Download Print this page

H3C LS-5100-16P-SI-OVS-H3 Configuration

H3C LS-5100-16P-SI-OVS-H3 Configuration

Low-end ethernet switches

Table of Contents

Advertisement

Quick Links

Download this manual

DHCP

H3C Low-End Ethernet Switches Configuration Examples

Chapter 1 DHCP Functions Overview ......................................................................................... 1-1

1.1 Supported DHCP Functions .............................................................................................. 1-1

1.1.1 DHCP Functions Supported by the H3C Low-End Ethernet Switches ................... 1-1

1.2 Configuration Guide........................................................................................................... 1-2

1.2.1 Configuring the DHCP Server ................................................................................. 1-2

1.2.2 Configuring the DHCP Relay Agent ........................................................................ 1-8

1.2.3 Configuring DHCP Snooping .................................................................................. 1-9

Chapter 2 Configuration Examples ............................................................................................. 2-1

2.1 DHCP Server Configuration Example................................................................................ 2-1

2.1.1 Network Requirements............................................................................................ 2-1

2.1.2 Network Diagram..................................................................................................... 2-2

2.1.3 Configuration Procedure ......................................................................................... 2-2

2.2 DHCP Relay Agent/Snooping Configuration Examples .................................................... 2-4

2.2.1 Network Requirements............................................................................................ 2-4

2.2.2 Network Diagram..................................................................................................... 2-5

2.2.3 Configuration Procedure ......................................................................................... 2-6

2.3 Precautions ...................................................................................................................... 2-11

2.3.1 Cooperation Between DHCP Relay Agent and IRF.............................................. 2-11

Chapter 3 Related Documents ..................................................................................................... 3-1

3.1 Protocols and Standards ................................................................................................... 3-1

Table of Contents

i

Table of Contents

Table of Contents

Advertisement

Chapters

Table of Contents

Need help?

Need help?

Do you have a question about the LS-5100-16P-SI-OVS-H3 and is the answer not in the manual?

Questions and answers

Summary of Contents for H3C LS-5100-16P-SI-OVS-H3

Page 1 DHCP H3C Low-End Ethernet Switches Configuration Examples Table of Contents Table of Contents Chapter 1 DHCP Functions Overview ..................1-1 1.1 Supported DHCP Functions ....................1-1 1.1.1 DHCP Functions Supported by the H3C Low-End Ethernet Switches ....1-1 1.2 Configuration Guide......................1-2 1.2.1 Configuring the DHCP Server .................
Page 2: Dhcp Configuration Examples
DHCP H3C Low-End Ethernet Switches Configuration Examples Abstract DHCP Configuration Examples Keywords: DHCP, Option 82 Abstract: This document describes DHCP configuration and application on Ethernet switches in specific networking environments. Based on the different roles played by the devices in the network, the functions and applications of DHCP server, DHCP relay agent, DHCP snooping, and DHCP Option 82 are covered.
Page 3: Chapter 1 Dhcp Functions Overview
DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 1 DHCP Functions Overview Chapter 1 DHCP Functions Overview 1.1 Supported DHCP Functions 1.1.1 DHCP Functions Supported by the H3C Low-End Ethernet Switches Table 1-1 DHCP functions supported by the H3C low-end ethernet switches Function DHCP relay DHCP server...
Page 4: Configuring The Dhcp Server
DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 1 DHCP Functions Overview DHCP snooping security functions: DHCP snooping entry update and ARP source checking DHCP Option 82 Note: Refer to respective user manuals for detailed descriptions of the DHCP functions supported by different models.
Page 5 DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 1 DHCP Functions Overview Operation Command Description Required Create a DHCP address By default, no global pool and enter DHCP dhcp server ip-pool pool-name DHCP address pool address pool view is created. Required Configure an IP address By default, no IP...
Page 6 DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 1 DHCP Functions Overview Operation Command Description Return quit system view Create Optional address pool for dhcp server ip-pool pool-name static By default, no MAC address binding address or client ID is bound to an IP Specify the IP static-bind ip-address...
Page 7 DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 1 DHCP Functions Overview Operation Command Description Required Enable the detection of default, unauthorized DHCP dhcp server detect detection servers unauthorized DHCP servers is disabled. maximum number of Optional ping packets dhcp server ping packets...
Page 8 DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 1 DHCP Functions Overview Operation Command Description dhcp server static-bind Optional Bind address ip-address ip-address statically to a client MAC client-identifier By default, no static address or client ID client-identifier | mac-address binding is configured mac-address } dhcp server expired { day day...
Page 9 DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 1 DHCP Functions Overview Operation Command Description interface interface-type interface-number dhcp server nbns-list Configure interface ip-address&<1-8> Optional WINS server By default, no WINS quit addresses server addresses are for DHCP dhcp server nbns-list configured.
Page 10: Configuring The Dhcp Relay Agent
DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 1 DHCP Functions Overview Operation Command Description maximum number Optional ping packets dhcp server ping packets default sent by the number maximum number is Configure DHCP duplicate server each address address detection Optional response dhcp server ping timeout...
Page 11: Configuring Dhcp Snooping
DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 1 DHCP Functions Overview Operation Command Description Optional Configure the interval at By default, the update which the DHCP relay dhcp-security tracker interval calculated agent updates dynamic { interval | auto } automatically according to client address entries the number of the DHCP...
Page 12 DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 1 DHCP Functions Overview Operation Command Description Optional Specify port By default, all the ports of connected to the DHCP dhcp-snooping trust a switch are untrusted server as a trusted port ports. 1-10...
Page 13: Dhcp Server Configuration Example
DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples Chapter 2 Configuration Examples 2.1 DHCP Server Configuration Example 2.1.1 Network Requirements An S3600 switch serves as the DHCP server in the corporate headquarters (HQ) to allocate IP addresses to the workstations in the HQ and Branch, and it also acts as the gateway to forward packets from the HQ.
Page 14 DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples 2.1.2 Network Diagram 10.214.10.5 10.214.10.3 10.214.10.4 002e-8d20-54c6 000d-85c7-4e20 0013-4ca8-9b71 DHCP Mail WINS Client Server Server Server VLAN-int10 Gateway VLAN-int100 IP network DHCP Relay DHCP DHCP File Server Client2 Client1 10.210.10.4 000d-88f8-4e71 Branch...
Page 15 DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples [H3C-Vlan-interface10] dhcp server nbst-list 10.214.10.4 No gateway needs to be configured for the clients because an interface operating in the interface address pool mode automatically serves as the gateway for DHCP clients and sends the requested information to the clients.
Page 16: Dhcp Relay Agent/Snooping Configuration Examples
DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples # Enable the detection of unauthorized DHCP servers. [H3C] dhcp server detect # Configure VLAN-interface100 to operate in the global address pool mode. [H3C] interface Vlan-interface 100 [H3C-Vlan-interface100] dhcp select global Note that: After DHCP configuration is complete, IP addresses can be assigned to the workstations in the Branch only when a route is active between the HQ and the Branch.
Page 17 DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples and the IRF Fabric are interconnected through the 172.16.2.4/30 network segment. Configure the address checking function on the DHCP relay agent so that only the devices that are assigned legal IP addresses from the DHCP server are allowed to access the external network.
Page 18 DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples 2.2.3 Configuration Procedure In this example, the IRF Fabric is comprised of S3600 switches running software version Release 1510, a Quidway S3552 switch running software version Release 0028 is used as the DHCP snooping-capable switch, and a Quidway S3528 switch running software version Release 0028 is used as the Lab DHCP server.
Page 19 DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples [SwitchA-Vlan-interface25] dhcp-server 2 # Configure the IP address of VLAN-interface17 as 172.16.2.5/30 for forwarding DHCP packets from the Lab DHCP Server to a non-local segment. [SwitchA-Vlan-interface25] quit [SwitchA] interface Vlan-interface 17 [SwitchA-Vlan-interface17] ip add 172.16.2.5 30 # Configure the address checking function on the DHCP relay agent.
Page 20 DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples Note: For the DHCP relay agent using the IRF structure and the DHCP server in the HQ to communicate with each other, an active route must also be configured between them. This configuration is performed by the ISP or the user;...
Page 21 DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples [LAB-Vlan-interface15] dhcp select interface [LAB-Vlan-interface15] quit # To ensure that the lab DHCP server forwards DHCP packets normally, you need configure a routing protocol. The following configuration uses RIP as an example. For the configuration of other routing protocols, see the related parts in product manuals.
Page 22 DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples For example, the DHCP messages from clients connected to Ethernet1/0/11 are added with Option 82, whose Circuit ID suboption should be 0x010600040001000a, where 01060004 is a fixed value, 0001 indicates the access port’s VLAN is VLAN 1, and 000a is the absolute number of the port, which is 1 less than the actual port number, indicating the actual port is Ethernet1/0/11.
Page 23: Cooperation Between Dhcp Relay Agent And Irf
DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples Switch(dhcp-class)# exit # Configure a DHCP class for the client connected to Etherent1/0/12 of the DHCP snooping device and match the port number in the Circuit ID suboption of Option82. Switch(config)# ip dhcp class office2 Switch(dhcp-class)# relay agent information hex 010600040001000b* # Create an address pool for Office and specify address ranges for the two DHCP...
Page 24: Chapter 3 Related Documents
DHCP H3C Low-End Ethernet Switches Configuration Examples Chapter 3 Related Documents Chapter 3 Related Documents 3.1 Protocols and Standards RFC2131: Dynamic Host Configuration Protocol RFC2132: DHCP Options and BOOTP Vendor Extensions RFC3046: DHCP Relay Agent Information Option...
Page 25: Table Of Contents
QACL H3C Low-End Ethernet Switches Configuration Examples Table of contents Table of Contents Chapter 1 QACL Overview......................1-1 1.1 Supported QACL Functions....................1-1 1.1.1 ACL/QoS Functions Supported by H3C Low-End Ethernet Switches ....1-1 1.2 Configuration Guide......................1-3 Chapter 2 Examples of QACL Configuration................2-1 2.1 Network Environment ......................
Page 26 QACL H3C Low-End Ethernet Switches Configuration Examples Abstract QACL Configuration Examples Key words: ACL, and QoS Abstract: This document describes QACL configurations on Ethernet switches in actual networking environments. To satisfy different user needs, the document covers various functions and applications like time-based ACLs, traffic policing, priority re-marking, queue scheduling, traffic measurement, port redirection, local traffic mirroring, and WEB Cache redirection.
Page 27: Chapter 1 Qacl Overview
QACL H3C Low-End Ethernet Switches Configuration Examples Chapter 1 QACL Overview Chapter 1 QACL Overview 1.1 Supported QACL Functions 1.1.1 ACL/QoS Functions Supported by H3C Low-End Ethernet Switches Table 1-1 ACL/QoS functions supported by H3C low-end ethernet switches Model S3100- S3600-EI S3600-SI S5600...
Page 28 QACL H3C Low-End Ethernet Switches Configuration Examples Chapter 1 QACL Overview Model S3100- S3600-EI S3600-SI S5600 S5100-EI S5100-SI Function Local traffic — — mirroring Traffic — — measurement Cache — — — — — redirection Note: means that the function is supported. —...
Page 29: Configuration Guide
QACL H3C Low-End Ethernet Switches Configuration Examples Chapter 1 QACL Overview 1.2 Configuration Guide Note: ACL/QoS configuration varies with switch models. The configuration below takes an H3C S3600 Ethernet Switch as an example. For ACL/QoS configuration on other switches, refer to corresponding user manuals. The section below only lists basic configuration steps.
Page 30 QACL H3C Low-End Ethernet Switches Configuration Examples Chapter 1 QACL Overview Table 1-3 Configure ACL/QoS in port view Configuration Command Remarks packet-filter { inbound | — Apply an ACL on a port outbound } acl-rule Configure the switch to Configure the switch to trust priority trust the priority carried in...
Page 31 QACL H3C Low-End Ethernet Switches Configuration Examples Chapter 1 QACL Overview Configuration Command Remarks queue scheduling algorithm defined using queue-scheduler command Ethernet port view will work on the current port only. queue-scheduler { wfq globally queue0-width defined queue1-width queue queue2-width scheduling queue3-width algorithm, you can...
Page 32: Chapter 2 Examples Of Qacl Configuration
QACL H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Examples of QACL Configuration Chapter 2 Examples of QACL Configuration 2.1 Network Environment 10.0.0.2 10.0.0.3 10.0.0.4 Server 2 Server 3 Server 4 10.0.0.1 Server 1 LAN 2 Data Detect Server LAN 1 GE1/1/2 E1/0/20 GE1/1/1...
Page 33: Time-Based Acl Plus Rate Limiting Plus Traffic Policing Configuration Example
QACL H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Examples of QACL Configuration 2.2 Time-based ACL plus Rate Limiting plus Traffic Policing Configuration Example 2.2.1 Network Requirements The company gains access to the Internet through Server1. The requirements are as follows: During the period from 8:30 to 18:30 in workdays, the clients are not allowed to access the Internet through HTTP.
Page 34 QACL H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Examples of QACL Configuration [H3C] time-range a001 8:30 to 18:00 working-day # Create time range a002, defining off hours. [H3C] time-range a002 00:00 to 8:30 working-day [H3C] time-range a002 18:00 to 24:00 working-day [H3C] time-range a002 00:00 to 24:00 off-day # Define ACL 3010: Forbid the clients to access the Internet through HTTP during the time range a001;...
Page 35: Configuration Example Of Priority Re-Marking Plus Queue Scheduling Algorithm Plus Congestion Avoidance Plus Packet Priority Trust
QACL H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Examples of QACL Configuration Note: The traffic-limit command works only with the permit rules in ACLs. 2.3 Configuration Example of Priority Re-marking plus Queue Scheduling Algorithm plus Congestion Avoidance plus Packet Priority Trust 2.3.1 Network Requirements Server2, Server3, and Server4 are the data server, mail server and file server of the company respectively.
Page 36: Configuration Example Of Traffic Measurement Plus Port Redirection
QACL H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Examples of QACL Configuration <H3C> system-view System View: return to User View with Ctrl+Z. [H3C] acl number 3020 [H3C-acl-adv-3020] rule 0 permit ip destination 10.0.0.2 0 [H3C-acl-adv-3020] rule 1 permit ip destination 10.0.0.3 0 [H3C-acl-adv-3020] rule 2 permit ip destination 10.0.0.4 0 [H3C-acl-adv-3020] quit # Re-mark priority for the packets on the port GigabitEthernet1/1/2 that match the rules...
Page 37: Network Diagram
QACL H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Examples of QACL Configuration Redirect all the HTTP traffic generated by the Internet access through the port Ethernet1/0/1 during workday period to the port Ethernet1/0/20. 2.4.2 Network Diagram Data Detect Server E1/0/20 E1/0/1 LAN 10...
Page 38: Configuration Example Of Local Traffic Mirroring
QACL H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Examples of QACL Configuration # Configure traffic redirection on the port Ethernet1/0/1: Redirect all the HTTP traffic generated by Internet access during workday period to the port Ethernet1/0/20. [H3C] interface Ethernet 1/0/1 [H3C-Ethernet1/0/1] traffic-redirect inbound ip 3030 rule 0 interface Ethernet 1/0/20 # Measure the HTTP traffic generated by Internet access during non-workday periods...
Page 39: Configuration Procedure
QACL H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Examples of QACL Configuration 2.5.3 Configuration Procedure # Configure a workday period. <H3C> system-view System View: return to User View with Ctrl+Z. [H3C] time-range a001 8:30 to 18:00 working-day # Define ACL 3030: Classify the packets accessing the Internet through HTTP during workday period.
Page 40: Other Functions Referencing Acl Rules
QACL H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Examples of QACL Configuration from the queue, the switch will perform the WFQ scheduling for the remaining queues. The switch can be configured with multiple mirroring source ports but only one mirroring destination port.
Page 41 QACL H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Examples of QACL Configuration Telnet/SNMP/WEB login user control. For Telnet users, ACLs 2000 to 4999 may be referenced, and for SNMP/WEB users, ACLs 2000 to 2999 may be referenced. ACLs 2000 to 3999 can be referenced for routing policy match. ACLs 2000 to 3999 can be referenced for filtering route information.
Page 42: Chapter 3 Configuration Example Of Web Cache Redirection
QACL Chapter 3 Configuration Example of WEB H3C Low-End Ethernet Switches Configuration Examples Cache Redirection Chapter 3 Configuration Example of WEB Cache Redirection Note: Now, only the S3600-EI Series Ethernet Switches support the WEB Cache redirection function. 3.1 Configuration Example of WEB Cache Redirection 3.1.1 Network Requirements Figure 3-1 shows the network topology of a company.
Page 43: Network Diagram
QACL Chapter 3 Configuration Example of WEB H3C Low-End Ethernet Switches Configuration Examples Cache Redirection 3.1.2 Network Diagram VLAN 40 Internet Web Cache Server 192.168.4.2 0012-0990-2250 Eth1/0/4 Eth1/0/1 Eth1/0/3 Eth1/0/2 Switch VLAN 10 VLAN 20 VLAN 30 The Marketing The R&D The Administrative department department...
Page 44 QACL Chapter 3 Configuration Example of WEB H3C Low-End Ethernet Switches Configuration Examples Cache Redirection # Create VLAN 30 for the administrative department, and assign an IP address 192.168.3.1 to the VLAN interface 30. [H3C] vlan 30 [H3C-vlan30] port Ethernet 1/0/3 [H3C-vlan30] quit [H3C] interface Vlan-interface 30 [H3C-Vlan-interface30] ip address 192.168.3.1 24...
Page 45 802.1x H3C Low-End Ethernet Switches Configuration Examples Table of Contents Table of Contents Chapter 1 802.1X Overview ......................1-1 1.1 Introduction to 802.1X......................1-1 1.2 Features Configuration ...................... 1-1 1.2.1 Global Configuration ....................1-1 1.2.2 Configuration in Port View..................1-1 1.2.3 Precautions ......................
Page 46: X Configuration Example
802.1x H3C Low-End Ethernet Switches Configuration Examples Abstract 802.1x Configuration Example Keywords: 802.1x and AAA Abstract: This article introduces the application of 802.1x on Ethernet switches in real network environments, and then presents detailed configurations of the 802.1x client, LAN Switch and AAA server respectively. Acronyms: AAA (Authentication, Authorization and Accounting)
Page 47: Chapter 1 802.1X Overview
802.1x H3C Low-End Ethernet Switches Configuration Examples Chapter 1 802.1X Overview Chapter 1 802.1X Overview Note: The use of this document is restricted to H3C S3600, H3C S5600, H3C S3100, H3C S5100 and H3C S3100-52P Series Ethernet switches. 1.1 Introduction to 802.1X The LAN defined in IEEE 802 protocols does not provide access authentication.
Page 48: Precautions
802.1x H3C Low-End Ethernet Switches Configuration Examples Chapter 1 802.1X Overview 1.2.3 Precautions The configuration of dot1x takes effect only after the dot1x feature is enabled globally. You can configure dot1x parameters associated with Ethernet ports or devices before enabling dot1x. However, the configured dot1x parameters only take effect after dot1x is enabled.
Page 49: Chapter 2 802.1X Configuration Commands
802.1x H3C Low-End Ethernet Switches Configuration Examples Chapter 2 802.1X Configuration Commands Chapter 2 802.1X Configuration Commands To implement 802.1x, you need to configure the supplicant system (client), authenticator system (switch) and authentication/authorization server correctly. Supplicant system: Ensures that the PC uses a right client. Authenticator system: Configuring 802.1x and AAA on the authenticator system is required.
Page 50: Chapter 3 Enterprise Network Access Authentication Configuration Example
802.1x Chapter 3 Enterprise Network Access H3C Low-End Ethernet Switches Configuration Examples Authentication Configuration Example Chapter 3 Enterprise Network Access Authentication Configuration Example Note: The configuration or information displayed may vary with devices. The following takes the H3C S3600 series switch (using software Release 1510) as an example. 3.1 Network Application Analysis An administrator of an enterprise network needs to authenticate users accessing the network on a per-port basis on the switch to control access to network resources.
Page 51: Network Diagram
802.1x Chapter 3 Enterprise Network Access H3C Low-End Ethernet Switches Configuration Examples Authentication Configuration Example 3.2 Network Diagram Update server Authentication server Eth1/0/4 Eth1/0/1 VLAN 2 VLAN 10 Eth1/0/2 Eth1/0/3 VLAN 100 VLAN 1 Internet Supplicant Figure 3-1 Network diagram for enterprise network application 3.3 Configuration Procedure 3.3.1 Configuring the Switch # Create a RADIUS scheme named cams, and specify the primary and secondary...
Page 52 802.1x Chapter 3 Enterprise Network Access H3C Low-End Ethernet Switches Configuration Examples Authentication Configuration Example # Create an ISP domain named abc and adopt the RADIUS scheme cams for authentication. [H3C] domain abc [H3C-isp-abc] radius-scheme cams [H3C-isp-abc] quit # Set the ISP domain abc as the default ISP domain. [H3C] domain default enable abc # Enable dynamic VLAN assignment.
Page 53 802.1x Chapter 3 Enterprise Network Access H3C Low-End Ethernet Switches Configuration Examples Authentication Configuration Example Proxy trap checker is disabled Proxy logoff checker is disabled Version-Check is disabled The port is an authenticator Authentication Mode is Auto Port Control Type is Port-based ReAuthenticate is disabled Max number of on-line users is 256 Authentication Success: 0, Failed: 0...
Page 54: Configuring The Radius Server
802.1x Chapter 3 Enterprise Network Access H3C Low-End Ethernet Switches Configuration Examples Authentication Configuration Example State = Active RADIUS Scheme = cams Access-limit = Disable Vlan-assignment-mode = Integer Domain User Template: Idle-cut = Disable Self-service = Disable Messenger Time = Disable 3.3.2 Configuring the RADIUS Server The configuration of CAMS authentication, authorization and accounting server consists of four parts:...
Page 55 802.1x Chapter 3 Enterprise Network Access H3C Low-End Ethernet Switches Configuration Examples Authentication Configuration Example Figure 3-3 CAMS configuration console II. Creating an accounting policy Enter the Accounting Policy Management page. Log in the CAMS configuration console. On the navigation tree, select [Charges Management/Accounting Policy] to enter the [Accounting Policy Management] page, as shown in Figure 3-4.
Page 56 802.1x Chapter 3 Enterprise Network Access H3C Low-End Ethernet Switches Configuration Examples Authentication Configuration Example Figure 3-5 Accounting Policy Basic Information Click <Next> to enter the [Accounting Attribute Settings] page, and set Accounting Type to By duration, Monthly Cycle to Monthly and Monthly Fixed Fee to 50 dollars, as shown in Figure 3-6.
Page 57 802.1x Chapter 3 Enterprise Network Access H3C Low-End Ethernet Switches Configuration Examples Authentication Configuration Example Service Name: abc Service Suffix Name: abc Accounting Policy: Monthly Fixed Payment Upstream Rate Limitation: 2M (2048 Kbps) Downstream Rate Limitation: 2M (2048 Kbps) VLAN Assignment: VLAN 100 Authentication Binding: Bind user IP address and bind user MAC address Figure 3-8 Add Service Click <OK>.
Page 58 802.1x Chapter 3 Enterprise Network Access H3C Low-End Ethernet Switches Configuration Examples Authentication Configuration Example Click <Add> to enter the [Add Account] page and configure as follows: Account: info Password: info Full Name: Bruce Prepaid Money: 100 dollars Bind multiple IP address and MAC address: enable Online Limit: 1 Max.
Page 59 802.1x Chapter 3 Enterprise Network Access H3C Low-End Ethernet Switches Configuration Examples Authentication Configuration Example Figure 3-11 System Configuration Click the Modify link for the Access Device item to enter the [Access Device Configuration] page to modify access device configuration like IP address, shared key, and authentication and accounting ports.
Page 60: Configuring The Supplicant System
802.1x Chapter 3 Enterprise Network Access H3C Low-End Ethernet Switches Configuration Examples Authentication Configuration Example Figure 3-14 Page prompting that system configuration is modified successfully Return to the [System Configuration] page and click <Validate Now> to make the configuration take effect immediately. Figure 3-15 Validate Now on System Management page 3.3.3 Configuring the Supplicant System You need to install an 802.1x client on the PC, which may be H3C’s 802.1x client, the...
Page 61 802.1x Chapter 3 Enterprise Network Access H3C Low-End Ethernet Switches Configuration Examples Authentication Configuration Example I. Starting up H3C authentication client Figure 3-16 H3C authentication client II. Creating a connection Right click the 802.1x Authentication icon and select [Create an 802.1x connection], as shown in Figure 3-17.
Page 62 802.1x Chapter 3 Enterprise Network Access H3C Low-End Ethernet Switches Configuration Examples Authentication Configuration Example Figure 3-17 Create an 802.1x connection III. Configuring connection attributes Click <Next> to enter the [Set special properties] page: 3-13...
Page 63 802.1x Chapter 3 Enterprise Network Access H3C Low-End Ethernet Switches Configuration Examples Authentication Configuration Example Figure 3-18 Set special properties Keep default settings and click <OK>. The prompt page appears as shown in Figure 3-19. 3-14...
Page 64 802.1x Chapter 3 Enterprise Network Access H3C Low-End Ethernet Switches Configuration Examples Authentication Configuration Example Figure 3-19 Page prompting that a connection is created successfully IV. Initiating the connection Double click the info connection: Figure 3-20 Connecting The connection succeeds: 3-15...
Page 65: Verifying Configuration
802.1x Chapter 3 Enterprise Network Access H3C Low-End Ethernet Switches Configuration Examples Authentication Configuration Example Figure 3-21 Page prompting that the Authentication succeeds 3.3.4 Verifying Configuration To verify that the configuration of Guest VLAN is taking effect, check that users can access VLAN 10 before 802.1x authentication or the 802.1x authentication fails.
Page 66 802.1x Chapter 3 Enterprise Network Access H3C Low-End Ethernet Switches Configuration Examples Authentication Configuration Example II. Symptom: Users can access network resources without 802.1x authentication Use the display dot1x command to verify 802.1x is enabled globally and on the specified ports. Use the display interface command to verify the statistics of incoming packets are available for the specified port.
Page 67 H3C Low-End Ethernet Switches Configuration Examples Table of Contents Table of Contents Chapter 1 SSH Overview ......................1-1 1.1 Introduction to SSH......................1-1 1.2 Support for SSH Functions ....................1-1 1.3 SSH Configuration ......................1-2 1.3.1 Configuring an SSH Server..................1-2 1.3.2 Configuring an SSH Client ..................
Page 68 H3C Low-End Ethernet Switches Configuration Examples Abstract SSH Configuration Example Keywords: SSH, RSA Abstract: This article introduces the application of SSH on the H3C low-end Ethernet switches in real network environments, and then presents detailed configurations of the involved SSH client and Ethernet switches respectively. Acronyms: SSH (Secure Shell), RSA (Rivest Shamir Adleman)
Page 69: Chapter 1 Ssh Overview
H3C Low-End Ethernet Switches Configuration Examples Chapter 1 SSH Overview Chapter 1 SSH Overview 1.1 Introduction to SSH Secure Shell (SSH) is designed to provide secure remote login and other security services in insecure network environments. When users remotely access the switch across an insecure network, SSH will automatically encrypt data before transmission and decrypt data after they reach the destination to guarantee information security and protect switches from such attacks as plain-text password interception.
Page 70: Ssh Configuration
H3C Low-End Ethernet Switches Configuration Examples Chapter 1 SSH Overview 1.3 SSH Configuration 1.3.1 Configuring an SSH Server I. For a H3C switch to be the SSH server Configure the protocols supported on user interfaces Create or destroy a RSA key pair Export a RSA key pair Create an SSH user and specify an authentication type Specify a service type for the SSH user...
Page 71: Chapter 2 Ssh Configuration Commands
H3C Low-End Ethernet Switches Configuration Examples Chapter 2 SSH Configuration Commands Chapter 2 SSH Configuration Commands 2.1 SSH Configuration Commands To implement SSH, you need to configure the SSH client and the SSH server correctly. The subsequent sections describe SSH configuration commands on the switch. For more information, refer to the SSH Operation Manual.
Page 72: Configuration Commands
H3C Low-End Ethernet Switches Configuration Examples Chapter 2 SSH Configuration Commands Executing the ssh authentication-type default password-publickey command or the ssh user authentication-type password-publickey command means that users must not only pass the password authentication but also pass the RSA authentication to login the SSH server.
Page 73 H3C Low-End Ethernet Switches Configuration Examples Chapter 2 SSH Configuration Commands Operation Command Remarks Required Configure authentication-mode scheme default, user authentication mode [ command-authorization ] interface authentication as scheme mode is password. Optional Specify protocol inbound { all |ssh | By default, both Telnet supported protocol(s) telnet }...
Page 74 H3C Low-End Ethernet Switches Configuration Examples Chapter 2 SSH Configuration Commands II. Password authentication configuration Table 2-3 Configure password authentication Operation Command Description Use either command. authenticatio Specify By default, no SSH user n-type default created default authentication authentication type password type specified.
Page 75 H3C Low-End Ethernet Switches Configuration Examples Chapter 2 SSH Configuration Commands Operation Command Description The content must be a hexadecimal string that is generated randomly by the SSH-supported client Configure the client Enter the content of the RSA software coded RSA public key public key compliant...
Page 76: Configuring An H3C Switch As An Ssh Client
H3C Low-End Ethernet Switches Configuration Examples Chapter 2 SSH Configuration Commands Operation Command Description Import the client RSA public key from the rsa peer-public-key keyname Required specified public key import sshkey filename file Required issue this Assign a public key to ssh user username assign command multiple times, an SSH user...
Page 77: Configuration Procedure
H3C Low-End Ethernet Switches Configuration Examples Chapter 2 SSH Configuration Commands 2.3.1 Configuration Procedure Table 2-6 Configure the switch as an SSH client First-time Common Access authentic Public key Role configur the SSH Remarks ation configuration ation server support Refer Enabling —...
Page 78 H3C Low-End Ethernet Switches Configuration Examples Chapter 2 SSH Configuration Commands Operation Command Description Specify source ssh2 source-interface interface for the SSH Optional interface-type interface-number client II. Enabling first-time authentication Table 2-8 Enable first-time authentication Operation Command Description — Enter system view system-view Optional Enable...
Page 79 H3C Low-End Ethernet Switches Configuration Examples Chapter 2 SSH Configuration Commands Operation Command Description When you input the key data, spaces are allowed between the characters you input (because the system can remove the spaces automatically); Configure server Enter the content of the public also press public key...
Page 80: Chapter 3 Ssh Configuration Example
H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example Chapter 3 SSH Configuration Example Note: The S3600 software version in this configuration example is Release 1510. 3.1 SSH Configuration Example 3.1.1 When the Switch Acts as the SSH Server and the Authentication Type is Password I.
Page 81 H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example [H3C] user-interface vty 0 4 [H3C-ui-vty0-4] authentication-mode scheme # Enable the user interfaces to support SSH. [H3C-ui-vty0-4] protocol inbound ssh [H3C-ui-vty0-4] quit # Create local client “client001”, and set the authentication password to “abc”, protocol type to SSH, and command privilege level to 3 for the client.
Page 82 H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example In the Host Name (or IP address) text box, enter the IP address of the SSH server. From the category on the left pane of the window, select SSH under Connection. The window as shown in Figure 3-3 appears.
Page 83: When The Switch Acts As An Ssh Server And The Authentication Type Is Rsa
H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example Figure 3-4 SSH client interface 3.1.2 When the Switch Acts as an SSH Server and the Authentication Type is I. Network requirements As shown inFigure 3-5, establish an SSH connection between the host (SSH client) and the switch (SSH Server) for secure data exchange.
Page 84 H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example [H3C-Vlan-interface1] ip address 192.168.0.1 255.255.255.0 [H3C-Vlan-interface1] quit # Generate RSA key pairs. [H3C] rsa local-key-pair create # Set the authentication mode for the user interfaces to AAA. [H3C] user-interface vty 0 4 [H3C-ui-vty0-4] authentication-mode scheme # Enable the user interfaces to support SSH.
Page 85 H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example Figure 3-6 Generate a client key pair (1) Note: While generating the key pair, you must move the mouse continuously and keep the mouse off the green process bar shown in Figure 3-6. Otherwise, the process bar stops moving and the key pair generating process is stopped.
Page 86 H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example Figure 3-7 Generate a client key pair (2) After the key pair is generated, click Save public key and enter the name of the file for saving the public key (“public” in this case).
Page 87 H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example Figure 3-8 Generate a client key pair (3) Likewise, to save the private key, click Save private key. A warning window pops up to prompt you whether to save the private key without any protection. Click Yes and enter the name of the file for saving the private key (“private.ppk”...
Page 88 H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example # Establish a connection with the SSH server. The following takes the SSH client software Putty (version 0.58) as an example. Launch PuTTY.exe to enter the following interface. Figure 3-10 SSH client configuration interface 1 In the Host Name (or IP address) text box, enter the IP address of the server.
Page 89 H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example Figure 3-11 SSH client configuration interface 2 Under Protocol options, select 2 from Preferred SSH protocol version. Select Connection/SSH/Auth. The following window appears. 3-10...
Page 90 H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example Figure 3-12 SSH client configuration interface (2) Click Browse… to bring up the file selection window, navigate to the private key file and click OK. From the window shown inFigure 3-12, click Open. The following SSH client interface appears.
Page 91: When The Switch Acts As An Ssh Client And The Authentication Type Is Password
H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example Figure 3-13 SSH client interface 3.1.3 When the Switch Acts as an SSH Client and the Authentication Type is Password I. Network requirements As shown inFigure 3-14, establish an SSH connection between Switch A (SSH Client) and Switch B (SSH Server) for secure data exchange.
Page 92 H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example <H3C> system-view [H3C] interface vlan-interface 1 [H3C-Vlan-interface1] ip address 10.165.87.136 255.255.255.0 [H3C-Vlan-interface1] quit # Generate RSA key pairs. [H3C] rsa local-key-pair create # Set the authentication mode for the user interfaces to AAA. [H3C] user-interface vty 0 4 [H3C-ui-vty0-4] authentication-mode scheme # Enable the user interfaces to support SSH.
Page 93: When The Switch Acts As An Ssh Client And The Authentication Type Is Rsa
H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example * Copyright(c) 2004-2006 Hangzhou H3C Technologies Co., Ltd. * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ************************************************************************* <H3C> 3.1.4 When the Switch Acts as an SSH Client and the Authentication Type is I.
Page 94 H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example [H3C-ui-vty0-4] user privilege level 3 [H3C-ui-vty0-4] quit # Specify the authentication type of user client001 as RSA. [H3C] ssh user client001 authentication-type rsa Note: Before proceeding with the following steps, you need to generate an RSA key pair on the client, and manually configure the RSA public key for the SSH server.
Page 95 H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example # Display the RSA public key on the client. <H3C> display rsa local-key-pair public ===================================================== Time of Key pair created: 05:15:04 2006/12/08 Key name: H3C_Host Key type: RSA encryption Key ===================================================== Key code: 3047...
Page 96: When The Switch Acts As An Ssh Client And First-Time Authentication Is Not Supported
H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example <H3C> 3.1.5 When the Switch Acts as an SSH Client and First-time authentication is not Supported I. Network requirements As shown inFigure 3-16, establish an SSH connection between Switch A (SSH Client) and Switch B (SSH Server) for secure data exchange.
Page 97 H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example # Specify the authentication type for user client001 as RSA. [H3C] ssh user client001 authentication-type rsa Note: Before proceeding with the following steps, you need to generate an RSA key pair on the client, and manually configure the RSA public key for the SSH server.
Page 98 H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example Time of Key pair created: 09:04:41 2000/04/04 Key name: H3C_Host Key type: RSA encryption Key ===================================================== Key code: 308188 028180 C9330FFD 2E2A606F 3BFD5554 8DACDFB8 4D754E86 FC2D15E8 1996422A 0F6A2A6A A94A207E 1E25F3F9 E0EA01A2 4E0F2FF7 B1D31505 39F02333 E443EE74 5C3615C3 E5B3DC91 D41900F0 2AE8B301 E55B1420 024ECF2C 28A6A454 C27449E0 46EB1EAF 8A918D33...
Page 99 H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example 0203 010001 <Omitted> Note: After the SSH client generates an RSA key pair, it is necessary to configure the RSA public key for the SSH server and finish the SSH server configuration before continuing to configure the SSH client.
Page 100 H3C Low-End Ethernet Switches Configuration Examples Chapter 3 SSH Configuration Example # Specify the host public key pair name of the server. [H3C] ssh client 10.165.87.136 assign rsa-key Switch002 # Establish the SSH connection to server 10.165.87.136. [H3C] ssh2 10.165.87.136 Username: client001 Trying 10.165.87.136 ...
Page 101 Routing H3C Low-End Ethernet Switches Configuration Examples Table of Contents Table of Contents Chapter 1 Routing Overview ......................1-1 1.1 Overview ..........................1-1 1.1.1 Static Routing and Routing Protocols ..............1-1 1.1.2 Routing Protocols Supported by the H3C Low-End Ethernet Switches....1-1 1.2 Configuration Guide......................
Page 102 Routing H3C Low-End Ethernet Switches Configuration Examples Table of Contents 3.4.1 Verifying the Configuration of Routing Policy and Static Routes ......3-31 3.4.2 Verifying the BGP and IGP Interaction Configuration ........... 3-32 3.4.3 Verifying the Route Backup Configuration ............3-33 3.4.4 Verifying the MED Attribute Configuration ............
Page 103: Chapter 1 Routing Overview
Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Chapter 1 Routing Overview 1.1 Overview 1.1.1 Static Routing and Routing Protocols I. Static routing Static routing features zero overhead, simple configuration, and is applicable to simple and stable networks. But it requires human intervention when the network topology changes.
Page 104: Configuration Guide
Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview 1.2 Configuration Guide Note: This configuration guide takes S5600 series Ethernet switches as an example. For configuration precautions, see corresponding operation manuals and command manuals. 1.2.1 Configuration Task List Table 1-2 Configuration task List Task Details...
Page 105: Rip Configuration
Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview 1.2.3 RIP Configuration Table 1-4 RIP configuration tasks Related Configuration task Remarks section Enabling RIP Required 1.2.3 I. Configuring Setting the RIP operating basic RIP Optional 1.2.3 II. status on an interface functions Specifying a RIP version Optional...
Page 106 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Operation Command Remarks Required Enable RIP on the network specified interface network-address Disabled by default. II. Setting the RIP operating status on an interface Table 1-6 Set the RIP operating status on an interface Operation Command Remarks...
Page 107 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Table 1-8 Set additional routing metric Operation Command Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Optional Set the additional routing By default, the additional metric to be added for rip metricin value routing metric added for...
Page 108 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview VII. Configuring RIP to filter incoming/outgoing routes Table 1-11 Configure RIP to filter incoming/outgoing routes Operation Command Remarks Enter system view system-view — Enter RIP view — filter-policy { acl-number | Required ip-prefix ip-prefix-name By default, RIP does not...
Page 109 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview X. Configuring RIP to redistribute routes from another protocol Table 1-14 Configure RIP to import routes from another protocol Operation Command Remarks Enter system view system-view — Enter RIP view —...
Page 110 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview XIII. Configuring RIP-1 packet zero field check Table 1-17 Configure RIP-1 packet zero field check Operation Command Remarks Enter system view system-view — Enter RIP view — Enable the check of the Required “must be zero”...
Page 111: Ospf Configuration
Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview 1.2.4 OSPF Configuration Table 1-20 OSPF configuration tasks Related Configuration task Remarks section Basic OSPF configuration Required 1.2.4 I. OSPF area attribute configuration Optional 1.2.4 II. Configuring the network type of Optional 1.2.4 III.
Page 112 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview I. Basic OSPF configuration Table 1-21 Basic OSPF configuration Operation Command Remarks Enter system view system-view — Optional If multiple OSPF processes run on a router, you are recommended to use the Configure the router ID router id router-id router-id keyword in the ospf...
Page 113 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Operation Command Remarks Optional vlink-peer router-id For a virtual link to take [ hello seconds | effect, you need to use this retransmit seconds | Create and configure a command at both ends of the trans-delay seconds | virtual link...
Page 114 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Operation Command Remarks interface interface-type Enter interface view — interface-number Optional Configure the DR priority ospf dr-priority priority on the OSPF interface The default DR priority is 1. VI. Configuring OSPF Route Summarization Table 1-26 Configure ABR route summarization Operation Command...
Page 115 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Operation Command Remarks Required filter-policy { acl-number Configure to filter the | ip-prefix ip-prefix-name By default, OSPF does received routes | gateway not filter received routing ip-prefix-name } import information.
Page 116 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Operation Command Remarks Configure the maximum Optional number of OSPF ECMP multi-path-number value 3 by default. routes XI. Configuring OSPF to Redistribute External Routes Table 1-32 Configure OSPF to redistribute external routes Operation Command Remarks...
Page 117 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Operation Command Remarks Optional By default, p2p and broadcast interfaces Configure the hello send Hello packets every ospf timer hello seconds interval on the interface 10 seconds; while p2mp and NBMA interfaces send Hello packets every 30 seconds.
Page 118 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview XIV. Configuring the SPF Calculation Interval Table 1-35 Configure the SPF calculation interval Operation Command Remarks Enter system view system-view — ospf [ process-id Enter OSPF view — [ router-id router-id ] ] Optional Configure the SPF spf-schedule-interval...
Page 119 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Operation Command Remarks Optional ospf Configure the authentication-mode By default, OSPF packets authentication mode of { simple password | md5 are not authenticated on the OSPF interface key-id key } an interface.
Page 120: Bgp Configuration
Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Operation Command Remarks snmp-agent trap enable ospf [ process-id ] [ ifauthfail | ifcfgerror | ifrxbadpkt | Optional ifstatechange | iftxretransmit | You can configure OSPF lsdbapproachoverflow | to send diversified SNMP Enable OSPF Trap lsdboverflow | TRAP messages and...
Page 121 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Related Configuration task Remarks section Configuring BGP Peer Required 1.2.5 XI. Group Configuring BGP Configure a Required 1.2.5 XII. Community large-scale BGP network Configuring BGP RR Optional 1.2.5 XIII. Configuring BGP Optional 1.2.5 XIV.
Page 122 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Operation Command Description Optional By default, routers that belong to two non-directly Allow routers that belong connected networks peer group-name to non-directly connected cannot establish EBGP ebgp-max-hop networks to establish connections.
Page 123 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Operation Command Description Enable automatic summary route aggregation Required aggregate ip-address mask Configure By default, routes [ as-set | attribute-policy BGP route are not route-policy-name | aggregation Enable aggregated. detail-suppressed | manual route origin-policy...
Page 124 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Operation Command Description Reference an ACL to peer { group-name | filter BGP ip-address } routes from filter-policy acl-number a peer/peer import group Required Filter the Reference By default, no ACL-based routing an AS path BGP route filtering policy,...
Page 125 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Operation Command Description Reference an ACL to peer group-name filter BGP filter-policy acl-number routes to a export peer group Reference Filter the an AS path peer group-name routing ACL to Required as-path-acl acl-number informatio...
Page 126 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Operation Command Description Required By default, route dampening is disabled. Other default route dampening-related parameters dampening are as follows. [ half-life-reachable Configure BGP route half-life-unreachable half-life-reachable: dampening-related reuse suppress ceiling ] minutes) parameters [ route-policy...
Page 127 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Operation Command Description Required In some network, to ensure an IBGP neighbor locates Configure the local the correct next hop, you can address as the next hop peer group-name configure the next hop address when a BGP next-hop-local...
Page 128 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Operation Command Description Configure the Optional timer keepalive Keepalive time By default, the keepalive keepalive-interval and Holdtime of time is 60 seconds, and hold holdtime-interval BGP. holdtime is 180 Configure seconds.
Page 129 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview XI. Configuring BGP Peer Group Table 1-11 Configure BGP peer group Operation Command Description Enter system view system-view — Enter BGP view bgp as-number — Optional If the command is executed Create an IBGP group group-name without the internal or...
Page 130 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Operation Command Description Required Configure the peers to By default, no community peer group-name advertise community attribute or extended advertise-community attribute to each other community attribute is advertised to any peer group. Required Specify routing policy peer group-name...
Page 131: Route Policy Configuration
Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview Operation Command Description Configure confederation id Required confederation as-number By default, no Basic BGP confederation ID is confederation Specify the configured and no sub-AS confederation configuration sub-ASs is configured for a peer-as included in a confederation.
Page 132 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview II. AS path list configuration Table 1-2 AS path list configuration Operation Command Description Enter system view system-view — ip as-path-acl Optional acl-number { permit | Configure AS path list By default, no AS path list deny } is defined...
Page 133 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview V. Define if-match clauses Table 1-5 Define if-match clauses Operation Command Description Enter system view system-view — route-policy Enter the route-policy route-policy-name Required view { permit | deny } node node-number Define a rule to match AS if-match as-path...
Page 134 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Routing Overview VI. Define apply clauses Table 1-6 Define apply clauses Operation Command Description Enter system view system-view — route-policy Enter the route-policy route-policy-name Required view { permit | deny } node node-number apply as-path Add specified AS number...
Page 135: Chapter 2 Configuration Examples
Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples Chapter 2 Configuration Examples Note: The following configuration examples use the S5600 series switches. 2.1 Configuration Examples 2.1.1 Static Routing Configuration Example I. Network requirements Requirement analysis: A small company requires any two nodes in its network communicate with each other. The network should be simple and stable.
Page 136: Rip Configuration Examples
Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples II. Configuration procedure Configure the switches: # Configure static routes on Switch A. <SwitchA> system-view [SwitchA] ip route-static 1.1.3.0 255.255.255.0 1.1.2.2 [SwitchA] ip route-static 1.1.4.0 255.255.255.0 1.1.2.2 [SwitchA] ip route-static 1.1.5.0 255.255.255.0 1.1.2.2 # Configure static routes on Switch B.
Page 137 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples Device Interface IP Address Device Interface IP Address Switch A Vlan-int1 110.11.2.1/24 Switch B Vlan-int1 110.11.2.2/24 Vlan-int2 155.10.1.1/24 Vlan-int3 196.38.165.1/24 Switch C Vlan-int1 110.11.2.3/24 Vlan-int4 117.102.0.1/16 Figure 2-2 Network diagram for RIP configuration II.
Page 138: Dr Configuration Example
Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples [SwitchC-rip] network 117.102.0.0 [SwitchC-rip] network 110.11.2.0 2.1.3 DR Configuration Example I. Network requirements Requirement analysis Use OSPF to realize interconnection between devices in a broadcast network. Devices with higher performance should become the DR and BDR to improve network performance.
Page 139 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples # Configure Switch B. <SwitchB> system-view [SwitchB] interface Vlan-interface 1 [SwitchB-Vlan-interface1] ip address 196.1.1.2 255.255.255.0 [SwitchB-Vlan-interface1] ospf dr-priority 0 [SwitchB-Vlan-interface1] quit [SwitchB] router id 2.2.2.2 [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255 # Configure Switch C.
Page 140: Ospf Virtual Link Configuration Examples
Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples Use the display ospf peer command to display OSPF neighbors on Switch A. Note that the priority of Switch B is 200 now, but it is not the DR. The DR will be reelected only after the current DR fails to work.
Page 141 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples [SwitchA-Vlan-interface1] ip address 196.1.1.2 255.255.255.0 [SwitchA-Vlan-interface1] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 197.1.1.2 255.255.255.0 [SwitchA-Vlan-interface2] quit [SwitchA] router id 1.1.1.1 [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] network 197.1.1.0 0.0.0.255...
Page 142 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples Total Nets: 2 Intra Area: 2 Inter Area: 0 ASE: 0 NSSA: 0 Note: Since Area2 has no direct connection to Area0, the routing table of RouterA has no route to Area2.
Page 143: Bgp Confederation Configuration Example
Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples 2.1.5 BGP Confederation Configuration Example I. Network requirements Requirement analysis BGP runs in a large AS of a company. As the number of IBGP peers increases rapidly in the AS, more network resources for BGP communication are occupied. The customer hopes to reduce IBGP peers and decrease the CPU and network resources consumption of BGP without affecting device performance.
Page 144 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples <SwitchA> system-view [SwitchA] bgp 1001 [SwitchA-bgp] network 10.1.1.0 255.255.255.0 [SwitchA-bgp] confederation id 100 [SwitchA-bgp] confederation peer-as 1002 1003 [SwitchA-bgp] group confed1002 external [SwitchA-bgp] peer 172.68.10.2 group confed1002 as-number 1002 [SwitchA-bgp] group confed1003 external [SwitchA-bgp] peer 172.68.10.3 group confed1003 as-number 1003 [SwitchA-bgp] quit...
Page 145: Bgp Route Reflector Configuration Example
Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples [SwitchE] bgp 200 [SwitchE-bgp] network 8.1.1.0 255.255.255.0 [SwitchE-bgp] group ebgp100 external [SwitchE-bgp] peer 156.10.1.1 group ebgp100 as-number 100 [SwitchE-bgp] quit # Display the BGP routing table on Switch E. [SwitchE] display bgp routing Flags: # - valid...
Page 146 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples of BGP without affecting device performance. In addition, IBGP peers are partially interconnected in the AS. Based on the requirements and networking environment, configure a BGP route reflector to achieve the goal. Network diagram Figure 2-6 shows the network diagram.
Page 147 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples Configure Switch B. # Configure the VLAN interface IP addresses. <SwitchB> system-view [SwitchB] interface Vlan-interface 2 [SwitchB-Vlan-interface2] ip address 192.1.1.2 255.255.255.0 [SwitchB-Vlan-interface2] quit [SwitchB] interface Vlan-interface 3 [SwitchB-Vlan-interface3] ip address 193.1.1.2 255.255.255.0 [SwitchB-Vlan-interface3] quit # Configure BGP peers.
Page 148: Bgp Path Selection Configuration Example
Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples [SwitchD-bgp] peer 194.1.1.1 group in Use the display bgp routing command to display the BGP routing table on Switch B. Note that Switch B has learned network 1.0.0.0. Use the display bgp routing command to display the BGP routing table on Switch D. Note that Switch D has learned network 1.0.0.0.
Page 149 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples Run OSPF in AS 200 to realize network interconnection. Run IBGP between Switch D and Switch B as well as between Switch D and Switch C. Apply a routing policy on Switch A to modify the MED attribute of the route to be advertised to AS 200, making the data forwarding path from Switch D to AS 100 as Switch D –...
Page 150 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples # Create a routing policy named apply_med_50, and specify node 10 with the permit matching mode for the routing policy. Set the MED value of the route matching ACL 2000 to 50.
Page 151: Enable Ospf
Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples [SwitchB-bgp] peer 192.1.1.1 group ex as-number 100 [SwitchB-bgp] group in internal [SwitchB-bgp] peer 194.1.1.1 group in [SwitchB-bgp] peer 195.1.1.2 group in Configure Switch C. # Configure the VLAN interface IP addresses. <SwitchC>...
Page 152 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples [SwitchD-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] network 4.0.0.0 0.255.255.255 [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit # Enable BGP, create a peer group, and add peers to the peer group. [SwitchD] bgp 200 [SwitchD-bgp] undo synchronization [SwitchD-bgp] group in internal...
Page 153 Routing H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples the local preference is not set for route 1.0.0.0 on Switch B, so the route uses the default value 100. 2-19...
Page 154: Chapter 3 Comprehensive Configuration Example
Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example Chapter 3 Comprehensive Configuration Example Note: For details about routing protocols, see corresponding operation manuals of products. For detailed commands, see corresponding command manuals of products. The following examples use S3600 and S5600 series switches. 3.1 Network Requirements 3.1.1 Requirement Analysis, Network Diagram and Configuration Plan I.
Page 155 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example Figure 3-1 Network diagram III. Configuration plan Run BGP in AS 100 to interconnect with AS 200, AS 300, and AS 400. Use the MED attribute to control the forwarding path. Run OSPF in AS 200.
Page 156: Devices Used For Networking
Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example 3.1.2 Devices Used for Networking Table 3-1 Device model and device name Model Device name 7500 S200/S300 5600 S100_1/S100_2/S400 S200_0/S200_10/S300_A/S300_B/ 3600 S400_0 Note: Either S7500 series Ethernet switches or S5600 series Ethernet switches can serve as S100_1/S100_2/S400/S200/S300.
Page 157: Software Version
Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example 3.1.4 Software Version S3600 series Ethernet switches use Release 1510. S5600 series Ethernet switches use Release 1510. S7500 series Ethernet switches use Release 3130. 3.2 Configuration Procedure 3.2.1 Configuration Guide Table 3-3 Configuration guide Configuration task Description...
Page 158 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example Device Interface IP address S300 Vlan-int 14 206.1.4.2/24 S300_A Vlan-int 14 206.1.4.1/24 Vlan-int 662 166.1.2.1/24 Vlan-int 665 166.1.5.2/24 S300_B Vlan-int 662 166.1.2.2/24 Vlan-int 623 162.1.3.1/24 Vlan-int 624 162.1.4.1/24 Figure 3-2 Network diagram for RIPv2 configuration Configure S300.
Page 159 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example # Run RIPv2 on VLAN-interface 14 and VLAN-interface 662. [S300_A] interface vlan-interface 14 [S300_A-Vlan-interface14] rip version 2 [S300_A-Vlan-interface14] quit [S300_A] interface vlan-interface 662 [S300_A-Vlan-interface662] rip version 2 [S300_A-Vlan-interface662] quit Configure S300_B.
Page 160 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example Device Interface IP address Area S200 Vlan-int 12 206.1.2.3/24 S200_0 Vlan-int 12 206.1.2.1/24 Vlan-int 661 166.1.1.1/24 S200_10 Vlan-int 661 166.1.1.2/24 Vlan-int 621 162.1.1.1/24 Vlan-int 622 162.1.2.1/24 Figure 3-3 Network diagram for OSPF configuration Configure S200.
Page 161 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example <S200_10> system-view [S200_10] ospf [S200_10-ospf-1] area 10 [S200_10-ospf-1-area-0.0.0.10] network 162.1.1.0 0.0.0.255 [S200_10-ospf-1-area-0.0.0.10] network 162.1.2.0 0.0.0.255 [S200_10-ospf-1-area-0.0.0.10] network 166.1.1.0 0.0.0.255 Figure 3-4 shows the network diagram of AS 400. Device Interface IP address...
Page 162 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example III. Basic BGP configuration Figure 3-5 shows the relevant network diagram. Device Interface IP address Router ID S100_1 Vlan-int 11 196.1.1.1/24 1.1.1.1 Vlan-int 15 196.1.3.1/24 Vlan-int 31 196.3.1.1/24 S100_2 Vlan-int 22 196.2.2.1/24...
Page 163 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example [S100_1-bgp] network 196.1.1.0 # Set the preferences of EBGP routes, IBGP routes, and local routes to 200. [S100_1-bgp] preference 200 200 200 Configure S100_2. # Configure the router ID of S200_2 as 1.2.1.1. <S100_2>...
Page 164 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example # Advertise networks 192.1.1.0 and 206.1.3.0. [S200-bgp] network 192.1.1.0 [S200-bgp] network 206.1.3.0 # Set the preferences of EBGP routes, IBGP routes, and local routes to 200. [S200-bgp] preference 200 200 200 Configure S300.
Page 165: Rip, Static Route, And Routing Policy Configuration Example
Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example # Advertise networks 196.1.3.0 and 196.2.3.0. [S400-bgp] network 196.1.3.0 [S400-bgp] network 196.2.3.0 # Set the preferences of EBGP routes, IBGP routes, and local routes to 200. [S400-bgp] preference 200 200 200 3.2.4 RIP, Static Route, and Routing Policy Configuration Example I.
Page 166: Bgp And Igp Interaction Configuration Example
Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example # Configure a default route and specify the next-hop IP address as 166.1.2.1. [S300_B] ip route-static 0.0.0.0 0.0.0.0 166.1.2.1 preference 60 3.2.5 BGP and IGP Interaction Configuration Example I.
Page 167 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example # Create a routing policy named ospf_import with the match mode as permit. Define an if-match clause to permit routes whose destination addresses match IP prefix list ospf_import. [S200] route-policy ospf_import permit node 10 [S200-route-policy] if-match ip-prefix ospf_import [S200-route-policy] quit...
Page 168: Route Backup Configuration Example
Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example [S400] ip ip-prefix ospf_import index 20 permit 162.1.2.0 24 [S400] ip ip-prefix ospf_import index 30 permit 162.1.3.0 24 [S400] ip ip-prefix ospf_import index 40 permit 162.1.4.0 24 # Create a routing policy named ospf_import with the match mode as permit. Define an if-match clause to permit the routes whose destination addresses match IP prefix list ospf_import.
Page 169: Bgp Med Attribute Configuration Example
Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example III. Configuration procedure # Configure a default route on S200_10 and specify the next-hop IP address as 166.1.5.2. Set the default preference to 200. <S200_10> system-view [S200_10] ip route-static 0.0.0.0 0.0.0.0 166.1.5.2 preference 200 # Configure a static route on S300_A and specify the destination IP addresses as 162.1.1.0/24 and 162.1.2.0/24.
Page 170 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example II. Network diagram AS 400 VLAN-int 663 VLAN-int 664 S400_0 VLAN-int 16 S400 OSPF VLAN-int 15 VLAN-int 23 EBGP EBGP AS 100 IBGP S100_1 S100_2 VLAN-int 31 VLAN-int 11 EBGP EBGP VLAN-int 22...
Page 171 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example [S100_1] ip ip-prefix other index 10 permit 0.0.0.0 0 less-equal 32 # Create a routing policy named as200, and specify node 10 with the permit matching mode in the routing policy. Set the MED value of the route matching prefix list as200_1 to 100.
Page 172 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example # Define a prefix list named as200_2 and permit the route with IP prefix 162.1.2.0/24. [S100_2] ip ip-prefix as200_2 index 10 permit 162.1.2.0 24 # Define a prefix list named as300_1 and permit the route with IP prefix 162.1.3.0/24. [S100_2] ip ip-prefix as300_1 index 10 permit 162.1.3.0 24 # Define a prefix list named as300_2 and permit the route with IP prefix 162.1.4.0/24.
Page 173: Displaying The Whole Configuration On Devices
Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example # Apply routing policy as300 to the routes outgoing to peer group 400 (peer 196.2.3.3). [S100_2] bgp 100 [S100_2-bgp] peer 400 route-policy as300 export 3.3 Displaying the Whole Configuration on Devices 3.3.1 Displaying the Whole Configuration on Devices I.
Page 174 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example network 196.1.1.0 undo synchronization group 100 internal peer 196.3.1.2 group 100 group 200 external peer 196.1.1.3 group 200 as-number 200 group 400 external peer 400 route-policy as200 export peer 196.1.3.3 group 400 as-number 400 preference 200 200 200 route-policy as200 permit node 10...
Page 175 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example vlan 22 vlan 23 vlan 31 interface Vlan-interface22 ip address 196.2.2.1 255.255.255.0 interface Vlan-interface23 ip address 196.2.3.2 255.255.255.0 interface Vlan-interface31 ip address 196.3.1.2 255.255.255.0 … interface Cascade1/2/1 interface Cascade1/2/2 undo fabric-port Cascade1/2/1 enable undo fabric-port Cascade1/2/2 enable interface NULL0...
Page 176 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example apply cost 200 route-policy as300 permit node 20 if-match ip-prefix as200_2 apply cost 200 route-policy as300 permit node 30 if-match ip-prefix as300_1 apply cost 100 route-policy as300 permit node 40 if-match ip-prefix as300_2 apply cost 100 route-policy as300 permit node 50...
Page 177 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example ip address 206.1.2.3 255.255.255.0 interface Vlan-interface13 ip address 206.1.3.3 255.255.255.0 ……. bgp 200 network 192.1.1.0 network 206.1.3.0 import-route ospf 1 undo synchronization group 100 external peer 196.1.1.1 group 100 as-number 100 group 300 external peer 206.1.3.2 group 300 as-number 300 preference 200 200 200...
Page 178 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example vlan 661 interface Vlan-interface12 ip address 206.1.2.1 255.255.255.0 interface Vlan-interface661 ip address 166.1.1.1 255.255.255.0 ……. ospf 1 area 0.0.0.10 network 166.1.1.0 0.0.0.255 area 0.0.0.0 network 206.1.2.0 0.0.0.255 ………. V.
Page 179 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example ip address 166.1.5.1 255.255.255.0 ……… ospf 1 area 0.0.0.10 network 162.1.1.0 0.0.0.255 network 162.1.2.0 0.0.0.255 network 166.1.1.0 0.0.0.255 ip route-static 0.0.0.0 0.0.0.0 166.1.5.2 preference 200 ……… VI. S300 <S300>...
Page 180 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example network 206.1.3.0 network 196.2.2.0 import-route rip undo synchronization group 100 external peer 196.2.2.1 group 100 as-number 100 group 200 external peer 206.1.3.3 group 200 as-number 200 preference 200 200 200 undo summary network 206.1.4.0 import-route bgp route-policy rip_import...
Page 181 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example interface Vlan-interface662 ip address 166.1.2.1 255.255.255.0 rip version 2 multicast interface Vlan-interface665 ip address 166.1.5.2 255.255.255.0 …… undo summary network 206.1.4.0 network 166.1.0.0 import-route static ip route-static 162.1.1.0 255.255.255.0 166.1.5.1 preference 200 ip route-static 162.1.2.0 255.255.255.0 166.1.5.1 preference 200 ………...
Page 182 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example interface Vlan-interface624 ip address 162.1.4.1 255.255.255.0 rip version 2 multicast interface Vlan-interface662 ip address 166.1.2.2 255.255.255.0 rip version 2 multicast …… undo summary network 166.1.0.0 network 162.1.0.0 filter-policy 2000 import ip route-static 0.0.0.0 0.0.0.0 166.1.2.1 preference 60 ……...
Page 183 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example …… interface Cascade1/2/1 interface Cascade1/2/2 undo fabric-port Cascade1/2/1 enable undo fabric-port Cascade1/2/2 enable interface NULL0 bgp 400 network 196.1.3.0 network 196.2.3.0 import-route ospf 1 undo synchronization group 100_1 external peer 196.1.3.1 group 100_1 as-number 100 group 100_2 external peer 196.2.3.2 group 100_2 as-number 100...
Page 184: Verifying The Configuration
Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example sysname S400_0 ……… vlan 16 vlan 663 to 664 ……… interface Vlan-interface16 ip address 206.1.6.1 255.255.255.0 interface Vlan-interface663 ip address 166.1.3.1 255.255.255.0 interface Vlan-interface664 ip address 166.1.4.1 255.255.255.0 ………...
Page 185: Verifying The Bgp And Igp Interaction Configuration
Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example 162.1.3.1/32 DIRECT 127.0.0.1 InLoopBack0 162.1.4.0/24 DIRECT 162.1.4.1 Vlan-interface624 162.1.4.1/32 DIRECT 127.0.0.1 InLoopBack0 166.1.2.0/24 DIRECT 166.1.2.2 Vlan-interface662 166.1.2.2/32 DIRECT 127.0.0.1 InLoopBack0 <S300_B> tracert -a 162.1.3.1 166.1.4.1 traceroute to 166.1.4.1(166.1.4.1) 30 hops max,40 bytes packet 1 166.1.2.1 18 ms 3 ms 3 ms...
Page 186: Verifying The Route Backup Configuration
Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example 166.1.3.0/24 100 1 206.1.4.2 Vlan-interface14 166.1.4.0/24 206.1.4.2 Vlan-interface14 166.1.5.0/24 DIRECT 166.1.5.2 Vlan-interface665 166.1.5.2/32 DIRECT 127.0.0.1 InLoopBack0 206.1.4.0/24 DIRECT 206.1.4.1 Vlan-interface14 206.1.4.1/32 DIRECT 127.0.0.1 InLoopBack0 <S200_10> display ip routing-table Routing Table: public net Destination/Mask Protocol Pre...
Page 187: Verifying The Med Attribute Configuration
Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example 166.1.1.2/32 DIRECT 127.0.0.1 InLoopBack0 166.1.3.0/24 O_ASE 166.1.1.1 Vlan-interface661 166.1.4.0/24 O_ASE 166.1.1.1 Vlan-interface661 166.1.5.0/24 DIRECT 166.1.5.1 Vlan-interface665 166.1.5.1/32 DIRECT 127.0.0.1 InLoopBack0 206.1.2.0/24 OSPF 166.1.1.1 Vlan-interface661 <S200_10> tracert -a 162.1.1.1 166.1.3.1 traceroute to 166.1.3.1(166.1.3.1) 30 hops max,40 bytes packet 1 166.1.1.1 10 ms...
Page 188 Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example 2 196.1.3.1 10 ms 3 ms 8 ms 3 196.1.1.3 8 ms 3 ms 3 ms 4 206.1.2.1 13 ms 4 ms 3 ms 5 166.1.1.2 13 ms 4 ms 3 ms <S400_0>...
Page 189: Precautions
Routing Chapter 3 Comprehensive Configuration H3C Low-End Ethernet Switches Configuration Examples Example D - damped H - history S - aggregate suppressed Dest/Mask Next-Hop Local-pref Origin Path ---------------------------------------------------------------------- 162.1.3.0/24 196.2.3.2 100 300 162.1.3.0/24 196.1.3.1 100 300 162.1.4.0/24 196.2.3.2 100 300 162.1.4.0/24 196.1.3.1 100 300...
Page 190 Multicast H3C Low-End Ethernet Switches Configuration Examples Table of Contents Table of Contents Chapter 1 Multicast Protocol Overview..................1-1 1.1 Overview ..........................1-1 1.2 Support of Multicast Features.................... 1-2 1.3 Configuration Guidance ..................... 1-3 1.3.1 Configuring IGMP Snooping ................... 1-3 1.3.2 Configuring IGMP....................
Page 191 Multicast H3C Low-End Ethernet Switches Configuration Examples Abstract Multicast Protocol Configuration Examples Keywords: IGMP, PIM-DM, PIM-SM, MSDP, IGMP Snooping Abstract: This document introduces how to configure multicast functions on Ethernet switches in practical networking, based on three typical networking scenarios: 1.
Page 192: Chapter 1 Multicast Protocol Overview
Multicast H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Multicast Protocol Overview Chapter 1 Multicast Protocol Overview 1.1 Overview Different from unicast and broadcast, the multicast technique efficiently addresses the issue point-to-multipoint data transmission. allowing high-efficiency point-to-multipoint data transmission, multicast greatly saves network bandwidth and reduces network load.
Page 193: Support Of Multicast Features
Multicast H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Multicast Protocol Overview groups. By analyzing received IGMP messages, a Layer 2 device running IGMP Snooping establishes mappings between ports and MAC multicast groups and forwards multicast data based on these mappings. IV.
Page 194: Configuring Igmp Snooping
Multicast H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Multicast Protocol Overview Feature IGMP IGMP MSDP Snooping Model S5600 S5100 — — — S3100-SI — — — 1.3 Configuration Guidance The following configuration guidance describes the configuration of multicast features based on the implementations on the S5600 series Ethernet switches.
Page 195 Multicast H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Multicast Protocol Overview II. Configuring IGMP-Snooping timers Follow these steps to configure IGMP-Snooping timers: To do... Use the command... Remarks Enter system view system-view — Optional igmp-snooping Configure an aging router-aging-time By default, the router port timer of router port seconds...
Page 196 Multicast H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Multicast Protocol Overview Follow these steps to configure a multicast group filter in system view: To do... Use the command... Remarks Enter system view system-view — igmp-snooping Required Configure a multicast group-policy acl-number group filter Disabled by default...
Page 197: Configuring Igmp
Multicast H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Multicast Protocol Overview To do... Use the command... Remarks Enter VLAN view vlan vlan-id — Required Enable IGMP Snooping igmp-snooping enable Disabled by default Required Enable IGMP-Snooping igmp-snooping querier querier Disabled by default Optional Configure the query igmp-snooping...
Page 198 Multicast H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Multicast Protocol Overview I. Enabling IGMP Follow these steps to enable IGMP: To do... Use the command... Remarks Enter system view system-view — multicast Enable multicast routing — routing-enable Enter VLAN interface interface Vlan-interface —...
Page 199 Multicast H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Multicast Protocol Overview III. Configuring parameters related to IGMP queries Follow these steps to configure parameters related to IGMP queries: To do... Use the command... Remarks Enter system view system-view — Enter VLAN interface interface Vlan-interface —...
Page 200 Multicast H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Multicast Protocol Overview Caution: If you configure the maximum number of multicast groups allowed on an interface to 1, a new group joined on the interface automatically supersedes the existing one. If the number of existing multicast groups is larger than the limit configured on the interface, the system will remove the oldest entries automatically until the number of multicast groups on the interface conforms to the configured limit.
Page 201 Multicast H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Multicast Protocol Overview Follow these steps to configure simulated joining in VLAN interface view: To do... Use the command... Remarks Enter system view system-view — Enter VLAN interface interface Vlan-interface — view interface-number igmp host-join...
Page 202 Multicast H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Multicast Protocol Overview To do... Use the command... Remarks igmp proxy Required Configure IGMP proxy Vlan-interface Disabled by default interface-number Caution: You must enable PIM on the interface before configuring the igmp proxy command. Otherwise, the IGMP proxy feature does not take effect.
Page 203: Configuring Pim
Multicast H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Multicast Protocol Overview 1.3.3 Configuring PIM I. Configuring PIM-DM Follow these steps to configure PIM-DM: To do... Use the command... Remarks Enter system view system-view — Required multicast Enable multicast routing routing-enable Disabled by default Enter PIM view...
Page 204 Multicast H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Multicast Protocol Overview To do... Use the command... Remarks Optional c-bsr interface-type By default, no C-BSR is Configure a C-BSR interface-number configured. The default hash-mask-len [ priority ] priority is 0. c-rp interface-type Optional interface-number...
Page 205: Configuring Msdp
Multicast H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Multicast Protocol Overview To do... Use the command... Remarks Configure the maximum Optional number of PIM neighbors pim neighbor-limit limit The default value is 128. allowed on the interface Optional Configure the filtering pim neighbor-policy You can define the related policy for PIM neighbors...
Page 206 Multicast H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Multicast Protocol Overview Configure description information for MSDP peers Follow these steps to configure description information of an MSDP peer: To do... Use the command... Remarks Enter system view system-view — Enter MSDP view msdp —...
Page 207 Multicast H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Multicast Protocol Overview To do... Use the command... Remarks Optional Configure the MSDP peer timer retry seconds The system default is 30 connection retry period seconds. III. Configuring SA message delivery Complete these tasks to configure SA message delivery: Configuration task Remarks...
Page 208 Multicast H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Multicast Protocol Overview To do... Use the command... Remarks Optional Enable the SA message cache-sa-enable cache mechanism Enabled by default Optional Configure the maximum peer peer-address number of SA messages sa-cache-maximum The system default is the router can cache sa-limit...
Page 209 Multicast H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Multicast Protocol Overview Configure a filtering rule for receiving or forwarding SA messages Follow these steps to configure a filtering rule for receiving or forwarding SA messages: To do... Use the command... Remarks Enter system view system-view...
Page 210: Chapter 2 Multicast Protocol Configuration Examples
Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples Chapter 2 Multicast Protocol Configuration Examples 2.1 PIM-DM plus IGMP plus IGMP Snooping Configuration Example 2.1.1 Requirement Analysis When users receive voice on demand (VOD) information through multicast, the information receiving mode may vary based on user requirements: To avoid video broadcast at Layer 2, IGMP Snooping is enabled on Switch E, through which Host A and Host B receive the multicast data.
Page 211: Network Diagram
Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples 2.1.3 Network Diagram Device Interface IP address Ports Switch A Vlan-int100 10.110.1.1/24 Ethernet1/0/1 Vlan-int103 192.168.1.1/24 Ethernet1/0/2 Switch B Vlan-int200 10.110.2.1/24 Ethernet1/0/1 Vlan-int101 192.168.2.1/24 Ethernet1/0/2 Switch C Vlan-int200 10.110.2.2/24 Ethernet1/0/1 Vlan-int102...
Page 212 Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples [SwitchA-vlan103] quit [SwitchA] interface Vlan-interface 100 [SwitchA-Vlan-interface100] ip address 10.110.1.1 24 [SwitchA-Vlan-interface100] quit [SwitchA] interface Vlan-interface 103 [SwitchA-Vlan-interface103] ip address 192.168.1.1 24 [SwitchA-Vlan-interface103] quit Configure VLANs, VLAN interfaces, and their IP addresses on other switches as per Figure 2-1.
Page 213 Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples [SwitchD-Vlan-interface103] pim dm [SwitchD-Vlan-interface103] quit [SwitchD] interface vlan-interface 101 [SwitchD-Vlan-interface101] pim dm [SwitchD-Vlan-interface101] quit [SwitchD] interface vlan-interface 102 [SwitchD-Vlan-interface102] pim dm [SwitchD-Vlan-interface102] quit # Enable IGMP Snooping on Switch E, and enable IGMP Snooping in VLAN 100. <SwitchE>...
Page 214 Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples # View the multicast forwarding table of Switch A. <SwitchA>display multicast forwarding-table Multicast Forwarding Cache Table Total 1 entry: 0 entry created by IP, 1 entry created by protocol 00001.
Page 215 Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples Total 1 MAC Group(s). Router port(s):Ethernet1/0/2 IP group(s):the following ip group(s) match to one mac group. IP group address:224.1.1.1 Host port(s):Ethernet1/0/19 MAC group(s): MAC group address:0100-5e01-0101 Host port(s):Ethernet1/0/19 The above-mentioned information shows that multicast forwarding entries have been correctly established on Switch D and Switch A, and multicast traffic can successfully flow to Host A.
Page 216 Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples With multicast group filtering enabled, the corresponding ports drop IGMP reports for the filtered group and will be removed for that group when their respective port aging timer expires.
Page 217: Pim-Sm Plus Igmp Plus Igmp Snooping Configuration Examples
Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples After multicast group filtering is enabled, the corresponding port cannot receive IGMP reports. Thus, the corresponding multicast groups are deleted after the port aging timer expires. Note: As shown above, IGMP Snooping multicast group filtering has the same function as IGMP multicast group filtering.
Page 218: Network Diagram
Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples 2.2.3 Network Diagram Device Interface IP address Ports Switch A Vlan-int100 10.110.1.1/24 Ethernet1/0/1 Vlan-int101 192.168.1.1/24 Ethernet1/0/2 Vlan-int102 192.168.9.1/24 Ethernet1/0/3 Switch B Vlan-int200 10.110.2.1/24 Ethernet1/0/1 Vlan-int103 192.168.2.1/24 Ethernet1/0/2 Switch C Vlan-int200 10.110.2.2/24...
Page 219 Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples [SwitchA-vlan100] quit [SwitchA] vlan 101 [SwitchA-vlan101] port Ethernet 1/0/2 [SwitchA-vlan101] quit [SwitchA] vlan 102 [SwitchA-vlan102] port Ethernet 1/0/3 [SwitchA-vlan102] quit [SwitchA] interface Vlan-interface 100 [SwitchA-Vlan-interface100] ip address 10.110.1.1 24 [SwitchA-Vlan-interface100] quit [SwitchA] interface Vlan-interface 101 [SwitchA-Vlan-interface101] ip address 192.168.1.1 24...
Page 220 Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples [SwitchA-Vlan-interface101] pim sm [SwitchA-Vlan-interface101] quit [SwitchA] interface vlan-interface 102 [SwitchA-Vlan-interface102] pim sm Note: It is necessary to enable IGMP only on interfaces with attached multicast receivers. As the default IGMP version is IGMPv2, it is not necessary to use the version configuration command on the interface.
Page 221 Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples [SwitchF] vlan 100 [SwitchF-vlan100] igmp-snooping enable [SwitchF-vlan100] quit IV. Verifying the configuration Now start sending multicast data to multicast group 225.1.1.1 from Source and start receiving the multicast data on Host A and Host C, and take the following steps to verify the configurations made on the switches.
Page 222 Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples # View PIM routing table entries on Switch A. <SwitchA> display pim routing-table PIM-SM Routing Table Total 1 (S,G) entries, 1 (*,G) entries, 0 (*,*,RP) entry (*, 225.1.1.1), RP 192.168.9.2 Protocol 0x20: PIMSM, Flag 0x2003: RPT WC NULL_IIF Uptime: 00:23:21, never timeout Upstream interface: Vlan-interface102, RPF neighbor: 192.168.9.2...
Page 223 Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples Downstream interface list: Vlan-interface102, Protocol 0x100: RPT, timeout in 176 sec Vlan-interface103, Protocol 0x100: SPT, timeout in 135 sec (10.110.5.100, 225.1.1.1) Protocol 0x20: PIMSM, Flag 0x4: SPT Uptime: 00:03:03, Timeout in 27 sec Upstream interface: Vlan-interface105, RPF neighbor: 192.168.4.2 Downstream interface list:...
Page 224 Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples MAC group address:0100-5e01-0101 Host port(s):Ethernet1/0/24 Vlan(id):103. Total 0 IP Group(s). Total 0 MAC Group(s). Router port(s):Ethernet1/0/10 As shown above, multicast traffic can successfully flow to Host A and Host C. Configure simulated joining Configure simulated joining on Switch B, thus to prevent the multicast switch from considering that no multicast receiver exist on the subnet due to some reason and...
Page 225: Igmp Snooping-Only Configuration Examples
Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples 2.3 IGMP Snooping-Only Configuration Examples 2.3.1 Network Requirements In case that it is unnecessary or infeasible to build a Layer-3 multicast network, enabling IGMP Snooping on all the devices in a Layer 2 network can implement some multicast functions.
Page 226 Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples # Create VLAN 100, add Ethernet 1/0/1 and Ethernet 1/0/2 into VLAN 100, and then enable IGMP Snooping in this VLAN. [SwitchA] vlan 100 [SwitchA-vlan100] port Ethernet 1/0/1 Ethernet 1/0/2 [SwitchA-vlan100] igmp-snooping enable # Enable IGMP Snooping querier in VLAN 100.
Page 227 Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples Caution: Switch C is not the IGMP Snooping querier, so it does not have member ports for non-directly-connected hosts, and the corresponding forwarding entries cannot be created on it. Therefore, do not enable the function of dropping unknown multicast packets on Switch C.
Page 228 Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples As shown above, a forwarding entry for the multicast group 224.1.1.1 has been created on Switch A, with Ethernet 1/0/1 as the router port and Ethernet 1/0/2 as the member port.
Page 229: Msdp Configuration Examples
Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples Received error IGMP packet(s) number:0. Sent IGMP specific query packet(s) number:0. Switch C received only IGMP general queries from the querier. # View multicast group information on Switch C. <Switch C>...
Page 230: Network Diagram
Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples 2.4.3 Network Diagram Device Interface IP address Device Interface IP address SwitchA Vlan-int100 10.110.1.2/24 Switch D Vlan-int300 10.110.4.1/24 Vlan-int200 10.110.6.1/24 Vlan-int102 192.168.3.1/24 Vlan-int300 10.110.5.1/24 Vlan-int101 192.168.1.2/24 SwitchB Vlan-int100 10.110.7.1/24 Loop0...
Page 231 Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples II. Configuring a unicast routing protocol for each AS # Configure OSPF on Switch C. <SwitchC> system-view. [SwitchC]ospf [SwitchC-ospf-1]area 0 [SwitchC-ospf-1-area-0.0.0.0]network 10.110.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0]network 10.110.2.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0 The configuration on Switch A, Switch B, Switch D, Switch E, Switch F and Switch G is similar to the configuration on Switch C.
Page 232 Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples The configuration on Switch B, Switch D, and Switch F is similar to the configuration on Switch C. The specific configuration steps are omitted here. # Configure a BSR boundary on Switch C. [SwitchC-Vlan-interface101] pim bsr-boundary [SwitchC-Vlan-interface101] quit The configuration on Switch D and Switch F is similar to the configuration on Switch C.
Page 233 Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples [SwitchF-bgp] peer 192.168.3.1 group 200 [SwitchF-bgp] import-route ospf 1 [SwitchF-bgp] import-route direct [SwitchF-bgp] quit # Configure BGP route redistribution to OSPF on Switch C. [SwitchC] ospf 1 [SwitchC-ospf-1] import-route bgp [SwitchC-ospf-1] quit The configuration on Switch D and Switch F is similar to the configuration on Switch C.
Page 234 Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples [SwitchD-msdp] peer 192.168.3.2 connect-interface vlan-interface 102 [SwitchD-msdp] quit # Configure MSDP peers on Switch F. [SwitchF] msdp [SwitchF-msdp] peer 192.168.3.1 connect-interface vlan-interface 102 [SwitchF-msdp] quit When the multicast source Source 1 sends multicast information, receivers in PIM-SM2 and PIM-SM3 can receive the multicast data.
Page 235 Multicast Chapter 2 Multicast Protocol Configuration H3C Low-End Ethernet Switches Configuration Examples Examples Export policy: none Information about SA-Requests: Policy to accept SA-Request messages: none Sending SA-Requests status: disable Minimum TTL to forward SA with encapsulated data: 0 SAs learned from this peer: 0, SA-cache maximum for the peer: none Input queue size: 0, Output queue size: 0 Counters for MSDP message: Count of RPF check failure: 0...
Page 236 VLAN H3C Low-End Ethernet Switches Configuration Examples Table of Contents Table of Contents Chapter 1 VLAN Overview ......................1-1 1.1 VLAN Support Matrix ......................1-1 1.1.1 Support for VLAN on H3C Low-End Ethernet Switches ......... 1-1 1.2 Configuration Guide......................1-2 1.2.1 Configuring Basic VLAN Settings................
Page 237: Vlan Configuration Examples
VLAN H3C Low-End Ethernet Switches Configuration Examples Abstract VLAN Configuration Examples Keywords: VLAN, 802.1q, VLAN interface, protocol VLAN Abstract: This document introduces how VLAN of the H3C series Ethernet switches is applied and configured in practical networking implementations and how protocols are used in conjunction with VLANs.
Page 238: Chapter 1 Vlan Overview
VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 1 VLAN Overview Chapter 1 VLAN Overview 1.1 VLAN Support Matrix 1.1.1 Support for VLAN on H3C Low-End Ethernet Switches Table 1-1 Support for VLAN on H3C low-end ethernet switches Feature (right) 802.1Q VLAN VLAN interface Protocol VLAN...
Page 239: Configuration Guide
VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 1 VLAN Overview 1.2 Configuration Guide Note: The configuration procedure differs by device. In this guide, the S3600 series are taken as an example. For how to configure VLAN on other models, refer to their accompanied operation manuals.
Page 240 VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 1 VLAN Overview To do... Use the command... Remarks — Enter system view system-view — Enter VLAN view vlan vlan-id Required Assign a list of Ethernet By default, all ports port interface-list ports to the VLAN belong to the default VLAN (VLAN 1).
Page 241: Configuring Basic Settings Of A Vlan Interface
VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 1 VLAN Overview 1.2.2 Configuring Basic Settings of a VLAN Interface You can enable your switch to perform Layer 3 forwarding by configuring VLAN interfaces with IP addresses on the switch. Follow these steps to configure basic settings of a VLAN interface: To do...
Page 242: Protocol Vlan Configuration
VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 1 VLAN Overview Note: Before creating a VLAN interface for a VLAN, create the VLAN first. On some H3C series switches, only one VLAN interface is supported, and you must configure its VLAN as the default VLAN with the management-vlan command before creating the VLAN interface.
Page 243 VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 1 VLAN Overview To do... Use the command... Remarks Display information about display protocol-vlan the protocol templates of vlan { vlan-id [ to vlan-id ] the specified VLAN(s) | all } Display information about display protocol-vlan Available in any view the protocol templates of...
Page 244: Chapter 2 Configuration Examples
VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples Chapter 2 Configuration Examples 2.1 VLAN Configuration Example 2.1.1 Network Requirements A company has three departments: the R&D department, the marketing department, and the design department. The three departments are located in the same building. The R&D department and the marketing department are located in different office areas.
Page 245: Network Diagram
VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples 2.1.2 Network Diagram Internet Public Servers R&D Dept. Core-SwitchA Core-SwitchB SwitchA SwitchB Market Dept. Design Server R&D Server Market Dept. R&D Dept. Design Dept. & R&D Dept. Figure 2-1 Network diagram for VLAN configuration 2.1.3 Configuration Outlines I.
Page 246 VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples Apple hosts whose network protocol is Appletalk and Windows hosts whose network protocol is IP to different protocol VLANs. Configure GigabitEthernet 1/1/1 to permit frames of all existing VLANs to pass through with VLAN tags for VLAN identification.
Page 247 VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples IV. Configuration on Core-Switch B Figure 2-5 Network diagram for Core-Switch B Each server is connected to Core-Switch B through an individual port. Assign these ports to different VLANs to provide the departments exclusive access to their respective servers.
Page 248 VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples Figure 2-6 Network diagram for the deployment of VLANs 2.1.4 Configuration Procedure I. Device and version used S3600 series, Test 1510. II. Configuration procedure Configure Switch A # Create VLAN 100, VLAN 200, and VLAN 300. <SwitchA>...
Page 249 VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples [SwitchA-Ethernet1/0/7] port access vlan 200 [SwitchA-Ethernet1/0/7] quit # Create a protocol template for VLAN 100 to carry IP and a protocol template for VLAN 300 to carry Appletalk. [SwtichA] vlan 100 [SwitchA-vlan100] protocol-vlan ip [SwitchA-vlan100] quit [SwitchA] vlan 300...
Page 250 VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples # Configure GigabitEthernet 1/1/1 and GigabitEthernet 1/1/2 as trunk ports permitting the frames of VLAN 100, VLAN 200, and VLAN 300 to pass through with VLAN tags. [SwitchB] interface GigabitEthernet 1/1/1 [SwitchB-GigabitEthernet1/1/1] port link-type trunk [SwitchB-GigabitEthernet1/1/1] port trunk permit vlan 100 200 300 [SwitchB-GigabitEthernet1/1/1] quit...
Page 251 VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples to carry VLAN 500 and configure GigabitEthernet 1/1/1 to permit the frames of VLAN 500 to pass through with VLAN tags. [Core-SwitchA] vlan 500 [Core-SwitchA-vlan500] quit [Core-SwitchA] interface Vlan-interface 500 [Core-SwitchA-Vlan-interface500] ip address 192.168.50.1 24 [Core-SwitchA-Vlan-interface500] quit [Core-SwitchA] interface GigabitEthernet 1/1/1...
Page 252: Precautions
VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples Thus, all departments are isolated at both the data link layer and the network layer. Note: To prevent users from modifying the IP addresses and gateways of hosts for accessing unauthorized network resources, you are recommended to enable DHCP-Snooping on Switch A and Switch B to monitor the IP addresses of clients.
Page 253: Chapter 3 Appendix
VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 3 Appendix Chapter 3 Appendix 3.1 Protocols and Standards IEEE 802.1Q: Virtual Bridged Local Area Networks...
Page 254 Voice VLAN H3C Low-End Ethernet Switches Configuration Examples Table of Contents Table of Contents Chapter 1 Voice VLAN Overview ....................1-1 1.1 Applicable Switches......................1-1 1.2 Configuring Voice VLAN ....................1-1 1.2.1 Configuring a Voice VLAN in automatic mode............1-1 1.2.2 Configuring a Voice VLAN in manual mode............
Page 255 Voice VLAN H3C Low-End Ethernet Switches Configuration Examples Abstract Voice VLAN Configuration Examples Keywords: VLAN, 802.1q, voice VLAN Abstract: This document introduces how voice VLAN of the H3C series Ethernet switches is applied and configured in a network. Acronyms: VLAN (Virtual local area network)
Page 256: Chapter 1 Voice Vlan Overview
Voice VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Voice VLAN Overview Chapter 1 Voice VLAN Overview 1.1 Applicable Switches This configuration example is applicable to the following models support voice VLAN: S3600 S5600 S5100-EI S3100-EI 1.2 Configuring Voice VLAN Note: For how to configure VLAN, port type and other related functions that voice VLAN configuration involves, refer to the operation manual that accompanies your...
Page 257: Configuring A Voice Vlan In Manual Mode
Voice VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Voice VLAN Overview To do... Use the command... Remarks Optional Set the voice VLAN aging voice vlan aging minutes time 1440 minutes by default. Enable voice VLAN voice vlan vlan-id enable Required globally interface interface-type...
Page 258 Voice VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 1 Voice VLAN Overview To do... Use the command... Remarks Enable voice VLAN legacy on the port to allow for automatic Optional voice VLAN assignment for voice vlan legacy Disabled by default. voice traffic from third-party vendors’...
Page 259: Chapter 2 Configuration Examples
Voice VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples Chapter 2 Configuration Examples 2.1 Voice VLAN Configuration Examples A company plans to deploy IP phones in the office area and meeting rooms. To guarantee voice quality, the voice traffic must be transmitted in a VLAN dedicated to voice traffic.
Page 260: Network Diagram
Voice VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples 2.1.1 Network Diagram Figure 2-1 Network diagram for voice VLAN configuration 2.1.2 Configuration Outlines I. Configuration on Switch A Figure 2-2 Network diagram for Switch A As the IP phones connected to Switch A get IP addresses automatically, they should send an untagged DHCP request to the DHCP server for an IP address upon their startup.
Page 261 Voice VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples Note: The above procedure describes how a common IP phone gets an IP address. The procedure may differ depending on your IP phone. For the actual procedure of your IP phone, refer to its user manual.
Page 262 Voice VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples Note: The following describes the operations on VLAN traffic: pvid: Indicates that the VLAN is configured as the default VLAN of the port. untagged: Indicates that the port sends the traffic of the VLAN untagged. tagged: Indicates that the port sends the traffic of the VLAN tagged.
Page 263 Voice VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples phones send tagged voice traffic, you should configure the port to send the traffic of the voice VLAN tagged. GigabitEthernet 1/1/2 The port sends the voice traffic received on Switch B. As the meeting rooms should use a voice VLAN different from that for the office area, configure VLAN 400 as the voice VLAN on Switch B and configure the port to send the traffic of VLAN 400 tagged.
Page 264 Voice VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples only an IP address but also the voice VLAN and the voice server address to the IP phone. To achieve that, you should configure the core switch to use option 184 in the DHCP responses in VLAN 100 for conveying voice related information.
Page 265 Voice VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples [SwitchA] vlan 100 [SwitchA-vlan100] quit [SwitchA] vlan 200 [SwitchA-vlan200] quit # Assign GigabitEthernet 1/1/1 and Ethernet 1/1/10 to the specified VLANs according Table 2-1. [SwitchA] interface GigabitEthernet 1/1/1 [SwitchA-GigabitEthernet1/1/1] port link-type trunk [SwitchA-GigabitEthernet1/1/1] port trunk permit vlan 100 200 [SwitchA-GigabitEthernet1/1/1] quit...
Page 266 Voice VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples [SwitchB-Ethernet1/0/2] port trunk permit vlan 100 400 [SwitchB-Ethernet1/0/2] quit [SwitchB] interface GigabitEthernet1/1/2 [SwitchB-GigabitEthernet1/1/2] port link-type trunk [SwitchB-GigabitEthernet1/1/2] port trunk permit vlan 100 400 [SwitchB-GigabitEthernet1/1/2] quit # Enable voice VLAN legacy on Ethernet 1/0/2. [SwitchB] interface Ethernet 1/0/2 [SwitchB-Ethernet1/0/2] voice vlan legacy [SwitchB-Ethernet1/0/2] quit...
Page 267 Voice VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples [CoreSwitch] dhcp server ip-pool vlan100 [CoreSwitch-dhcp-pool-vlan100] network 192.168.1.0 mask 255.255.255.0 # Configure VLAN 200 as the voice VLAN and the voice server IP address as 192.168.3.3 for option 184 in the address pool vlan100. [CoreSwitch-dhcp-pool-vlan100] voice-config ncp-ip 192.168.3.3 [CoreSwitch-dhcp-pool-vlan100] voice-config voice-vlan 200 enable [CoreSwitch-dhcp-pool-vlan100] quit...
Page 268: Chapter 3 References
Voice VLAN H3C Low-End Ethernet Switches Configuration Examples Chapter 3 References Chapter 3 References 3.1 Protocols and Standards IEEE 802.1Q: Virtual Bridged Local Area Networks...
Page 269 QinQ H3C Low-End Ethernet Switches Configuration Examples Table of Contents Table of Contents Chapter 1 QinQ Overview ......................1-1 1.1 QinQ Support Matrix ......................1-1 1.1.1 Support for QinQ on the H3C Series Ethernet Switches ........1-1 1.2 Configuration Guide......................1-2 1.2.1 Configuring QinQ.....................
Page 270: Qinq Configuration Examples
QinQ H3C Low-End Ethernet Switches Configuration Examples Abstract QinQ Configuration Examples Keywords: QinQ, selective QinQ Abstract: This document introduces how to use and configure QinQ (also known as VLAN-VPN) and selective QinQ on the H3C series Ethernet switches in real network scenario. Acronyms: QinQ (802.1q in 802.1q)
Page 271: Chapter 1 Qinq Overview
QinQ H3C Low-End Ethernet Switches Configuration Examples Chapter 1 QinQ Overview Chapter 1 QinQ Overview 1.1 QinQ Support Matrix 1.1.1 Support for QinQ on the H3C Series Ethernet Switches Table 1-1 Support for QinQ on the H3C series switches Feature (right) QinQ Selective QinQ Model (below)
Page 272: Configuration Guide
QinQ H3C Low-End Ethernet Switches Configuration Examples Chapter 1 QinQ Overview 1.2 Configuration Guide Note: The configuration procedure differs by device. In this guide, the S3600 series are taken as an example. For how to configure QinQ on other models, refer to their accompanied operation manuals.
Page 273: Configuring Selective Qinq
QinQ H3C Low-End Ethernet Switches Configuration Examples Chapter 1 QinQ Overview To do… Use the command… Remarks Optional Do not set the TPID to a protocol value that may cause conflicts. Some of Set the TPID in the such values are listed in outer VLAN tag of vlan-vpn tpid value Table...
Page 274 QinQ H3C Low-End Ethernet Switches Configuration Examples Chapter 1 QinQ Overview Note: QinQ and selective QinQ cannot be enabled on any port of a device with IRF Fabric enabled.
Page 275: Chapter 2 Configuration Examples
QinQ H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples Chapter 2 Configuration Examples 2.1 QinQ Configuration Example Note: Throughout this document, customer VLANs (CVLANs), also called inner VLANs, refer to the VLANs that a user uses on the private network; and service provider network VLANs (SVLANs), also called outer VLANs, refer to the VLANs that a service provider uses to carry VLAN tagged traffic for users.
Page 276: Network Diagram
QinQ H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples 2.1.2 Network Diagram Figure 2-1 Network diagram for QinQ configuration 2.1.3 Configuration Outlines Note: The following part provides only the configuration for transmitting traffic from left to right Figure 2-1.
Page 277 QinQ H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples Assigning SVLANs 100, 101, and 102 for Customer 1 to transmit high, normal, and low priority traffic respectively. Assigning SVLANs 200, 201, 202 for Customer 2 to transmit high, normal, and low priority traffic respectively.
Page 278: Configuration Procedure
QinQ H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples For inbound traffic For outbound Inner-outer VLAN Port QinQ function traffic mappings (CVLANs to SVLAN) Ethernet Set the TPID on the Forward traffic with — 1/0/25 port to 9100 VLAN tags.
Page 279 QinQ H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples II. Configuration procedure Configure the S3600-1 # Create SVLANs 100 through 102 and SVLANs 200 through 202. <S3600-1> system-view [S3600-1] vlan 100 to 102 [S3600-1] vlan 200 to 202 # Configure Ethernet 1/0/10 as a hybrid port, and assign it to SVLANs 100 through 102 and SVLAN 500.
Page 280 QinQ H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples [S3600-1-Ethernet1/0/10] quit # Configure Ethernet 1/0/20 as a hybrid port, and assign it to SVLANs 200 through 202 and SVLAN 500. Configure SVLAN 500 as the default VLAN of Ethernet 1/0/20, and configure the port to forward the traffic of the four VLANs with their outer VLAN tag removed.
Page 281 QinQ H3C Low-End Ethernet Switches Configuration Examples Chapter 2 Configuration Examples [S3600-1-Ethernet1/0/25] port hybrid vlan 100 101 102 200 201 202 500 tagged # Configure Ethernet 1/0/25 to set its TPID to 9100. [S3600-1-Ethernet1/0/25] vlan-vpn tpid 9100 Configure S3600-2 Because the position of the S3600-2 on the network is the same as that of the S3600-1, you can configure basic QinQ and selective QinQ on the S3600-2 as you have done on the S3600-1.
Page 282: Chapter 3 Appendix
QinQ H3C Low-End Ethernet Switches Configuration Examples Chapter 3 Appendix Chapter 3 Appendix 3.1 Protocols and Standards IEEE 802.1Q Virtual Bridged Local Area Networks 3.2 Reserved Protocol Type Values Because the position of the TPID field is the same as that of the protocol type field in a VLAN untagged frame, you cannot set the TPID to any of the values in the table below.
Page 283 H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Table of Contents Table of Contents Chapter 1 ARP Attack Prevention Overview ................1-1 1.1 Introduction to ARP Attacks....................1-1 1.2 ARP Attack Prevention ...................... 1-4 1.2.1 DHCP Snooping Function ..................1-4 1.2.2 IP Static Binding ......................
Page 284 H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Abstract ARP Attack Prevention Configuration Examples Keywords: ARP, DHCP snooping Abstract: This document mainly describes how to implement ARP attack prevention in DHCP snooping mode or authentication mode on Ethernet switches, so as to prevent ARP attacks including gateway spoofing, spoofing gateway, spoofing terminal user, and ARP flood attacks.
Page 285: Chapter 1 Arp Attack Prevention Overview
H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 1 ARP Attack Prevention Overview Chapter 1 ARP Attack Prevention Overview Recently, most campus networks suffer from ARP attacks possibly causing network access problems. According to the characteristics of ARP attacks, H3C brings forth a customized module for overall protection concept and provides two solutions as follows: ARP attack prevention solution in DHCP snooping mode...
Page 286 H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 1 ARP Attack Prevention Overview Gateway Switch Gateway s MAC address has changed Attacker Host A Figure 1-1 Gateway spoofing attack Spoofing gateway attack In the following figure, an attacker sends an ARP packet with a client’s (Host A) IP address on the same network and a fake MAC address to the gateway which then updates the IP-to-MAC binding of the client.
Page 287 H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 1 ARP Attack Prevention Overview Figure 1-3 Spoofing terminal user attack MITM attack ARP man-in-the-middle attack is also called ARP bidirectional attack. As shown in Figure 1-4, Host A communicates with Host C through a switch. To intercept the traffic between Host A and Host C, an attacker (Host B) forwards invalid ARP reply messages to Host A and Host C respectively, causing the two hosts to update the MAC address corresponding to the peer IP address in their ARP tables with the MAC address of Host...
Page 288: Arp Attack Prevention
H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 1 ARP Attack Prevention Overview An attacker sends numerous ARP packets to a port of a switch, which increases the CPU load, affecting the operation of other functions and possibly causing a device to crash.
Page 289: Ip Static Binding
H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 1 ARP Attack Prevention Overview Note: Currently, after DHCP snooping is enabled on an H3C low-end Ethernet switch, all the ports on the switch are DHCP snooping untrusted ports by default. You need to specify the ports connected to the valid DHCP servers as trusted to ensure that DHCP clients can obtain valid IP addresses.
Page 290: Arp Packet Rate Limit
H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 1 ARP Attack Prevention Overview 1.2.4 ARP Packet Rate Limit H3C low-end Ethernet switches support ARP packet rate limit to shut down attacked ports temporarily to prevent damage to the CPU. After ARP packet rate limit is enabled on a port, the switch collects statistics of ARP packets received on the port.
Page 291: Configuring Arp Attack Prevention
H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 1 ARP Attack Prevention Overview 1.3 Configuring ARP Attack Prevention Table 1-2 Complete the following tasks to configure ARP attack prevention: Task To do… Use the command… Remarks — Enter system view —...
Page 292: Device Models That Supports Arp Attack Prevention
H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 1 ARP Attack Prevention Overview Task To do… Use the command… Remarks Enter Ethernet port interface interface-type — view interface-number Required Enable ARP arp rate-limit enable Disabled by packet rate limit default.
Page 293 H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 1 ARP Attack Prevention Overview Feature DHCP ARP attack IP static ARP packet snooping detection binding rate limit Device model S3600-SI (Release 1602) S3100-EI (Release 2104) S3100-52P (Release 1602) Note: For detailed information about ARP attack prevention supported by a switch model, refer to its operation manual.
Page 294: Chapter 2 Configuration Examples
H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples Chapter 2 Configuration Examples 2.1 Configuration Example for ARP Attack Prevention in DHCP Snooping Mode 2.1.1 Network Requirements In a campus network as shown in the following figure, hosts are connected to the gateway and DHCP server through access switches and obtain IP addresses dynamically.
Page 295: Configuration Considerations
H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples 2.1.2 Network Diagram DHCP server IP network Eth1/0/3 Vlan-int 10 Vlan-int 20 192.168.0.1/24 192.168.1.1/24 Eth1/0/1 Eth1/0/2 Gateway VLAN10 VLAN20 Swtich B Host area1 Switch A Host area2 Eth1/0/1 Eth1/0/1 Eth1/0/4...
Page 296 H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples II. Enable dynamic IP address allocation Figure 2-2 Enable dynamic IP address allocation III. Configure Switch A # Create VLAN 10 and add Ethernet 1/0/1 through Ethernet 1/0/4 to VLAN 10. <SwitchA>...
Page 297 H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples [SwitchA] interface Ethernet1/0/4 [SwitchA-Ethernet1/0/4] ip source static binding ip-address 192.168.0.10 mac-address 000d-85c7-4e00 [SwitchA-Ethernet1/0/4] quit # Configure the uplink port on Switch A (Ethernet 1/0/1) as an ARP trusted port. [SwitchA] interface ethernet1/0/1 [SwitchA-Ethernet1/0/1] arp detection trust [SwitchA-Ethernet1/0/1] quit...
Page 298 H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples [SwitchB] dhcp-snooping # Configure the uplink port on Switch B (Ethernet 1/0/1) as an ARP trusted port. [SwitchB] interface ethernet1/0/1 [SwitchB-Ethernet1/0/1] arp detection trust [SwitchB-Ethernet1/0/1] quit # Enable ARP attack detection on all the ports in VLAN 20. [SwitchB] vlan 20 [SwitchB-vlan20] arp detection enable [SwitchB-vlan20] quit...
Page 299: Configuration Guidelines
H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples [Gateway] interface vlan 10 [Gateway-Vlan-interface10] ip address 192.168.0.1 24 [Gateway-Vlan-interface10] quit # Configure the IP address of VLAN-interface 20 as 192.168.1.1/24. [Gateway] interface vlan 20 [Gateway-Vlan-interface20] ip address 192.168.1.1 24 [Gateway-Vlan-interface20] quit VI.
Page 300: Configuration Example For Arp Attack Prevention In Authentication Mode
H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples You can configure an uplink port on a switch as trusted or untrusted to flexibly implement ARP attack detection for ARP requests and replies received on the port. The ARP packets received from an ARP trusted port are not detected, while the ARP packets received from other ports are detected based on the DHCP snooping table and IP static bindings.
Page 301: Network Diagram
H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples 2.2.2 Network Diagram Figure 2-3 Network diagram for ARP attack prevention in authentication mode 2.2.3 Configuration Considerations Install 802.1x client software on the hosts so that the hosts need to pass 802.1x authentications before accessing the network.
Page 302 H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples # Set the RADIUS authentication key to expert. [SwitchA-radius-cams] key authentication expert # Specify usernames sent to the RADIUS server to exclude the domain name. [SwitchA-radius-cams] user-name-format without-domain # Specify the service type as extended.
Page 303 H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples [SwitchB-radius-cams] key authentication expert # Specify usernames sent to the RADIUS server to exclude the domain name. [SwitchB-radius-cams] user-name-format without-domain # Specify the service type as extended. [SwitchB-radius-cams] server-type extended [SwitchB-radius-cams] quit # Create ISP domain host and reference RADIUS scheme cams.
Page 304 H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples [Gateway-Vlan-interface10] ip address 192.168.0.1 24 [Gateway-Vlan-interface10] quit # Configure the IP address of VLAN-interface 20 as 192.168.1.1/24. [Gateway] interface vlan 20 [Gateway-Vlan-interface20] ip address 192.168.1.1 24 [Gateway-Vlan-interface20] quit IV.
Page 305 H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples Figure 2-5 Add Service page Click OK. Add a user account (Host) Log in the CAMS server configuration platform, and then select User Management > Account User from the navigation tree to enter the Account Management page, as shown in the following figure.
Page 306 H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples Figure 2-7 Add Account page Click OK. Configure an access device Log in the CAMS server configuration platform, and then select System Management > System Configuration from the navigation tree to enter the System Configuration page, as shown in the following figure.
Page 307 H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples Enter the required information such as IP address and shared key for the access device, as shown in the following figure. Figure 2-9 Add Access Device page Click OK and the following dialog box appears.
Page 308 H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples Configure the gateway Log in the CAMS server configuration platform, and then select System Management > System Configuration from the navigation tree to enter the System Configuration page, as shown in the following figure.
Page 309 H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples Figure 2-14 Wizard page Select 802.1x protocol Click Next. 2-16...
Page 310 H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples Figure 2-15 Select 802.1x Select Common connection, and then click Next. Figure 2-16 Select Common connection 2-17...
Page 311 H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples Specify the username and password Click Next. Figure 2-17 Specify the username and password Set the connection property Click Next. 2-18...
Page 312 H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples Figure 2-18 Set the connection property Complete the creation of the connection Figure 2-19 Complete connection creation 2-19...
Page 313: Configuration Guidelines
H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention Chapter 2 Configuration Examples Start the connection Figure 2-20 Start the connection 2.2.5 Configuration Guidelines If there are many user network segments, information about gateways configured on the CAMS server may not be completely received by an access switch, because the total number of configured gateways exceeds the upper limit supported by the switch.

This manual is also suitable for:

Ls-5100-24p-ei-ovs Ls-5100-8p-pwr-ei-ovs Ls-5100-8p-si-ovs-h3 Ls-5100-50c-ei-ovs Ls-s3100-16c-si-dc-ovs Ls-s3100-26c-si-dc-ovs ... Show all