By default, all Hybrid ports to pass through the vlan-id-list { tagged | only allow packets of current Hybrid port untagged }...
Page 114: Displaying And Maintaining Port-Based Vlan
Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 2 VLAN Configuration Note: To convert a Trunk port into a Hybrid port (or vice versa), you need to use the Access port as a medium. For example, the Trunk port has to be configured as an Access port first and then a Hybrid port.
Page 115 Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 2 VLAN Configuration # Create VLAN 101, specify its descriptive string as “DMZ”, and add Ethernet1/0/1 to VLAN 101. <SwitchA> system-view [SwitchA] vlan 101 [SwitchA-vlan101] description DMZ [SwitchA-vlan101] port Ethernet 1/0/1 [SwitchA-vlan101] quit # Create VLAN 201, and add Ethernet1/0/2 to VLAN 201.
Page 116: Configuring A Protocol-Based Vlan
Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 2 VLAN Configuration 2.2.6 Troubleshooting Ethernet Port Configuration Symptom: Fail to configure the default VLAN ID of an Ethernet port. Solution: Take the following steps. Use the display interface or display port command to check if the port is a trunk port or a hybrid port.
Page 117: Associating A Port With A Protocol-Based Vlan
Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 2 VLAN Configuration To do... Use the command... Remarks Enter system view system-view — Enter VLAN view vlan vlan-id — Required protocol-vlan [ protocol-index ] { at | ip | ipx { ethernetii | llc | raw | By default, no Configure the protocol snap } | mode { ethernetii etype...
Page 118: Displaying Protocol-Based Vlan Configuration
Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 2 VLAN Configuration II. Configuration procedure Follow these steps to associate a port with the protocol-based VLAN: To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter port view —...
Page 119 Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 2 VLAN Configuration II. Network diagram Figure 2-2 Network diagram for protocol-based VLAN configuration III. Configuration procedure # Create VLAN 100 and VLAN 200, and add Ethernet 1/0/11 and Ethernet 1/0/12 to VLAN 100 and VLAN 200 respectively.
Page 120 Operation Manual – VLAN H3C S3100 Series Ethernet Switches Chapter 2 VLAN Configuration VLAN Type: Protocol-based VLAN Protocol Index Protocol Type ethernetii etype 0x0806 VLAN ID: 200 VLAN Type: Protocol-based VLAN Protocol Index Protocol Type # Configure Ethernet 1/0/10 as a hybrid port, which removes the VLAN tag of the packets of VLAN 100 and VLAN 200 before forwarding the packets.
Page 121 Operation Manual – Management VLAN H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Management VLAN Configuration ................1-1 1.1 Introduction to Management VLAN..................1-1 1.1.1 Management VLAN....................1-1 1.1.2 Static Route......................1-1 1.1.3 Default Route ......................1-2 1.2 Management VLAN Configuration ..................
Page 122: Management Vlan
Operation Manual – Management VLAN H3C S3100 Series Ethernet Switches Chapter 1 Management VLAN Configuration Chapter 1 Management VLAN Configuration 1.1 Introduction to Management VLAN 1.1.1 Management VLAN To manage an Ethernet switch remotely through Telnet or the built-in Web server, the switch need to be assigned an IP address, and make sure that a route exists between the user and the switch.
Page 123: Default Route
Operation Manual – Management VLAN H3C S3100 Series Ethernet Switches Chapter 1 Management VLAN Configuration 1.1.3 Default Route The switch uses the default route when it fails to find a matching entry in the routing table: If the destination address of a packet fails to match any entry in the routing table, the switch uses the default route;...
Page 124 Operation Manual – Management VLAN H3C S3100 Series Ethernet Switches Chapter 1 Management VLAN Configuration Operation Command Remarks ip route-static ip-address { mask | mask-length } { interface-type interface-number | Configure a static route Optional next-hop } [ preference preference-value ] [ reject | blackhole ] [ description text ] Caution:...
Page 125 Operation Manual – Management VLAN H3C S3100 Series Ethernet Switches Chapter 1 Management VLAN Configuration II. Network diagram Switch A Console cable RS-232 serial Console port interface Vlan- interface10 Current user 1.1.1.1/ 24 Ethernet1/1 1.1.1.2/ 24 Router Telnet user Figure 1-1 Network diagram for management VLAN configuration III.
Page 126: Displaying And Maintaining Management Vlan Configuration
Operation Manual – Management VLAN H3C S3100 Series Ethernet Switches Chapter 1 Management VLAN Configuration 1.3 Displaying and Maintaining management VLAN configuration Table 1-2 Displaying and Maintaining management VLAN configuration Operation Command Remarks Display the IP-related display ip interface information about a [ Vlan-interface vlan-id ] management VLAN interface Display brief configuration...
Page 127 Operation Manual – IP Address-IP Performance H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IP Addressing Configuration ..................1-1 1.1 IP Addressing Overview ....................1-1 1.1.1 IP Address Classes....................1-1 1.1.2 Special Case IP Addresses..................1-2 1.1.3 Subnetting and Masking..................
Page 128: Ip Addressing Overview
Operation Manual –IP Address-IP Performance H3C S3100 Series Ethernet Switches Chapter 1 IP Addressing Configuration Chapter 1 IP Addressing Configuration 1.1 IP Addressing Overview 1.1.1 IP Address Classes IP addressing uses a 32-bit address to identify each host on a network. An example is 01010000100000001000000010000000 in binary.
Page 129: Special Case Ip Addresses
Operation Manual –IP Address-IP Performance H3C S3100 Series Ethernet Switches Chapter 1 IP Addressing Configuration Table 1-1 IP address classes and ranges Class Address range Description Address 0.0.0.0 means this host no this network. This address is used by a host at bootstrap when it does not know its IP address.
Page 130: Configuring Ip Addresses
Operation Manual –IP Address-IP Performance H3C S3100 Series Ethernet Switches Chapter 1 IP Addressing Configuration Figure 1-2 shows how a Class B network is subnetted. Figure 1-2 Subnet a Class B network While allowing you to create multiple logical networks within a single Class A, B, or C network, subnetting is transparent to the rest of the Internet.
Page 131: Displaying Ip Addressing Configuration
Operation Manual –IP Address-IP Performance H3C S3100 Series Ethernet Switches Chapter 1 IP Addressing Configuration Note: This chapter only covers how to assign an IP address manually. For the other two approaches to IP address assignment, refer to the part discussing DHCP in this manual.
Page 132: Ip Address Configuration Examples
Operation Manual –IP Address-IP Performance H3C S3100 Series Ethernet Switches Chapter 1 IP Addressing Configuration 1.4 IP Address Configuration Examples 1.4.1 IP Address Configuration Example I I. Network requirement Assign IP address 129.2.2.1 with mask 255.255.255.0 to VLAN interface 1 of the switch.
Page 133: Ip Performance Overview
Operation Manual –IP Address-IP Performance H3C S3100 Series Ethernet Switches Chapter 2 IP Performance Configuration Chapter 2 IP Performance Configuration 2.1 IP Performance Overview 2.1.1 Introduction to IP Performance Configuration In some network environments, you need to adjust the IP parameters to achieve best network performance.
Page 134: Disabling Icmp To Send Error Packets
Operation Manual –IP Address-IP Performance H3C S3100 Series Ethernet Switches Chapter 2 IP Performance Configuration finwait timer: When the TCP connection is changed into FIN_WAIT_2 state, finwait timer will be started. If no FIN packets are received within the timer timeout, the TCP connection will be terminated.
Page 135: Displaying And Maintaining Ip Performance Configuration
Operation Manual –IP Address-IP Performance H3C S3100 Series Ethernet Switches Chapter 2 IP Performance Configuration Table 2-3 Disable sending ICMP error packets Operation Command Remarks Enter system view system-view — Required Disable sending ICMP undo icmp redirect send redirects Enabled by default Disable sending ICMP Required undo icmp unreach...
Page 136 Operation Manual –IP Address-IP Performance H3C S3100 Series Ethernet Switches Chapter 2 IP Performance Configuration Table 2-4 Display and maintain IP performance Operation Command Remarks Display TCP connection display tcp status status Display TCP connection display tcp statistics statistics Display UDP traffic statistics display udp statistics Display IP traffic statistics display ip statistics...
Page 137 Operation Manual – Voice VLAN H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Voice VLAN Configuration..................1-1 1.1 Voice VLAN Overview ....................... 1-1 1.1.1 How an IP Phone Works ..................1-1 1.1.2 How S3100 Series Switches Identify Voice Traffic ..........1-3 1.1.3 Setting the Voice Traffic Transmission Priority ............
Page 138: Voice Vlan Overview
Operation Manual – Voice VLAN H3C S3100 Series Ethernet Switches Chapter 1 Voice VLAN Configuration Chapter 1 Voice VLAN Configuration Note: The contents of this chapter are only applicable to the S3100-EI series among S3100 series switches. When configuring voice VLAN, go to these sections for information you are interested Voice VLAN Overview Voice VLAN Configuration Displaying and Maintaining Voice VLAN...
Page 139 Operation Manual – Voice VLAN H3C S3100 Series Ethernet Switches Chapter 1 Voice VLAN Configuration When an IP phone applies for an IP address from a DHCP server, the IP phone can also apply for the following extensive information from the DHCP server through the Option184 field: IP address of the network call processor (NCP) IP address of the secondary NCP server...
Page 140: How S3100 Series Switches Identify Voice Traffic
Operation Manual – Voice VLAN H3C S3100 Series Ethernet Switches Chapter 1 Voice VLAN Configuration Note: In cases where an IP phone obtains an IP address from a DHCP server that does not support Option 184, the IP phone directly communicates through the gateway after it obtains an IP address.
Page 141: Setting The Voice Traffic Transmission Priority
Pingtel phones 00e0-7500-0000 Polycom phones 00e0-bb00-0000 3Com phones 1.1.3 Setting the Voice Traffic Transmission Priority In order to improve transmission quality of voice traffic, the switch by default re-marks the priority of the traffic in the voice VLAN as follows: Set the CoS (802.1p) priority to 6.
Page 142: Support For Voice Vlan On Various Ports
Operation Manual – Voice VLAN H3C S3100 Series Ethernet Switches Chapter 1 Voice VLAN Configuration the voice VLAN. In voice VLAN assignment automatic mode, ports can not be added to or removed from a voice VLAN manually. Manual voice VLAN assignment mode: In this mode, you need to add a port to a voice VLAN or remove a port from a voice VLAN manually.
Page 143 Operation Manual – Voice VLAN H3C S3100 Series Ethernet Switches Chapter 1 Voice VLAN Configuration Voice VLAN Voice Port assignment traffic Supported or not type mode type Access Not supported Supported Make sure the default VLAN of the port exists Trunk and is not a voice VLAN, and the access port Tagge...
Page 144: Voice Vlan Configuration
Operation Manual – Voice VLAN H3C S3100 Series Ethernet Switches Chapter 1 Voice VLAN Configuration Table 1-3 Matching relationship between port types and voice devices acquiring voice VLAN through manual configuration Voice VLAN assignment Port type Supported or not mode Access Not supported Supported...
Page 145: Configuring The Voice Vlan To Operate In Automatic Voice Vlan Assignment Mode
Operation Manual – Voice VLAN H3C S3100 Series Ethernet Switches Chapter 1 Voice VLAN Configuration 1.2.2 Configuring the Voice VLAN to Operate in Automatic Voice VLAN Assignment Mode Follow these steps to configure a voice VLAN to operate in automatic voice VLAN assignment mode: To do…...
Page 146: Configuring The Voice Vlan To Operate In Manual Voice Vlan Assignment Mode
Operation Manual – Voice VLAN H3C S3100 Series Ethernet Switches Chapter 1 Voice VLAN Configuration Caution: A port working in automatic voice VLAN assignment mode cannot be assigned to the voice VLAN manually. Therefore, if a VLAN is configured as the voice VLAN and a protocol-based VLAN at the same time, the protocol-based VLAN function cannot be bound with the port.
Page 147 Operation Manual – Voice VLAN H3C S3100 Series Ethernet Switches Chapter 1 Voice VLAN Configuration To do… Use the command… Remarks Enable the voice VLAN function voice vlan vlan-id Required globally enable interface interface-type Enter port view Required interface-number Required By default, voice Enable voice VLAN on a port voice vlan enable...
Page 148: Displaying And Maintaining Voice Vlan
Operation Manual – Voice VLAN H3C S3100 Series Ethernet Switches Chapter 1 Voice VLAN Configuration Caution: The voice VLAN function can be enabled for only one VLAN at one time. If the Link Aggregation Control Protocol (LACP) is enabled on a port, voice VLAN feature cannot be enabled on it.
Page 149: Voice Vlan Configuration Example (Automatic Voice Vlan Assignment Mode)
Operation Manual – Voice VLAN H3C S3100 Series Ethernet Switches Chapter 1 Voice VLAN Configuration To do… Use the command… Remarks Display the ports operating in the voice VLAN display vlan vlan-id 1.4 Voice VLAN Configuration Example 1.4.1 Voice VLAN Configuration Example (Automatic Voice VLAN Assignment Mode) I.
Page 150: Voice Vlan Configuration Example (Manual Voice Vlan Assignment Mode)
Operation Manual – Voice VLAN H3C S3100 Series Ethernet Switches Chapter 1 Voice VLAN Configuration [DeviceA] vlan 6 [DeviceA-vlan6] quit # Set the voice VLAN aging timer. [DeviceA] voice vlan aging 100 # Add a user-defined OUI address 0011-2200-000 and set the description string to “test”.
Page 151 Operation Manual – Voice VLAN H3C S3100 Series Ethernet Switches Chapter 1 Voice VLAN Configuration II. Network diagram Device A Device B Internet VLAN2 Eth1/0/1 VLAN2 010-1001 OUI:0011-2200-0000 Mask:ffff-ff00-0000 Figure 1-3 Network diagram for voice VLAN configuration (manual voice VLAN assignment mode) III.
Page 152 Pingtel phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3Com phone # Display the status of the current voice VLAN. <DeviceA> display voice vlan status Voice Vlan status: ENABLE Voice Vlan ID: 2 Voice Vlan security mode: Security Voice Vlan aging time: 1440 minutes...
Page 153 Operation Manual – GVRP H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 GVRP Configuration ....................1-1 1.1 Introduction to GVRP......................1-1 1.1.1 GARP ........................1-1 1.1.2 GVRP ........................1-4 1.1.3 Protocol Specifications.................... 1-5 1.2 GVRP Configuration ......................1-5 1.2.1 GVRP Configuration Tasks ..................
Page 154: Chapter 1 Gvrp Configuration
Operation Manual – GVRP H3C S3100 Series Ethernet Switches Chapter 1 GVRP Configuration Chapter 1 GVRP Configuration When configuring GVRP, go to these sections for information you are interested in: Introduction to GVRP GVRP Configuration Displaying and Maintaining GVRP GVRP Configuration Example 1.1 Introduction to GVRP GARP VLAN registration protocol (GVRP) is an implementation of generic attribute registration protocol (GARP).
Page 155 Operation Manual – GVRP H3C S3100 Series Ethernet Switches Chapter 1 GVRP Configuration messages deregister all the attributes, through which the attribute information of the entity can be registered again on the other GARP entities. Leave messages, LeaveAll messages, together with Join messages ensure attribute information can be deregistered and re-registered.
Page 156 Operation Manual – GVRP H3C S3100 Series Ethernet Switches Chapter 1 GVRP Configuration workstation or a bridge; it instructs other GARP members to register/deregister its attribute information by declaration/recant, and register/deregister other GARP member's attribute information according to other member's declaration/recant. When a port receives an attribute declaration, the port will register this attribute.
Page 157 Operation Manual – GVRP H3C S3100 Series Ethernet Switches Chapter 1 GVRP Configuration Field Description Value Each general attribute consists of three parts: Attribute Length, Attribute Event, and Attribute Value. Attribute — Each LeaveAll attribute consists of two parts: Attribute Length and LeaveAll Event.
Page 158: Protocol Specifications
Operation Manual – GVRP H3C S3100 Series Ethernet Switches Chapter 1 GVRP Configuration Normal. A port in this mode can dynamically register/deregister VLANs and propagate dynamic/static VLAN information. Fixed. A port in this mode cannot register/deregister VLANs dynamically. It only propagates static VLAN information.
Page 159: Configuring Gvrp Timers
Operation Manual – GVRP H3C S3100 Series Ethernet Switches Chapter 1 GVRP Configuration To do ... Use the command ... Remarks Required Enable GVRP on the port gvrp By default, GVRP is disabled on the port. Notes After you enable GVRP on a trunk port, you cannot change the port to a different type.
Page 160: Configuring Gvrp Port Registration Mode
Operation Manual – GVRP H3C S3100 Series Ethernet Switches Chapter 1 GVRP Configuration Table 1-2 Relations between the timers Timer Lower threshold Upper threshold This upper threshold is less than or equal to one-half of the timeout Hold 10 centiseconds time of the Join timer.
Page 161: Displaying And Maintaining Gvrp
Operation Manual – GVRP H3C S3100 Series Ethernet Switches Chapter 1 GVRP Configuration To do ... Use the command ... Remarks interface interface-type Enter Ethernet port view — interface-number Optional Configure GVRP port gvrp registration { fixed | By default, GVRP port registration mode forbidden | normal } registration mode is...
Page 162 Operation Manual – GVRP H3C S3100 Series Ethernet Switches Chapter 1 GVRP Configuration II. Network diagram Switch B Switch A Eth1/0/1 Eth1/0/1 Eth1/0/2 Eth1/0/3 Eth1/0/2 Eth1/0/1 Eth1/0/1 Eth1/0/1 Switch E Switch C Switch D VLAN 5 VLAN 5 VLAN 8 VLAN 7 Figure 1-2 Network diagram for GVRP configuration III.
Page 163 Operation Manual – GVRP H3C S3100 Series Ethernet Switches Chapter 1 GVRP Configuration Configure Switch B # The configuration procedure of Switch B is similar to that of Switch A and is thus omitted. Configure Switch C # Enable GVRP on Switch C, which is similar to that of Switch A and is thus omitted. # Create VLAN 5.
Page 164 Operation Manual – GVRP H3C S3100 Series Ethernet Switches Chapter 1 GVRP Configuration Configure Ethernet1/0/1 on Switch E to operate in fixed GVRP registration mode and display the VLAN information dynamically registered on Switch A, Switch B, and Switch E. # Configure Ethernet1/0/1 on Switch E to operate in fixed GVRP registration mode.
Page 165 Operation Manual – Port Basic Configuration H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Port Basic Configuration .................... 1-1 1.1 Ethernet Port Configuration ....................1-1 1.1.1 Initially Configuring a Port ..................1-1 1.1.2 Limiting Traffic on individual Ports ................1-2 1.1.3 Enabling Flow Control on a Port ................
Page 166: Ethernet Port Configuration
Operation Manual – Port Basic Configuration H3C S3100 Series Ethernet Switches Chapter 1 Port Basic Configuration Chapter 1 Port Basic Configuration Note: Two functions are added to release 2107: configuring loopback detection for a list of ports in bulk, and enabling auto-shutdown of loopback ports. For detailed description of the two functions, refer to 1.1.5 Configuring Loopback Detection for an Ethernet Port.
Page 167: Limiting Traffic On Individual Ports
Operation Manual – Port Basic Configuration H3C S3100 Series Ethernet Switches Chapter 1 Port Basic Configuration Operation Command Remarks Optional By default, the speed of an Ethernet port is determined through Set the speed of the speed { 10 | 100 | 1000 | auto-negotiation (the Ethernet port...
Page 168: Enabling Flow Control On A Port
Operation Manual – Port Basic Configuration H3C S3100 Series Ethernet Switches Chapter 1 Port Basic Configuration Operation Command Remarks Optional The switch will suppress the unknown multicast Limit unknown multicast and unknown unicast and unknown unicast multicast-suppression traffic simultaneously after traffic received on the the configuration.
Page 169: Configuring Loopback Detection For An Ethernet Port
Operation Manual – Port Basic Configuration H3C S3100 Series Ethernet Switches Chapter 1 Port Basic Configuration Table 1-4 Duplicate the configuration of a port to specific ports Operation Command Remarks Enter system system-view — view copy configuration source { interface-type Duplicate the interface-number | aggregation-group configuration of...
Page 170: Configuring Loopback Detection For Ethernet Port(S)
Operation Manual – Port Basic Configuration H3C S3100 Series Ethernet Switches Chapter 1 Port Basic Configuration messages to the terminal, and remove the corresponding MAC forwarding entry. After the loop is removed, the port will automatically resume the normal forwarding state.
Page 171 Operation Manual – Port Basic Configuration H3C S3100 Series Ethernet Switches Chapter 1 Port Basic Configuration Operation Command Remarks Optional By default, the loopback detection function is enabled on Enable loopback loopback-detection ports if the device boots with the detection on a enable default configuration file specified port...
Page 172: Configuring A Port Group
Operation Manual – Port Basic Configuration H3C S3100 Series Ethernet Switches Chapter 1 Port Basic Configuration 1.1.7 Enabling Loopback Test You can configure the Ethernet port to run loopback test to check if it operates normally. The port running loopback test cannot forward data packets normally. The loopback test terminates automatically after a specific period.
Page 173: Enabling The System To Test Connected Cable
Operation Manual – Port Basic Configuration H3C S3100 Series Ethernet Switches Chapter 1 Port Basic Configuration Table 1-7 Configuring a Port Group Operation Command Remarks Enter system view system-view — Create a port group or enter the port-group group-id Required specified port group view Add an Ethernet port to a specified port port interface-list...
Page 174: Configuring The Interval To Perform Statistical Analysis On Port Traffic
Operation Manual – Port Basic Configuration H3C S3100 Series Ethernet Switches Chapter 1 Port Basic Configuration 1.1.10 Configuring the Interval to Perform Statistical Analysis on Port Traffic By performing the following configuration, you can set the interval to perform statistical analysis on the traffic of a port.
Page 175 Operation Manual – Port Basic Configuration H3C S3100 Series Ethernet Switches Chapter 1 Port Basic Configuration I. Disable Up/Down log output on a port Table 1-10 Disable UP/Down log output on a port Operation Command Remarks Enter system view system-view —...
Page 176: Ethernet Port Configuration Example
Operation Manual – Port Basic Configuration H3C S3100 Series Ethernet Switches Chapter 1 Port Basic Configuration 1.1.12 Displaying and Maintaining Basic Port Configuration Table 1-11 Display and maintain basic port configuration Operation Command Remarks display interface Display port configuration [ interface-type | information interface-type interface-number ]...
Page 177: Troubleshooting Ethernet Port Configuration
Operation Manual – Port Basic Configuration H3C S3100 Series Ethernet Switches Chapter 1 Port Basic Configuration III. Configuration procedure Note: Only the configuration for Switch A is listed below. The configuration for Switch B is similar to that of Switch A. This example supposes that VLAN 2, VLAN 6 through VLAN 50 and VLAN 100 have been created.
Page 178 Operation Manual – Link Aggregation H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Link Aggregation Configuration ................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to Link Aggregation ................1-1 1.1.2 Introduction to LACP ....................1-1 1.1.3 Requirements on Ports for Link Aggregation ............
Page 179: Introduction To Link Aggregation
Operation Manual – Link Aggregation H3C S3100 Series Ethernet Switches Chapter 1 Link Aggregation Configuration Chapter 1 Link Aggregation Configuration 1.1 Overview 1.1.1 Introduction to Link Aggregation Link aggregation can aggregate multiple Ethernet ports together to form a logical aggregation group. To upper layer entities, all the physical links in an aggregation group are a single logical link.
Page 180: Link Aggregation Classification
Operation Manual – Link Aggregation H3C S3100 Series Ethernet Switches Chapter 1 Link Aggregation Configuration QoS configuration, including traffic limit, priority remarking, 802.1p priority, traffic redirection, traffic statistics, and so on. VLAN configuration, including permitted VLANs, and default VLAN ID. Link type configuration, which can be trunk, hybrid, or access.
Page 181: Static Lacp Aggregation Group
Operation Manual – Link Aggregation H3C S3100 Series Ethernet Switches Chapter 1 Link Aggregation Configuration number supported by the device, those with lower port numbers operate as the selected ports, and others as unselected ports. Among the selected ports in an aggregation group, the one with smallest port number operates as the master port.
Page 182: Dynamic Lacp Aggregation Group
Operation Manual – Link Aggregation H3C S3100 Series Ethernet Switches Chapter 1 Link Aggregation Configuration The system sets the ports with basic port configuration different from that of the master port to unselected state. There is a limit on the number of selected ports in an aggregation group. Therefore, if the number of the selected ports in an aggregation group exceeds the maximum number supported by the device, those with lower port numbers operate as the selected ports, and others as unselected ports.
Page 183: Aggregation Group Categories
Operation Manual – Link Aggregation H3C S3100 Series Ethernet Switches Chapter 1 Link Aggregation Configuration priorities, then the two port numbers if the two port priorities are equal; the port with the smallest port ID is the selected port and the left ports are unselected ports. Note: For an aggregation group: When the rate or duplex mode of a port in the aggregation group changes, packet...
Page 184 Operation Manual – Link Aggregation H3C S3100 Series Ethernet Switches Chapter 1 Link Aggregation Configuration For aggregation groups, the one that might gain higher speed if resources were allocated to it has higher priority than others. If the groups can gain the same speed, the one with smallest master port number has higher priority than other groups.
Page 185: Link Aggregation Configuration
Operation Manual – Link Aggregation H3C S3100 Series Ethernet Switches Chapter 1 Link Aggregation Configuration 1.4 Link Aggregation Configuration Caution: The commands of link aggregation cannot be configured with the commands of port loopback detection feature at the same time. The ports where the mac-address max-mac-count command is configured cannot be added to an aggregation group.
Page 186: Configuring A Static Lacp Aggregation Group
Operation Manual – Link Aggregation H3C S3100 Series Ethernet Switches Chapter 1 Link Aggregation Configuration Table 1-1 Configure a manual aggregation group Operation Command Remarks Enter system view system-view — Create a manual link-aggregation group agg-id Required aggregation group mode manual interface interface-type Enter Ethernet port view —...
Page 187: Configuring A Dynamic Lacp Aggregation Group
Operation Manual – Link Aggregation H3C S3100 Series Ethernet Switches Chapter 1 Link Aggregation Configuration Table 1-2 Configure a static LACP aggregation group Operation Command Remarks Enter system view system-view — Create a static link-aggregation group agg-id mode Required aggregation group static interface interface-type Enter Ethernet port view...
Page 188: Configuring A Description For An Aggregation Group
Operation Manual – Link Aggregation H3C S3100 Series Ethernet Switches Chapter 1 Link Aggregation Configuration Table 1-3 Configure a dynamic LACP aggregation group Operation Command Remarks Enter system view system-view — Optional Configure the system lacp system-priority By default, the system priority system-priority priority is 32,768.
Page 189: Displaying And Maintaining Link Aggregation Configuration
Operation Manual – Link Aggregation H3C S3100 Series Ethernet Switches Chapter 1 Link Aggregation Configuration Caution: If you have saved the current configuration with the save command, after system reboot, the configuration concerning manual and static aggregation groups and their descriptions still exists, but that of dynamic aggregation groups and their descriptions gets lost.
Page 190: Link Aggregation Configuration Example
Operation Manual – Link Aggregation H3C S3100 Series Ethernet Switches Chapter 1 Link Aggregation Configuration 1.6 Link Aggregation Configuration Example 1.6.1 Ethernet Port Aggregation Configuration Example I. Network requirements Switch A connects to Switch B with three ports Ethernet1/0/1 to Ethernet1/0/3. It is required that incoming/outgoing load between the two switches can be shared among the three ports.
Page 191 Operation Manual – Link Aggregation H3C S3100 Series Ethernet Switches Chapter 1 Link Aggregation Configuration [Sysname-Ethernet1/0/2] quit [Sysname] interface Ethernet1/0/3 [Sysname-Ethernet1/0/3] port link-aggregation group 1 Adopting static LACP aggregation mode # Create static aggregation group 1. <Sysname> system-view [Sysname] link-aggregation group 1 mode static # Add Ethernet1/0/1 through Ethernet1/0/3 to aggregation group 1.
Page 192 Operation Manual – Port Isolation H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Port Isolation Configuration ..................1-1 1.1 Port Isolation Overview...................... 1-1 1.2 Port Isolation Configuration ....................1-1 1.3 Displaying Port Isolation Configuration................1-2 1.4 Port Isolation Configuration Example ................
Page 193: Port Isolation Overview
Operation Manual – Port Isolation H3C S3100 Series Ethernet Switches Chapter 1 Port Isolation Configuration Chapter 1 Port Isolation Configuration 1.1 Port Isolation Overview Through the port isolation feature, you can add the ports to be controlled into an isolation group to isolate the Layer 2 and Layer 3 data between each port in the isolation group.
Page 194: Displaying Port Isolation Configuration
Operation Manual – Port Isolation H3C S3100 Series Ethernet Switches Chapter 1 Port Isolation Configuration Note: When a member port of an aggregation group joins/leaves an isolation group, the other ports in the same aggregation group on the local device will join/leave the isolation group at the same time.
Page 195 Operation Manual – Port Isolation H3C S3100 Series Ethernet Switches Chapter 1 Port Isolation Configuration II. Network diagram Figure 1-1 Network diagram for port isolation configuration III. Configuration procedure # Add Ethernet1/0/2, Ethernet1/0/3, and Ethernet1/0/4 to the isolation group. <Sysname> system-view System View: return to User View with Ctrl+Z.
Page 196 Operation Manual – Port Security-Port Binding H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Port Security Configuration..................1-1 1.1 Port Security Overview ...................... 1-1 1.1.1 Introduction......................1-1 1.1.2 Port Security Features .................... 1-1 1.1.3 Port Security Modes....................1-2 1.2 Port Security Configuration Task List ................
Page 197: Port Security Overview
Operation Manual – Port Security-Port Binding H3C S3100 Series Ethernet Switches Chapter 1 Port Security Configuration Chapter 1 Port Security Configuration When configuring port security, go to these sections for information you are interested Port Security Overview Port Security Configuration Task List Displaying and Maintaining Port Security Configuration Port Security Configuration Example 1.1 Port Security Overview...
Page 198: Port Security Modes
Operation Manual – Port Security-Port Binding H3C S3100 Series Ethernet Switches Chapter 1 Port Security Configuration Trap feature: When special data packets (generated from illegal intrusion, abnormal login/logout or other special activities) are passing through the switch port, Trap feature enables the switch to send Trap messages to help the network administrator monitor special activities.
Page 199 Operation Manual – Port Security-Port Binding H3C S3100 Series Ethernet Switches Chapter 1 Port Security Configuration Security mode Description Feature MAC-based 802.1x authentication is performed on the access user. The port is enabled only after the authentication succeeds. When the port is enabled, only the packets of the In any of these successfully authenticated user can...
Page 200 Operation Manual – Port Security-Port Binding H3C S3100 Series Ethernet Switches Chapter 1 Port Security Configuration Security mode Description Feature This mode is similar to the macAddressOrU macAddressOrUserLoginSecure serLoginSecure mode, except that there can be more than one 802.1x-authenticated user on the port.
Page 201: Port Security Configuration Task List
Operation Manual – Port Security-Port Binding H3C S3100 Series Ethernet Switches Chapter 1 Port Security Configuration 1.2 Port Security Configuration Task List Complete the following tasks to configure port security: Task Remarks Enabling Port Security Required Setting the Maximum Number of MAC Addresses Optional Allowed on a Port Setting the Port Security Mode...
Page 202: Setting The Maximum Number Of Mac Addresses Allowed On A Port
Operation Manual – Port Security-Port Binding H3C S3100 Series Ethernet Switches Chapter 1 Port Security Configuration Caution: Enabling port security resets the following configurations on the ports to the defaults (shown in parentheses below): 802.1x (disabled), port access control method (macbased), and port access control mode (auto) MAC authentication (disabled) In addition, you cannot perform the above-mentioned configurations manually because...
Page 203: Setting The Port Security Mode
Operation Manual – Port Security-Port Binding H3C S3100 Series Ethernet Switches Chapter 1 Port Security Configuration 1.2.3 Setting the Port Security Mode Follow these steps to set the port security mode: To do... Use the command... Remarks Enter system view system-view —...
Page 204: Configuring Port Security Features
Operation Manual – Port Security-Port Binding H3C S3100 Series Ethernet Switches Chapter 1 Port Security Configuration Note: Before setting the port security mode to autolearn, you need to set the maximum number of MAC addresses allowed on the port with the port-security max-mac-count command.
Page 205 Operation Manual – Port Security-Port Binding H3C S3100 Series Ethernet Switches Chapter 1 Port Security Configuration II. Configuring intrusion protection Follow these steps to configure the intrusion protection feature: To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter Ethernet port view —...
Page 206: Ignoring The Authorization Information From The Radius Server
Operation Manual – Port Security-Port Binding H3C S3100 Series Ethernet Switches Chapter 1 Port Security Configuration III. Configuring the Trap feature Follow these steps to configure port security trapping: To do... Use the command... Remarks Enter system view system-view — port-security trap { addresslearned Required | dot1xlogfailure | dot1xlogoff |...
Page 207: Displaying And Maintaining Port Security Configuration
Operation Manual – Port Security-Port Binding H3C S3100 Series Ethernet Switches Chapter 1 Port Security Configuration If the amount of security MAC addresses has not yet reach the maximum number, the port will learn new MAC addresses and turn them to security MAC addresses; If the amount of security MAC addresses reaches the maximum number, the port will not be able to learn new MAC addresses and the port mode will be changed from autolearn to secure.
Page 208: Port Security Configuration Example
Operation Manual – Port Security-Port Binding H3C S3100 Series Ethernet Switches Chapter 1 Port Security Configuration 1.4 Port Security Configuration Example 1.4.1 Port Security Configuration Example I. Network requirements Implement access user restrictions through the following configuration on Ethernet 1/0/1 of the switch. Allow a maximum of 80 users to access the port without authentication and permit the port to learn and add the MAC addresses of the users as security MAC addresses.
Page 209 Operation Manual – Port Security-Port Binding H3C S3100 Series Ethernet Switches Chapter 1 Port Security Configuration [Switch-Ethernet1/0/1] port-security intrusion-mode disableport-temporarily [Switch-Ethernet1/0/1] quit [Switch] port-security timer disableport 30 1-13...
Page 210: Port Binding Overview
Operation Manual – Port Security-Port Binding H3C S3100 Series Ethernet Switches Chapter 2 Port Binding Configuration Chapter 2 Port Binding Configuration When configuring port binding, go to these sections for information you are interested Port Binding Overview Displaying and Maintaining Port Binding Configuration Port Binding Configuration Example Note: Currently, only the S3100-EI series support port binding.
Page 211: Displaying And Maintaining Port Binding Configuration
Operation Manual – Port Security-Port Binding H3C S3100 Series Ethernet Switches Chapter 2 Port Binding Configuration Note: An IP address can be bound to only one port at a time. A MAC address can be bound to only one port at a time. 2.2 Displaying and Maintaining Port Binding Configuration To do...
Page 212 Operation Manual – Port Security-Port Binding H3C S3100 Series Ethernet Switches Chapter 2 Port Binding Configuration <SwitchA> system-view # Enter Ethernet 1/0/1 port view. [SwitchA] interface Ethernet 1/0/1 # Bind the MAC address and the IP address of Host A to Ethernet 1/0/1. [SwitchA-Ethernet1/0/1] user-bind mac-addr...
Page 213 Operation Manual – DLDP H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 DLDP Configuration ....................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction......................1-1 1.2 DLDP Fundamentals ......................1-2 1.2.1 DLDP Implementation ..................... 1-2 1.2.2 DLDP Status......................1-6 1.2.3 DLDP Timers......................
Page 214: Chapter 1 Dldp Configuration
Operation Manual – DLDP H3C S3100 Series Ethernet Switches Chapter 1 DLDP Configuration Chapter 1 DLDP Configuration Note: Only S3100-EI Series switches support DLDP feature. 1.1 Overview 1.1.1 Introduction You may have encountered unidirectional links in networking. When a unidirectional link occurs, the local device can receive packets from the peer device through the link layer, but the peer device cannot receive packets from the local device.
Page 215: Dldp Fundamentals
Operation Manual – DLDP H3C S3100 Series Ethernet Switches Chapter 1 DLDP Configuration SwitchA GE1/1/1 GE1/1/2 GE1/1/1 GE1/1/2 SwitchB Figure 1-2 Fiber broken or not connected DLDP provides the following features: As a link layer protocol, it works together with the physical layer protocols to monitor the link status of a device.
Page 216 Operation Manual – DLDP H3C S3100 Series Ethernet Switches Chapter 1 DLDP Configuration Table 1-1 DLDP packet types DLDP packet type Function Notifies the neighbor devices of the existence of the local device. An advertisement packet carries only the local port Advertisement information, and it does not require response from the peer end.
Page 217 Operation Manual – DLDP H3C S3100 Series Ethernet Switches Chapter 1 DLDP Configuration DLDP packet type Function Linkdown packets are used to notify unidirectional link emergencies (a unidirectional link emergency occurs when the local port is down and the peer port is up). Linkdown packets carry only the local port information instead of the neighbor information.
Page 218 Operation Manual – DLDP H3C S3100 Series Ethernet Switches Chapter 1 DLDP Configuration A DLDP packet received is processed as follows: In authentication mode, the DLDP packet is authenticated and is then dropped if it fails the authentication. The packet is further processed, as described in Table 1-3.
Page 219: Dldp Status
Operation Manual – DLDP H3C S3100 Series Ethernet Switches Chapter 1 DLDP Configuration Table 1-4 Processing procedure when no echo packet is received from the neighbor No echo packet received from the Processing procedure neighbor In normal mode, no echo packet is DLDP switches to the disable state, received when the echo waiting timer outputs log and tracking information, and...
Page 220: Dldp Timers
Operation Manual – DLDP H3C S3100 Series Ethernet Switches Chapter 1 DLDP Configuration 1.2.3 DLDP Timers Table 1-6 DLDP timers Timer Description Interval between sending advertisement packets, which can Advertisement be configured on a command line interface. sending timer By default, the timer length is 5 seconds. The interval is 0.5 seconds.
Page 221: Dldp Operating Mode
Operation Manual – DLDP H3C S3100 Series Ethernet Switches Chapter 1 DLDP Configuration Timer Description When a device in the active, advertisement, or probe DLDP state receives a port down message, it does not removes the corresponding neighbor immediately, neither does it changes to the inactive state.
Page 222: Link Auto-Recovery Mechanism
Operation Manual – DLDP H3C S3100 Series Ethernet Switches Chapter 1 DLDP Configuration Table 1-8 Description on the two DLDP neighbor states DLDP neighbor Description state two way The link to the neighbor operates properly. The device is detecting the neighbor and the neighbor state unknown is unknown.
Page 223: Dldp Configuration
Operation Manual – DLDP H3C S3100 Series Ethernet Switches Chapter 1 DLDP Configuration 1.3 DLDP Configuration 1.3.1 Performing Basic DLDP Configuration Table 1-9 Perform basic DLDP configuration Operation Command Description Enter system view system-view — Enable DLDP dldp enable globally Required.
Page 224: Resetting Dldp State
Operation Manual – DLDP H3C S3100 Series Ethernet Switches Chapter 1 DLDP Configuration The interval for sending advertisement packets ranges from 1 to 100 seconds and defaults to 5 seconds. You can adjust this setting as needed to enable DLDP to respond in time to link failures.
Page 225: Displaying And Maintaining Dldp
Operation Manual – DLDP H3C S3100 Series Ethernet Switches Chapter 1 DLDP Configuration Table 1-10 Reset DLDP state Operation Command Description system-view Reset DLDP state for all the ports shut down by DLDP dldp reset Select either of the two. interface interface-type Reset the DLDP state for a port interface-number...
Page 226 Operation Manual – DLDP H3C S3100 Series Ethernet Switches Chapter 1 DLDP Configuration II. Network diagram SwitchA SwitchA SwitchA SwitchA GE1/1/1 GE1/1/2 GE1/1/1 GE1/1/2 SwitchB SwitchB SwitchB SwitchB Figure 1-3 Network diagram for DLDP configuration III. Configuration procedure Configure Switch A # Configure the ports to work in mandatory full duplex mode at a rate of 1,000 Mbps.
Page 227 Operation Manual – DLDP H3C S3100 Series Ethernet Switches Chapter 1 DLDP Configuration Note: When two switches are connected through fibers in a crossed way, two or three ports may be in the disable state, and the rest in the inactive state. When a fiber is connected to a device correctly on one end with the other end connected to no device: If the device operates in the normal DLDP mode, the end that receives optical...
Page 228 Operation Manual – MAC Address Table Management H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 MAC Address Table Management................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to MAC Address Table ................ 1-1 1.1.2 Introduction to MAC Address Learning ..............1-2 1.1.3 Managing MAC Address Table ................
Page 229: Introduction To Mac Address Table
Chapter 1 Operation Manual – MAC Address Table Management MAC Address Table H3C S3100 Series Ethernet Switches Management Chapter 1 MAC Address Table Management When configuring MAC address table management, go to these sections for information you are interested in: Overview Configuring MAC Address Table Management Displaying MAC Address Table Information...
Page 230: Introduction To Mac Address Learning
Chapter 1 Operation Manual – MAC Address Table Management MAC Address Table H3C S3100 Series Ethernet Switches Management 1.1.2 Introduction to MAC Address Learning MAC address table entries can be updated and maintained through the following two ways: Manual configuration MAC address learning Generally, the majority of MAC address entries are created and maintained through MAC address learning.
Page 231 Chapter 1 Operation Manual – MAC Address Table Management MAC Address Table H3C S3100 Series Ethernet Switches Management User B User C Eth1/0/4 Eth1/0/3 Eth1/0/1 User A Figure 1-3 MAC address learning diagram (2) Because the switch broadcasts the packet, both User B and User C can receive the packet.
Page 232: Managing Mac Address Table
Chapter 1 Operation Manual – MAC Address Table Management MAC Address Table H3C S3100 Series Ethernet Switches Management Figure 1-5 MAC address table entries of the switch (2) After this interaction, the switch directly unicasts the packets destined for User A and User B based on the corresponding MAC address table entries.
Page 233: Configuring Mac Address Table Management
Chapter 1 Operation Manual – MAC Address Table Management MAC Address Table H3C S3100 Series Ethernet Switches Management themselves. Using static MAC address entries can reduce broadcast packets remarkably and are suitable for networks where network devices seldom change. Dynamic MAC address entry: This type of MAC address entries age out after the configured aging time.
Page 234: Configuring A Mac Address Entry
Chapter 1 Operation Manual – MAC Address Table Management MAC Address Table H3C S3100 Series Ethernet Switches Management 1.2.2 Configuring a MAC Address Entry You can add, modify, or remove a MAC address entry, remove all MAC address entries concerning a specific port, or remove specific type of MAC address entries (dynamic or static MAC address entries).
Page 235: Setting The Mac Address Aging Timer
Chapter 1 Operation Manual – MAC Address Table Management MAC Address Table H3C S3100 Series Ethernet Switches Management Caution: When you add a MAC address entry, the current port must belong to the VLAN specified by the vlan argument in the command. Otherwise, the entry will not be added.
Page 236: Disabling Mac Address Learning For A Vlan
Chapter 1 Operation Manual – MAC Address Table Management MAC Address Table H3C S3100 Series Ethernet Switches Management for these MAC addresses through the hardware, improving the forwarding efficiency. A MAC address table too big in size may prolong the time for searching MAC address entries, thus decreasing the forwarding performance of the switch.
Page 237: Assigning Mac Addresses For Ethernet Ports
Chapter 1 Operation Manual – MAC Address Table Management MAC Address Table H3C S3100 Series Ethernet Switches Management You can disable a switch from learning MAC addresses in specific VLANs to improve stability and security for the users belong to these VLANs and prevent unauthorized accesses.
Page 238: Displaying Mac Address Table Information
Chapter 1 Operation Manual – MAC Address Table Management MAC Address Table H3C S3100 Series Ethernet Switches Management Follow these steps to configure the start port MAC address: To do… Use the command… Remarks Enter system view system-view — Required Configure the start port port-mac No start port MAC...
Page 239: Adding A Static Mac Address Entry Manually
Chapter 1 Operation Manual – MAC Address Table Management MAC Address Table H3C S3100 Series Ethernet Switches Management 1.4 Configuration Example 1.4.1 Adding a Static MAC Address Entry Manually I. Network requirements The server connects to the switch through Ethernet 1/0/2. To prevent the switch from broadcasting packets destined for the server, it is required to add the MAC address of the server to the MAC address table of the switch, which then forwards packets destined for the server through Ethernet 1/0/2.
Page 240 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 MSTP Configuration ....................1-1 1.1 STP Overview ........................1-1 1.2 MSTP Overview ....................... 1-10 1.2.1 Background of MSTP .................... 1-10 1.2.2 Basic MSTP Terminologies................... 1-11 1.2.3 Principle of MSTP....................
Page 241 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Table of Contents 1.6 Configuring Guard Functions................... 1-43 1.6.1 Introduction......................1-43 1.6.2 Configuration Prerequisites................... 1-45 1.6.3 Configuring BPDU Guard..................1-45 1.6.4 Configuring Root Guard ..................1-46 1.6.5 Configuring Loop Guard..................1-47 1.6.6 Configuring TC-BPDU Attack Guard..............
Page 242: Stp Overview
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Chapter 1 MSTP Configuration 1.1 STP Overview I. Functions of STP Spanning tree protocol (STP) is a protocol conforming to IEEE 802.1d. It aims to eliminate loops on data link layer in a local area network (LAN). Devices running this protocol detect loops in the network by exchanging packets with one another and eliminate the loops detected by blocking specific ports until the network is pruned into one with tree topology.
Page 243 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Root port On a non-root bridge device, the root port is the port with the lowest path cost to the root bridge. The root port is used for communicating with the root bridge. A non-root-bridge device has one and only one root port.
Page 244 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Note: All the ports on the root bridge are designated ports. Path cost Path cost is a value used for measuring link capacity. By comparing the path costs of different links, STP selects the most robust links and blocks the other links to prune the network into a tree.
Page 245 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Selection of the optimum configuration BPDU Each device sends out its configuration BPDU and receives configuration BPDUs from other devices. The process of selecting the optimum configuration BPDU is as follows: Table 1-2 Selection of the optimum configuration BPDU Step Description...
Page 246 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Table 1-3 Selection of the root port and designated ports Step Description A non-root-bridge device takes the port on which the optimum configuration BPDU was received as the root port. Based on the configuration BPDU and the path cost of the root port, the device calculates a designated port configuration BPDU for each of the rest ports.
Page 247 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Figure 1-2 Network diagram for STP algorithm Initial state of each device The following table shows the initial state of each device. Table 1-4 Initial state of each device Device Port name BPDU of port...
Page 248 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Table 1-5 Comparison process and result on each device BPDU of port after Device Comparison process comparis Port AP1 receives the configuration BPDU of Device B {1, 0, 1, BP1}. Device A finds that the configuration BPDU of the local port {0, 0, 0, AP1} is superior to the configuration received message, and discards the received configuration BPDU.
Page 249 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration BPDU of port after Device Comparison process comparis Port CP1 receives the configuration BPDU of Device A {0, 0, 0, AP2}. Device C finds that the received configuration BPDU is superior to the configuration BPDU of the local port {2, 0, 2, CP1}, and updates the CP1: {0, 0,...
Page 250 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Figure 1-3 The final calculated spanning tree Note: To facilitate description, the spanning tree calculation process in this example is simplified, while the actual process is more complicated. The BPDU forwarding mechanism in STP Upon network initiation, every switch regards itself as the root bridge, generates configuration BPDUs with itself as the root, and sends the configuration BPDUs at...
Page 251: Mstp Overview
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration root port and designated port begin to forward data as soon as they are elected, a temporary loop may occur. STP timers The following three time parameters are important for STP calculation: Forward delay, the period a device waits before state transition.
Page 252: Basic Mstp Terminologies
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Note: In RSTP, the state of a root port can transit fast under the following conditions: the old root port on the device has stopped forwarding data and the upstream designated port has started forwarding data.
Page 253 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Figure 1-4 Basic MSTP terminologies I. MST region multiple spanning tree region (MST region) comprises multiple physically-interconnected MSTP-enabled switches and the corresponding network segments connected to these switches. These switches have the same region name, the same VLAN-to-MSTI mapping configuration and the same MSTP revision level.
Page 254 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration III. VLAN mapping table A VLAN mapping table is a property of an MST region. It contains information about how VLANs are mapped to MSTIs. For example, in Figure 1-4, the VLAN mapping table of region A0 is: VLAN 1 is mapped to MSTI 1;...
Page 255 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration A designated port is used to forward packets to a downstream network segment or switch. A master port connects an MST region to the common root. The path from the master port to the common root is the shortest path between the MST region and the common root.
Page 256 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Connecting to the common root bridge Region boundary ports Port 2 MST region Port 1 Master port Alternate port Port 6 Port 5 Backup port Designated port Port 3 Port 4 Figure 1-5 Port roles...
Page 257: Principle Of Mstp
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration 1.2.3 Principle of MSTP MSTP divides a Layer 2 network into multiple MST regions. The CSTs are generated between these MST regions, and multiple spanning trees (also called MSTIs) can be generated in each MST region.
Page 258: Mstp Implementation On Switches
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration For configuration BPDUs with both the same Root bridge ID and the same External path costs, Master bridge ID, Internal path cost, Designated bridge ID, ID of sending port, ID of receiving port are compared in turn. For MSTP, MSTI configuration information is generally expressed as follows: (Instance bridge ID, Internal path costs, Designated bridge ID, ID of sending port, ID of receiving port), so the compared as follows...
Page 259: Configuring Root Bridge
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Root bridge hold Root bridge backup Root guard BPDU guard Loop guard TC-BPDU attack guard BPDU packet drop 1.2.5 STP-related Standards STP-related standards include the following. IEEE 802.1D: spanning tree protocol IEEE 802.1w: rapid spanning tree protocol IEEE 802.1s: multiple spanning tree protocol 1.3 Configuring Root Bridge...
Page 260 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Operation Description Related section Section 1.3.5 Configure the mode a port “Configuring the Mode a recognizes and sends Optional Port Recognizes and MSTP packets Sends MSTP Packets” Section 1.3.6 Configure the MSTP...
Page 261: Configuring An Mst Region
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration 1.3.1 Configuration Prerequisites The role (root, branch, or leaf) of each switch in each spanning tree instance is determined. 1.3.2 Configuring an MST Region I. Configuration procedure Table 1-8 Configure an MST region Operation Command...
Page 262 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration topology jitter caused by the configuration, MSTP does not recalculate spanning trees immediately after the configuration; it does this only after you perform one of the following operations, and then the configuration can really takes effect: Activate region-related settings...
Page 263: Specifying The Current Switch As A Root Bridge/Secondary Root Bridge
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration 1.3.3 Specifying the Current Switch as a Root Bridge/Secondary Root Bridge MSTP can automatically choose a switch as a root bridge through calculation. You can also manually specify the current switch as a root bridge by using the corresponding commands.
Page 264: Configuring The Bridge Priority Of The Current Switch
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Diameter of the Switched Network” and 1.3.9 “Configuring the MSTP Time-related Parameters” for information about the network diameter parameter and the hello time parameter. Note: You can configure a switch as the root bridges of multiple spanning tree instances. But you cannot configure two or more root bridges for one spanning tree instance.
Page 265: Configuring The Mode A Port Recognizes And Sends Mstp Packets
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Caution: Once you specify a switch as the root bridge or a secondary root bridge by using the stp root primary or stp root secondary command, the bridge priority of the switch cannot be configured any more.
Page 266 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration If packets in legacy format are received, the port turns to discarding state to prevent network storm. I. Configuration procedure Table 1-12 Configure the mode a port recognizes and sends MSTP packets (in system view) Operation Command...
Page 267: Configuring The Maximum Hop Count Of An Mst Region
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration 1.3.6 Configuring the MSTP Operation Mode To make a MSTP-enabled switch compatible with STP/RSTP, MSTP provides the following three operation modes: STP-compatible mode, where the ports of a switch send STP BPDUs to neighboring devices.
Page 268: Configuring The Network Diameter Of The Switched Network
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration mechanism disables the switches that are beyond the maximum hop count from participating in spanning tree calculation, and thus limits the size of an MST region. With such a mechanism, the maximum hop count configured on the switch operating as the root bridge of the CIST or an MSTI in an MST region becomes the network diameter of the spanning tree, which limits the size of the spanning tree in the current MST region.
Page 269: Configuring The Mstp Time-Related Parameters
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration The network diameter parameter indicates the size of a network. The bigger the network diameter is, the larger the network size is. After you configure the network diameter of a switched network, an MSTP-enabled switch adjusts its hello time, forward delay, and max age settings accordingly to better values.
Page 270: Configuring The Timeout Time Factor
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Caution: The forward delay parameter and the network diameter are correlated. Normally, a large network diameter corresponds to a large forward delay. A too small forward delay parameter may result in temporary redundant paths. And a too large forward delay parameter may cause a network unable to resume the normal state in time after changes occurred to the network.
Page 271: Configuring The Maximum Transmitting Speed On The Current Port
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration by the hello time parameter to check link failures. Normally, a switch regards its upstream switch faulty if the former does not receive any BPDU from the latter in a period three times of the hello time and then initiates the spanning tree recalculation process.
Page 272: Configuring The Current Port As An Edge Port
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Operation Command Description Required Configure the maximum stp interface interface-list The maximum transmitting transmitting speed for transmit-limit packetnum speed of all Ethernet ports specified ports on a switch defaults to 10. II.
Page 273 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration You can configure a port as an edge port in one of the following two ways. I. Configure a port as an edge port in system view Table 1-21 Configure a port as an edge port in system view Operation Command...
Page 274: Specifying Whether The Link Connected To A Port Is Point-To-Point Link
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Configure Ethernet 1/0/1 as an edge port in Ethernet port view <Sysname> system-view [Sysname] interface Ethernet1/0/1 [Sysname-Ethernet1/0/1] stp edged-port enable 1.3.13 Specifying Whether the Link Connected to a Port Is Point-to-point Link A point-to-point link directly connects two switches.
Page 275: Enabling Mstp
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Note: If you configure the link connected to a port in an aggregation group as a point-to-point link, the configuration will be synchronized to the rest ports in the same aggregation group.
Page 276: Configuring Leaf Nodes
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Table 1-26 Enable MSTP in Ethernet port view Operation Command Description Enter system system-view — view Required Enable MSTP stp enable MSTP is disabled by default. Enter Ethernet interface interface-type —...
Page 277 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Table 1-27 Configure leaf nodes Operation Description Related section Required To prevent network topology jitter caused by Section 1.3.14 “Enabling other related Enable MSTP MSTP” configurations, you are recommended to enable MSTP after performing other configurations.
Page 278: Configuring The Mst Region
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration 1.4.1 Configuration Prerequisites The role (root, branch, or leaf) of each switch in each spanning tree instance is determined. 1.4.2 Configuring the MST Region Refer to section 1.3.2 “Configuring an MST Region”.
Page 279 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Table 1-28 Specify the standard for calculating path costs Operation Command Description Enter system view system-view — Optional Specify the standard for calculating the default stp pathcost-standard By default, the legacy path costs of the links { dot1d-1998 | dot1t |...
Page 280 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration where ‘link transmission speed” is the sum of the speeds of all the unblocked ports on the aggregated link measured in 100 Kbps. II. Configure the path cost for specific ports Table 1-30 Configure the path cost for specified ports in system view Operation Command...
Page 281: Configuring Port Priority
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration III. Configuration example (A) # Configure the path cost of Ethernet 1/0/1 in spanning tree instance 1 to be 2,000. Perform this configuration in system view <Sysname> system-view [Sysname] stp interface Ethernet1/0/1 instance 1 cost 2000 Perform this configuration in Ethernet port view <Sysname>...
Page 282: Specifying Whether The Link Connected To A Port Is A Point-To-Point Link
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Operation Command Description Required stp interface interface-list Configure port priority for instance instance-id port The default port priority is specified ports priority priority 128. II. Configure port priority in Ethernet port view Table 1-33 Configure port priority in Ethernet port view Operation Command...
Page 283: Performing Mcheck Operation
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration 1.4.10 Enabling MSTP Refer to section 1.3.14 “Enabling MSTP”. 1.5 Performing mCheck Operation Ports on an MSTP-enabled switch can operate in three modes: STP-compatible, RSTP-compatible, and MSTP. A port on an MSTP-enabled switch operating as an upstream switch transits to the STP-compatible mode when it has an STP-enabled switch connected to it.
Page 284: Configuring Guard Functions
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Operation Command Description interface interface-type Enter Ethernet port view — interface-number Perform the mCheck operation stp mcheck Required 1.5.3 Configuration Example # Perform the mCheck operation on Ethernet 1/0/1. Perform this configuration in system view <Sysname>...
Page 285 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration bridge to be elected and network topology jitter to occur. In this case, flows that should travel along high-speed links may be led to low-speed links, and network congestion may occur.
Page 286: Configuration Prerequisites
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration You can use the stp tc-protection threshold command to set the maximum times for a switch to remove the MAC address table and ARP entries in a specific period. When the number of the TC-BPDUs received within a period is less than the maximum times, the switch performs a removing operation upon receiving a TC-BPDU.
Page 287: Configuring Root Guard
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Operation Command Description Required Enable the BPDU guard stp bpdu-protection The BPDU guard function is function disabled by default. II. Configuration example # Enable the BPDU guard function. <Sysname>...
Page 288: Configuring Loop Guard
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration [Sysname-Ethernet1/0/1] stp root-protection 1.6.5 Configuring Loop Guard I. Configuration procedure Table 1-39 Configure loop guard Operation Command Description Enter system view — system-view interface interface-type Enter Ethernet port view —...
Page 289: Configuring Bpdu Dropping
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration III. Configuration example # Enable the TC-BPDU attack guard function <Sysname> system-view [Sysname] stp tc-protection enable # Set the maximum times for the switch to remove the MAC address table within 10 seconds to 5.
Page 290: Configuring Digest Snooping
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration the same MST region-related configuration as its own but adopts a proprietary spanning tree protocol, you can enable digest snooping on the port. Then the S3100 Ethernet switch regards another manufacturer's switch as in the same region; it records the configuration digests carried in the BPDUs received from another manufacturer's switch, and put them in the BPDUs to be sent to the another manufacturer's switch.
Page 291: Configuring Rapid Transition
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Operation Command Description You can execute this Display the current display command in any configuration current-configuration view. Note: When the digest snooping feature is enabled on a port, the port state turns to the discarding state.
Page 292 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration For MSTP, the upstream switch sends agreement packets to the downstream switch; and the downstream switch sends agreement packets to the upstream switch only after it receives agreement packets from the upstream switch. For RSTP, the upstream switch does not send agreement packets to the downstream switch.
Page 293: Configuring Rapid Transition
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Some other manufacturers' switches adopt proprietary spanning tree protocols that are similar to RSTP in the way to implement rapid transition on designated ports. When a switch of this kind operating as the upstream switch connects with a H3C series switch running MSTP, the upstream designated port fails to change its state rapidly.
Page 294: Configuring Vlan-Vpn Tunnel
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Operation Command Description Required stp interface Enable the rapid transition interface-type By default, the rapid feature interface-number transition feature is no-agreement-check disabled on a port. Configure the rapid transition feature in Ethernet port view Table 1-44 Configure the rapid transition feature in Ethernet port view Operation Command...
Page 295: Configuring Vlan-Vpn Tunnel
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration As shown in Figure 1-9, the upper part is the operator’s network, and the lower part is the user’s network. The operator’s network comprises packet ingress/egress devices, and the user’s network has networks A and B.
Page 296: Stp Maintenance Configuration
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Note: The VLAN-VPN tunnel function can be enabled on STP-enabled devices only. To enable the VLAN-VPN tunnel function, make sure the links between operator’s networks are trunk links. 1.10 STP Maintenance Configuration 1.10.1 Introduction In a large-scale network with MSTP enabled, there may be many MSTP instances, and...
Page 297: Enabling Trap Messages Conforming To 802.1D Standard
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration 1.11 Enabling Trap Messages Conforming to 802.1d Standard When enabled, the switch sends the following two types of 802.1d-compliant traps to the network management device: When the switch is configured to be the root bridge of a spanning tree instance, it sends 802.1d-compliant newroot traps to the network management device.
Page 298: Mstp Configuration Example
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Operation Command Display information about the ports that display stp portdown are shut down by STP protection Display information about the ports that display stp abnormalport are blocked by STP protection Display information about the root port of display stp root the instance where the switch reside...
Page 299 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Note: The word “permit” shown in Figure 1-10 means the corresponding link permits packets of specific VLANs. III. Configuration procedure Configure Switch A # Enter MST region view. <Sysname>...
Page 300: Vlan-Vpn Tunnel Configuration Example
Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration # Enter MST region view. <Sysname> system-view [Sysname] stp region-configuration # Configure the MST region. [Sysname-mst-region] region-name example [Sysname-mst-region] instance 1 vlan 10 [Sysname-mst-region] instance 3 vlan 30 [Sysname-mst-region] instance 4 vlan 40 [Sysname-mst-region] revision-level 0 # Activate the settings of the MST region manually.
Page 301 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration II. Network diagram Switch D Switch C GE 1/0/2 GE 1/0/1 GE 1/0/2 GE 1/0/1 Eth 1/0/1 Eth 1/0/1 Switch A Switch B Figure 1-11 Network diagram for VLAN-VPN tunnel configuration III.
Page 302 Operation Manual – MSTP H3C S3100 Series Ethernet Switches Chapter 1 MSTP Configuration # Enable the VLAN VPN function on it. [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port access vlan 10 [Sysname-GigabitEthernet1/0/1] vlan-vpn enable [Sysname-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2 as a trunk port. [Sysname] interface GigabitEthernet1/0/2 [Sysname-GigabitEthernet1/0/2] port link-type trunk # Add the trunk port to all VLANs.
Page 303 Operation Manual – Multicast H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Multicast Overview ...................... 1-1 1.1 Multicast Overview......................1-1 1.1.1 Information Transmission in the Unicast Mode............1-1 1.1.2 Information Transmission in the Broadcast Mode........... 1-2 1.1.3 Information Transmission in the Multicast Mode.............
Page 304 Operation Manual – Multicast H3C S3100 Series Ethernet Switches Table of Contents Chapter 3 Common Multicast Configuration................3-1 3.1 Common Multicast Configuration..................3-1 3.1.1 Configuring Suppression on the Multicast Source Port .......... 3-1 3.1.2 Configuring a Multicast MAC Address Entry............3-2 3.1.3 Configuring Dropping Unknown Multicast Packets ..........
Page 305: Chapter 1 Multicast Overview
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 1 Multicast Overview Chapter 1 Multicast Overview 1.1 Multicast Overview With development of networks on the Internet, more and more interaction services such as data, voice, and video services are running on the networks. In addition, highly bandwidth- and time-critical services, such as e-commerce, Web conference, online auction, video on demand (VoD), and tele-education have come into being.
Page 306: Information Transmission In The Broadcast Mode
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 1 Multicast Overview traffic over the network is in direct proportion to the number of users that receive this information, when a large number of users need this information, the server must send many pieces of information with the same content to the users.
Page 307: Information Transmission In The Multicast Mode
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 1 Multicast Overview 1.1.3 Information Transmission in the Multicast Mode As described in the previous sections, unicast is suitable for networks with sparsely distributed users, whereas broadcast is suitable for networks with densely distributed users.
Page 308: Roles In Multicast
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 1 Multicast Overview Multicast brings no waste of network resources and makes proper use of bandwidth. 1.1.4 Roles in Multicast The following roles are involved in multicast transmission: An information sender is referred to as a multicast source (“Source” in Figure 1-3).
Page 309: Multicast Models
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 1 Multicast Overview Enhanced efficiency: Multicast decreases network traffic and reduces server load and CPU load. Optimal performance: Multicast reduces redundant traffic. Distributive application: Multicast makes multiple-point application possible. II. Application of multicast The multicast technology effectively addresses the issue of point-to-multipoint data transmission.
Page 310: Multicast Architecture
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 1 Multicast Overview III. SSM model In the practical life, users may be interested in the multicast data from only certain multicast sources. The SSM model provides a transmission service that allows users to specify the multicast sources they are interested in at the client side.
Page 311 Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 1 Multicast Overview These questions are about multicast addressing. To enable the communication between the information source and members of a multicast group (a group of information receivers), network-layer multicast addresses, namely, IP multicast addresses must be provided.
Page 312 Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 1 Multicast Overview Table 1-2 Range and description of Class D IP addresses Class D address range Description Reserved multicast addresses (IP addresses for permanent multicast groups). The IP 224.0.0.0 to 224.0.0.255 address 224.0.0.0 is reserved.
Page 313 Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 1 Multicast Overview Class D address Description range 224.0.0.18 Virtual router redundancy protocol (VRRP) 224.0.0.19 to Other protocols 224.0.0.255 Note: Like having reserved the private network segment 10.0.0.0/8 for unicast, IANA has also reserved the network segment 239.0.0.0/8 for multicast.
Page 314: Multicast Protocols
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 1 Multicast Overview 1.3.2 Multicast Protocols Note: Generally, we refer to IP multicast working at the network layer as Layer 3 multicast and the corresponding multicast protocols as Layer 3 multicast protocols, which include IGMP, PIM, and MSDP;...
Page 315 Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 1 Multicast Overview Multicast routing protocols A multicast routing protocol runs on Layer 3 multicast devices to establish and maintain multicast routes and forward multicast packets correctly and efficiently. Multicast routes constitute a loop-free data transmission path from a data source to multiple receivers, namely a multicast distribution tree.
Page 316: Multicast Packet Forwarding Mechanism
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 1 Multicast Overview and Layer 3 multicast devices, thus effectively controlling the flooding of multicast data in a Layer 2 network. 1.4 Multicast Packet Forwarding Mechanism In a multicast model, a multicast source sends information to the host group identified by the multicast group address in the destination address field of the IP packets.
Page 317: Rpf Check
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 1 Multicast Overview If no corresponding (S, G) entry exists in the multicast forwarding table, the packet is also subject to an RPF check. The router creates an (S, G) entry based on the relevant routing information and using the RPF interface as the incoming interface, and installs the entry into the multicast forwarding table.
Page 318 Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 1 Multicast Overview A multicast packet from Source arrives to VLAN-interface 1 of Switch C, and the corresponding forwarding entry does not exist in the multicast forwarding table of Switch C. Switch C performs an RPF check, and finds in its unicast routing table that the outgoing interface to 192.168.0.0/24 is VLAN-interface 2.
Page 319: Chapter 2 Igmp Snooping Configuration
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Chapter 2 IGMP Snooping Configuration 2.1 IGMP Snooping Overview Internet Group Management Protocol Snooping (IGMP Snooping) is a multicast constraining mechanism that runs on Layer 2 devices to manage and control multicast groups.
Page 320: Basic Concepts In Igmp Snooping
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration 2.1.2 Basic Concepts in IGMP Snooping I. IGMP Snooping related ports As shown in Figure 2-2, Router A connects to the multicast source, IGMP Snooping runs on Switch A and Switch B, Host A and Host C are receiver hosts (namely, multicast group members).
Page 321: Work Mechanism Of Igmp Snooping
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Message Action after Timer Description before expiry expiry When a port joins a The switch multicast group, the IGMP removes this port Member port switch sets a timer for membership from the multicast aging timer...
Page 322 Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Note: A switch will not forward an IGMP report through a non-router port for the following reason: Due to the IGMP report suppression mechanism, if member hosts of that multicast group still exist under non-router ports, the hosts will stop sending reports when they receive the message, and this prevents the switch from knowing if members of that multicast group are still attached to these ports.
Page 323: Igmp Snooping Configuration
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Caution: After an Ethernet switch enables IGMP Snooping, when it receives the IGMP leave message sent by a host in a multicast group, it judges whether the multicast group exists automatically.
Page 324: Configuring The Version Of Igmp Snooping
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Operation Command Remarks — Enter VLAN view vlan vlan-id Required Enable IGMP Snooping By default, IGMP igmp-snooping enable on the VLAN Snooping is disabled on all the VLANs. Caution: Before enabling IGMP Snooping in a VLAN, be sure to enable IGMP Snooping globally in system view;...
Page 325: Configuring Timers
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Caution: Before configuring related IGMP Snooping functions, you must enable IGMP Snooping in the specified VLAN. Different multicast group addresses should be configured for different multicast sources because IGMPv3 Snooping cannot distinguish multicast data from different sources to the same multicast group.
Page 326 Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration I. Enabling fast leave processing in system view Table 2-6 Enable fast leave processing in system view Operation Command Remarks — Enter system view system-view Required igmp-snooping Enable fast leave fast-leave [ vlan...
Page 327: Configuring A Multicast Group Filter
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration 2.2.5 Configuring a Multicast Group Filter On an IGMP Snooping-enabled switch, the configuration of a multicast group allows the service provider to define restrictions on multicast programs available to different users. In an actual application, when a user requests a multicast program, the user’s host initiates an IGMP report.
Page 328: Configuring The Maximum Number Of Multicast Groups On A Port
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Note: A port can belong to multiple VLANs, you can configure only one ACL rule per VLAN on a port. If no ACL rule is configured, all the multicast groups will be filtered. Since most devices broadcast unknown multicast packets by default, this function is often used together with the function of dropping unknown multicast packets to prevent multicast streams from being broadcast as unknown multicast packets to a...
Page 329: Configuring Igmp Snooping Querier
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Note: To prevent bursting traffic in the network or performance deterioration of the device caused by excessive multicast groups, you can set the maximum number of multicast groups that the switch should process.
Page 330: Configuring Static Member Port For A Multicast Group
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Operation Command Remarks Enable IGMP Snooping igmp-snooping enable Required. Required Enable IGMP Snooping By default, IGMP igmp-snooping querier querier Snooping querier is disabled. Optional Configure the interval igmp-snooping By default, the interval between general queries...
Page 331: Configuring A Static Router Port
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Operation Command Remarks Required Configure specified multicast static-group By default, no port is port(s) as static member group-address interface configured as a static port(s) of a multicast interface-list multicast group member group in the VLAN...
Page 332 Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration there is no member of the multicast group on the local subnet and remove the corresponding path. To avoid this from happening, you can configure a port of the VLAN of the switch as a multicast group member.
Page 333: Configuring A Vlan Tag For Query Messages
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration 2.2.11 Configuring a VLAN Tag for Query Messages By configuring the VLAN in which IGMP general and group-specific queries forwarded and sent by IGMP Snooping switches are transmitted, you can enable multicast packet forwarding between different VLANs In a Layer-2 multicast network environment.
Page 334 Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Operation Command Remarks — Return to system view quit interface Vlan-interface — Enter VLAN interface view vlan-id Required Enable IGMP igmp enable By default, the IGMP feature is disabled.
Page 335: Displaying And Maintaining Igmp Snooping
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Operation Command Remarks Required port hybrid vlan vlan-list The multicast VLAN must { tagged | untagged } Specify the VLANs to be be included, and the port allowed to pass the must be configured to Ethernet port...
Page 336: Igmp Snooping Configuration Examples
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Table 2-20 Display and maintain IGMP Snooping Operation Command Remarks Display the current IGMP display igmp-snooping Snooping configuration configuration Display IGMP Snooping display igmp-snooping You can execute the message statistics statistics display commands in any...
Page 337 Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration II. Network diagram Receiver Host A Source Receiver Eth1/0/4 VLAN100 Eth1/0/2 Eth1/0/1 Eth1/0/1 Eth1/0/3 1.1.1.2/24 10.1.1.1/24 Router A Switch A Host B Eth1/0/2 1.1.1.1/24 IGMP querier Multicast packets Host C Figure 2-3 Network diagram for IGMP Snooping configuration...
Page 338: Configuring Multicast Vlan
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration [SwitchA-vlan100] port Ethernet 1/0/1 to Ethernet 1/0/4 [SwitchA-vlan100] igmp-snooping enable [SwitchA-vlan100] quit Verify the configuration # View the detailed information of the multicast group in VLAN 100 on Switch A. <SwitchA>...
Page 339 Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Table 2-21 Network devices and their configurations Device Device Networking description description The interface IP address of VLAN 20 is 168.10.1.1. Ethernet 1/0/1 is connected to the workstation and belongs to VLAN 20.
Page 340 Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Configure Switch A: # Set the interface IP address of VLAN 20 to 168.10.1.1 and enable PIM DM on the VLAN interface. <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchA] vlan 20 [SwitchA–vlan20]port Ethernet 1/0/1 [SwitchA-vlan20] quit...
Page 341: Troubleshooting Igmp Snooping
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration [SwitchB-Ethernet1/0/10] port link-type hybrid [SwitchB-Ethernet1/0/10] port hybrid vlan 2 3 10 tagged [SwitchB-Ethernet1/0/10] quit # Define Ethernet 1/0/1 as a hybrid port, add the port to VLAN 2 and VLAN 10, configure the port to forward untagged packets for VLAN 2 and VLAN 10, and set VLAN 2 as the default VLAN of the port.
Page 342: Chapter 3 Common Multicast Configuration
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 3 Common Multicast Configuration Chapter 3 Common Multicast Configuration 3.1 Common Multicast Configuration Table 3-1 Common multicast configuration tasks Configuration task Remarks Configuring Suppression on the Multicast Source Port Optional Configuring a Multicast MAC Address Entry Optional Configuring Dropping Unknown Multicast Packets...
Page 343: Configuring A Multicast Mac Address Entry
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 3 Common Multicast Configuration II. Configuring multicast source port suppression in Ethernet port view Table 3-3 Configure multicast source port suppression in Ethernet port view Operation Command Remarks — Enter system view system-view interface interface-type —...
Page 344: Configuring Dropping Unknown Multicast Packets
Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 3 Common Multicast Configuration Note: If the multicast MAC address entry to be created already exists, the system gives you a prompt. If you want to add a port to a multicast MAC address entry created through the mac-address multicast command, you need to remove the entry first, create this entry again, and then add the specified port to the forwarding ports of this entry.
Page 345 Operation Manual – Multicast H3C S3100 Series Ethernet Switches Chapter 3 Common Multicast Configuration Table 3-7 Display common multicast configuration Operation Command Remarks Display the statistics display multicast-source-deny These information about multicast [ interface interface-type commands source port suppression [ interface-number ] ] can be display mac-address multicast executed in...
Page 346 Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 802.1x Configuration ....................1-1 1.1 Introduction to 802.1x ......................1-1 1.1.1 Architecture of 802.1x Authentication ..............1-1 1.1.2 The Mechanism of an 802.1x Authentication System..........1-3 1.1.3 Encapsulation of EAPoL Messages ................
Page 347 Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Table of Contents 3.4 Displaying HABP........................ 3-2 Chapter 4 System-Guard Configuration (For S3100-EI) ............4-1 4.1 System-Guard Overview....................4-1 4.2 Configuring the System-Guard Feature................4-1 4.2.1 Configuring the System-Guard Feature ..............4-1 4.3 Displaying and Maintaining System-Guard ...............
Page 348: Chapter 1 802.1X Configuration
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Chapter 1 802.1x Configuration 1.1 Introduction to 802.1x The 802.1x protocol (802.1x for short) was developed by IEEE802 LAN/WAN committee to address security issues of wireless LANs. It was then used in Ethernet as a common access control mechanism for LAN ports to address mainly authentication and security problems.
Page 349 Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration The authenticator system is another entity residing at one end of a LAN segment. It authenticates the connected supplicant systems. The authenticator system is usually an 802.1x-supported network device (such as a H3C series switch). It provides the port (physical or logical) for the supplicant system to access the LAN.
Page 350: The Mechanism Of An 802.1X Authentication System
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration IV. The way a port is controlled A port of a H3C series switch can be controlled in the following two ways. Port-based authentication. When a port is controlled in this way, all the supplicant systems connected to the port can access the network without being authenticated after one supplicant system among them passes the authentication.
Page 351 Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Figure 1-3 The format of an EAPoL packet In an EAPoL packet: The PAE Ethernet type field holds the protocol identifier. The identifier for 802.1x is 0x888E. The Protocol version field holds the version of the protocol supported by the sender of the EAPoL packet.
Page 352 Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Code Identifier Length Data Figure 1-4 The format of an EAP packet In an EAP packet: The Code field indicates the EAP packet type, which can be Request, Response, Success, or Failure.
Page 353: Authentication Procedure
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Figure 1-6 The format of an EAP-message field The Message-authenticator field, whose format is shown in Figure 1-7, is used to prevent unauthorized interception to access requesting packets during authentications using CHAP, EAP, and so on.
Page 354 Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration PEAP creates and uses TLS security channels to ensure data integrity and then performs new EAP negotiations to verify supplicant systems. Figure 1-8 describes the basic EAP-MD5 authentication procedure. EAPOR EAPOL Authenticator System...
Page 355 Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Upon receiving the packet from the switch, the RADIUS server retrieves the user name from the packet, finds the corresponding password by matching the user name in its database, encrypts the password using a randomly-generated key, and sends the key to the switch through an RADIUS access-challenge packet.
Page 356: Timers Used In 802.1X
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Supplicant RADIUS EAPOL Authenticator system RADIUS server system PAE EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request/MD5 Challenge EAP-Response/MD5 Challenge RADIUS Access-Request (CHAP-Response/MD5 Challenge) RADIUS Access-Accept (CHAP-Success) EAP-Success Port authorized Handshake timer Handshake request [EAP-Request/Identity]...
Page 357: Implementation On An S3100 Series Switch
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration period (set by the quiet-period timer) before it processes another authentication request re-initiated by the supplicant system. During this quiet period, the switch does not perform any 802.1x authentication-related actions for the supplicant system.
Page 358 Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Note: H3C's CAMS Server is a service management system used to manage networks and to secure networks and user information. With the cooperation of other networking devices (such as switches) in the network, a CAMS server can implement the AAA functions and rights management.
Page 359 Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration II. Checking the client version With the 802.1x client version-checking function enabled, a switch checks the version and validity of an 802.1x client to prevent unauthorized users or users with earlier versions of 802.1x client from logging in.
Page 360 Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration to the user. To connect to the switch again, the user needs to initiate 802.1x authentication with the client software again. Note: When re-authenticating a user, a switch goes through the complete authentication process.
Page 361: Introduction To 802.1X Configuration
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Note: 802.1x re-authentication will fail if a CAMS server is used and configured to perform authentication but not accounting. This is because a CAMS server establishes a user session after it begins to perform accounting.
Page 362: Basic 802.1X Configuration
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration 1.3 Basic 802.1x Configuration 1.3.1 Configuration Prerequisites Configure ISP domain and the AAA scheme to be adopted. You can specify a RADIUS scheme or a local scheme. Ensure that the service type is configured as lan-access (by using the service-type command) if local authentication scheme is adopted.
Page 363 Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Operation Command Remarks Optional Set authentication dot1x By default, a switch performs method for 802.1x authentication-method CHAP authentication in EAP users { chap | pap | eap } terminating mode.
Page 364: Timer And Maximum User Number Configuration
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration 1.3.3 Timer and Maximum User Number Configuration Table 1-2 Configure 802.1x timers and the maximum number of users Operation Command Remarks Enter system view system-view — dot1x max-user Set the system...
Page 365: Advanced 802.1X Configuration
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Note: As for the dot1x max-user command, if you execute it in system view without specifying the interface-list argument, the command applies to all ports. You can also use this command in port view.
Page 366: Configuring Client Version Checking
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Note: The proxy checking function needs the cooperation of H3C's 802.1x client (iNode) program. The proxy checking function depends on the online user handshaking function. To enable the proxy detecting function, you need to enable the online user handshaking function first.
Page 367: Enabling Dhcp-Triggered Authentication
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration 1.4.3 Enabling DHCP-triggered Authentication After performing the following configuration, 802.1x allows running DHCP on access users, and users are authenticated when they apply for dynamic IP addresses through DHCP.
Page 368: Configuring 802.1X Re-Authentication
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Caution: The Guest VLAN function is available only when the switch operates in the port-based authentication mode. Only one Guest VLAN can be configured for each switch. The Guest VLAN function cannot be implemented if you configure the dot1x dhcp-launch command on the switch to enable DHCP-triggered authentication.
Page 369: Displaying And Debugging 802.1X
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration The switch uses the value of the Session-timeout attribute field of the Access-Accept packet sent by the RADIUS server as the re-authentication interval. The switch uses the value configured with the dot1x timer reauth-period command as the re-authentication interval for access users.
Page 370: Configuration Example
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration 1.6 Configuration Example 1.6.1 802.1x Configuration Example I. Network requirements Authenticate users on all ports to control their accesses to the Internet. The switch operates in MAC address-based access control mode. All supplicant systems that pass the authentication belong to the default domain named “aabbcc.net”.
Page 371 Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration III. Configuration procedure Note: Following configuration covers the major AAA/RADIUS configuration commands. Refer to AAA Operation Manual for the information about these commands. Configuration on the client and the RADIUS servers is omitted. # Enable 802.1x globally.
Page 372 Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration # Set the timer for the switch to send real-time accounting packets to the RADIUS servers. [Sysname-radius-radius1] timer realtime-accounting 15 # Configure to send the user name to the RADIUS server with the domain name truncated.
Page 373: Chapter 2 Quick Ead Deployment Configuration
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 2 Quick EAD Deployment Configuration Chapter 2 Quick EAD Deployment Configuration Note: The configuration introduced in this chapter is only supported by the S3100-EI series switches. 2.1 Introduction to Quick EAD Deployment 2.1.1 Quick EAD Deployment Overview As an integrated solution, an Endpoint Admission Defense (EAD) solution can improve the overall defense power of a network.
Page 374: Configuring Quick Ead Deployment
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 2 Quick EAD Deployment Configuration Note: The quick EAD deployment feature takes effect only when the access control mode of an 802.1x-enabled port is set to auto. 2.2 Configuring Quick EAD Deployment 2.2.1 Configuration Prerequisites Enable 802.1x on the switch.
Page 375 Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 2 Quick EAD Deployment Configuration Caution: You must configure the URL for HTTP redirection before configuring a free IP range. A URL must start with http:// and the segment where the URL resides must be in the free IP range.
Page 376: Displaying And Maintaining Quick Ead Deployment
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 2 Quick EAD Deployment Configuration 2.2.3 Displaying and Maintaining Quick EAD Deployment After performing the above configurations, you can display and verify the quick EAD deployment-related configuration by executing the display command in any view. Table 2-3 Display quick EAD deployment To do...
Page 377: Troubleshooting
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 2 Quick EAD Deployment Configuration III. Configuration procedure Note: Before enabling quick EAD deployment, be sure that: The Web server is configured properly. The default gateway of the user’s PC is configured as the IP address of the connected VLAN interface on the switch.
Page 378 Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 2 Quick EAD Deployment Configuration Check that you have configured an IP address in the free IP range for the Web server and a correct URL for redirection, and that the server provides Web services properly.
Page 379: Chapter 3 Habp Configuration
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 3 HABP Configuration Chapter 3 HABP Configuration 3.1 Introduction to HABP With 802.1x enabled, a switch authenticates and then authorizes 802.1x-enabled ports. Packets can be forwarded only by authorized ports. For ports with switches attached and are not authenticated and authorized by 802.1x, their received packets will be filtered.
Page 380: Habp Client Configuration
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 3 HABP Configuration Operation Command Remarks Required By default, a switch operates as an HABP client after you Configure the current habp server vlan enable HABP on the switch. If switch to be an HABP vlan-id you want to use the switch as...
Page 381: Chapter 4 System-Guard Configuration (For S3100-Ei)
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 4 System-Guard Configuration (For S3100-EI) Chapter 4 System-Guard Configuration (For S3100-EI) Note: The configuration introduced in this chapter is only supported by the S3100-EI series switches. 4.1 System-Guard Overview At first, you must determine whether the CPU is under attack to implement system guard for the CPU.
Page 382: Displaying And Maintaining System-Guard
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 4 System-Guard Configuration (For S3100-EI) Operation Command Description Required Enable system-guard on system-guard permit By default, the system-guard specified ports interface-list function is disabled on a port. Optional Set the threshold for the system-guard number of packets when detect-threshold...
Page 383: Chapter 5 System-Guard Configuration (For S3100-Si)
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 5 System-Guard Configuration (For S3100-SI) Chapter 5 System-Guard Configuration (For S3100-SI) Note: The configuration introduced in this chapter is only supported by the S3100-SI series switches. 5.1 System-Guard Overview The system-guard function checks system-guard-enabled ports regularly to determine if the ports are under attack.
Page 384: Configuring System-Guard-Related Parameters
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 5 System-Guard Configuration (For S3100-SI) 5.2.2 Configuring System-Guard-Related Parameters Table 5-2 lists the operations to configure system-guard-related parameters, including system-guard mode, checking interval, threshold (in terms of the number of the received packets), and controlling period.
Page 385: Displaying And Maintaining The System-Guard Function
Operation Manual – 802.1x-System Guard H3C S3100 Series Ethernet Switches Chapter 5 System-Guard Configuration (For S3100-SI) 5.3 Displaying and Maintaining the System-Guard Function After the above configuration, you can display and verify your configuration by performing the operation listed in Table 5-4.
Page 386 Operation Manual – AAA H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 AAA Overview ......................1-1 1.1 Introduction to AAA ......................1-1 1.1.1 Authentication......................1-1 1.1.2 Authorization ......................1-1 1.1.3 Accounting....................... 1-2 1.1.4 Introduction to ISP Domain ..................1-2 1.2 Introduction to AAA Services .....................
Page 387 Operation Manual – AAA H3C S3100 Series Ethernet Switches Table of Contents 2.3.6 Configuring the Attributes of Data to be Sent to TACACS Servers ...... 2-29 2.3.7 Configuring the Timers Regarding TACACS Servers ........... 2-30 2.4 Displaying and Maintaining AAA..................2-30 2.5 AAA Configuration Examples ..................
Page 388: Chapter 1 Aaa Overview
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 1 AAA Overview Chapter 1 AAA Overview 1.1 Introduction to AAA AAA is the acronym for the three security functions: authentication, authorization and accounting. It provides a uniform framework for you to configure these three functions to implement network security management.
Page 389: Accounting
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 1 AAA Overview RADIUS authorization: Users are authorized after they pass RADIUS authentication. In RADIUS protocol, authentication and authorization are combined together, and authorization cannot be performed alone without authentication. HWTACACS authorization: Users are authorized by a TACACS server.
Page 390 Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 1 AAA Overview Server: RADIUS Server runs on a computer or workstation at the center. It stores and maintains user authentication information and network service access information. Client: RADIUS Client runs on network access servers throughout the network. RADIUS operates in the client/server model.
Page 391 Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 1 AAA Overview Host RADIUS Client RADIUS Server The user inputs the user ( 1 ) name and password ( 2 ) Access-Request ( 3 ) Access-Accept (4 ) Accounting-Request (start) ( 5 ) Accounting-Response ( 6 ) The user begins to access resources...
Page 392 Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 1 AAA Overview adopts the following mechanisms: timer management, retransmission, and backup server. Figure 1-3 depicts the format of RADIUS messages. Figure 1-3 RADIUS message format The Code field (one byte) decides the type of RADIUS message, as shown in Table 1-1.
Page 393 Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 1 AAA Overview Code Message type Message description Direction: server->client. The server transmits this message to the client to Accounting-Respons notify the client that it has received the Accounting-Request message and has correctly recorded the accounting information.
Page 394 Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 1 AAA Overview Type field Type field Attribute type Attribute type value value Framed-IP-Netmask Calling-Station-Id Framed-Routing NAS-Identifier Filter-ID Proxy-State Framed-MTU Login-LAT-Service Framed-Compression Login-LAT-Node Login-IP-Host Login-LAT-Group Login-Service Framed-AppleTalk-Link Login-TCP-Port Framed-AppleTalk-Network (unassigned) Framed-AppleTalk-Zone Reply-Message 40-59...
Page 395: Introduction To Hwtacacs
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 1 AAA Overview 1.2.2 Introduction to HWTACACS I. What is HWTACACS Huawei Terminal Access Controller Access Control System (HWTACACS) is an enhanced security protocol based on TACACS (RFC 1492). Similar to the RADIUS protocol, it implements AAA for different types of users (such as PPP, VPDN, and terminal users) through communicating with TACACS server in client-server mode.
Page 396 Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 1 AAA Overview II. Basic message exchange procedure in HWTACACS The following text takes telnet user as an example to describe how HWTACACS implements authentication, authorization, and accounting for a user. Figure 1-6 illustrates the basic message exchange procedure: Figure 1-6 AAA implementation procedure for a telnet user...
Page 397 Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 1 AAA Overview After receiving the username from the user, the TACACS client sends an authentication continuance message carrying the username. The TACACS server returns an authentication response, asking for the password. Upon receiving the response, the TACACS client requests the user for the login password.
Page 398: Chapter 2 Aaa Configuration
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Chapter 2 AAA Configuration 2.1 AAA Configuration Task List 2.1.1 Configuration introduction You need to configure AAA to provide network access services for legal users while protecting network devices and preventing unauthorized access and repudiation behavior.
Page 399: Creating An Isp Domain And Configuring Its Attributes
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Table 2-2 AAA configuration tasks (configuring separate AAA schemes for an ISP domain) Task Remarks Creating an ISP Domain and Required Configuring Its Attributes Configuring separate AAA schemes Required Required With...
Page 400 Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Operation Command Remarks Optional By default, an ISP domain Set the status of the ISP is in the active state, that state { active | block } domain is, all the users in the domain are allowed to...
Page 401: Configuring An Aaa Scheme For An Isp Domain
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration The self-service server location function needs the cooperation of a RADIUS server that supports self-service, such as comprehensive access management server (CAMS). Through self-service, users can manage and control their account or card numbers by themselves.
Page 402 Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Caution: You can execute the scheme radius-scheme radius-scheme-name command to adopt an already configured RADIUS scheme to implement all the three AAA functions. If you adopt the local scheme, only the authentication and authorization functions are implemented, the accounting function cannot be implemented.
Page 403 Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Table 2-5 Configure separate AAA schemes Operation Command Remarks Enter system view system-view — Create an ISP domain and enter its view, or enter Required domain isp-name the view of an existing ISP domain authentication...
Page 404: Configuring Dynamic Vlan Assignment
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Note: If a combined AAA scheme is configured as well as the separate authentication, authorization and accounting schemes, the separate ones will be adopted in precedence. RADIUS scheme and local scheme do not support the separation of authentication and authorization.
Page 405: Configuring The Attributes Of A Local User
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Table 2-6 Configure dynamic VLAN assignment Operation Command Remarks Enter system view system-view — Create an ISP domain domain isp-name — and enter its view Optional Set the VLAN assignment vlan-assignment-mode By default, the VLAN mode...
Page 406 Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Table 2-7 Configure the attributes of a local user Operation Command Remarks Enter system view system-view — Optional By default, the password Set the password local-user display mode of all access display mode of all password-display-mode users is auto, indicating the...
Page 407: Cutting Down User Connections Forcibly
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Caution: The following characters are not allowed in the user-name string: /:*?<>. And you cannot input more than one “@” in the string. After the local-user password-display-mode cipher-force command is executed, any password will be displayed in cipher mode even though you specify to display a user password in plain text by using the password command.
Page 408: Radius Configuration Task List
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Note: You can use the display connection command to view the connections of Telnet users, but you cannot use the cut connection command to cut down their connections. 2.2 RADIUS Configuration Task List H3C’s Ethernet switches can function not only as RADIUS clients but also as local RADIUS servers.
Page 409 Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Table 2-10 RADIUS configuration tasks (the switch functions as a local RADIUS server) Task Remarks Creating a RADIUS Scheme Required Configuring RADIUS Required Authentication/Authorization Servers Configuring RADIUS Accounting Servers Required Configuring Shared Keys for RADIUS Optional...
Page 410: Creating A Radius Scheme
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Note: Actually, the RADIUS service configuration only defines the parameters for information exchange between switch and RADIUS server. To make these parameters take effect, you must reference the RADIUS scheme configured with these parameters in an ISP domain view (refer to Chapter 2 AAA Configuration).
Page 411: Configuring Radius Accounting Servers
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Operation Command Remarks Required Set the IP address and By default, the IP address port number of the and UDP port number of primary authentication primary RADIUS the primary server are ip-address [ port-number ] authentication/authorizati...
Page 412 Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Operation Command Remarks Required By default, the IP address Set the IP address and and UDP port number of port number of the primary accounting the primary accounting primary RADIUS ip-address [ port-number ] server are 0.0.0.0 and...
Page 413: Configuring Shared Keys For Radius Messages
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Note: In an actual network environment, you can specify one server as both the primary and secondary accounting servers, as well as specifying two RADIUS servers as the primary and secondary accounting servers respectively.
Page 414: Configuring The Maximum Number Of Radius Request Transmission Attempts
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Operation Command Remarks Required Set a shared key for RADIUS accounting key accounting string By default, no shared key messages is created. Caution: The authentication/authorization shared key and the accounting shared key you set on the switch must be respectively consistent with the shared key on the authentication/authorization server and the shared key on the accounting server.
Page 415: Configuring The Type Of Radius Servers To Be Supported
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration 2.2.6 Configuring the Type of RADIUS Servers to be Supported Table 2-16 Configure the type of RADIUS servers to be supported Operation Command Remarks Enter system view system-view —...
Page 416: Configuring The Attributes Of Data To Be Sent To Radius Servers
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Table 2-17 Set the status of RADIUS servers Operation Command Remarks Enter system view system-view — Required By default, a RADIUS Create a RADIUS scheme radius scheme scheme named "system"...
Page 417: Configuring The Local Radius Authentication Server Function
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Operation Command Remarks Optional Set the MAC address format of the calling-station-id mode By default, the MAC address Calling-Station-Id { mode1 | mode2 } format is (Type 31) field in { lowercase | uppercase } XXXX-XXXX-XXXX, in RADIUS packets...
Page 418: Configuring Timers For Radius Servers
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration addition to RADIUS client service, where separate authentication/authorization server and the accounting server are used for user authentication. Table 2-19 Configure the local RADIUS authentication server function Operation Command Remarks...
Page 419 Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration system is called the response timeout timer of RADIUS servers. If the switch gets no answer within the response timeout time, it needs to retransmit the request to ensure that the user can obtain RADIUS service.
Page 420: Enabling Sending Trap Message When A Radius Server Goes Down
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration 2.2.11 Enabling Sending Trap Message when a RADIUS Server Goes Down Table 2-21 Specify to send trap message when a RADIUS server goes down Operation Command Remarks Enter system view system-view —...
Page 421 Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Once the CAMS receives the Accounting-On message, it sends a response to the switch. At the same time it finds and deletes the original online information of the users who were accessing the network through the switch before the restart according to the information (NAS-ID, NAS-IP-address and session ID) contained in the message, and ends the accounting for the users depending on the last...
Page 422: Hwtacacs Configuration Task List
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration 2.3 HWTACACS Configuration Task List Table 2-23 HWTACACS configuration tasks Task Remarks Creating a HWTACACS Scheme Required Configuring TACACS Authentication Servers Required Configuring TACACS Authorization Servers Required Configuring TACACS Accounting Servers Optional Configuring the...
Page 423: Configuring Tacacs Authentication Servers
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration 2.3.2 Configuring TACACS Authentication Servers Table 2-25 Configure TACACS authentication servers Operation Command Remarks Enter system view system-view — Required Create a HWTACACS hwtacacs scheme By default, no scheme and enter its view hwtacacs-scheme-name HWTACACS scheme...
Page 424: Configuring Tacacs Accounting Servers
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Operation Command Remarks Required Set the IP address and By default, the IP address port number of the primary authorization of the primary primary TACACS ip-address [ port ] authorization server is authorization server 0.0.0.0, and the port...
Page 425: Configuring Shared Keys For Hwtacacs Messages
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Operation Command Remarks Optional Enable the By default, the stop-accounting message stop-accounting retransmission function retry stop-accounting messages retransmission and set the maximum retry-times function is enabled and number of transmission the system can transmit a attempts of a buffered...
Page 426: Configuring The Attributes Of Data To Be Sent To Tacacs Servers
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration 2.3.6 Configuring the Attributes of Data to be Sent to TACACS Servers Table 2-29 Configure the attributes for data to be sent to TACACS servers Operation Command Remarks Enter system view system-view...
Page 427: Configuring The Timers Regarding Tacacs Servers
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration 2.3.7 Configuring the Timers Regarding TACACS Servers Table 2-30 Configure the timers regarding TACACS servers Operation Command Remarks Enter system view system-view — Required Create a HWTACACS hwtacacs scheme By default, no scheme and enter its view...
Page 428 Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Table 2-31 Display AAA information Operation Command Remarks Display configuration information about one display domain [ isp-name ] specific or all ISP domains display connection [ access-type { dot1x | mac-authentication } | domain isp-name | interface You can...
Page 429: Aaa Configuration Examples
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration Table 2-33 Display and maintain HWTACACS protocol information Operation Command Remarks Display the configuration display hwtacacs or statistic information [ hwtacacs-scheme-name about one specific or all [ statistics ] ] You can execute the HWTACACS schemes display command...
Page 430 Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration The Telnet user names added to the RADIUS server must be in the format of userid@isp-name if you have configured the switch to include domain names in the user names to be sent to the RADIUS server in the RADIUS scheme.
Page 431: Local Authentication Of Ftp/Telnet Users
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration A Telnet user logging into the switch by a name in the format of userid @cams belongs to the cams domain and will be authenticated according to the configuration of the cams domain.
Page 432: Hwtacacs Authentication And Authorization Of Telnet Users
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration [Sysname] domain system [Sysname-isp-system] scheme local A Telnet user logging into the switch with the name telnet@system belongs to the "system" domain and will be authenticated according to the configuration of the "system"...
Page 433: Troubleshooting Aaa
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration III. Configuration procedure # Add a Telnet user. (Omitted here) # Configure a HWTACACS scheme. <Sysname> system-view [Sysname] hwtacacs scheme hwtac [Sysname-hwtacacs-hwtac] primary authentication 10.110.91.164 49 [Sysname-hwtacacs-hwtac] primary authorization 10.110.91.164 49 [Sysname-hwtacacs-hwtac] key authentication aabbcc [Sysname-hwtacacs-hwtac] key authorization aabbcc [Sysname-hwtacacs-hwtac] user-name-format without-domain...
Page 434: Troubleshooting Hwtacacs Configuration
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 2 AAA Configuration The communication links (physical/link layer) between the switch and the RADIUS server is disconnected/blocked — Take measures to make the links connected/unblocked. None or incorrect RADIUS server IP address is set on the switch — Be sure to set a correct RADIUS server IP address.
Page 435: Chapter 3 Ead Configuration
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 3 EAD Configuration Chapter 3 EAD Configuration Note: Only the S3100-EI series switches support the EAD configuration. 3.1 Introduction to EAD Endpoint admission defense (EAD) is an attack defense solution. Using this solution, you can enhance the active defense capability of network endpoints, prevents viruses and worms from spreading on the network, and protects the entire network by limiting the access rights of insecure endpoints.
Page 436: Ead Configuration
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 3 EAD Configuration Virus patch server Authentication server Supplicant Security policy server Figure 3-1 Typical network application of EAD After a client passes the authentication, the security Client (software installed on the client PC) interacts with the security policy server to check the security status of the client.
Page 437: Ead Configuration Example
Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 3 EAD Configuration Table 3-1 EAD configuration Operation Command Remarks Enter system view system-view — Enter RADIUS scheme radius scheme — view radius-scheme-name Configure the RADIUS server-type extended Required server type to extended Required Each RADIUS scheme Configure the IP address...
Page 438 Operation Manual – AAA H3C S3100 Series Ethernet Switches Chapter 3 EAD Configuration II. Network diagram Authentication Servers 10.110.91.164 Ethernet1/0/1 Internet User Security Policy Servers Virus Patch Servers 10.110.91.166 10.110.91.168 Figure 3-2 EAD configuration III. Configuration procedure # Configure 802.1x on the switch. Refer to the section ”Configuring 802.1x” of 802.1x Configuration.
Page 439 Operation Manual – MAC Address Authentication H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 MAC Authentication Configuration................1-1 1.1 MAC Authentication Overview ................... 1-1 1.1.1 Performing MAC Authentication on a RADIUS Server ........... 1-1 1.1.2 Performing MAC Authentication Locally ..............1-1 1.2 Related Concepts ......................
Page 440: Chapter 1 Mac Authentication Configuration
Operation Manual – MAC Address Authentication H3C S3100 Series Ethernet Switches Chapter 1 MAC Authentication Configuration Chapter 1 MAC Authentication Configuration 1.1 MAC Authentication Overview MAC authentication provides a way for authenticating users based on ports and MAC addresses, without requiring any client software to be installed on the hosts. Once detecting a new MAC address, it initiates the authentication process.
Page 441: Related Concepts
Operation Manual – MAC Address Authentication H3C S3100 Series Ethernet Switches Chapter 1 MAC Authentication Configuration In fixed mode, all users’ MAC addresses are automatically mapped to the configured local passwords and usernames. The service type of a local user needs to be configured as lan-access. 1.2 Related Concepts 1.2.1 MAC Authentication Timers The following timers function in the process of MAC authentication:...
Page 442: Configuring Basic Mac Authentication Functions
Operation Manual – MAC Address Authentication H3C S3100 Series Ethernet Switches Chapter 1 MAC Authentication Configuration 1.3 Configuring Basic MAC Authentication Functions Table 1-1 Configure basic MAC authentication functions Operation Command Remarks — Enter system view system-view Required Enable MAC authentication mac-authentication Disabled by...
Page 443: Mac Address Authentication Enhanced Function Configuration
Operation Manual – MAC Address Authentication H3C S3100 Series Ethernet Switches Chapter 1 MAC Authentication Configuration Operation Command Remarks Optional The default timeout values are as follows: Configure the mac-authentication timer 300 seconds for { offline-detect offline-detect-value | quiet offline detect authentication quiet-value | server-timeout timer;...
Page 444: Configuring A Guest Vlan
Operation Manual – MAC Address Authentication H3C S3100 Series Ethernet Switches Chapter 1 MAC Authentication Configuration 1.4.2 Configuring a Guest VLAN Note: Different from Guest VLANs described in the 802.1x and System-Guard manual, Guest VLANs mentioned in this section refer to Guests VLANs dedicated to MAC address authentication.
Page 445 Operation Manual – MAC Address Authentication H3C S3100 Series Ethernet Switches Chapter 1 MAC Authentication Configuration Caution: Guest VLANs are implemented in the mode of adding a port to a VLAN. For example, when multiple users are connected to a port, if the first user fails in the authentication, the other users can access only the contents of the Guest VLAN.
Page 446: Configuring The Maximum Number Of Mac Address Authentication Users Allowed To Access A Port
Operation Manual – MAC Address Authentication H3C S3100 Series Ethernet Switches Chapter 1 MAC Authentication Configuration Caution: If more than one client are connected to a port, you cannot configure a Guest VLAN for this port. When a Guest VLAN is configured for a port, only one MAC address authentication user can access the port.
Page 447: Configuring The Quiet Mac Function On A Port
Operation Manual – MAC Address Authentication H3C S3100 Series Ethernet Switches Chapter 1 MAC Authentication Configuration Caution: If both the limit on the number of MAC address authentication users and the limit on the number of users configured in the port security function are configured for a port, the smaller value of the two configured limits is adopted as the maximum number of MAC address authentication users allowed to access this port.
Page 448: Mac Authentication Configuration Example
Operation Manual – MAC Address Authentication H3C S3100 Series Ethernet Switches Chapter 1 MAC Authentication Configuration Operation Command Description reset Clear the statistics of mac-authentication global or on-port MAC statistics [ interface Available in user view authentication interface-type interface-number ] 1.6 MAC Authentication Configuration Example I.
Page 449 Operation Manual – MAC Address Authentication H3C S3100 Series Ethernet Switches Chapter 1 MAC Authentication Configuration [Sysname-luser-00-0d-88-f6-44-c1] quit # Add an ISP domain named aabbcc.net. [Sysname] domain aabbcc.net New Domain added. # Specify to perform local authentication. [Sysname-isp-aabbcc.net] scheme local [Sysname-isp-aabbcc.net] quit # Specify aabbcc.net as the ISP domain for MAC authentication [Sysname] mac-authentication domain aabbcc.net...
Page 450 Operation Manual – ARP H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ARP Configuration....................... 1-1 1.1 Introduction to ARP......................1-1 1.1.1 ARP Function ......................1-1 1.1.2 ARP Message Format..................... 1-1 1.1.3 ARP Table ....................... 1-3 1.1.4 ARP Process ......................
Page 451: Chapter 1 Arp Configuration
Operation Manual – ARP H3C S3100 Series Ethernet Switches Chapter 1 ARP Configuration Chapter 1 ARP Configuration 1.1 Introduction to ARP 1.1.1 ARP Function Address Resolution Protocol (ARP) is used to resolve an IP address into a data link layer address. An IP address is the address of a host at the network layer.
Page 452 Operation Manual – ARP H3C S3100 Series Ethernet Switches Chapter 1 ARP Configuration Hardware type (16 bits) Hardware type (16 bits) Hardware type (16 bits) Protocol type (16 bits) Protocol type (16 bits) Length of hardware address Length of protocol address Length of hardware address Length of protocol address Operator (16 bits) Operator (16 bits)
Page 453: Arp Table
Operation Manual – ARP H3C S3100 Series Ethernet Switches Chapter 1 ARP Configuration Table 1-2 Description on the values of the hardware type field Value Description Ethernet Experimental Ethernet X.25 Proteon ProNET (Token Ring) Chaos IEEE802.X ARC network 1.1.3 ARP Table In an Ethernet, the MAC addresses of two hosts must be available for the two hosts to communicate with each other.
Page 454: Arp Process
Operation Manual – ARP H3C S3100 Series Ethernet Switches Chapter 1 ARP Configuration 1.1.4 ARP Process Figure 1-2 ARP process Suppose that Host A and Host B are on the same subnet and that Host A sends a message to Host B. The resolution process is as follows: Host A looks in its ARP mapping table to see whether there is an ARP entry for Host B.
Page 455: Introduction To Arp Attack Detection
Operation Manual – ARP H3C S3100 Series Ethernet Switches Chapter 1 ARP Configuration To prevent such attacks, you can configure ARP source MAC address consistency check on S3100 series Ethernet switches (operating as gateways). With this function, the device can verify whether an ARP packet is valid by checking the sender MAC address of the ARP packet against the source MAC address in the Ethernet header.
Page 456: Introduction To Arp Packet Rate Limit
Operation Manual – ARP H3C S3100 Series Ethernet Switches Chapter 1 ARP Configuration II. ARP attack detection To guard against the man-in-the-middle attacks launched by hackers or attackers, S3100-EI series Ethernet switches support the ARP attack detection function. All ARP (both request and response) packets passing through the switch are redirected to the CPU, which checks the validity of all the ARP packets by using the DHCP snooping table or the manually configured IP binding table.
Page 457: Introduction To Gratuitous Arp
Operation Manual – ARP H3C S3100 Series Ethernet Switches Chapter 1 ARP Configuration 1.1.8 Introduction to Gratuitous ARP The following are the characteristics of gratuitous ARP packets: Both source and destination IP addresses carried in a gratuitous ARP packet are the local addresses, and the source MAC address carried in it is the local MAC addresses.
Page 458: Configuring Arp Source Mac Address Consistency Check
Operation Manual – ARP H3C S3100 Series Ethernet Switches Chapter 1 ARP Configuration Operation Command Remarks Enable the ARP entry Optional checking function (that is, By default, the ARP disable the switch from arp check enable entry checking learning ARP entries with function is enabled.
Page 459 Operation Manual – ARP H3C S3100 Series Ethernet Switches Chapter 1 ARP Configuration Operation Command Remarks Required By default, after DHCP Specify the current port dhcp-snooping trust snooping is enabled, all as a trusted port ports of a switch are untrusted ports.
Page 460: Configuring The Arp Packet Rate Limit Function
Operation Manual – ARP H3C S3100 Series Ethernet Switches Chapter 1 ARP Configuration Note: You need to enable DHCP snooping and configure DHCP snooping trusted ports on the switch before configuring the ARP attack detection function. For more information about DHCP snooping, refer to the DHCP snooping section in the part discussing DHCP in this manual.
Page 461: Gratuitous Arp Packet Configuration
Operation Manual – ARP H3C S3100 Series Ethernet Switches Chapter 1 ARP Configuration Operation Command Remarks Optional By default, when the port Configure the port state arp protective-down state auto-recovery auto-recovery interval recover interval interval function is enabled, the port state auto-recovery interval is 300 seconds.
Page 462: Arp Configuration Example
Operation Manual – ARP H3C S3100 Series Ethernet Switches Chapter 1 ARP Configuration Table 1-9 Display and debug ARP Operation Command Remarks Display specific ARP display arp [ static | dynamic | mapping table entries ip-address ] Display the ARP mapping display arp [ dynamic | static ] | entries related to a specified { begin | include | exclude }...
Page 463: Arp Attack Detection And Packet Rate Limit Configuration Example
Operation Manual – ARP H3C S3100 Series Ethernet Switches Chapter 1 ARP Configuration 1.5.2 ARP Attack Detection and Packet Rate Limit Configuration Example I. Network requirements As shown in Figure 1-4, Ethernet1/0/1 of Switch A (S3100-EI) connects to DHCP Server; Ethernet1/0/2 connects to Client A, Ethernet1/0/3 connects to Client B. Ethernet1/0/1, Ethernet1/0/2 and Ethernet1/0/3 belong to VLAN 1.
Page 464 Operation Manual – ARP H3C S3100 Series Ethernet Switches Chapter 1 ARP Configuration # Enable ARP attack detection on all ports in VLAN 1. [SwitchA] vlan 1 [SwitchA-vlan1] arp detection enable [SwitchA-vlan1] quit # Enable the ARP packet rate limit function on Ethernet1/0/2, and set the maximum ARP packet rate allowed on the port to 20 pps.
Page 465 Operation Manual – DHCP H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 DHCP Overview......................1-1 1.1 Introduction to DHCP......................1-1 1.2 DHCP IP Address Assignment ..................1-1 1.2.1 IP Address Assignment Policy ................1-1 1.2.2 Obtaining IP Addresses Dynamically ..............1-2 1.2.3 Updating IP Address Lease ..................
Page 466 Operation Manual – DHCP H3C S3100 Series Ethernet Switches Table of Contents 4.5 Displaying DHCP/BOOTP Client Configuration..............4-3...
Page 467: Chapter 1 Dhcp Overview
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 1 DHCP Overview Chapter 1 DHCP Overview 1.1 Introduction to DHCP With networks getting larger in size and more complicated in structure, lack of available IP addresses becomes the common situation the network administrators have to face, and network configuration becomes a tough task for the network administrators.
Page 468: Obtaining Ip Addresses Dynamically
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 1 DHCP Overview Dynamic assignment. The DHCP server assigns IP addresses to DHCP clients for predetermined period of time. In this case, a DHCP client must apply for an IP address again at the expiration of the period.
Page 469: Updating Ip Address Lease
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 1 DHCP Overview 1.2.3 Updating IP Address Lease After a DHCP server dynamically assigns an IP address to a DHCP client, the IP address keeps valid only within a specified lease time and will be reclaimed by the DHCP server when the lease expires.
Page 470: Protocol Specification
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 1 DHCP Overview hops: Number of DHCP relay agents which a DHCP packet passes. For each DHCP relay agent that the DHCP request packet passes, the field value increases by 1. xid: Random number that the client selects when it initiates a request.
Page 471: Chapter 2 Dhcp Snooping Configuration
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration Chapter 2 DHCP Snooping Configuration 2.1 Introduction 2.1.1 Introduction to DHCP Snooping For the sake of security, the IP addresses used by online DHCP clients need to be tracked for the administrator to verify the corresponding relationship between the IP addresses the DHCP clients obtained from DHCP servers and the MAC addresses of the DHCP clients.
Page 472: Introduction To Dhcp Snooping Trusted/Untrusted Ports
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration 2.1.2 Introduction to DHCP Snooping Trusted/Untrusted Ports When an unauthorized DHCP server exists in the network, a DHCP client may obtains an illegal IP address. To ensure that the DHCP clients obtain IP addresses from valid DHCP servers, The S3100-EI series Ethernet switches can specify a port to be a trusted port or an untrusted port by the DHCP snooping function.
Page 473: Overview Of Dhcp-Snooping Option 82
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration 2.1.4 Overview of DHCP-Snooping Option 82 I. Introduction to Option 82 Option 82 is the relay agent information option in the DHCP message. It records the location information of the DHCP client.
Page 474 Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration Figure 2-3 Extended format of the remote ID sub-option In practice, some network devices do not support the type and length identifiers of the Circuit ID and Remote ID sub-options. To interwork with these devices, S3100-EI Series Ethernet Switches support Option 82 in the standard format.
Page 475 Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration Handling Sub-option The DHCP Snooping device will… policy configuration Forward the packet after replacing the original Option 82 with the default content. Neither of the two The storage format of Option 82 content is the sub-options is one specified with the dhcp-snooping...
Page 476: Overview Of Ip Filtering
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration forwarding the packet, or will directly forward the packet if the packet does not contain the Option 82 field. 2.1.5 Overview of IP Filtering A denial-of-service (DoS) attack means an attempt of an attacker sending a large number of forged address requests with different source IP addresses to the server so that the network cannot work normally.
Page 477: Dhcp Snooping Configuration
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration table or static binding table, the switch regards the packet as a valid packet and forwards it; otherwise, the switch drops it directly. 2.2 DHCP Snooping Configuration 2.2.1 Configuring DHCP Snooping Table 2-3 Configure DHCP snooping Operation...
Page 478: Configuring Unauthorized Dhcp Server Detection
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration Note: Only the S3100-EI series among S3100 series switches support the configuration of DHCP snooping trusted ports.S3100-SI series Ethernet switches do not support the configuration of DHCP snooping trusted ports. That is, after DHCP snooping is enabled, all ports of the S3100-SI series Ethernet switches are trusted ports.
Page 479: Configuring Dhcp Snooping To Support Option 82
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration Operation Command Description Display information about display dhcp-snooping unauthorized DHCP Available in any view server-guard servers Note: You need to enable DHCP snooping before enabling unauthorized DHCP server detection.
Page 480 Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration I. Enable DHCP-snooping Option 82 support Table 2-7 Enable DHCP-snooping Option 82 support Operation Command Description Enter system view system-view — Required Enable DHCP-snooping dhcp-snooping By default, DHCP Option 82 support information enable snooping Option 82...
Page 481 Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration Table 2-9 Configure a storage format for the Option 82 field Operation Command Description Enter system view system-view — Optional Configure a storage dhcp-snooping format for the Option 82 information format { hex By default, the format is field...
Page 482 Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration Note: If you have configured a circuit ID with the vlan vlan-id argument specified, and the other one without the argument in Ethernet port view, the former circuit ID applies to the DHCP messages from the specified VLAN;...
Page 483: Configuring Ip Filtering
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration Note: If you configure a remote ID sub-option in both system view and on a port, the remote ID sub-option configured on the port applies when the port receives a packet, and the global remote ID applies to other interfaces that have no remote ID sub-option configured.
Page 484: Displaying Dhcp Snooping Configuration
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration Operation Command Description Required ip check source Enable IP filtering ip-address By default, this function is [ mac-address ] disabled. ip source static binding Optional Create an IP static binding ip-address ip-address By default, no static entry...
Page 485: Dhcp Snooping Configuration Example
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration Table 2-14 Display DHCP snooping Operation Command Description Display the user IP-MAC address mapping entries display dhcp-snooping [ unit recorded by the DHCP unit-id ] snooping function Display the You can execute (enabled/disabled) state...
Page 486 Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration II. Network diagram DHCP Server Eth1/0/5 Switch DHCP Snooping Eth1/0/1 Eth1/0/3 Eth1/0/2 Client A Client B Client C Figure 2-6 Network diagram for DHCP-snooping Option 82 support configuration III.
Page 487: Unauthorized Dhcp Server Detection Configuration Example
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration 2.5.2 Unauthorized DHCP Server Detection Configuration Example I. Network requirements As shown in Figure 2-7, Ethernet 1/0/1 of the switch (S3100-SI) is connected to the DHCP server, and Ethernet 1/0/2 and Ethernet 1/0/3 are respectively connected to Client A, Client B.
Page 488: Ip Filtering Configuration Example
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration [Sysname-Ethernet1/0/2] dhcp-snooping server-guard enable # Specify the method for handling unauthorized DHCP servers as trap on Ethernet 1/0/2. [Sysname-Ethernet1/0/2] dhcp-snooping server-guard method trap [Sysname-Ethernet1/0/2] quit # Enable unauthorized DHCP server detection on Ethernet 1/0/3. [Sysname] interface ethernet1/0/3 [Sysname-Ethernet1/0/3] dhcp-snooping server-guard enable # Specify the method for handling unauthorized DHCP servers as shutdown on...
Page 489 Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration II. Network diagram DHCP Server Eth1/0/1 Switch DHCP Snooping Eth1/0/2 Eth1/0/4 Eth1/0/3 Host A Client B Client C IP:1.1.1.1 MAC:0001-0001-0001 Figure 2-8 Network diagram for IP filtering configuration III.
Page 490 Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 2 DHCP Snooping Configuration [Switch-Ethernet1/0/2] source static binding ip-address 1.1.1.1 mac-address 0001-0001-0001 2-20...
Page 491: Chapter 3 Dhcp Packet Rate Limit Configuration
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 3 DHCP Packet Rate Limit Configuration Chapter 3 DHCP Packet Rate Limit Configuration Note: The contents of this chapter are only applicable to the S3100-EI series among S3100 series switches. 3.1 Introduction to DHCP Packet Rate Limit To prevent ARP attacks and attacks from unauthorized DHCP servers, ARP packets and DHCP packets will be processed by the switch CPU for validity checking.
Page 492: Configuring Dhcp Packet Rate Limit
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 3 DHCP Packet Rate Limit Configuration 3.2 Configuring DHCP Packet Rate Limit 3.2.1 Configuring DHCP Packet Rate Limit Table 3-1 Configure rate limit of DHCP packets Operation Command Description Enter system view system-view —...
Page 493: Rate Limit Configuration Example
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 3 DHCP Packet Rate Limit Configuration Operation Command Description Optional Configure the port state dhcp protective-down By default, the auto-recovery interval recover interval interval auto-discovery interval is 300 seconds. 3.3 Rate Limit Configuration Example I.
Page 494 Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 3 DHCP Packet Rate Limit Configuration [Switch-Ethernet1/0/1] dhcp-snooping trust [Switch-Ethernet1/0/1] quit # Enable auto recovery. [Switch] dhcp protective-down recover enable # Set the port state auto-recovery interval to 30 seconds. [Switch] dhcp protective-down recover interval 30 # Enter port view.
Page 495: Chapter 4 Dhcp/Bootp Client Configuration
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 4 DHCP/BOOTP Client Configuration Chapter 4 DHCP/BOOTP Client Configuration 4.1 Introduction to DHCP Client After you specify a VLAN interface as a DHCP client, the device can use DHCP to obtain parameters such as IP address dynamically from the DHCP server, which facilitates user configuration and management.
Page 496: Configuring A Dhcp/Bootp Client
Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 4 DHCP/BOOTP Client Configuration 4.3 Configuring a DHCP/BOOTP Client Table 4-1 Configure a DHCP/BOOTP client Operation Command Description Enter system view — system-view interface Vlan-interface Enter VLAN interface view — vlan-id Required Configure the VLAN...
Page 497 Operation Manual – DHCP H3C S3100 Series Ethernet Switches Chapter 4 DHCP/BOOTP Client Configuration II. Network diagram Figure 4-1 A DHCP network III. Configuration procedure The following describes only the configuration on Switch A serving as a DHCP client. # Configure VLAN-interface 1 to dynamically obtain an IP address by using DHCP. <SwitchA>...
Page 498 Operation Manual – ACL H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ACL Configuration....................... 1-1 1.1 ACL Overview ........................1-1 1.1.1 ACL Matching Order ....................1-1 1.1.2 Ways to Apply an ACL on a Switch................. 1-2 1.1.3 Types of ACLs Supported by S3100 Series Ethernet Switches ......
Page 499: Acl Overview
Operation Manual – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration Chapter 1 ACL Configuration 1.1 ACL Overview As the network scale and network traffic are increasingly growing, security control and bandwidth assignment play a more and more important role in network management. Filtering data packets can prevent a network from being accessed by unauthorized users efficiently while controlling network traffic and saving network resources.
Page 500: Ways To Apply An Acl On A Switch
Operation Manual – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration I. Depth-first match order for rules of a basic ACL Range of source IP address: The smaller the source IP address range (that is, the more the number of zeros in the wildcard mask), the higher the match priority. Fragment keyword: A rule with the fragment keyword is prior to others.
Page 501: Types Of Acls Supported By S3100 Series Ethernet Switches
Operation Manual – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration II. Being referenced by upper-level software ACLs can also be used to filter and classify the packets to be processed by software. In this case, the rules in an ACL can be matched in one of the following two ways: config, where rules in an ACL are matched in the order defined by the user.
Page 502: Acl Configuration
Operation Manual – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration 1.2 ACL Configuration 1.2.1 Configuring Time Range Time ranges can be used to filter packets. You can specify a time range for each rule in an ACL. A time range-based ACL takes effect only in specified time ranges. Only after a time range is configured and the system time is within the time range, can an ACL rule take effect.
Page 503: Configuring Basic Acl
Operation Manual – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration section ranging from 00:00 January 1, 2004 to 23:59 December 31, 2004, and a periodic time section ranging from 12:00 to 14:00 on every Wednesday. This time range is active only when the system time is within the range from 12:00 to 14:00 on every Wednesday in 2004.
Page 504 Operation Manual – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration II. Configuration Procedure Table 1-2 Define a basic ACL rule Operation Command Description Enter system view system-view — Create an ACL and Required acl number acl-number enter basic ACL [ match-order { auto | config } ] config by default view...
Page 505: Configuring Advanced Acl
Operation Manual – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration Acl's step is 1 rule 0 deny source 192.168.0.1 0 1.2.3 Configuring Advanced ACL An advanced ACL can filter packets by their source and destination IP addresses, the protocols carried by IP, and protocol-specific features such as TCP/UDP source and destination ports, ICMP message type and message code.
Page 506: Configuring Layer 2 Acl
Operation Manual – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration Note that: With the config match order specified for the advanced ACL, you can modify any existent rule. The unmodified part of the rule remains. With the auto match order specified for the ACL, you cannot modify any existent rule;...
Page 507 Operation Manual – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration The settings to be specified in the rule, such as source and destination MAC addresses, VLAN priorities, and Layer 2 protocol types, are determined. II. Configuration Procedure Table 1-4 Define a Layer 2 ACL rule Operation Command...
Page 508: Acl Assignment
Operation Manual – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration [Sysname-acl-ethernetframe-4000] display acl 4000 Ethernet frame ACL 4000, 1 rule Acl's step is 1 rule 0 deny cos excellent-effort source 000d-88f5-97ed ffff-ffff-ffff dest 0011-4301-991e ffff-ffff-ffff 1.3 ACL Assignment On an S3100-EI Ethernet switch, you can assign ACLs to the hardware for packet filtering.
Page 509: Assigning An Acl To A Vlan
Operation Manual – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration Operation Command Description Required Assign an ACL packet-filter inbound For description on the acl-rule globally acl-rule argument, refer to ACL Command. III. Configuration example # Apply ACL 2000 globally to filter the inbound packets on all the ports. <Sysname>...
Page 510: Assigning An Acl To A Port Group
Operation Manual – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration 1.3.3 Assigning an ACL to a Port Group I. Configuration prerequisites Before applying ACL rules to a VLAN, you need to define the related ACLs. For information about defining an ACL, refer to section 1.2.2 Configuring Basic ACL, section...
Page 511: Displaying Acl Configuration
Operation Manual – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration II. Configuration procedure Table 1-8 Apply an ACL to a port Operation Command Description — Enter system view system-view Enter Ethernet port interface interface-type — view interface-number Required Apply an ACL to the For description on the...
Page 512: Example For Upper-Layer Software Referencing Acls
Operation Manual – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration 1.5 Example for Upper-layer Software Referencing ACLs 1.5.1 Example for Controlling Telnet Login Users by Source IP I. Network requirements Apply an ACL to permit users with the source IP address of 10.110.100.52 to telnet to the switch.
Page 513: Example For Applying Acls To Hardware
Operation Manual – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration II. Network diagram Internet Switch 10.110.100.46 Figure 1-2 Network diagram for controlling Web login users by source IP III. Configuration procedure # Define ACL 2001. <Sysname> system-view [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule 1 permit source 10.110.100.46 0 [Sysname-acl-basic-2001] quit...
Page 514: Advanced Acl Configuration Example
Operation Manual – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration III. Configuration procedure # Define a periodic time range that is active from 8:00 to 18:00 everyday. <Sysname> system-view [Sysname] time-range test 8:00 to 18:00 daily # Define ACL 2000 to filter packets with the source IP address of 10.1.1.1. [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule 1 deny source 10.1.1.1 0 time-range test [Sysname-acl-basic-2000] quit...
Page 515: Layer 2 Acl Configuration Example
Operation Manual – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration [Sysname-acl-adv-3000] rule 1 deny ip destination 192.168.1.2 0 time-range test [Sysname-acl-adv-3000] quit # Apply ACL 3000 on Ethernet 1/0/1. [Sysname] interface Ethernet1/0/1 [Sysname-Ethernet1/0/1] packet-filter inbound ip-group 3000 1.6.3 Layer 2 ACL Configuration Example I.
Page 516: Example For Applying An Acl To A Port Group
Operation Manual – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration 1.6.4 Example for Applying an ACL to a Port Group I. Network requirements PC 1, PC 2 and PC 3 connect to the switch through Ethernet 1/0/1, Ethernet 1/0/2 and Ethernet 1/0/3 respectively.
Page 517 Operation Manual – ACL H3C S3100 Series Ethernet Switches Chapter 1 ACL Configuration [Sysname-port-group-1] packet-filter inbound ip-group 3000 1-19...
Page 518 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 QoS Configuration....................... 1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to QoS ....................1-1 1.1.2 Traditional Packet Forwarding Service ..............1-1 1.1.3 New Applications and New Requirements.............. 1-1 1.1.4 Major Traffic Control Techniques ................
Page 519 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Table of Contents 2.2 QoS Profile Configuration ....................2-2 2.2.1 Configuring a QoS Profile ..................2-2 2.2.2 Applying a QoS Profile .................... 2-3 2.2.3 Displaying QoS Profile Configuration..............2-4 2.3 Configuration Example ...................... 2-5 2.3.1 QoS Profile Configuration Example ................
Page 520: Chapter 1 Qos Configuration
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration Chapter 1 QoS Configuration 1.1 Overview 1.1.1 Introduction to QoS Quality of Service (QoS) is a concept concerning service demand and supply. It reflects the ability to meet customer needs. Generally, QoS does not focus on grading services precisely, but on improving services under certain conditions.
Page 521: Major Traffic Control Techniques
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration are critical for videoconference and VoD. As for other applications, such as transaction processing and Telnet, although bandwidth is not as critical, a too long delay may cause unexpected results.
Page 522: Qos Supported By The S3100 Series Ethernet Switches
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration adjusting traffic. Congestion avoidance is usually applied in the outbound direction of a port. Traffic classification is the basis of all the above-mentioned traffic management technologies. It identifies packets using certain rules and makes differentiated services possible.
Page 523: Introduction To Qos Features
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration Category Features Refer to… information about priority trust mode, refer Priority trust mode information about traffic QoS actions directly shaping, refer to configured as required: Traffic Policing Traffic Priority trust mode...
Page 524: Priority Trust Mode
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration 1.3.2 Priority Trust Mode I. Precedence types IP precedence, ToS precedence, and DSCP precedence Figure 1-2 DS field and ToS byte The ToS field in an IP header contains eight bits numbered 0 through 7, among which, The first three bits indicate IP precedence in the range 0 to 7.
Page 525 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration Assured forwarding (AF) class: This class is further divided into four subclasses (AF1/2/3/4) and a subclass is further divided into three drop priorities, so the AF service level can be segmented.
Page 526 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration 802.1p priority lies in Layer 2 packet headers and is applicable to occasions where the Layer 3 packet header does not need analysis but QoS must be assured at Layer 2. Figure 1-3 An Ethernet frame with an 802.1Q tag header As shown in the figure above, each host supporting 802.1Q protocol adds a 4-byte 802.1Q tag header after the source address of the former Ethernet frame header when...
Page 527 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration The precedence is called 802.1p priority because the related applications of this precedence are defined in detail in the 802.1p specifications. Local precedence Local precedence is a locally significant precedence that the device assigns to a packet. A local precedence value corresponds to one of the eight hardware output queues.
Page 528 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration Trusted priority Description type The switch searches for the local precedence corresponding to the DSCP value of the packet in the DSCP precedence DSCP-to-local precedence mapping table and assigns the local precedence to the packet.
Page 529: Priority Marking
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration Table 1-8 IP-precedence-to-local-precedence mapping table IP precedence Local precedence Note: The configuration of trusting the IP precedence of received packets and the IP-precedence-to-local-precedence mapping tables are not available on S3100-EI series Ethernet switches.
Page 530 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration implemented according to the evaluation result on the premise of knowing whether the traffic exceeds the specification when traffic policing or traffic shaping is performed. Normally, token bucket is used for traffic evaluation. I.
Page 531 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration III. Traffic policing The typical application of traffic policing is to supervise specific traffic into the network and limit it to a reasonable range, or to "discipline" the extra traffic. In this way, the network resources and the interests of the operators are protected.
Page 532: Port Rate Limiting
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration Figure 1-6 Diagram for traffic shaping For example, if the device A sends packets to the device B. The device B will perform traffic policing on packets from the device A to drop the packets beyond the specification.
Page 533: Queue Scheduling
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration 1.3.7 Queue Scheduling When the network is congested, the problem that many packets compete for resources must be solved, usually through queue scheduling. In the following section, strict priority (SP) queues, weighted round robin (WRR), and HQ-WRR (High Queue-WRR) queues are introduced.
Page 534: Flow-Based Traffic Accounting
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration Figure 1-8 Diagram for WRR queuing WRR queue-scheduling algorithm schedules all the queues in turn and every queue can be assured of a certain service time. Assume there are four output queues on a port.
Page 535: Traffic Mirroring
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration Large amount of broadcast/multicast packets and large burst traffic exist. Packets of high-rate links are forwarded to low-rate links or packets of multiple links with the equal rates are forwarded to a single link that is of the same rate as that of the incoming links.
Page 536 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration You can configure the switch to trust the 802.1p priority, DSCP precedence, or IP precedence of packets. If no trusted priority type is specified, the switch trusts the 802.1p priority of received packets.
Page 537 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration Operation Command Description Required By default, the S3100 series switches trust port priority. If you configure to trust packet priority without specifying the trusted priority type, the switch trusts the 802.1p priority of the received packets.
Page 538: Configuring Priority Mapping
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration [Sysname] undo priority trust [Sysname] interface Ethernet 1/0/1 [Sysname-Ethernet1/0/1] priority 7 # Configure an S3100-SI switch to trust the DSCP precedence of the received packets. <Sysname> system-view [Sysname] priority-trust dscp # Configure an S3100-EI switch to trust the DSCP precedence of the received packets.
Page 539 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration Table 1-12 Configure DSCP-precedence-to-local-precedence mapping table Operation Command Description Enter system view system-view — Configure DSCP-precedence-to-local- dscp-local-precedence-map Required precedence mapping table dscp-list : local-precedence Table 1-13 Configure IP-precedence-to-local-precedence mapping table Operation Command Description...
Page 540: Marking Packet Priority
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration 1.4.3 Marking Packet Priority Note: Only H3C S3100-EI series switches support this configuration. Refer to section Priority Marking for information about marking packet priority. Marking packet priority can be implemented in the following two ways: Through traffic policing When configuring traffic policing, you can define the action of marking the 802.1p priority and DSCP precedence for packets exceeding the traffic specification.
Page 541 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration Table 1-15 Mark the priority for packets that are of a VLAN and match specific ACL rules Operation Command Description Enter system view — system-view traffic-priority vlan vlan-id Mark the priorities for inbound acl-rule { dscp packets matching...
Page 542: Configuring Traffic Policing
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration Method I <Sysname> system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255 [Sysname-acl-basic-2000] quit [Sysname] interface Ethernet1/0/1 [Sysname-Ethernet1/0/1] traffic-priority inbound ip-group 2000 dscp 56 Method II <Sysname>...
Page 543 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration Table 1-18 Configure traffic policing for all the packets matching specific ACL rules Operation Command Description Enter system view system-view — Required traffic-limit inbound acl-rule target-rate Configure traffic [ burst-bucket burst-bucket-size ] By default, traffic...
Page 544 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration Table 1-21 Configure traffic policing for packets passing a port and matching specific ACL rules Operation Command Description Enter system system-view — view Enter Ethernet interface interface-type interface-number —...
Page 545: Configuring Traffic Shaping
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration [Sysname] traffic-limit vlan 2 inbound ip-group 2000 128 exceed remark-dscp 1.4.5 Configuring Traffic Shaping Note: Only H3C S3100-EI series switches support this configuration. Refer to section Traffic Policing and Traffic Shaping for information about traffic shaping.
Page 546: Configuring Traffic Redirecting
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration I. Configuration prerequisites The port on which port rate limiting configuration is to be performed is determined. The target rate and the direction of rate limiting (inbound or outbound) are determined.
Page 547 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration II. Configuration procedure You can redirect all the packets matching specific ACL rules, or packets that match specific ACL rules and are of a VLAN, of a port group, or pass a port. Table 1-24 Redirect all the packets matching specific ACL rules Operation Command...
Page 548: Configuring Queue Scheduling
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration Note: The traffic redirecting function configured on a VLAN is only applicable to packets tagged with 802.1Q header. Packets redirected to the CPU are not forwarded. If the traffic is redirected to a Combo port in down state, the system automatically redirects the traffic to the port corresponding to the Combo port in up state.
Page 549: Configuring Traffic Accounting
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration II. Configuration procedure Table 1-28 Configure queue scheduling Operation Command Description Enter system view system-view — Required queue-scheduler { strict-priority | hq-wrr By default, all the ports Configure queue queue0-weight queue1-weight adopt the WRR queue...
Page 550 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration I. Configuration prerequisites The ACL rules for traffic classification are defined. Refer to the ACL module of this manual for information about defining ACL rules. II. Configuration procedure You can generate traffic statistics or clear traffic statistics on all the packets matching specific ACL rules, or on packets that match specific ACL rules and are of a VLAN, of a port group, or pass a port.
Page 551: Enabling The Burst Function
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration Table 1-32 Generate traffic statistics on packets passing a port and matching specific ACL rules Operation Command Description Enter system view — system-view interface interface-type Enter Ethernet port view —...
Page 552: Configuring Traffic Mirroring
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration I. Configuration prerequisites The burst function is required. II. Configuration procedure Table 1-33 Enable the burst function Operation Command Description Enter system view system-view — Required Enable the burst burst-mode enable By default, the burst function is...
Page 553 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration Table 1-34 Configure traffic mirroring globally Operation Command Description Enter system view system-view — Enter Ethernet port view of interface interface-type — the destination port interface-number Define the current port as the monitor-port Required...
Page 554 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration Table 1-37 Configure traffic mirroring for a port Operation Command Description Enter system view system-view — Enter Ethernet port view of interface interface-type — the destination port interface-number Define the current port as the monitor-port...
Page 555: Displaying Qos
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration [Sysname-acl-basic-2000] quit [Sysname] interface Ethernet 1/0/4 [Sysname-Ethernet1/0/4] monitor-port [Sysname-Ethernet1/0/4] quit [Sysname] mirrored-to vlan 2 inbound ip-group 2000 monitor-interface 1.4.12 Displaying QoS After the above configuration, you can execute the display command in any view to view the running status of QoS and verify the configuration.
Page 556: Qos Configuration Example
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration Operation Command Description display qos-interface Display traffic shaping { interface-type configuration of a port or all the interface-number | unit-id } ports traffic-shape display qos-interface Display traffic accounting { interface-type configuration of a port or all the interface-number | unit-id }...
Page 557 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 1 QoS Configuration II. Network diagram To the router Eth1/0/1 Eth1/0/2 Switch The marketing The R&D department department 192.168.2.0/24 192.168.1.0/24 Figure 1-9 Network diagram for traffic policing configuration III. Configuration procedure Define an ACL for traffic classification.
Page 558: Chapter 2 Qos Profile Configuration
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 2 QoS Profile Configuration Chapter 2 QoS Profile Configuration Note: Only H3C S3100-EI series switches support this configuration. 2.1 Overview 2.1.1 Introduction to QoS Profile QoS profile is a set of QoS configurations. It provides an easy way for performing and managing QoS configuration.
Page 559: Qos Profile Configuration
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 2 QoS Profile Configuration The switch directly applies the QoS profile to the port the user is connected to. Note: A user-based QoS profile application fails if the traffic classification rule defined in the QoS profile contains source address information (including source MAC address information, source IP address information, and VLAN information).
Page 560: Applying A Qos Profile
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 2 QoS Profile Configuration Operation Command Description traffic-limit inbound acl-rule target-rate [ burst-bucket Configure traffic burst-bucket-size ] [ conform Optional policing con-action ] [ exceed exceed-action ] [ meter-statistic ] Optional Refer to the ACL module Configure packet...
Page 561: Displaying Qos Profile Configuration
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 2 QoS Profile Configuration Operation Command Description Configure the Optional mode to apply qos-profile By default, the mode to apply a QoS profile port-based a QoS profile is user-based. as port-based 802.1x authentication...
Page 562: Configuration Example
Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 2 QoS Profile Configuration 2.3 Configuration Example 2.3.1 QoS Profile Configuration Example I. Network requirements All departments of a company are interconnected through a switch. The 802.1x protocol is used to authenticate users and control their access to network resources. A user name is someone, and the authentication password is hello.
Page 563 Operation Manual – QoS-QoS Profile H3C S3100 Series Ethernet Switches Chapter 2 QoS Profile Configuration [Sysname-radius-radius1] secondary accounting 10.11.1.1 # Set the encryption passwords for the switch to exchange packets with the authentication RADIUS servers and accounting RADIUS servers. [Sysname-radius-radius1] key authentication money [Sysname-radius-radius1] key accounting money # Configure the switch to delete the user domain name from the user name and then send the user name to the RADIUS sever.
Page 564 Operation Manual – Mirroring H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Mirroring Configuration ....................1-1 1.1 Mirroring Overview......................1-1 1.1.1 Local Port Mirroring....................1-1 1.1.2 Remote Port Mirroring..................... 1-2 1.2 Mirroring Configuration ...................... 1-4 1.2.1 Configuring Local Port Mirroring ................
Page 565: Mirroring Overview
Operation Manual – Mirroring H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration Chapter 1 Mirroring Configuration 1.1 Mirroring Overview Mirroring refers to the process of copying packets of one or more ports (source ports) to a destination port which is connected to a data detection device. Users can then use the data detection device to analyze the mirrored packets on the destination port for monitoring and troubleshooting the network.
Page 566: Remote Port Mirroring
Operation Manual – Mirroring H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration 1.1.2 Remote Port Mirroring Remote port mirroring does not require the source and destination ports to be on the same device. The source and destination ports can be located on multiple devices across the network.
Page 567: Mirroring Configuration
Operation Manual – Mirroring H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration Table 1-1 Ports involved in the mirroring operation Switch Ports involved Function Port monitored. It copies packets to the Source port reflector port through local port mirroring. There can be more than one source port.
Page 568: Configuring Local Port Mirroring
Operation Manual – Mirroring H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration 1.2 Mirroring Configuration Table 1-2 Mirroring configuration tasks Task Remarks Configuring Local Port Mirroring Optional Configuring Remote Port Mirroring Optional 1.2.1 Configuring Local Port Mirroring I. Configuration prerequisites The source port is determined and the direction in which the packets are to be mirrored is determined.
Page 569: Configuring Remote Port Mirroring
Operation Manual – Mirroring H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration You need to configure the source and destination ports for the local port mirroring to take effect. The destination port cannot be a member port of an aggregation group or a port enabled with LACP or STP.
Page 570 Operation Manual – Mirroring H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration Operation Command Description Return to system view quit — Create a remote source mirroring-group group-id Required mirroring group remote-source mirroring-group group-id Configure source port(s) mirroring-port for the remote source Required mirroring-port-list { both | mirroring group...
Page 571 Operation Manual – Mirroring H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration Table 1-5 Configuration on the intermediate switch Operation Command Description Enter system view system-view — Create a VLAN and enter vlan-id is the ID of the vlan vlan-id VLAN view remote-probe VLAN.
Page 572: Displaying Port Mirroring
Operation Manual – Mirroring H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration Operation Command Description Required Configure the current port link-type trunk By default, the port type port as trunk port is Access. Configure trunk port to port trunk permit vlan permit packets from the Required remote-probe-vlan-id...
Page 573: Mirroring Configuration Example
Operation Manual – Mirroring H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration 1.3 Mirroring Configuration Example 1.3.1 Local Port Mirroring Configuration Example I. Network requirements The departments of a company connect to each other through S3100 Ethernet switches: Research and Development (R&D) department is connected to Switch C through Ethernet 1/0/1.
Page 574: Remote Port Mirroring Configuration Example
Operation Manual – Mirroring H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration [Sysname] mirroring-group 1 monitor-port Ethernet 1/0/3 # Display configuration information about local mirroring group 1. [Sysname] display mirroring-group 1 mirroring-group 1: type: local status: active mirroring port: Ethernet1/0/1 both Ethernet1/0/2...
Page 575 Operation Manual – Mirroring H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration II. Network diagram Figure 1-4 Network diagram for remote port mirroring III. Configuration procedure Configure the source switch (Switch A) # Create remote source mirroring group 1. <Sysname>...
Page 576 Operation Manual – Mirroring H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration Ethernet1/0/1 inbound Ethernet1/0/2 inbound reflector port: Ethernet1/0/4 remote-probe vlan: 10 Configure the intermediate switch (Switch B) # Configure VLAN 10 as the remote-probe VLAN. <Sysname> system-view [Sysname] vlan 10 [Sysname-vlan10] remote-probe vlan enable [Sysname-vlan10] quit # Configure Ethernet 1/0/1 as the trunk port, allowing packets of VLAN 10 to pass.
Page 577 Operation Manual – Mirroring H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration mirroring-group 1: type: remote-destination status: active monitor port: Ethernet1/0/2 remote-probe vlan: 10 After the configurations, you can monitor all packets sent from Department 1 and 2 on the data detection device.
Page 578 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Stack ..........................1-1 1.1 Stack Function Overview ....................1-1 1.1.1 The Main Switch of a Stack..................1-1 1.1.2 The Slave Switches of a Stack................1-1 1.1.3 Creating a Stack......................
Page 579: Chapter 1 Stack
Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 1 Stack Chapter 1 Stack 1.1 Stack Function Overview A stack is a management domain formed by a group of Ethernet switches interconnected through their stack ports. A stack contains a main switch and multiple slave switches.
Page 580: Main Switch Configuration
Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 1 Stack When adding a switch joins in a stack, the main switch automatically assigns an IP address to it. The main switch automatically adds any switches that are newly connected to the stack through their stack ports to the stack.
Page 581: Maintaining Slave Switches
Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 1 Stack Make sure the IP addresses in the IP address pool of a stack are successive so that they can be assigned successively. For example, the IP addresses in an IP address pool with its start IP address something like 223.255.255.254 are not successive.
Page 582: Slave Switch Configuration
Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 1 Stack You can configure the stack-port function on the stack ports that are connected with other switches to choose whether to send join-in requests to the switches, so as to prevent the switches that do not belong to the local stack from joining in.
Page 583: Stack Configuration Example
Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 1 Stack Operation Command Description Optional The display command can be executed in any view. Display the stack The displayed information indicates status information display stacking that the local switch is a slave switch. on a slave switch The information such as stack number of the local switch, and the MAC...
Page 584 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 1 Stack # Create the stack on switch A. [Sysname] stacking enable [stack_0.Sysname] quit <stack_0.Sysname> # Display the information about the stack on switch A. <stack_0.Sysname> display stacking Main device for stack. Total members:3 Management-vlan:1(default vlan) # Display the information about the stack members on switch A.
Page 585 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 1 Stack # Switch back to Switch A. <stack_1.Sysname> quit <stack_0.Sysname> # Switch to Switch C (a slave switch). <stack_0.Sysname> stacking 2 <stack_2.Sysname> # Switch back to Switch A. <stack_2.Sysname> quit <stack_0.Sysname>...
Page 586: Chapter 2 Cluster
Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster Chapter 2 Cluster 2.1 Cluster Overview 2.1.1 Introduction to HGMP A cluster contains a group of switches. Through cluster management, you can manage multiple geographically dispersed in a centralized way. Cluster management is implemented through Huawei group management protocol (HGMP).
Page 587: Roles In A Cluster
Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster It eases the configuration and management of multiple switches: You just need to configure a public IP address for the management device instead of for all the devices in the cluster; and then you can configure and manage all the member devices through the management device without the need to log onto them one by one.
Page 588 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster Role Configuration Function Normally, a candidate Candidate device refers to the devices device is not Candidate device that do not belong to any clusters but are assigned an cluster-capable.
Page 589: How A Cluster Works
Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster 2.1.3 How a Cluster Works HGMPv2 consists of the following three protocols: Neighbor discovery protocol (NDP) Neighbor topology discovery protocol (NTDP) Cluster A cluster configures and manages the devices in it through the above three protocols. Cluster management involves...
Page 590 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster II. Introduction to NTDP NTDP is a protocol used to collect network topology information. NTDP provides information required for cluster management: it collects topology information about the switches within the specified hop count, so as to provide the information of which devices can be added to a cluster.
Page 591 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster Note: To implement NTDP, you need to enable NTDP both globally and on specific ports on the management device, and configure NTDP parameters. On member/candidate devices, you only need to enable NTDP globally and on specific ports.
Page 592 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster through NDP and NTDP, and adds them to the cluster. You can also add candidate devices to a cluster manually. After a candidate device is added to a cluster, the management device assigns a member number and a private IP address (used for cluster management) to it.
Page 593 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster If the connection between the management device and a member device in Disconnect state is recovered, the member device will be added to the cluster again. After that, the state of the member device will turn to Active both locally and on the management device.
Page 594 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster Note: By default, the management VLAN interface is used as the network management interface. There is only one network management interface on a management device; any newly configured network management interface will overwrite the old one. VI.
Page 595: Cluster Configuration Tasks
Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster (or IP address) is found, the multicast packet will not be forwarded to the downstream any more. Note: If the queried IP address has a corresponding ARP entry, but the MAC address entry corresponding to the IP address does not exist, the trace of the device fails.
Page 596 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster Task Remarks Configuring cluster parameters Required Configuring inside-outside interaction for a cluster Optional Note: To reduce the risk of being attacked by malicious users against opened socket and enhance switch security, the S3100 series Ethernet switches provide the following functions, so that a cluster socket is opened only when it is needed: Opening UDP port 40000 (used for cluster) only when the cluster function is...
Page 597 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster Operation Command Description Enter system view system-view — Optional Configure the holdtime of ndp timer aging By default, the holdtime of NDP information aging-in-seconds NDP information is 180 seconds.
Page 598 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster Operation Command Description Optional Configure the interval to ntdp timer By default, the topology collect topology interval-in-minutes collection interval is one information periodically minute. Quit system view quit —...
Page 599 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster Operation Command Description Required Configure a multicast By default, the cluster MAC address for the cluster-mac H-H-H multicast MAC address is cluster 0180-C200-000A. Optional Set the interval for the cluster-mac syn-interval By default, the interval to management device to...
Page 600: Configuring Member Devices
Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster Operation Command Description Enter system view system-view — Enter cluster view cluster Required Optional Configure a shared FTP By default, the ftp-server ip-address server for the cluster management device acts as the shared FTP server.
Page 601 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster Note: To reduce the risk of being attacked by malicious users against opened socket and enhance switch security, the S3100 series Ethernet switches provide the following functions, so that a cluster socket is opened only when it is needed: Opening UDP port 40000 (used for cluster) only when the cluster function is implemented, Closing UDP port 40000 at the same time when the cluster function is closed.
Page 602: Managing A Cluster Through The Management Device
Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster III. Enabling NTDP globally and on a specific port Follow these steps to enable NTDP globally and a specific port: Operation Command Description Enter system view system-view — Enable NTDP globally ntdp enable Required...
Page 603: Configuring The Enhanced Cluster Features
Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster Operation Command Description Enter system view system-view — Enter cluster view cluster — Configuring MAC address administrator-address Optional of Management device mac-address name name add-member Add a candidate device to [ member-number ] Optional the cluster...
Page 604 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster Display the tree structure three layers above or below the specified node. Display the topology between two connected nodes. Note: The topology information is saved as a topology.top file in the Flash memory to the administrative device.
Page 605 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster Operation Command Description topology accept { all [ save-to Check the current { ftp-server | local-flash } ] | topology and save it as mac-address mac-address | Required the standard topology.
Page 606: Displaying And Maintaining Cluster Configuration
Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster Operation Command Description Enter system view system-view — Enter cluster view cluster — Optional Add the MAC address of a black-list add-mac specified device to the By default, the cluster mac-address cluster blacklist blacklist is empty.
Page 607: Cluster Configuration Example
Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster Operation Command Description You can execute reset ndp statistics the reset Clear the statistics on NDP ports [ interface port-list ] command in user view. Note: When you display the cluster topology information, the devices attached to the switch that is listed in the backlist will not be displayed.
Page 608 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster II. Network diagram SNMP host/logging host 69.172.55.4/24 FTP server/TFTP server 63.172.55.1/24 Network Vlan-int2 Eth1/0/1 163.172.55.1/24 Management Switch Eth1/0/2 Eth1/0/3 Cluster Eth1/0/1 Eth1/0/1 Member switch Member Switch MAC: 000f.e001.0012 MAC:000f.e001.0011 Figure 2-4 Network diagram for HGMP cluster configuration III.
Page 609 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster [Sysname-Ethernet1/0/2] ndp enable [Sysname-Ethernet1/0/2] quit [Sysname] interface Ethernet 1/0/3 [Sysname-Ethernet1/0/3] ndp enable [Sysname-Ethernet1/0/3] quit # Set the holdtime of NDP information to 200 seconds. [Sysname] ndp timer aging 200 # Set the interval to send NDP packets to 70 seconds.
Page 610 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster [aaa_0.Sysname-cluster] add-member 1 mac-address 000f-e20f-0011 [aaa_0.Sysname-cluster] add-member 17 mac-address 000f-e20f-0012 # Set the holdtime of member device information to 100 seconds. [aaa_0.Sysname-cluster] holdtime 100 # Set the interval to send handshake packets to 10 seconds. [aaa_0.Sysname-cluster] timer 10 # Configure the shared FTP server, TFTP server, Logging host and SNMP host for the cluster.
Page 611: Enhanced Cluster Feature Configuration Example
Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster Note: After completing the above configuration, you can execute the cluster switch-to { member-number | mac-address H-H-H } command on the management device to switch to member device view to maintain and manage a member device. After that, you can execute the cluster switch-to administrator command to return to management device view.
Page 612 Operation Manual – Stack-Cluster H3C S3100 Series Ethernet Switches Chapter 2 Cluster II. Network diagram Figure 2-5 Network diagram for the enhanced cluster feature configuration III. Configuration procedure # Enter cluster view. <aaa_0.Sysname> system-view [aaa_0.Sysname] cluster # Add the MAC address 0001-2034-a0e5 to the cluster blacklist. [aaa_0.Sysname-cluster] black-list add-mac 0001-2034-a0e5 # Backup the current topology.
Page 613 Operation Manual – PoE-PoE Profile H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 PoE Configuration ....................... 1-1 1.1 PoE Overview ........................1-1 1.1.1 Introduction to PoE....................1-1 1.1.2 PoE Features Supported by S3100 ................ 1-1 1.2 PoE Configuration......................
Page 614: Poe Overview
Operation Manual – PoE-PoE Profile H3C S3100 Series Ethernet Switches Chapter 1 PoE Configuration Chapter 1 PoE Configuration 1.1 PoE Overview 1.1.1 Introduction to PoE Power over Ethernet (PoE)-enabled devices use twisted pairs through electrical ports to supply power to the remote powered devices (PD) in the network and implement power supply and data transmission simultaneously.
Page 615 Operation Manual – PoE-PoE Profile H3C S3100 Series Ethernet Switches Chapter 1 PoE Configuration Table 1-1 Power supply parameters of PoE switches Number Maximum Total power Input Maximum Maximum electrical provided Switch power ports by each supply distance output supplying electrical power power...
Page 616: Poe Configuration Tasks
Operation Manual – PoE-PoE Profile H3C S3100 Series Ethernet Switches Chapter 1 PoE Configuration Note: When you use the PoE-enabled S3100 switch to supply power, the PDs need no external power supply. If a remote PD has an external power supply, the PoE-enabled S3100 switch and the external power supply will backup each other for the PD.
Page 617: Setting The Maximum Output Power On A Port
Operation Manual – PoE-PoE Profile H3C S3100 Series Ethernet Switches Chapter 1 PoE Configuration Caution: By default, the PoE function on a port is enabled by the default configuration file config.def when the device is delivered. If you delete the default configuration file without specifying another one, the PoE function on a port will be disabled after you restart the device.
Page 618: Setting The Poe Mode On A Port
Operation Manual – PoE-PoE Profile H3C S3100 Series Ethernet Switches Chapter 1 PoE Configuration manual: When the switch is close to its full load in supplying power, it will not make change to its original power supply status based on its priority when a new PD is added.
Page 619: Configuring The Pd Compatibility Detection Function
Operation Manual – PoE-PoE Profile H3C S3100 Series Ethernet Switches Chapter 1 PoE Configuration 1.2.6 Configuring the PD Compatibility Detection Function After the PD compatibility detection function is enabled, the switch can detect the PDs that do not conform to the 802.3af standard and supply power to them. After the PoE feature is enabled, perform the following configuration to enable the PD compatibility detection function.
Page 620: Upgrading The Pse Processing Software Online
Operation Manual – PoE-PoE Profile H3C S3100 Series Ethernet Switches Chapter 1 PoE Configuration 1.2.8 Upgrading the PSE Processing Software Online The online upgrading of PSE processing software can update the processing software or repair the software if it is damaged. Before performing the following configuration, download the PSE processing software to the Flash of the switch.
Page 621: Poe Configuration Example
Operation Manual – PoE-PoE Profile H3C S3100 Series Ethernet Switches Chapter 1 PoE Configuration Table 1-10 Display PoE configuration Operation Command Description Display the PoE status of a display poe interface specific port or all ports of the [ interface-type switch interface-number ] Display the PoE power...
Page 622 Operation Manual – PoE-PoE Profile H3C S3100 Series Ethernet Switches Chapter 1 PoE Configuration II. Networking diagram Network Switch A Eth1/0/1 Eth1/0/8 Eth1/0/2 Switch B Figure 1-1 Network diagram for PoE III. Configuration procedure # Upgrade the PSE processing software online. <SwitchA>...
Page 623 Operation Manual – PoE-PoE Profile H3C S3100 Series Ethernet Switches Chapter 1 PoE Configuration # Enable the PD compatibility detect of the switch to allow the switch to supply power to part of the devices noncompliant with the 802.3af standard. [SwitchA] poe legacy enable 1-10...
Page 624: Chapter 2 Poe Profile Configuration
Operation Manual – PoE-PoE Profile H3C S3100 Series Ethernet Switches Chapter 2 PoE Profile Configuration Chapter 2 PoE Profile Configuration 2.1 Introduction to PoE Profile On a large-sized network or a network with mobile users, to help network administrators to monitor the PoE features of the switch, S3100 series Ethernet switches provide the PoE profile features.
Page 625: Displaying Poe Profile Configuration
Operation Manual – PoE-PoE Profile H3C S3100 Series Ethernet Switches Chapter 2 PoE Profile Configuration Operation Command Description apply poe-profile profile-name interface In system view interface-type interface-number Apply the [ to interface-type existing interface-number ] profile to Use either approach. Enter interface Ethernet...
Page 626: Poe Profile Configuration Example
Operation Manual – PoE-PoE Profile H3C S3100 Series Ethernet Switches Chapter 2 PoE Profile Configuration Table 2-2 Display the PoE profile configuration Operation Command Description Display the detailed display poe-profile { all-profile | information about the PoE interface interface-type Available in any profiles created on the interface-number | name view...
Page 627 Operation Manual – PoE-PoE Profile H3C S3100 Series Ethernet Switches Chapter 2 PoE Profile Configuration II. Network diagram Network Switch A Eth1/0/1~Eth1/0/5 Eth1/0/6~Eth1/0/10 IP Phone IP Phone IP Phone IP Phone Figure 2-1 PoE profile application III. Configuration procedure # Create Profile1, and enter PoE profile view. <SwitchA>...
Page 628 Operation Manual – PoE-PoE Profile H3C S3100 Series Ethernet Switches Chapter 2 PoE Profile Configuration [SwitchA] poe-profile Profile2 # In Profile2, add the PoE policy configuration applicable to Ethernet 1/0/6 through Ethernet 1/0/10 ports for users of group A. [SwitchA-poe-profile-Profile2] poe enable [SwitchA-poe-profile-Profile2] poe mode signal [SwitchA-poe-profile-Profile2] poe priority high [SwitchA-poe-profile-Profile2] poe max-power 15400...
Page 629 Operation Manual – SNMP-RMON H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 SNMP Configuration....................1-1 1.1 SNMP Overview......................... 1-1 1.1.1 SNMP Operation Mechanism.................. 1-1 1.1.2 SNMP Versions ....................... 1-1 1.1.3 Supported MIBs....................... 1-2 1.2 Configuring Basic SNMP Functions................... 1-3 1.3 Configuring Trap Parameters ....................
Page 630: Snmp Overview
Operation Manual – SNMP-RMON H3C S3100 Series Ethernet Switches Chapter 1 SNMP Configuration Chapter 1 SNMP Configuration 1.1 SNMP Overview The simple network management protocol (SNMP) is used for ensuring the transmission of the management information between any two network nodes. In this way, network administrators can easily retrieve and modify the information about any node on the network.
Page 631: Supported Mibs
Operation Manual – SNMP-RMON H3C S3100 Series Ethernet Switches Chapter 1 SNMP Configuration Specifying MIB view that a community can access. Set the permission for a community to access an MIB object to be read-only or read-write. Communities with read-only permissions can only query the switch information, while those with read-write permission can configure the switch as well.
Page 632: Configuring Basic Snmp Functions
Operation Manual – SNMP-RMON H3C S3100 Series Ethernet Switches Chapter 1 SNMP Configuration Table 1-1 Common MIBs MIB attribute MIB content Related RFC MIB II based on TCP/IP network device RFC 1213 RFC 1493 BRIDGE MIB RFC 2675 Public MIB RIP MIB RFC 1724 RMON MIB...
Page 633 Operation Manual – SNMP-RMON H3C S3100 Series Ethernet Switches Chapter 1 SNMP Configuration Operation Command Description Required By default, the contact information for system snmp-agent sys-info maintenance is "R&D Set system information, and { contact sys-contact | Hangzhou, H3C specify to enable SNMPv1 or location sys-location | Technology Co., Ltd.", SNMPv2c on the switch...
Page 634 Operation Manual – SNMP-RMON H3C S3100 Series Ethernet Switches Chapter 1 SNMP Configuration Operation Command Description Optional Disabled by default. You can enable SNMP agent Enable SNMP agent snmp-agent by executing this command or any of the commands used to configure SNMP agent.
Page 635: Configuring Trap Parameters
Operation Manual – SNMP-RMON H3C S3100 Series Ethernet Switches Chapter 1 SNMP Configuration Operation Command Description snmp-agent mib-view Optional Create or update the { included | excluded } By default, the view name is view information view-name oid-tree [ mask “ViewDefault”...
Page 636: Configuring Extended Trap
Operation Manual – SNMP-RMON H3C S3100 Series Ethernet Switches Chapter 1 SNMP Configuration Operation Command Description Quit to quit system view snmp-agent target-host trap address udp-domain { ip-address } Set the destination for [ udp-port port-number ] params Required Trap messages securityname security-string [ v1 | v2c | v3 {authentication | privacy } ] Set the source address...
Page 637: Enabling Logging For Network Management
Operation Manual – SNMP-RMON H3C S3100 Series Ethernet Switches Chapter 1 SNMP Configuration 1.4 Enabling Logging for Network Management Table 1-6 Enable logging for network management Operation Command Description Enter system view — system-view snmp-agent log Optional Enable logging for { set-operation | network management Disabled by default.
Page 638: Snmp Configuration Examples
Operation Manual – SNMP-RMON H3C S3100 Series Ethernet Switches Chapter 1 SNMP Configuration Table 1-7 Display SNMP Operation Command Description Display the SNMP information display snmp-agent sys-info about the current device [ contact | location | version ]* Display SNMP packet statistics display snmp-agent statistics display snmp-agent Display the engine ID of the...
Page 639 Operation Manual – SNMP-RMON H3C S3100 Series Ethernet Switches Chapter 1 SNMP Configuration II. Network diagram Figure 1-2 Network diagram for SNMP configuration III. Network procedure # Enable SNMP agent, and set the SNMPv1 and SNMPv2c community names. <Sysname> system-view [Sysname] snmp-agent [Sysname] snmp-agent sys-info version all [Sysname] snmp-agent community read public...
Page 640 Operation Manual – SNMP-RMON H3C S3100 Series Ethernet Switches Chapter 1 SNMP Configuration [Sysname] snmp-agent trap enable standard authentication [Sysname] snmp-agent trap enable standard coldstart [Sysname] snmp-agent trap enable standard linkup [Sysname] snmp-agent trap enable standard linkdown [Sysname] snmp-agent target-host trap address udp-domain 10.10.10.1 udp-port 5000 params securityname public IV.
Page 641: Chapter 2 Rmon Configuration
Operation Manual – SNMP-RMON H3C S3100 Series Ethernet Switches Chapter 2 RMON Configuration Chapter 2 RMON Configuration 2.1 Introduction to RMON Remote monitoring (RMON) is a kind of management information base (MIB) defined by Internet Engineering Task Force (IETF). It is an important enhancement made to MIB II standards.
Page 642: Commonly Used Rmon Groups
Operation Manual – SNMP-RMON H3C S3100 Series Ethernet Switches Chapter 2 RMON Configuration RMON probe function. Through the RMON-capable SNMP agents running on the Ethernet switch, an NMS can obtain the information about the total traffic, error statistics and performance statistics of the network segments to which the ports of the managed network devices are connected.
Page 643: Rmon Configuration
Operation Manual – SNMP-RMON H3C S3100 Series Ethernet Switches Chapter 2 RMON Configuration IV. History group After a history group is configured, the Ethernet switch collects network statistics information periodically and stores the statistics information temporarily for later use. A history group can provide the history data of the statistics on network segment traffic, error packets, broadcast packets, and bandwidth utilization.
Page 644: Displaying Rmon
Operation Manual – SNMP-RMON H3C S3100 Series Ethernet Switches Chapter 2 RMON Configuration Operation Command Description Optional rmon prialarm entry-number prialarm-formula prialarm-des Before adding an sampling-timer { delta | absolute | extended alarm entry, Add an changeratio } rising_threshold you need to use the extended threshold-value1 event-entry1 rmon event command to...
Page 645: Rmon Configuration Examples
Operation Manual – SNMP-RMON H3C S3100 Series Ethernet Switches Chapter 2 RMON Configuration Table 2-2 Display RMON Operation Command Description display rmon statistics Display RMON statistics [ interface-type interface-number | unit unit-number ] Display RMON history display rmon history [ interface-type information interface-number | unit unit-number ] Available in...
Page 646 Operation Manual – SNMP-RMON H3C S3100 Series Ethernet Switches Chapter 2 RMON Configuration [Sysname] rmon event 1 log [Sysname] rmon event 2 trap 10.21.30.55 # Add an entry numbered 2 to the extended alarm table to allow the system to calculate the alarm variables with the (.1.3.6.1.2.1.16.1.1.1.9.1+.1.3.6.1.2.1.16.1.1.1.10.1) formula to get the numbers of all the oversize and undersize packets received by Ethernet 1/0/1 that are in correct data format and sample it in every 10 seconds.
Page 647 Operation Manual – NTP H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 NTP Configuration ....................... 1-1 1.1 Introduction to NTP......................1-1 1.1.1 Applications of NTP....................1-1 1.1.2 Implementation Principle of NTP................1-2 1.1.3 NTP Implementation Modes..................1-4 1.2 NTP Configuration Tasks....................
Page 648: Chapter 1 Ntp Configuration
Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration Chapter 1 NTP Configuration 1.1 Introduction to NTP Network time protocol (NTP) is a time synchronization protocol defined in RFC 1305. It is used for time synchronization between a set of distributed time servers and clients. Carried over UDP, NTP transmits packets through UDP port 123.
Page 649: Implementation Principle Of Ntp
Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration Note: The clock stratum determines the accuracy, which ranges from 1 to 16. The stratum of a reference clock ranges from 1 to 15. The clock accuracy decreases as the stratum number increases.
Page 650 Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration NTP message 10:00:00 am IP network Device A Device B NTP message 10:00:00 am 11:00:01 am IP network Device B Device A NTP message 10:00:00 am 11:00:01 am 11:00:02 am IP network Device B...
Page 651: Ntp Implementation Modes
Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration 1.1.3 NTP Implementation Modes According to the network structure and the position of the local Ethernet switch in the network, the local Ethernet switch can work in multiple NTP modes to synchronize the clock.
Page 652 Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration III. Broadcast mode Figure 1-4 Broadcast mode IV. Multicast mode Figure 1-5 Multicast mode Table 1-1 describes how the above mentioned NTP modes are implemented on H3C S3100 series Ethernet switches.
Page 653: Ntp Configuration Tasks
Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration NTP implementation Configuration on S3100 series switches mode Configure the local S3100 Ethernet switch to work in NTP broadcast server mode. In this mode, the local switch broadcasts NTP messages through the VLAN interface configured on the switch.
Page 654: Configuring Ntp Implementation Modes
Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration 1.3 Configuring NTP Implementation Modes An S3100 Ethernet switch can work in one of the following NTP modes: Configuring NTP Server/Client Mode Configuring the NTP Symmetric Peer Mode Configuring NTP Broadcast Mode Configuring NTP Multicast Mode Note:...
Page 655: Configuring The Ntp Symmetric Peer Mode
Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration Note: The remote server specified by remote-ip or server-name serves as the NTP server, and the local switch serves as the NTP client. The clock of the NTP client will be synchronized by but will not synchronize that of the NTP server.
Page 656: Configuring Ntp Broadcast Mode
Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration Note: In the symmetric peer mode, you need to execute the related NTP configuration commands (refer to section for details) to enable NTP on a symmetric-passive peer; otherwise, the symmetric-passive peer will not process NTP messages from the symmetric-active peer.
Page 657: Configuring Ntp Multicast Mode
Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration I. Configuring a switch to work in the NTP broadcast server mode Table 1-5 Configure a switch to work in the NTP broadcast server mode Operation Command Description Enter system view system-view...
Page 658: Configuring Access Control Right
Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration Note: A multicast server can synchronize multicast clients only after its clock has been synchronized. An S3100 series switch working in the multicast server mode supports up to 1,024 multicast clients.
Page 659: Configuration Prerequisites
Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration synchronization: Synchronization right. This level of right permits the peer device to synchronize its clock to the local switch but does not permit the peer device to perform control query.
Page 660: Configuration Prerequisites
Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration authentication. This improves network security. Table 1-10 shows the roles of devices in the NTP authentication function. Table 1-10 Description on the roles of devices in NTP authentication function Role of device Working mode Client in the server/client mode...
Page 661: Configuration Procedure
Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration 1.5.2 Configuration Procedure I. Configuring NTP authentication on the client Table 1-11 Configure NTP authentication on the client Operation Command Description Enter system view system-view — Required Enable the NTP ntp-service authentication function...
Page 662: Configuring Optional Ntp Parameters
Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration Operation Command Description ntp-service Required authentication-keyid Configure an NTP By default, no NTP key-id authentication key authentication key is authentication-mode configured. md5 value Required ntp-service reliable Configure the specified By default, no trusted authentication-keyid key as a trusted key...
Page 663: Configuring An Interface On The Local Switch To Send Ntp Messages
Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration 1.6.1 Configuring an Interface on the Local Switch to Send NTP messages Table 1-14 Configure an interface on the local switch to send NTP messages Operation Command Description Enter system view system-view...
Page 664: Disabling An Interface From Receiving Ntp Messages
Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration 1.6.3 Disabling an Interface from Receiving NTP messages Table 1-16 Disable an interface from receiving NTP messages Operation Command Description Enter system view system-view — interface Enter VLAN interface view —...
Page 665 Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration II. Network diagram Figure 1-6 Network diagram for the NTP server/client mode configuration III. Configuration procedure Perform the following configurations on Device B. # View the NTP status of Device B before synchronization. <DeviceB>...
Page 666: Configuring Ntp Symmetric Peer Mode
Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration The above output information indicates that Device B is synchronized to Device A, and the stratum level of its clock is 3, one level lower than that of Device A. # View the information about NTP sessions of Device B.
Page 667: Configuring Ntp Broadcast Mode
Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration # Enter system view. <DeviceB> system-view # Set Device C as the peer of Device B. [DeviceB] ntp-service unicast-peer 3.0.1.33 Device C and Device B are symmetric peers after the above configuration. Device B works in symmetric active mode, while Device C works in symmetric passive mode.
Page 668 Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration Device A and Device D are two S3100 Ethernet switches. Configure Device A and Device D to work in the NTP broadcast client mode and listen to broadcast messages through their own Vlan-interface2.
Page 669: Configuring Ntp Multicast Mode
Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration View the NTP status of Device D after the clock synchronization. [DeviceD] display ntp-service status Clock status: synchronized Clock stratum: 3 Reference clock ID: 3.0.1.31 Nominal frequency: 100.0000 Hz Actual frequency: 100.0000 Hz Clock precision: 2^18 Clock offset: 198.7425 ms...
Page 670 Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration II. Network diagram Vlan-int2 3.0.1.31/24 Device C Vlan-int2 1.0.1.31/24 Device A Device B Vlan-int2 3.0.1.32/24 Device D Figure 1-9 Network diagram for NTP multicast mode configuration III. Configuration procedure Configure Device C.
Page 671: Configuring Ntp Server/Client Mode With Authentication
Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration Clock status: synchronized Clock stratum: 3 Reference clock ID: 3.0.1.31 Nominal frequency: 100.0000 Hz Actual frequency: 100.0000 Hz Clock precision: 2^18 Clock offset: 198.7425 ms Root delay: 27.47 ms Root dispersion: 208.39 ms Peer dispersion: 9.63 ms Reference time: 17:03:32.022 UTC Apr 2 2007 (BF422AE4.05AEA86C)
Page 672 Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration III. Configuration procedure Configure Device B. # Enter system view. <DeviceB> system-view # Enable the NTP authentication function. [DeviceB] ntp-service authentication enable # Configure an MD5 authentication key, with the key ID being 42 and the key being aNiceKey.
Page 673 Operation Manual – NTP H3C S3100 Series Ethernet Switches Chapter 1 NTP Configuration Clock offset: 0.66 ms Root delay: 27.47 ms Root dispersion: 208.39 ms Peer dispersion: 9.63 ms Reference time: 17:03:32.022 UTC Apr 2 2007 (BF422AE4.05AEA86C) The output information indicates that the clock of Device B is synchronized to that of Device A, with a clock stratum level of 3, one stratum level lower than that Device A.
Page 674 Operation Manual – SSH H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 SSH Configuration....................... 1-1 1.1 SSH Overview........................1-1 1.1.1 Introduction to SSH ....................1-1 1.1.2 Algorithm and Key....................1-1 1.1.3 Asymmetric Key Algorithm ..................1-2 1.1.4 SSH Operating Process ..................
Page 675: Chapter 1 Ssh Configuration
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Chapter 1 SSH Configuration When configuring SSH, go to these sections for information you are interested: SSH Overview SSH Server and Client Configuration Task List Displaying and Maintaining SSH Configuration Comparison of SSH Commands with the Same Functions SSH Configuration Examples 1.1 SSH Overview...
Page 676: Asymmetric Key Algorithm
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration characters called a key, which controls the transformation between plain text and cipher text, for example, changing the plain text into cipher text or cipher text into plain text. Figure 1-1 Encryption and decryption Key-based algorithm is usually classified into symmetric key algorithm and asymmetric key algorithm.
Page 677 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Table 1-1 Stages in establishing a session between the SSH client and server Stages Description SSH1 and SSH2 are supported. The two parties Version negotiation negotiate a version to use. SSH supports multiple algorithms.
Page 678 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration algorithm list, message authentication code (MAC) algorithm list, and compressed algorithm list. The server and the client calculate the final algorithm according to the algorithm lists supported. The server and the client generate the session key and session ID based on the Diffie-Hellman (DH) exchange algorithm and the host key pair.
Page 679: Ssh Server And Client Configuration Task List
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration and goes on to the interactive session stage with the client. Otherwise, the server sends back to the client an SSH_SMSG_FAILURE packet, indicating that the processing fails or it cannot resolve the request. The client sends a session request to the server, which processes the request and establishes a session.
Page 680 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Table 1-2 Complete the following tasks to configure the SSH server: Task Remarks Configuring the User Interfaces Required for SSH Clients Preparation Configuring the SSH Optional Management Functions Optional This task determines which Configuring the SSH Server to...
Page 681: Configuring The User Interfaces For Ssh Clients
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration 1.3.1 Configuring the User Interfaces for SSH Clients An SSH client accesses the device through a VTY user interface. Therefore, you need to configure the user interfaces for SSH clients to allow SSH login. Note that the configuration takes effect at the next login.
Page 682: Configuring The Ssh Server To Be Compatible With Ssh1 Clients
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Table 1-4 Follow these steps to configure SSH management functions: To do... Use the command... Remarks Enter system view system-view — Optional Set the SSH ssh server timeout By default, the SSH authentication timeout seconds...
Page 683: Generating/Destroying Key Pairs
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Caution: Currently, only the S3100-EI series support the ssh server compatible-ssh1x enable command. 1.3.4 Generating/Destroying Key Pairs This configuration task lets you generate or destroy a key pair. You must generate an RSA and DSA key pair on the server for an SSH client to log in successfully.
Page 684: Creating An Ssh User And Specifying An Authentication Type
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Note: The SSH server’s key pairs are for generating session keys and for SSH clients to authenticate the server. As different clients may support different public key algorithms, the server may use different key pair for negotiation with different clients.
Page 685: Specifying A Service Type For An Ssh User
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Caution: For password authentication type, the username argument must be consistent with the valid user name defined in AAA; for publickey authentication, the username argument is the SSH local user name, so that there is no need to configure a local user in AAA.
Page 686: Configuring The Public Key Of A Client On The Server
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Caution: If the ssh user service-type command is executed with a username that does not exist, the system will automatically create the SSH user. However, the user cannot log in unless you specify an authentication type for it.
Page 687: Assigning A Public Key To An Ssh User
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration To do... Use the command... Remarks Return to public key view — public-key-code end from public key edit view Exit public key view and peer-public-key end — return to system view Table 1-9 Follow these steps to import the RSA public key from a public key file: To do...
Page 688: Configuring The Ssh Client
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Table 1-11 Follow these steps to export the RSA public key: To do... Use the command... Remarks Enter system view system-view — Display the RSA key on the public-key local export screen in a specified format or rsa { openssh | ssh1 |...
Page 689: Configuring An Ssh Client That Runs Ssh Client Software
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration SSH client configuration task Scenario For a client running For a client assumed by an SSH client software SSH2-capable switch Whether Configuring an SSH Client first-authentication — Assumed by an SSH2-Capable is supported Switch...
Page 690 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration The following takes the client software of PuTTY Version 0.58 as an example to illustrate how to configure the SSH client: I. Generating a client key To generate a client key, run PuTTYGen.exe, and select from the Parameters area the type of key you want to generate, either SSH-2 RSA or SSH-2 DSA, then click Generate.
Page 691 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-3 Generate the client keys (2) After the key pair is generated, click Save public key and enter the name of the file for saving the public key (public in this case) to save the public key. 1-17...
Page 692 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-4 Generate the client keys (3) Likewise, to save the private key, click Save private key. A warning window pops up to prompt you whether to save the private key without any precaution. Click Yes and enter the name of the file for saving the private key (“private”...
Page 693 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-6 Generate the client keys (5) II. Specifying the IP address of the Server Launch PuTTY.exe. The following window appears. 1-19...
Page 694 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-7 SSH client configuration interface 1 In the Host Name (or IP address) text box, enter the IP address of the server. Note that there must be a route available between the IP address of the server and the client. III.
Page 695 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-8 SSH client configuration interface 2 Under Protocol options, select 2 from Preferred SSH protocol version. Note: Some SSH client software, for example, Tectia client software, supports the DES algorithm only when the ssh1 version is selected.
Page 696: Configuring An Ssh Client Assumed By An Ssh2-Capable Switch
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration From the category on the left of the window, select Connection/SSH/Auth. The following window appears. Figure 1-9 SSH client configuration interface 3 Click Browse… to bring up the file selection window, navigate to the private key file and click Open.
Page 697 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration I. Configuring the SSH client for publickey authentication When the authentication mode is publickey, you need to configure the RSA or DSA public key of the client on the server: To generate a key pair on the client, refer to Generating/Destroying Key Pairs.
Page 698 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration To do... Use the command... Remarks Required The method of configuring Refer to Configuring the Configure server public server public key on the Public Key of a Client on client is similar to that of the Server configuring client public...
Page 699: Displaying And Maintaining Ssh Configuration
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration 1.5 Displaying and Maintaining SSH Configuration To do... Use the command... Remarks Display the public key part of the display public-key local { dsa current switch’s key pairs | rsa } public Display information about locally display public-key peer...
Page 700: Ssh Configuration Examples
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Operation Original commands Current commands Specify on the client ssh client { server-ip | ssh client { server-ip | the host public key of server-name } assign server-name } assign the server to be rsa-key keyname...
Page 701 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration III. Configuration procedure Configure the SSH server # Create a VLAN interface on the switch and assign an IP address, which the SSH client will use as the destination for SSH connection. <Switch>...
Page 702 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-11 SSH client configuration interface In the Host Name (or IP address) text box, enter the IP address of the SSH server. From the category on the left pane of the window, select SSH under Connection. The window as shown in Figure 1-12 appears.
Page 703: When Switch Acts As Server For Password And Radius Authentication
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-12 SSH client configuration interface 2 Under Protocol options, select 2 from Preferred SSH protocol version. As shown in Figure 1-12, click Open. If the connection is normal, you will be prompted to enter the user name client001 and password abc.
Page 704 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration II. Network diagram Figure 1-13 Switch acts as server for password and RADIUS authentication III. Configuration procedure Configure the RADIUS server Note: This document takes CAMS Version 2.10 as an example to show the basic RADIUS server configurations required.
Page 705 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-14 Add an access device # Add a user for device management. From the navigation tree, select User Management > User for Device Management, and then in the right pane, click Add to enter the Add Account window and perform the following configurations: Add a user named hello, and specify the password.
Page 706 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit Caution: Generating the RSA and DSA key pairs on the server is prerequisite to SSH login. # Generate RSA and DSA key pairs.
Page 707 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Run PuTTY.exe to enter the following configuration interface. Figure 1-16 SSH client configuration interface (1) In the Host Name (or IP address) text box, enter the IP address of the SSH server. From the category on the left pane of the window, select Connection >...
Page 708: When Switch Acts As Server For Password And Hwtacacs Authentication
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-17 SSH client configuration interface (2) Under Protocol options, select 2 from Preferred SSH protocol version. Then, click Open. If the connection is normal, you will be prompted to enter the user name hello and the password.
Page 709 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration II. Network diagram HWTACACS server 10.1.1.1/24 Vlan-int2 192.168.1.70/24 Internet SSH user Switch Figure 1-18 Switch acts as server for password and HWTACACS authentication III. Configuration procedure Configure the SSH server # Create a VLAN interface on the switch and assign it an IP address.
Page 710 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration [Switch-hwtacacs-hwtac] primary authorization 10.1.1.1 49 [Switch-hwtacacs-hwtac] key authentication expert [Switch-hwtacacs-hwtac] key authorization expert [Switch-hwtacacs-hwtac] user-name-format without-domain [Switch-hwtacacs-hwtac] quit # Apply the scheme to the ISP domain. [Switch] domain bbb [Switch-isp-bbb] scheme hwtacacs-scheme hwtac [Switch-isp-bbb] quit # Configure an SSH user, specifying the switch to perform password authentication for...
Page 711: When Switch Acts As Server For Publickey Authentication
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-20 SSH client configuration interface (2) Under Protocol options, select 2 from Preferred SSH protocol version. Then, click Open. If the connection is normal, you will be prompted to enter the user name client001 and the password.
Page 712 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration III. Configuration procedure Note: Under the publickey authentication mode, either the RSA or DSA public key can be generated for the server to authenticate the client. Here takes the RSA public key as an example.
Page 713 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Note: Before performing the following steps, you must generate an RSA public key pair (using the client software) on the client, save the key pair in a file named public, and then upload the file to the SSH server through FTP or TFTP.
Page 714 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Note: While generating the key pair, you must move the mouse continuously and keep the mouse off the green process bar shown in Figure 1-23. Otherwise, the process bar stops moving and the key pair generating process is stopped.
Page 715 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-24 Generate a client key pair (3) Likewise, to save the private key, click Save private key. A warning window pops up to prompt you whether to save the private key without any protection. Click Yes and enter the name of the file for saving the private key (private.ppk in this case).
Page 716 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration # Establish a connection with the SSH server Launch PuTTY.exe to enter the following interface. Figure 1-26 SSH client configuration interface 1 In the Host Name (or IP address) text box, enter the IP address of the server. From the category on the left pane of the window, select SSH under Connection.
Page 717 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-27 SSH client configuration interface 2 Under Protocol options, select 2 from Preferred SSH protocol version. Select Connection/SSH/Auth. The following window appears. 1-43...
Page 718: When Switch Acts As Client For Password Authentication
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-28 SSH client configuration interface (2) Click Browse… to bring up the file selection window, navigate to the private key file and click OK. From the window shown in Figure 1-28, click Open.
Page 719 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration III. Configuration procedure Configure Switch B # Create a VLAN interface on the switch and assign an IP address, which the SSH client will use as the destination for SSH connection. <SwitchB>...
Page 720: When Switch Acts As Client For Publickey Authentication
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration # Establish a connection to the server 10.165.87.136. [SwitchA] ssh2 10.165.87.136 Username: client001 Trying 10.165.87.136 ... Press CTRL+K to abort Connected to 10.165.87.136 ... The Server is not authenticated. Do you continue to access it?(Y/N):y Do you want to save the server's public key?(Y/N):n Enter password: **************************************************************************...
Page 721 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Configure Switch B # Create a VLAN interface on the switch and assign an IP address, which the SSH client will use as the destination for SSH connection. <SwitchB>...
Page 722 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Configure Switch A # Create a VLAN interface on the switch and assign an IP address, which serves as the SSH client’s address in an SSH connection. <SwitchA>...
Page 723: When Switch Acts As Client And First-Time Authentication Is Not Supported
Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration 1.7.7 When Switch Acts as Client and First-Time Authentication is not Supported I. Network requirements As shown in Figure 1-31, establish an SSH connection between Switch A (SSH Client) and Switch B (SSH Server) for secure data exchange.
Page 724 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration [SwitchB-ui-vty0-4] user privilege level 3 [SwitchB-ui-vty0-4] quit # Specify the authentication type for user client001 as publickey. [SwitchB] ssh user client001 authentication-type publickey Note: Before doing the following steps, you must first generate a DSA key pair on the client and save the key pair in a file named Switch001, and then upload the file to the SSH server through FTP or TFTP.
Page 725 Operation Manual – SSH H3C S3100 Series Ethernet Switches Chapter 1 SSH Configuration Note: After generating the key pair, you need to upload the key pair file to the server through FTP or TFTP and complete the server end configuration before you continue to configure the client.
Page 726 Operation Manual – File System Management H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 File System Management Configuration ..............1-1 1.1 File System Configuration....................1-1 1.1.1 Introduction to File System..................1-1 1.1.2 File System Configuration Tasks ................1-1 1.1.3 Directory Operations ....................
Page 727: Chapter 1 File System Management Configuration
Operation Manual – File System Management H3C S3100 Series Ethernet Switches Chapter 1 File System Management Configuration Chapter 1 File System Management Configuration 1.1 File System Configuration 1.1.1 Introduction to File System To facilitate management on the switch memory, S3100 series Ethernet switches provide the file system function, allowing you to access and manage the files and directories.
Page 728: File Operations
Operation Manual – File System Management H3C S3100 Series Ethernet Switches Chapter 1 File System Management Configuration Table 1-2 describes the directory-related operations. Perform the following configuration in user view. Table 1-2 Directory operations To do… Use the command… Remarks Create a directory mkdir directory Optional...
Page 729: Flash Memory Operations
Operation Manual – File System Management H3C S3100 Series Ethernet Switches Chapter 1 File System Management Configuration To do… Use the command… Remarks copy fileurl-source Copy a file Optional fileurl-dest move fileurl-source Move a file Optional fileurl-dest Optional Display the content of a Currently, the file system more file-url file...
Page 730: Prompt Mode Configuration
Operation Manual – File System Management H3C S3100 Series Ethernet Switches Chapter 1 File System Management Configuration Caution: The format operation leads to the loss of all files, including the configuration files, on the Flash memory and is irretrievable. 1.1.6 Prompt Mode Configuration You can set the prompt mode of the current file system to alert or quiet.
Page 731: File Attribute Configuration
Operation Manual – File System Management H3C S3100 Series Ethernet Switches Chapter 1 File System Management Configuration <Sysname> copy flash:/config.cfg flash:/test/1.cfg Copy unit1>flash:/config.cfg to unit1>flash:/test/1.cfg?[Y/N]:y %Copy file unit1>flash:/config.cfg to unit1>flash:/test/1.cfg...Done. # Display the file information after the copy operation. <Sysname> dir /all Directory of unit1>flash:/ 1 (*) -rw-...
Page 732: Booting With The Startup File
Operation Manual – File System Management H3C S3100 Series Ethernet Switches Chapter 1 File System Management Configuration The app files, configuration files, and Web files support three kinds of attributes: main, backup and none, as described in Table 1-6. Table 1-6 Descriptions on file attributes Attribute name Description Feature...
Page 733: Configuring File Attributes
Operation Manual – File System Management H3C S3100 Series Ethernet Switches Chapter 1 File System Management Configuration For the Web file and configuration file, Hangzhou H3C Technologies Co., Ltd (referred to as H3C hereinafter) may provide corresponding default file when releasing software versions.
Page 734 Operation Manual – File System Management H3C S3100 Series Ethernet Switches Chapter 1 File System Management Configuration To do… Use the command… Remarks Display the information display boot-loader about the app file used as [ unit unit-id ] the startup file Optional Available in any view Display information about...
Page 735 Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 FTP and SFTP Configuration..................1-1 1.1 Introduction to FTP and SFTP ................... 1-1 1.1.1 Introduction to FTP....................1-1 1.1.2 Introduction to SFTP ....................1-1 1.2 FTP Configuration......................
Page 736: Chapter 1 Ftp And Sftp Configuration
Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration Chapter 1 FTP and SFTP Configuration 1.1 Introduction to FTP and SFTP 1.1.1 Introduction to FTP FTP (file transfer protocol) is commonly used in IP-based networks to transmit files. Before World Wide Web comes into being, files are transferred through command lines, and the most popular application is FTP.
Page 737: Ftp Configuration
Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration data transmission. In addition, since the switch can be used as a client, you can log in to remote devices to transfer files securely. 1.2 FTP Configuration Table 1-2 FTP configuration tasks Item Configuration task...
Page 738 Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration II. Enabling an FTP server Table 1-4 Enable an FTP server Operation Command Description Enter system view system-view — Required Enable the FTP server ftp server enable function Disabled by default.
Page 739 Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration IV. Disconnecting a specified user On the FTP server, you can disconnect a specified user from the FTP server to secure the network. Table 1-6 Disconnect a specified user Operation Command Description...
Page 740 Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration Figure 1-2 Process of displaying a shell banner Table 1-7 Configure the banner display for an FTP server Operation Command Description Enter system view system-view —...
Page 741: Ftp Configuration: A Switch Operating As An Ftp Client
Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration 1.2.2 FTP Configuration: A Switch Operating as an FTP Client I. Basic configurations on an FTP client By default a switch can operate as an FTP client In this case you can connect the switch to the FTP server to perform FTP-related operations (such as creating/removing a directory) by executing commands on the switch.
Page 742: Configuration Example: A Switch Operating As An Ftp Server
Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration Operation Command Description Optional If no file name is specified, dir [ remotefile ] [ localfile ] all the files in the current directory are displayed. The difference between these two commands is Query a specified file on...
Page 743 Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration download the configuration file config.cfg from the switch, thus to back up the configuration file. Create a user account on the FTP server with the user name “switch” and password “hello”.
Page 744 Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration C:\> ftp 1.1.1.1 Connected to 1.1.1.1. 220 FTP service ready. User (1.1.1.1:(none)): switch 331 Password required for switch. Password: 230 User logged in. ftp> # Upload the switch.bin file. ftp>...
Page 745: Ftp Banner Display Configuration Example
Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration <Sysname> boot boot-loader switch.bin <Sysname> reboot Note: For information about the boot boot-loader command and how to specify the startup file for a switch, refer to the System Maintenance and Debugging part of this manual. 1.2.4 FTP Banner Display Configuration Example I.
Page 746: Ftp Configuration: A Switch Operating As An Ftp Client
Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration Configure the PC (FTP client) # Access the Ethernet switch through FTP. Enter the user name “switch“ and the password “hello” to log in to the switch, and then enter FTP view. Login banner appears after FTP connection is established.
Page 747 Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration III. Configuration procedure Configure the PC (FTP server) Perform FTP server–related configurations on the PC, that is, create a user account on the FTP server with user name “switch” and password “hello”. (For detailed configuration, refer to the configuration instruction relevant to the FTP server software.) Configure the switch (FTP client) # Log in to the switch.
Page 748: Sftp Configuration
Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration [ftp] get switch.bin # Execute the quit command to terminate the FTP connection and return to user view. [ftp] quit <Sysname> # After downloading the file, use the boot boot-loader command to specify the downloaded file (switch.bin) to be the application for next startup, and then restart the switch.
Page 749 Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration Table 1-11 Enable an SFTP server Operation Command Description Enter system view system-view — Required Enable an SFTP server sftp server enable Disabled by default II.
Page 750: Sftp Configuration: A Switch Operating As An Sftp Client
Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration Note: Currently an H3C S3100 series Ethernet switch operating as an SFTP server supports the connection of only one SFTP user. When multiple users attempt to log in to the SFTP server or multiple connections are enabled on a client, only the first user can log in to the SFTP user.
Page 751 Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration Operation Command Description Change the working directory on the remote cd pathname SFTP server Change the working directory to be the parent cdup directory Optional Display the working directory on the SFTP server...
Page 752: Sftp Configuration Example
Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration Note: If you specify to authenticate a client through public key on the server, the client needs to read the local private key when logging in to the SFTP server. Since both RSA and DSA are available for public key authentication, you need to use the identity-key key word to specify the algorithms to get correct local private key;...
Page 753 Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration [Sysname-ui-vty0-4] protocol inbound ssh [Sysname-ui-vty0-4] quit # Create a local user client001. [Sysname] local-user client001 [Sysname-luser-client001] password simple abc [Sysname-luser-client001] service-type ssh [Sysname-luser-client001] quit # Configure the authentication mode as password. Authentication timeout time, retry number, and update time of the server key adopt the default values.
Page 754 Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration -rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1 drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new -rwxrwxrwx 1 noone nogroup 225 Sep 01 06:55 pub -rwxrwxrwx 1 noone nogroup...
Page 755 Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration -rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2 -rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1 drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new -rwxrwxrwx 1 noone nogroup...
Page 756: Chapter 2 Tftp Configuration
Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 2 TFTP Configuration Chapter 2 TFTP Configuration 2.1 Introduction to TFTP Compared with FTP, TFTP (trivial file transfer protocol) features simple interactive access interface and no authentication control. Therefore, TFTP is applicable in the networks where client-server interactions are relatively simple.
Page 757: Tftp Configuration
Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 2 TFTP Configuration 2.2 TFTP Configuration Table 2-1 TFTP configuration tasks Item Configuration task Description TFTP Configuration: A Switch Basic configurations on a TFTP — Operating as a TFTP Client client For details, see the TFTP server configuration...
Page 758 Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 2 TFTP Configuration The TFTP working directory is configured on the TFTP server. Configure the IP addresses of a VLAN interface on the switch and the PC as 1.1.1.1 and 1.1.1.2 respectively. The port through which the switch connects with the PC belongs to the VLAN.
Page 759 Operation Manual – FTP-SFTP-TFTP H3C S3100 Series Ethernet Switches Chapter 2 TFTP Configuration # Download the switch application named switch.bin from the TFTP server to the switch. <Sysname> tftp 1.1.1.2 get switch.bin switch.bin # Upload the switch configuration file named config.cfg to the TFTP server. <Sysname>...
Page 760 Operation Manual – Information Center H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Information Center....................... 1-1 1.1 Information Center Overview ..................... 1-1 1.1.1 Introduction to Information Center................1-1 1.1.2 System Information Format..................1-4 1.2 Information Center Configuration..................1-8 1.2.1 Introduction to the Information Center Configuration Tasks ........
Page 761: Chapter 1 Information Center
Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center Chapter 1 Information Center 1.1 Information Center Overview 1.1.1 Introduction to Information Center Acting as the system information hub, information center classifies and manages system information. Together with the debugging function (the debugging command), information center offers a powerful support for network administrators and developers in monitoring network performance and diagnosing network problems.
Page 762 Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center If the threshold is set to 1, only information with the severity being emergencies will be output; If the threshold is set to 8, information of all severities will be output. III.
Page 763 Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center Note: Configurations for the six output directions function independently and take effect only after the information center is enabled. IV. Outputting system information by source module The system information can be classified by source module and then filtered.
Page 764: System Information Format
Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center Module name Description Network address translation module Neighbor discovery protocol module NTDP Network topology discovery protocol module Network time protocol module Public key infrastructure module Radius module RMON Remote monitor module Revest, Shamir and Adleman encryption module...
Page 765 Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center Note: The space, the forward slash /, and the colon are all required in the above format. Before <timestamp> may have %, “#, or * followed with a space, indicating log, alarm, or debugging information respectively.
Page 766 Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center II. Timestamp Timestamp records the time when system information is generated to allow users to check and identify system events. Note that there is a space between the timestamp and sysname (host name) fields. The time stamp has the following two formats.
Page 767 Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center III. Sysname Sysname is the system name of the local switch and defaults to “H3C”. You can use the sysname command to modify the system name. Refer to the System Maintenance and Debugging part of this manual for details) Note that there is a space between the sysname and module fields.
Page 768: Information Center Configuration
Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center 1.2 Information Center Configuration 1.2.1 Introduction to the Information Center Configuration Tasks Table 1-4 Information center configuration tasks Task Remarks Configuring Synchronous Information Output Optional Configuring to Display the Time Stamp with the UTC Time Zone Optional Setting to Output System Information to the Console Optional...
Page 769: Configuring To Display The Time Stamp With The Utc Time Zone
Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center Note: If the system information is output before you input any information following the current command line prompt, the system does not echo any command line prompt after the system information output.
Page 770: Setting To Output System Information To The Console
Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center Operation Command Description Required Set to display the UTC time By default, no UTC info-center timestamp zone in the output information time zone is of the information center displayed in the output information 1.2.4 Setting to Output System Information to the Console...
Page 771 Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center Table 1-8 Default output rules for different output directions TRAP DEBUG Output Modules Enabl Enable Enable direction allowed Severi Severit Severit ed/dis d/disab d/disab abled default Enabl warnin Enable...
Page 772: Setting To Output System Information To A Monitor Terminal
Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center Note: Make sure that the debugging/log/trap information terminal display function is enabled (use the terminal monitor command) before you enable the corresponding terminal display function by using the terminal debugging, terminal logging, or terminal trapping command.
Page 773 Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center Note: When there are multiple Telnet users or dumb terminal users, they share some configuration parameters including module filter, language and severity level threshold. In this case, change to any such parameter made by one user will also be reflected on all other user terminals.
Page 774: Setting To Output System Information To A Log Host
Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center 1.2.6 Setting to Output System Information to a Log Host Table 1-12 Set to output system information to a log host Operation Command Description Enter system view system-view —...
Page 775: Setting To Output System Information To The Trap Buffer
Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center 1.2.7 Setting to Output System Information to the Trap Buffer Table 1-13 Set to output system information to the trap buffer Operation Command Description Enter system view system-view —...
Page 776: Setting To Output System Information To The Snmp Nms
Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center Operation Command Description info-center source { modu-name | default } Optional channel Configure the output rules Refer to Table 1-8 for the { channel-number | of system information default output rules of channel-name } [ { log | system information.
Page 777: Displaying And Maintaining Information Center
Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center 1.3 Displaying and Maintaining Information Center After the above configurations, you can execute the display commands in any view to display the running status of the information center, and thus validate your configurations.
Page 778 Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center II. Network diagram Network Switch Figure 1-1 Network diagram for log output to a Unix log host III. Configuration procedure Configure the switch: # Enable the information center. <Switch>...
Page 779: Log Output To A Linux Log Host
Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center Note: When you edit the file “/etc/syslog.conf”, note that: A note must start in a new line, starting with a “#” sign. In each pair, a tab should be used as a separator instead of a space. No space is allowed at the end of a file name.
Page 780 Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center III. Configuration procedure Configure the switch: # Enable the information center. <Switch> system-view [Switch] info-center enable # Configure the host whose IP address is 202.38.1.10 as the log host. Permit all modules to output log information with severity level higher than error to the log host.
Page 781: Log Output To The Console
Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center In case of Linux log host, the daemon “syslogd” must be started with the “-r” option. After all the above operations, the switch can record information in the corresponding log file.
Page 782: Configuration Example
Operation Manual – Information Center H3C S3100 Series Ethernet Switches Chapter 1 Information Center <Switch> terminal logging 1.4.4 Configuration Example I. Network requirements The switch is in the time zone of GMT+ 08:00:00. The time stamp format of output log information is date. UTC time zone will be added to the output information of the information center.
Page 783 Operation Manual – System Maintenance and Debugging H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Boot ROM and Host Software Loading ..............1-1 1.1 Introduction to Loading Approaches .................. 1-1 1.2 Local Boot ROM and Software Loading ................1-1 1.2.1 BOOT Menu ......................
Page 784: Chapter 1 Boot Rom And Host Software Loading
Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100 Series Ethernet Switches Loading Chapter 1 Boot ROM and Host Software Loading Traditionally, switch software is loaded through a serial port. This approach is slow, time-consuming and cannot be used for remote loading.
Page 785: Boot Menu
Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100 Series Ethernet Switches Loading Note: The loading process of the Boot ROM software is the same as that of the host software, except that during the former process, you should press “6” or <Ctrl+U> and <Enter> after entering the BOOT menu and the system gives different prompts.
Page 786: Loading By Xmodem Through Console Port
Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100 Series Ethernet Switches Loading Enter the correct Boot ROM password (no password is set by default). The system enters the BOOT Menu: BOOT MENU 1.
Page 787 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100 Series Ethernet Switches Loading 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3): Step 2: Press 3 in the above menu to download the Boot ROM using XModem. The system displays the following setting menu for download baudrate: Please select your download baudrate: 1.* 9600...
Page 788 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100 Series Ethernet Switches Loading Figure 1-1 Properties dialog box Figure 1-2 Console port configuration dialog box...
Page 789 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100 Series Ethernet Switches Loading Step 5: Click the <Disconnect> button to disconnect the HyperTerminal from the switch and then click the <Connect> button to reconnect the HyperTerminal to the switch, as shown in Figure 1-3.
Page 790 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100 Series Ethernet Switches Loading Figure 1-5 Sending file page Step 9: After the sending process completes, the system displays the following information: Loading ...CCCCCCCCCC done! Step 10: Reset HyperTerminal’s baudrate to 9600 bps (refer to Step 4 and 5).
Page 791: Loading By Tftp Through Ethernet Port
Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100 Series Ethernet Switches Loading 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3): Step 2: Enter 3 in the above menu to load the host software by using XModem. The subsequent steps are the same as those for loading the Boot ROM, except that the system gives the prompt for host software loading instead of Boot ROM loading.
Page 792 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100 Series Ethernet Switches Loading Note: You can use one PC as both the configuration device and the TFTP server. Step 2: Run the TFTP server program on the TFTP server, and specify the path of the program to be downloaded.
Page 793: Loading By Ftp Through Ethernet Port
Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100 Series Ethernet Switches Loading Step 1: Select <1> in BOOT Menu and press <Enter>. The system displays the following information: 1. Set TFTP protocol parameter 2.
Page 794 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100 Series Ethernet Switches Loading Note: You can use one computer as both configuration device and FTP server. Step 2: Run the FTP server program on the FTP server, configure an FTP user name and password, and copy the program file to the specified FTP directory.
Page 795: Remote Boot Rom And Software Loading
Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100 Series Ethernet Switches Loading Enter your choice(0-3): Enter 2 in the above menu to download the host software using FTP. The subsequent steps are the same as those for loading the Boot ROM, except for that the system gives the prompt for host software loading instead of Boot ROM loading.
Page 796 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100 Series Ethernet Switches Loading Password: 230 Logged in successfully [ftp] get switch.btm [ftp] bye Note: When using different FTP server software on PC, different information will be output to the switch.
Page 797 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100 Series Ethernet Switches Loading II. Loading Procedure Using FTP Server As shown in Figure 1-9, the switch is used as the FTP server. You can telnet to the switch, and then execute the FTP commands to upload the Boot ROM switch.btm to the switch.
Page 798 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100 Series Ethernet Switches Loading Figure 1-10 Command line interface Step 5: Use the cd command on the interface to enter the path that the Boot ROM upgrade file is to be stored.
Page 799 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100 Series Ethernet Switches Loading Figure 1-12 Log on to the FTP server Step 7: Use the put command to upload the file switch.btm to the switch, as shown in Figure 1-13.
Page 800: Remote Loading Using Tftp
Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100 Series Ethernet Switches Loading <Sysname> boot bootrom switch.btm This will update Bootrom on unit 1. Continue? [Y/N] y Upgrading Bootrom, please wait... Upgrade Bootrom succeeded! <Sysname>...
Page 801: Chapter 2 Basic System Configuration And Debugging
Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration H3C S3100 Series Ethernet Switches and Debugging Chapter 2 Basic System Configuration and Debugging 2.1 Basic System Configuration Table 2-1 Basic System Configuration Operation Command Description Required clock datetime Execute this command in user Set the current date HH:MM:SS...
Page 802: Displaying The System Status
Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration H3C S3100 Series Ethernet Switches and Debugging Operation Command Description Optional Return from current The composite key <Ctrl+Z> has return view to user view the same effect with the return command.
Page 803 Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration H3C S3100 Series Ethernet Switches and Debugging Figure 2-1 The relationship between the protocol and screen debugging switch Note: Displaying debugging information on the terminal is the most commonly used way to output debugging information.
Page 804: Displaying Debugging Status
Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration H3C S3100 Series Ethernet Switches and Debugging 2.3.2 Displaying Debugging Status Table 2-4 Display the current debugging status in the system Operation Command Description Display all display debugging [ unit unit-id ] You can execute the enabled [ interface interface-type...
Page 805: Chapter 3 Network Connectivity Test
Operation Manual – System Maintenance and Debugging H3C S3100 Series Ethernet Switches Chapter 3 Network Connectivity Test Chapter 3 Network Connectivity Test 3.1 Network Connectivity Test 3.1.1 ping You can use the ping command to check the network connectivity and the reachability of a host.
Page 806 Operation Manual – System Maintenance and Debugging H3C S3100 Series Ethernet Switches Chapter 3 Network Connectivity Test Table 3-2 The tracert command Operation Command Description View the gateways that a tracert [ -a source-ip ] [ -f You can execute the packet passes from the first-ttl ] [ -m max-ttl ] [ -p tracert command in any...
Page 807: Chapter 4 Device Management
Operation Manual – System Maintenance and Debugging H3C S3100 Series Ethernet Switches Chapter 4 Device Management Chapter 4 Device Management 4.1 Introduction to Device Management Device Management includes the following: Reboot the Ethernet switch Configure real-time monitoring of the running status of the system Specify the APP to be used at the next reboot Update the Boot ROM Identifying and Diagnosing Pluggable Transceivers...
Page 808: Scheduling A Reboot On The Switch
Operation Manual – System Maintenance and Debugging H3C S3100 Series Ethernet Switches Chapter 4 Device Management Table 4-2 Reboot the Ethernet switch Operation Command Description Reboot the Ethernet switch reboot [ unit unit-id ] Available in user view 4.2.3 Scheduling a Reboot on the Switch After you schedule a reboot on the switch, the switch will reboot at the specified time.
Page 809: Specifying The App To Be Used At Reboot
Operation Manual – System Maintenance and Debugging H3C S3100 Series Ethernet Switches Chapter 4 Device Management Caution: Enabling of this function consumes some amounts of CPU resources. Therefore, if your network has a high CPU usage requirement, you can disable this function to release your CPU resources.
Page 810 Operation Manual – System Maintenance and Debugging H3C S3100 Series Ethernet Switches Chapter 4 Device Management Table 4-7 Commonly used pluggable transceivers Whether can be Whether can be Applied Transceiver type an optical an electrical environment transceiver transceiver Generally used for 100M/1000M SFP (Small Ethernet interfaces...
Page 811: Displaying The Device Management Configuration
Operation Manual – System Maintenance and Debugging H3C S3100 Series Ethernet Switches Chapter 4 Device Management You can use the Vendor Name field in the prompt information of the display transceiver interface command to identify an anti-spoofing pluggable transceiver customized by H3C. If the field is H3C, it is considered an H3C-customized pluggable transceiver.
Page 812: Remote Switch App Upgrade Configuration Example
Operation Manual – System Maintenance and Debugging H3C S3100 Series Ethernet Switches Chapter 4 Device Management Table 4-10 Display the operating status of the device management Operation Command Description Display the APP to be adopted display boot-loader [ unit at next startup unit-id ] Display the module type and display device [ manuinfo | unit...
Page 813 Operation Manual – System Maintenance and Debugging H3C S3100 Series Ethernet Switches Chapter 4 Device Management The host software switch.bin and the Boot ROM file boot.btm of the switch are stored in the directory switch on the PC. Use FTP to download the switch.bin and boot.btm files from the FTP server to the switch.
Page 814 Operation Manual – System Maintenance and Debugging H3C S3100 Series Ethernet Switches Chapter 4 Device Management Connected. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(none):switch 331 Give me your password, please Password: 230 Logged in successfully [ftp] Enter the authorized path on the FTP server.
Page 815 Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 VLAN-VPN Configuration.................... 1-1 1.1 VLAN-VPN Overview ......................1-1 1.1.1 Introduction to VLAN-VPN ..................1-1 1.1.2 Implementation of VLAN-VPN................. 1-2 1.1.3 Configuring the TPID for VLAN-VPN Packets ............1-2 1.2 VLAN-VPN Configuration ....................
Page 816 Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Table of Contents 4.2.1 Configuration Prerequisites..................4-4 4.2.2 Configuring a BPDU Tunnel..................4-4 4.3 Displaying and Maintaining BPDU Tunnel Configuration ..........4-5 4.4 BPDU Tunnel Configuration Example ................4-5 4.4.1 Transmitting STP Packets Through a Tunnel ............4-5...
Page 817: Chapter 1 Vlan-Vpn Configuration
Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 1 VLAN-VPN Configuration Chapter 1 VLAN-VPN Configuration When configuring VLAN-VPN, go to these sections for information you are interested VLAN-VPN Overview VLAN-VPN Configuration Displaying and Maintaining VLAN-VPN Configuration VLAN-VPN Configuration Example 1.1 VLAN-VPN Overview 1.1.1 Introduction to VLAN-VPN Virtual private network (VPN) is a new technology that emerges with the expansion of...
Page 818: Implementation Of Vlan-Vpn
Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 1 VLAN-VPN Configuration The VLAN-VPN feature provides you with the following benefits: Saves public network VLAN ID resource. You can have VLAN IDs of your own, which is independent of public network VLAN IDs.
Page 819: Vlan-Vpn Configuration
Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 1 VLAN-VPN Configuration when tagging a received VLAN-VPN frame as needed. When doing that, you should set the same TPID on both the customer-side port and the service provider-side port. The TPID in an Ethernet frame has the same position with the protocol type field in a frame without a VLAN tag.
Page 820: Configuring The Tpid Value For Vlan-Vpn Packets
Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 1 VLAN-VPN Configuration To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter Ethernet port view — interface-number Required Enable the VLAN-VPN By default, the VLAN-VPN vlan-vpn enable feature on the port feature is disabled on a...
Page 821: Displaying And Maintaining Vlan-Vpn Configuration
Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 1 VLAN-VPN Configuration 1.3 Displaying and Maintaining VLAN-VPN Configuration To do... Use the command... Remarks Display the VLAN-VPN configurations of all the display port vlan-vpn Available in any view ports 1.4 VLAN-VPN Configuration Example 1.4.1 Transmitting User Packets through a Tunnel in the Public Network by Using VLAN-VPN...
Page 822 Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 1 VLAN-VPN Configuration II. Network diagram PC Server VLAN 100 SwitchB Eth1/0/21 Eth1/0/22 VLAN 200 PC User VLAN 100 TPID=0x9200 VLAN 1040 Terminal Server Eth1/0/12 Eth1/0/11 VLAN 200 SwitchA Terminal User Figure 1-4 Network diagram for VLAN-VPN configuration III.
Page 823 Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 1 VLAN-VPN Configuration # Enable the VLAN-VPN feature on Ethernet 1/0/21 of Switch B and tag the packets received on this port with the tag of VLAN 1040 as the outer VLAN tag. <SwitchB>...
Page 824 Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 1 VLAN-VPN Configuration The TPID value of the outer VLAN tag is set to 0x9200 before the packet is forwarded to the public network through Ethernet1/0/12 of Switch A. The outer VLAN tag of the packet remains unchanged while the packet travels in the public network, till it reaches Ethernet1/0/22 of Switch B.
Page 825: Chapter 2 Selective Qinq Configuration
Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 2 Selective QinQ Configuration Chapter 2 Selective QinQ Configuration Note: This chapter is only applicable to S3100-EI series switches. When configuring selective QinQ, go to these sections for information you are interested in: Selective QinQ Overview Selective QinQ Configuration...
Page 826: Selective Qinq Configuration
Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 2 Selective QinQ Configuration Figure 2-1 Diagram for a selective QinQ implementation In this implementation, Switch A is an access device of the service provider. The users connecting to it include common customers (in VLAN 8 to VLAN 100), VIPs (in VLAN 101 to VLAN 200), and IP telephone users (in VLAN 201 to VLAN 300).
Page 827: Configuring Global Tag Mapping Rules For Selective Qinq
Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 2 Selective QinQ Configuration Task Remarks Configuring Global Tag Mapping Rules Required for Selective QinQ Enabling the Selective QinQ Feature for Optional a Port 2.2.2 Configuring Global Tag Mapping Rules for Selective QinQ Table 2-1 Configure global tag mapping rules for selective QinQ Operation Command...
Page 828: Selective Qinq Configuration Example
Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 2 Selective QinQ Configuration 2.3 Selective QinQ Configuration Example 2.3.1 Processing Private Network Packets by Their Types I. Network requirements Ethernet 1/0/3 of Switch A provides public network access for PC users and IP phone users.
Page 829 Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 2 Selective QinQ Configuration II. Network diagram Figure 2-2 Network diagram for selective QinQ configuration III. Configuration procedure Configure Switch A. # Create VLAN 1000, VLAN 1200 and VLAN 5 (the default VLAN of Ethernet 1/0/3) on SwitchA.
Page 830 Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 2 Selective QinQ Configuration # Configure Ethernet 1/0/3 as a hybrid port and configure VLAN 5 as its default VLAN. Configure Ethernet 1/0/3 to remove VLAN tags when forwarding packets of VLAN 5, VLAN 1000, and VLAN 1200.
Page 831 Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 2 Selective QinQ Configuration [SwitchB-Etherent1/0/11] port link-type hybrid [SwitchB-Etherent1/0/11] port hybrid vlan 12 13 1000 1200 tagged # Configure Ethernet1/0/12 as a hybrid port and configure VLAN 12 as its default VLAN . Configure Ethernet 1/0/12 to remove VLAN tags when forwarding packets of VLAN 12 and VLAN 1000.
Page 832: Chapter 3 Vlan Mapping Configuration
Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 3 VLAN Mapping Configuration Chapter 3 VLAN Mapping Configuration Note: This chapter is only applicable to S3100-EI series switches. 3.1 VLAN Mapping Overview 3.1.1 Introduction to VLAN Mapping The VLAN mapping function can replace the private network VLAN tag of a customer packet with a public network VLAN tag, so that the customer packet can be transmitted within the public network in a way conforming to the public network layout.
Page 833: Vlan Mapping Implementation
Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 3 VLAN Mapping Configuration 3.1.2 VLAN Mapping Implementation You can configure VLAN mapping rules for each port of an S3100 series switch. With the VLAN mapping function enabled on a port, the port maps private network VLAN tags to the corresponding public network VLAN tags for packets to be forwarded to the public network and performs the converse operation for the packets to be forwarded to the destination private network.
Page 834: Enabling The Vlan Mapping Function Based On A Port-Level Vlan Mapping Rule
Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 3 VLAN Mapping Configuration Operation Command Description Required Enable the VLAN By default, the VLAN vlan-mapping enable mapping function mapping function is disabled. Note: A port that is in a link aggregation port group cannot have the VLAN Mapping feature enabled.
Page 835: Vlan Mapping Configuration Example
Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 3 VLAN Mapping Configuration Note: A port that is in a link aggregation port group cannot have the VLAN Mapping feature enabled. When configuring a VLAN mapping rule, make sure that the mapping relationship between private network VLANs and public network VLANs is one-to-one.
Page 836 Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 3 VLAN Mapping Configuration II. Network diagram Figure 3-3 Network diagram for VLAN mapping configuration III. Configuration procedure Note: In this example, the VLAN mapping function is enabled based on port-level VLAN mapping rules.
Page 837 Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 3 VLAN Mapping Configuration # As Ethernet 1/0/11 of Switch A not only receives packets of the customer VLAN but also forward packets from the service provider network, you need to configure the port as a trunk port or hybrid port.
Page 838 Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 3 VLAN Mapping Configuration [SwitchA-Ethernet1/0/12] vlan-mapping vlan 200 remark 600 After the above configurations, Switch A maps the VLAN tags of the customer packets received through Ethernet 1/0/11 and Ethernet 1/0/12 to the corresponding public network VLAN tags as defined in the VLAN mapping rules and then forwards the packet to public network for transmission.
Page 839: Chapter 4 Bpdu Tunnel Configuration
Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 4 BPDU Tunnel Configuration Chapter 4 BPDU Tunnel Configuration Note: This chapter is only applicable to S3100-EI series switches. When configuring BPDU tunnel, go to these sections for information you are interested BPDU Tunnel Overview BPDU Tunnel Configuration Displaying and Maintaining BPDU Tunnel Configuration...
Page 840 Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 4 BPDU Tunnel Configuration address is used to identify the corresponding proprietary protocol, and the type field is used to identify the specific protocol type. II. Transmitting BPDU packets transparently As shown in Figure 3-1, the network on the top is the service provider network, and the...
Page 841: Bpdu Tunnel Configuration
Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 4 BPDU Tunnel Configuration Figure 3-2 and Figure 3-3 show the structure of a BPDU packet before and after it enter a BPDU tunnel. Figure 4-2 The structure of a BPDU packet before it enters a BPDU tunnel Figure 4-3 The structure of a BPDU packet after it enters a BPDU tunnel Caution: To prevent the devices in the service provider network from processing the tunnel...
Page 842: Configuring A Bpdu Tunnel
Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 4 BPDU Tunnel Configuration Proprietary protocols of other vendors, including CDP (CISCO discovery protocol), PAGP (port aggregation protocol), PVST (per-VLAN spanning tree), VTP (VLAN trunk protocol), and UDLD (uni-directional link discovery) 4.2.1 Configuration Prerequisites The edge devices can communicate with the user devices properly.
Page 843: Bpdu Tunnel Configuration Example
Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 4 BPDU Tunnel Configuration Note: If BPDU tunnel transparent transmission is enabled for packets of a protocol, the protocol cannot be enabled on the port. For example, if you execute the bpdu-tunnel lacp command, the lacp enable command cannot be executed on the port.
Page 844 Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 4 BPDU Tunnel Configuration Enable the service provider network to transmit STP packets of the customer network through BPDU tunnel. The destination MAC address for tunnel packets is 010f-e233-8b22. Enable the VLAN-VPN feature for the service provider network, and enable the service provider network to use VLAN 100 to transmit data packets of the customer network.
Page 845 Operation Manual – VLAN-VPN H3C S3100 Series Ethernet Switches Chapter 4 BPDU Tunnel Configuration Configure Provider2. # Disable STP on Ethernet1/0/4. <Sysname> system-view [Sysname] interface Ethernet 1/0/4 [Sysname-Ethernet1/0/4] stp disable # Enable BPDU tunnel for STP packets. [Sysname-Ethernet1/0/4] bpdu-tunnel stp # Enable VLAN-VPN and use VLAN 100 to transmit user data packets through BPDU tunnels.
Page 846 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 HWPing Configuration ....................1-1 1.1 HWPing Overview......................1-1 1.1.1 Introduction to HWPing ................... 1-1 1.1.2 Test Types Supported by HWPing................1-2 1.1.3 HWPing Test Parameters ..................1-2 1.2 HWPing Configuration .......................
Page 847: Chapter 1 Hwping Configuration
Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Chapter 1 HWPing Configuration 1.1 HWPing Overview 1.1.1 Introduction to HWPing HWPing (pronounced Hua’Wei Ping) is a network diagnostic tool. It is used to test the performance of various protocols running in networks. HWPing provides more functions than the ping command.
Page 848: Test Types Supported By Hwping
Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration 1.1.2 Test Types Supported by HWPing Table 1-1 Test types supported by HWPing Supported test types Description ICMP test DHCP test FTP test For these types of tests, you need to configure HWPing client and corresponding servers.
Page 849 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Test parameter Description For DHCP test, you must specify a source interface, which will be used by HWPing client to send DHCP requests. If no source interface is specified for a DHCP test, the test will not succeed.
Page 850 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Test parameter Description Type of service is the value of the ToS field in IP Type of service (tos) header in the test packets. This parameter is used to specify a DNS domain name in a HWPing DNS test group.
Page 851: Hwping Configuration
Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Test parameter Description A HWPing test will generate a Trap message no matter whether the test successes or not. You can use the Trap switch to enable or disable the output of trap messages.
Page 852: Hwping Client Configuration
Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Table 1-4 HWPing server configuration Operation Command Description Enter system view system-view — Required Enable the HWPing hwping-server enable server function Disabled by default. Required for UDP and jitter tests Configure a UDP listening hwping-server udpecho...
Page 853 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Operation Command Description Optional Configure the source IP source-ip ip-address By default, no source IP address address is configured. Optional Configure the number of count times By default, each test probes per test makes one probe.
Page 854 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Table 1-6 Configure DHCP test on HWPing client Operation Command Description Enter system view system-view — Required Enable the HWPing client hwping-agent enable By default, the HWPing function client function is disabled.
Page 855 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Operation Command Description Required hwping Create a HWPing test administrator-name By default, no test group group and enter its view operation-tag is configured. Required Configure the test type test-type ftp By default, the test type is ICMP.
Page 856 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Operation Command Description Configure an FTP login Required username name username By default, neither username nor password Configure an FTP login password password is configured. password Required Configure a file name for By default, no file name is filename file-name...
Page 857 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Operation Command Description Required: When you use S3100-EI Series Switches HWPing Client for http test and destination address as host name. This command can not be supported when you Configure dns-server dns-server ip-address S3100-SI...
Page 858 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Operation Command Description Required Configure the HTTP http-string string By default, HTTP operation operation string and version string and version are not version in an HTTP test configured.
Page 859 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Operation Command Description Optional Configure the source port source-port port-number By default, no source port is configured. Optional Configure the number of count times By default, each test probes per test makes one probe.
Page 860 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Table 1-10 Configure SNMP test on HWPing client Operation Command Description Enter system view system-view — Required Enable the HWPing client hwping-agent enable By default, the HWPing function client function is disabled.
Page 861 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Operation Command Description Required display hwping results Display test results [ admin-name You can execute the operation-tag ] command in any view. Configuring TCP test on HWPing client Table 1-11 Configure TCP test on HWPing client Operation Command...
Page 862 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Operation Command Description Optional Configure the source IP source-ip ip-address By default, the source IP address address is not specified. Optional Configure the source port source-port port-number By default, no source port is specified.
Page 863 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Operation Command Description Required test-type { udpprivate | Configure the test type By default, the test type is udppublic } ICMP. Required This IP address and the one configured on the Configure the destination HWPing server for...
Page 864 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Operation Command Description Optional By default, the automatic Configure the automatic test interval is zero frequency interval test interval seconds, indicating no automatic test will be made. Optional Configure the probe timeout time...
Page 865 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Operation Command Description Optional By default, the automatic Configure the automatic test interval is zero frequency interval test interval seconds, indicating no automatic test will be made. Optional Configure the probe timeout time...
Page 866: Displaying Hwping Configuration
Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Operation Command Description send-trap { all | Required Enable the HWPing client { probefailure | By default, Trap sending to send Trap messages testcomplete | is disabled. testfailure }* } Optional Configure the number of...
Page 867 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration II. Network diagram Figure 1-2 Network diagram for the ICMP test III. Configuration procedure Configure HWPing Client (Switch A): # Enable HWPing client. <Sysname> system-view [Sysname] hwping-agent enable # Create a HWPing test group, setting the administrator name to "administrator"...
Page 868: Dhcp Test
Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration SD Maximal delay: 0 DS Maximal delay: 0 Packet lost in test: 0% Disconnect operation number: 0 Operation timeout number: 0 System busy operation number: 0 Connection fail number: 0 Operation sequence errors: 0 Drop operation number: 0 Other operation errors: 0...
Page 869 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration # Create a HWPing test group, setting the administrator name to "administrator" and test tag to "DHCP". [Sysname] Hwping administrator dhcp # Configure the test type as dhcp. [Sysname-hwping-administrator-dhcp] test-type dhcp # Configure the source interface, which must be a VLAN interface.
Page 870: Ftp Test
Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration 1018 2000-04-03 09:50:48.8 1020 2000-04-03 09:50:36.8 1020 2000-04-03 09:50:30.8 1028 2000-04-03 09:50:22.8 For detailed output description, see the corresponding command manual. 1.3.3 FTP Test I. Network requirements Both the HWPing client and the FTP server are H3C S3100 series Ethernet switches.
Page 871 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration [Sysname-hwping-administrator-ftp] username admin # Configure the FTP login password. [Sysname-hwping-administrator-ftp] password admin # Configure the type of FTP operation. [Sysname-hwping-administrator-ftp] ftp-operation put # Configure a file name for the FTP operation. [Sysname-hwping-administrator-ftp] filename cmdtree.txt # Configure to make 10 probes per test.
Page 872: Http Test
Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration 15653 2000-04-03 03:59:21.2 9792 2000-04-03 03:59:05.5 9794 2000-04-03 03:58:55.6 9891 2000-04-03 03:58:45.8 3245 2000-04-03 03:58:35.9 For detailed output description, see the corresponding command manual. Note: If you are downloading a file from the server, you do not need to specify an FTP operation type.
Page 873 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration [Sysname] Hwping administrator http # Configure the test type as http. [Sysname-hwping-administrator-http] test-type http # Configure the IP address of the HTTP server as 10.2.2.2. [Sysname-hwping-administrator-http] destination-ip 10.2.2.2 # Configure to make 10 probes per test.
Page 874: Jitter Test
Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration [Sysname-hwping-administrator-http] display hwping history administrator http HWPing entry(admin administrator, tag http) history record: Index Response Status LastRC Time 2000-04-02 15:15:52.5 2000-04-02 15:15:52.5 2000-04-02 15:15:52.5 2000-04-02 15:15:52.5 2000-04-02 15:15:52.5 2000-04-02 15:15:52.4 2000-04-02 15:15:52.4 2000-04-02 15:15:52.4...
Page 875 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration III. Configuration procedure Configure HWPing Server (Switch B): # Enable the HWPing server and configure the IP address and port to listen on. <Sysname> system-view [Sysname] hwping-server enable [Sysname] hwping-server udpecho 10.2.2.2 9000 Configure HWPing Client (Switch A): # Enable the HWPing client.
Page 876: Snmp Test
Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Disconnect operation number: 0 Operation timeout number: 0 System busy operation number: 0 Connection fail number: 0 Operation sequence errors: 0 Drop operation number: 0 Other operation errors: 0 Jitter result: RTT Number:100 Min Positive SD:1...
Page 877 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Switch A sends an SNMP query message to Switch B (SNMP Agent) to it receives a response from Switch B. II. Network diagram Figure 1-7 Network diagram for the SNMP test III.
Page 878 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration # Configure the destination IP address as 10.2.2.2. [Sysname-hwping-administrator-snmp] destination-ip 10.2.2.2 # Configure to make 10 probes per test. [Sysname-hwping-administrator-snmp] count 10 # Set the probe timeout time to 30 seconds. [Sysname-hwping-administrator-snmp] timeout 30 # Start the test.
Page 879: Tcp Test (Tcpprivate Test) On The Specified Ports
Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration 1.3.7 TCP Test (Tcpprivate Test) on the Specified Ports I. Network requirements Both the HWPing client and the HWPing server are H3C S3100 series Ethernet switches. Perform a HWPing Tcpprivate test to test time required to establish a TCP connection between this end (Switch A) and the specified destination end (Switch B), with the port number set to 8000.
Page 880: Udp Test (Udpprivate Test) On The Specified Ports
Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration [Sysname-hwping-administrator-tcpprivate] timeout 5 # Start the test. [Sysname-hwping-administrator-tcpprivate] test-enable # Display test results. [Sysname-hwping-administrator-tcpprivate] display hwping results administrator tcpprivate HWPing entry(admin administrator, tag tcpprivate) test result: Destination ip address:10.2.2.2 Send operation times: 10 Receive response times: 10 Min/Max/Average Round Trip Time: 4/7/5...
Page 881 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration switches to test the RTT of UDP packets between this end (HWPing client) and the specified destination end (HWPing server), with the port number set to 8000. II.
Page 882: Dns Test
Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration [Sysname-hwping-administrator-udpprivate] display hwping results administrator udpprivate HWPing entry(admin administrator, tag udpprivate) test result: Destination ip address:10.2.2.2 Send operation times: 10 Receive response times: 10 Min/Max/Average Round Trip Time: 10/12/10 Square-Sum of Round Trip Time: 1170 Last complete test time: 2000-4-2 8:29:45.5 Extend result:...
Page 883 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration II. Network diagram Figure 1-10 Network diagram for the DNS test III. Configuration procedure Configure DNS Server: Use Windows 2003 Server as the DNS server. For DNS server configuration, refer to the related instruction on Windows 2003 Server configuration.
Page 884 Operation Manual – HWPing H3C S3100 Series Ethernet Switches Chapter 1 HWPing Configuration Min/Max/Average Round Trip Time: 6/10/8 Square-Sum of Round Trip Time: 756 Last complete test time: 2006-11-28 11:50:40.9 Extend result: SD Maximal delay: 0 DS Maximal delay: 0 Packet lost in test: 0% Disconnect operation number: 0 Operation timeout number: 0...
Page 885 Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IPv6 Configuration....................... 1-1 1.1 IPv6 Overview........................1-1 1.1.1 IPv6 Features ......................1-1 1.1.2 Introduction to IPv6 Address ................... 1-3 1.1.3 Introduction to IPv6 Neighbor Discovery Protocol ..........1-7 1.1.4 Introduction to IPv6 DNS..................
Page 886: Chapter 1 Ipv6 Configuration
Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration Chapter 1 IPv6 Configuration Note: H3C S3100 Series Ethernet Switches support IPv6 management features, but do not support IPv6 forwarding and related features. The term “router” in this document refers to a router in a generic sense or an Ethernet switch running a routing protocol.
Page 887 Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration Figure 1-1 Comparison between IPv4 header format and IPv6 header format II. Adequate address space The source IPv6 address and the destination IPv6 address are both 128 bits (16 bytes) long.IPv6 can provide 3.4 x 10 addresses to completely meet the requirements of hierarchical address division as well as allocation of public and private addresses.
Page 888: Introduction To Ipv6 Address
Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration VI. Support for QoS The Flow Label field in the IPv6 header allows the device to label packets in a flow and provide special handling for these packets. VII.
Page 889 Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration Caution: The double-colon :: can be used only once in an IPv6 address. Otherwise, the device is unable to determine how many zeros the double-colon represents when converting it to zeros to restore the IPv6 address to a 128-bit address.
Page 890 Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration Table 1-1 Mapping between address types and format prefixes Format prefix Type IPv6 prefix ID (binary) Unassigned address 00...0 (128 bits) ::/128 Loopback address 00...1 (128 bits) ::1/128 Unicast address Link-local address...
Page 891 Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration Table 1-2 Reserved IPv6 multicast addresses Address Application FF01::1 Node-local scope all-nodes multicast address FF02::1 Link-local scope all-nodes multicast address FF01::2 Node-local scope all-routers multicast address FF02::2 Link-local scope all-routers multicast address FF05::2...
Page 892: Introduction To Ipv6 Neighbor Discovery Protocol
Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration 1.1.3 Introduction to IPv6 Neighbor Discovery Protocol The IPv6 neighbor discovery protocol (NDP) uses five types of ICMPv6 messages to implement the following functions: Address resolution Neighbor unreachability detection Duplicate address detection Router/prefix discovery...
Page 893 Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration Note: H3C S3100 Series Ethernet Switches do not support RS, RA, or Redirect message. Of the above mentioned IPv6 NDP functions, H3C S3100 Series Ethernet Switches support the following three functions: address resolution, neighbor unreachability detection, and duplicate address detection.
Page 894: Introduction To Ipv6 Dns
Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration Node A sends an NS message whose destination address is the IPv6 address of node B. If node A receives an NA message from node B, node A considers that node B is reachable.
Page 895: Protocols And Standards
Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration convert domain names into IPv4 addresses or IPv6 addresses. In this way, the DNS server has the functions of both IPv6 DNS and IPv4 DNS. 1.1.5 Protocols and Standards Protocol specifications related to IPv6 include: RFC 1881: IPv6 Address Allocation Management RFC 1887: An Architecture for IPv6 Unicast Address Allocation...
Page 896 Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration To enable a host to access a public IPv6 network, you need to assign an IPv6 global unicast address to it. IPv6 site-local addresses and global unicast addresses can be configured in either of the following ways: EUI-64 format: When the EUI-64 format is adopted to form IPv6 addresses, the IPv6 address prefix of an interface is the configured prefix and the interface...
Page 897: Configuring Ipv6 Ndp
Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration Note: IPv6 unicast addresses can be configured for only one VLAN interface of an H3C S3100 Series Ethernet Switches. Only one global unicast address or one site-local address can be configured for an interface.
Page 898 Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration Table 1-6 Configure a static neighbor entry To do... Use the command... Remarks Enter system view system-view — ipv6 neighbor ipv6-address mac-address Configure a static { vlan-id port-type port-number | interface Required neighbor entry interface-type interface-number }...
Page 899 Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration To do… Use the command… Remarks Optional Configure the attempts to 1 by default. When the send an NS message for ipv6 nd dad attempts value argument is set to 0, duplicate address value the duplicate address...
Page 900: Configuring A Static Ipv6 Route
Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration 1.2.3 Configuring a Static IPv6 Route You can configure static IPv6 routes for network interconnection in a small sized IPv6 network. Table 1-11 Configure a static IPv6 route To do…...
Page 901: Configuring The Maximum Number Of Ipv6 Icmp Error Packets Sent Within A Specified Time
Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration 1.2.5 Configuring the Maximum Number of IPv6 ICMP Error Packets Sent within a Specified Time If too many IPv6 ICMP error packets are sent within a short time in a network, network congestion may occur.
Page 902: Configuring Ipv6 Dns
Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration 1.2.7 Configuring IPv6 DNS I. Configure a static host name to IPv6 address mapping You can directly use a host name when applying telnet applications and the system will resolve the host name into an IPv6 address.
Page 903: Displaying And Maintaining Ipv6
Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration Note: The dns resolve and dns domain commands are the same as those of IPv4 DNS. For details about the commands, refer to DNS. 1.2.8 Displaying and Maintaining IPv6 Table 1-17 Display and maintain IPv6 To do…...
Page 904: Ipv6 Configuration Example
Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration To do… Use the command… Remarks Clear IPv6 dynamic domain reset dns ipv6 dynamic-host name cache information reset ipv6 neighbors [ all | dynamic | interface Clear IPv6 neighbor information interface-type interface-number | static ]...
Page 905 Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration # Configure an automatically generated link-local address for the interface Vlan-interface1. <SwitchA> system-view [SwitchA] interface Vlan-interface 1 [SwitchA-Vlan-interface1] ipv6 address auto link-local # Configure a global unicast address for the interface Vlan-interface1. [SwitchA-Vlan-interface1] ipv6 address 3001::1/64 Configure Switch B.
Page 906 Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration Joined group address(es): FF02::1:FF00:2 FF02::1:FF00:2006 FF02::1 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses # On Switch A, ping the link-local address and global unicast address of Switch B.
Page 907 Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 1 IPv6 Configuration bytes=56 Sequence=1 hop limit=64 time = 79 ms Reply from 3001::2 bytes=56 Sequence=2 hop limit=64 time = 6 ms Reply from 3001::2 bytes=56 Sequence=3 hop limit=64 time = 6 ms Reply from 3001::2 bytes=56 Sequence=4 hop limit=64...
Page 908: Chapter 2 Ipv6 Application Configuration
Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 2 IPv6 Application Configuration Chapter 2 IPv6 Application Configuration 2.1 Introduction to IPv6 Application IPv6 are supporting more and more applications. Most of IPv6 applications are the same as those of IPv4. The applications supported on H3C S3100 Series Ethernet Switches are: Ping Traceroute...
Page 909: Ipv6 Traceroute
Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 2 IPv6 Application Configuration 2.2.2 IPv6 Traceroute The traceroute ipv6 command is used to record the route of IPv6 packets from source to destination, so as to check whether the link is available and determine the point of failure.
Page 910: Ipv6 Telnet
Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 2 IPv6 Application Configuration I. Configuration preparation Enable TFTP on the TFTP server and specify the path to download or upload files. For specific operations, refer to TFTP server configuration specifications. II.
Page 911: Ipv6 Application Configuration Example
Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 2 IPv6 Application Configuration I. Configuration prerequisites Enable Telnet on the Telnet server and configure the authentication method. For details, refer to Login. Table 2-4 Set up IPv6 Telnet connections To do…...
Page 912 Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 2 IPv6 Application Configuration II. Network diagram Telnet_Server TFTP_Server 3001::2/64 3001::3/64 3001::4/64 3002::1/64 3002::2/64 3003::1/64 3003::2/64 Figure 2-3 Network diagram for IPv6 applications III. Configuration procedure Note: You need configure IPv6 address at the switch’s and server’s interfaces and ensure that the route between the switch and the server is accessible before the following configuration.
Page 913: Troubleshooting Ipv6 Application
Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 2 IPv6 Application Configuration round-trip min/avg/max = 31/46/110 ms # On SWA, configure static routes to SWC, the Telnet Server, and the TFTP Server. <SWA> system-view [SWA] ipv6 route-static 3002:: 64 3003::1 [SWA] ipv6 route-static 3001:: 64 3003::1 [SWA] quit # Trace the IPv6 route from SWA to SWC.
Page 914: Unable To Run Traceroute
Operation Manual – IPv6 Management H3C S3100 Series Ethernet Switches Chapter 2 IPv6 Application Configuration Use the ping ipv6 -t timeout { destination-ipv6-address | hostname } [ -i interface-type interface-number ] command to increase the timeout time limit, so as to determine whether it is due to the timeout limit is too small. 2.4.2 Unable to Run Traceroute I.
Page 915 Operation Manual – DNS H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 DNS Configuration....................... 1-1 1.1 DNS Overview ........................1-1 1.1.1 Static Domain Name Resolution ................1-1 1.1.2 Dynamic Domain Name Resolution ................ 1-1 1.2 Configuring Domain Name Resolution ................1-3 1.2.1 Configuring Static Domain Name Resolution............
Page 916: Chapter 1 Dns Configuration
Operation Manual - DNS H3C S3100 Series Ethernet Switches Chapter 1 DNS Configuration Chapter 1 DNS Configuration Note: This chapter covers only IPv4 DNS configuration. For details about IPv6 DNS, refer to IPv6 Management Operation. 1.1 DNS Overview Domain name system (DNS) is a mechanism used for TCP/IP applications to provide domain name-to-IP address translation.
Page 917 Operation Manual - DNS H3C S3100 Series Ethernet Switches Chapter 1 DNS Configuration A user program sends a name query to the resolver in the DNS client. The DNS resolver looks up the local domain name cache for a match. If a match is found, it sends the corresponding IP address back.
Page 918: Configuring Domain Name Resolution
Operation Manual - DNS H3C S3100 Series Ethernet Switches Chapter 1 DNS Configuration If there is a dot in the domain name, such as www.aabbcc or aabbcc., it indicates that no DNS suffix needs to be added and the resolver will use this domain name to do DNS lookup first.
Page 919: Displaying And Maintaining Dns
Operation Manual - DNS H3C S3100 Series Ethernet Switches Chapter 1 DNS Configuration Note: You may configure up to six DNS servers and ten DNS suffixes. 1.3 Displaying and Maintaining DNS After the above configuration, you can execute the display command and the nslookup type command in any view to display the DNS configuration information and the DNS resolution result to verify the configuration effect.
Page 920: Dynamic Domain Name Resolution Configuration Example
Operation Manual - DNS H3C S3100 Series Ethernet Switches Chapter 1 DNS Configuration II. Network diagram Figure 1-2 Network diagram for static DNS configuration III. Configuration procedure # Configure a mapping between host name host.com and IP address 10.1.1.2. <Sysname> system-view [Sysname] ip host host.com 10.1.1.2 # Execute the ping host.com command to verify that the device can use static domain name resolution to get the IP address 10.1.1.2 corresponding to host.com.
Page 921 Operation Manual - DNS H3C S3100 Series Ethernet Switches Chapter 1 DNS Configuration II. Network diagram Figure 1-3 Network diagram for dynamic DNS configuration III. Configuration procedure Note: Before doing the following configuration, make sure that: The routes between the DNS server, Switch, and Host are reachable. Necessary configurations are done on the devices.
Page 922: Troubleshooting Dns
Operation Manual - DNS H3C S3100 Series Ethernet Switches Chapter 1 DNS Configuration Reply from 3.1.1.1: bytes=56 Sequence=4 ttl=125 time=4 ms Reply from 3.1.1.1: bytes=56 Sequence=5 ttl=125 time=5 ms --- host.com ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/4/5 ms 1.5 Troubleshooting DNS...
Page 923 Operation Manual – Smart Link-Monitor Link H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Smart Link Configuration.................... 1-1 1.1 Smart Link Overview......................1-1 1.1.1 Basic Concepts in Smart Link ................. 1-1 1.1.2 Operating Mechanism of Smart Link............... 1-3 1.2 Configuring Smart Link ......................
Page 924: Chapter 1 Smart Link Configuration
Operation Manual – Smart Link-Monitor Link H3C S3100 Series Ethernet Switches Chapter 1 Smart Link Configuration Chapter 1 Smart Link Configuration Note: Currently, only S3100-EI series Ethernet switches support the smart link feature. 1.1 Smart Link Overview As shown in Figure 1-1, dual-uplink networking is widely applied currently.
Page 925 Operation Manual – Smart Link-Monitor Link H3C S3100 Series Ethernet Switches Chapter 1 Smart Link Configuration Figure 1-1, Ethernet1/0/1 and Ethernet1/0/2 on Switch A are two member ports of a Smart Link group. II. Master port The master port can be either an Ethernet port or a manually-configured or static LACP aggregation group.
Page 926: Operating Mechanism Of Smart Link
Operation Manual – Smart Link-Monitor Link H3C S3100 Series Ethernet Switches Chapter 1 Smart Link Configuration 1.1.2 Operating Mechanism of Smart Link Eth1/0/12 Eth1/0/11 Switch E Switch C Switch D Eth1/0/1 Eth1/0/1 Eth1/0/2 Eth1/0/2 Eth1/0/3 Eth1/0/1 BLOCK Eth1/0/2 Switch A Switch B Figure 1-2 Network diagram of Smart Link operating mechanism As shown in...
Page 927: Configuring Smart Link
Operation Manual – Smart Link-Monitor Link H3C S3100 Series Ethernet Switches Chapter 1 Smart Link Configuration 1.2 Configuring Smart Link Note: Before configuring a member port of a Smart Link group, you must: Disable the port to avoid loops, thus preventing broadcast storm. Disable STP on the port.
Page 928: Configuring Associated Devices
Operation Manual – Smart Link-Monitor Link H3C S3100 Series Ethernet Switches Chapter 1 Smart Link Configuration Operation Command Remarks Required Enable the function of sending flush messages flush enable control-vlan By default, no control in the specified control vlan-id VLAN for sending flush VLAN messages is specified.
Page 929: Precautions
Operation Manual – Smart Link-Monitor Link H3C S3100 Series Ethernet Switches Chapter 1 Smart Link Configuration Link device and the target device. As shown in Figure 1-2, you need to enable this function on Ethernet 1/0/2 and Ethernet 1/0/3 of Switch C, Ethernet 1/0/2 and Ethernet 1/0/3 of Switch D, and Ethernet 11/0/1 and Ethernet 1/0/12 of Switch E.
Page 930: Displaying And Debugging Smart Link
Operation Manual – Smart Link-Monitor Link H3C S3100 Series Ethernet Switches Chapter 1 Smart Link Configuration If the control VLAN for receiving flush messages configured on an associated device is different than the one for sending flush messages configured on the corresponding Smart Link device, the device will forward received flush messages without processing them.
Page 931 Operation Manual – Smart Link-Monitor Link H3C S3100 Series Ethernet Switches Chapter 1 Smart Link Configuration II. Network diagram Server Eth1/0/2 Eth1/0/3 Switch E Eth1/0/1 Eth1/0/1 Switch C Switch D Eth1/0/2 Eth1/0/2 Eth1/0/1 Eth1/0/2 Switch A Figure 1-3 Network diagram for Smart Link configuration III.
Page 932 Operation Manual – Smart Link-Monitor Link H3C S3100 Series Ethernet Switches Chapter 1 Smart Link Configuration # Configure to send flush messages within VLAN 1. [SwitchA-smlk-group1] flush enable control-vlan 1 Enable the function of processing flush messages received from VLAN 1 on Switch C.
Page 933: Chapter 2 Monitor Link Configuration
Operation Manual – Smart Link-Monitor Link H3C S3100 Series Ethernet Switches Chapter 2 Monitor Link Configuration Chapter 2 Monitor Link Configuration Note: Currently, only S3100-EI series Ethernet switches support the monitor link feature. 2.1 Introduction to Monitor Link Monitor Link is a collaboration scheme introduced to complement for Smart Link. It is used to monitor uplink and to perfect the backup function of Smart Link.
Page 934: How Monitor Link Works
Operation Manual – Smart Link-Monitor Link H3C S3100 Series Ethernet Switches Chapter 2 Monitor Link Configuration 2.1.1 How Monitor Link Works Eth1/0/12 Eth1/0/11 Switch E Switch C Switch D Eth1/0/1 Eth1/0/1 Eth1/0/2 Eth1/0/2 Eth1/0/3 Eth1/0/1 BLOCK Eth1/0/2 Switch A Switch B Figure 2-2 Network diagram for a Monitor Link group implementation As shown in Figure...
Page 935: Configuring Monitor Link
Operation Manual – Smart Link-Monitor Link H3C S3100 Series Ethernet Switches Chapter 2 Monitor Link Configuration Note: Currently, member ports of a Monitor Link group cannot be dynamic link aggregation groups. If the uplink or downlink port in the Monitor Link group is a link aggregation group, you cannot directly delete this aggregation group or change this aggregation group into a dynamic aggregation group.
Page 936: Configuring The Uplink Port
Operation Manual – Smart Link-Monitor Link H3C S3100 Series Ethernet Switches Chapter 2 Monitor Link Configuration 2.2.3 Configuring the Uplink Port Table 2-3 Configure the uplink port Operation Command Remarks Enter system view system-view — Enter the specified Monitor Link group monitor-link group —...
Page 937: Displaying Monitor Link Configuration
Operation Manual – Smart Link-Monitor Link H3C S3100 Series Ethernet Switches Chapter 2 Monitor Link Configuration Operation Command Remarks Configure the specified link aggregation group as link-aggregation group a downlink port of the group-id downlink Monitor Link group Configure Monitor port interface-type Configure a downlink...
Page 938: Monitor Link Configuration Example
Operation Manual – Smart Link-Monitor Link H3C S3100 Series Ethernet Switches Chapter 2 Monitor Link Configuration 2.4 Monitor Link Configuration Example 2.4.1 Implementing Collaboration Between Smart Link and Monitor Link I. Network requirements As shown in Figure 2-3, the PCs access the server and Internet through the switch. Configure Smart Link and Monitor Link to prevent the PCs from failing to access the server and Internet due to uplink link or port failure.
Page 939 Operation Manual – Smart Link-Monitor Link H3C S3100 Series Ethernet Switches Chapter 2 Monitor Link Configuration [SwitchA-Ethernet1/0/1] quit [SwitchA] interface Ethernet 1/0/2 [SwitchA-Ethernet1/0/2] stp disable # Return to system view. [SwitchA-Ethernet1/0/2] quit # Create Smart Link group 1 and enter Smart Link group view. [SwitchA] smart-link group 1 # Configure Ethernet1/0/1 as the master port of the Smart Link group and Ethernet1/0/2 as the slave port.
Page 940 Operation Manual – Smart Link-Monitor Link H3C S3100 Series Ethernet Switches Chapter 2 Monitor Link Configuration [SwitchE] smart-link flush enable control-vlan 1 port Ethernet 1/0/10 to Ethernet 1/0/11...
Page 941 Operation Manual – Appendix H3C S3100 Series Ethernet Switches Table of Contents Table of Contents Appendix A Acronyms ........................A-1...
Page 942 Operation Manual – Appendix H3C S3100 Series Ethernet Switches Appendix A Acronyms Appendix A Acronyms Authentication, Authorization and Accounting Area Border Router Access Control List Address Resolution Protocol Autonomous System ASBR Autonomous System Border Router Backup Designated Router Committed Access Rate Command Line Interface Class of Service DHCP...
Page 943 Operation Manual – Appendix H3C S3100 Series Ethernet Switches Appendix A Acronyms ICMP Internet Control Message Protocol IGMP Internet Group Management Protocol Interior Gateway Protocol Internet Protocol Link State Advertisement LSDB Link State DataBase Medium Access Control Management Information Base NBMA Non Broadcast MultiAccess Network Information Center...
Page 944 Operation Manual – Appendix H3C S3100 Series Ethernet Switches Appendix A Acronyms TFTP Trivial File Transfer Protocol Type of Service Time To Live User Datagram Protocol VLAN Virtual LAN Video On Demand Weighted Round Robin eXchange Identification eXpandable Resilient Networking...

This manual is also suitable for:

S3100-si series S3100-ei series

H3C S3100 8C SI Operation Manual

Table of Contents

Chapter 2 Correspondence between Documentation and Software

Chapter 4 Network Design

CLI Configuration

Chapter 1 Cli Configuration

Table of Contents

Chapter 3 Logging in through Telnet

Chapter 6 Logging in through Nms

Chapter 7 User Control

Configuration File Management

VLAN Overview/Vlan Configuration

Management VLAN Configuration

IP Addressing Configuration/Ip Performance Configuration

Voice VLAN Configuration

Gvrp Configuration

Port Basic Configuration

Link Aggregation Configuration

Port Isolation Configuration

Port Security Configuration/Port Binding Configuration

Dldp Configuration

Mac Address Table Management

Mstp Configuration

Quick Links

Chapters

Troubleshooting

Related Manuals for H3C H3C S3100 8C SI

Summary of Contents for H3C H3C S3100 8C SI