Page of 1207
Download Print This PagePrint Bookmark

HP 4500G Family Configuration Manual

Switch 4500g family.
Hide thumbs
   
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990
3Com Switch 4500G Family
Switch 4500G 24-Port
Switch 4500G 48-Port
Switch 4500G PWR 24-Port
Switch 4500G PWR 48-Port
Product Version:
V05.02.00
6W101-20100310
www.3com.com
3Com Corporation
350 Campus Drive, Marlborough,
MA, USA 01752 3064

Advertising

   Related Manuals for HP 4500G Family

   Summary of Contents for HP 4500G Family

  • Page 1: Configuration Guide

    3Com Switch 4500G Family Configuration Guide Switch 4500G 24-Port Switch 4500G 48-Port Switch 4500G PWR 24-Port Switch 4500G PWR 48-Port Product Version: V05.02.00 Manual Version: 6W101-20100310 www.3com.com 3Com Corporation 350 Campus Drive, Marlborough, MA, USA 01752 3064...

  • Page 2

    Copyright © 2009-2010, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation. 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.

  • Page 3: About This Manual

    About This Manual Organization 3Com Switch 4500G Family Configuration Guide is organized as follows: Volume Features 00-Product Product Overview Acronyms Overview Ethernet Link Ethernet Port Port Isolation MSTP Aggregation 01-Access Volume LLDP VLAN GVRP QinQ BPDU Tunneling Mirroring IP Addressing...

  • Page 4

    Conventions The manual uses the following conventions: Command conventions Convention Description Boldface The keywords of a command line are in Boldface. italic Command arguments are in italic. Items (keywords or arguments) in square brackets [ ] are optional. Alternative items are grouped in braces and separated by vertical bars. { x | y | ...

  • Page 5

    3Com Switch 4500G Family Getting This guide provides all the information you need to install Started Guide and use the 3Com Switch 4500G Family. Obtaining Documentation You can access the most up-to-date 3Com product documentation on the World Wide Web at this URL:...

  • Page 6: Table Of Contents

    Table of Contents 1 Correspondence between Documentation and Software······································································1-1 2 Product Features ·······································································································································2-1 Introduction to Product ····························································································································2-1 Feature Lists ···········································································································································2-1 3 Features······················································································································································3-1 Access Volume ·······································································································································3-1 IP Services Volume·································································································································3-3 IP Routing Volume ··································································································································3-4 Multicast Volume·····································································································································3-5 QoS Volume············································································································································3-5 Security Volume ······································································································································3-6 High Availability Volume··························································································································3-7 System Volume ·······································································································································3-8...

  • Page 7

    Correspondence between Documentation and Software 3Com Switch 4500G Family Configuration Guide-V05.02.00 and 3Com Switch 4500G Family Command Reference Guide-V05.02.00 are for the software version V05.02.00 and V05.02.00P19 of the 3Com switch 4500G. The supported features are different between these software versions. For details, refer to Table 1-1.

  • Page 8

    Software Added and Modified Features Compared With Manual Version The Earlier Version Modified 06-Security Volume/ 12-ARP arp detection mode command features Attack Protection Deleted — — features V05.02.00 — — —...

  • Page 9: Product Features, Introduction To Product, Feature Lists

    Product Features Introduction to Product 3Com Switches 4500G are Gigabit Ethernet switching products which have abundant service features. They are designed as distribution and access devices for intranets and metropolitan area networks (MANs). They can also be used for connecting server groups in data centers. Feature Lists 3Com Switches 4500G support abundant features and the related documents are divided into the volumes as listed in...

  • Page 10

    Volume Features Basic System Device File System Login Configuration Management Management MAC Address HTTP SNMP RMON Table System 08-System Information Maintaining and Hotfix Volume Center Debugging Cluster Stack Management Management Automatic Configuration...

  • Page 11: Access Volume

    Features The following sections provide an overview of the main features of each module supported by the 3Com Switch 4500G. Access Volume Table 3-1 Features in Access volume Features Description This document describes: Combo Port Configuration Basic Ethernet Interface Configuration Configuring Flow Control on an Ethernet Interface Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface...

  • Page 12

    Features Description LLDP enables a device to maintain and manage its own and its immediate neighbor’s device information, based on which the network management system detects and determines the conditions of the communications links. This document describes: LLDP Introduction to LLDP Performing Basic LLDP Configuration Configuring CDP Compatibility Configuring LLDP Trapping...

  • Page 13: Ip Services Volume

    IP Services Volume Table 3-2 Features in the IP Services volume Features Description An IP address is a 32-bit address allocated to a network interface on a device that is attached to the Internet. This document describes: IP Address Introduction to IP addresses IP address configuration Address Resolution Protocol (ARP) is used to resolve an IP address into a data link layer address.

  • Page 14: Ip Routing Volume

    Features Description A network node that supports both IPv4 and IPv6 is called a dual stack node. A dual stack node configured with an IPv4 address and an IPv6 address can have both IPv4 and IPv6 packets transmitted. This document Dual Stack describes: Dual stack overview...

  • Page 15: Qos Volume, Multicast Volume

    Multicast Volume Table 3-4 Features in Multicast volume Features Description This document describes the main concepts in multicast: Introduction to Multicast Multicast Overview Multicast Models Multicast Architecture Multicast Packets Forwarding Mechanism Running at the data link layer, IGMP Snooping is a multicast control mechanism on the Layer 2 Ethernet switch and it is used for multicast group management and control.

  • Page 16: Security Volume

    Security Volume Table 3-6 Features in the Security volume Features Description Authentication, Authorization and Accounting (AAA) provide a uniform framework used for configuring these three security functions to implement the network security management. This document describes: Introduction to AAA, RADIUS and HWTACACS AAA configuration RADIUS configuration HWTACACS configuration...

  • Page 17: High Availability Volume

    Features Description Secure Sockets Layer (SSL) is a security protocol providing secure connection service for TCP-based application layer protocols, this document describes SSL related configuration. Public Key This document describes Public Key Configuration. Configuration An ACL is used for identifying traffic based on a series of preset matching criteria.

  • Page 18: System Volume

    Features Description In the use of fibers, link errors, namely unidirectional links, are likely to occur. DLDP is designed to detect such errors. This document describes: DLDP Introduction Enabling DLDP Setting DLDP Mode DLDP Setting the Interval for Sending Advertisement Packets Setting the DelayDown Timer Setting the Port Shutdown Mode Configuring DLDP Authentication...

  • Page 19

    Features Description Basic system configuration involves the configuration of device name, system clock, welcome message, user privilege levels and so on. This document describes: Basic System Configuration Configuration display Basic configurations CLI features Through the device management function, you can view the current condition of your device and configure running parameters.

  • Page 20

    Features Description For the majority of protocols and features supported, the system provides corresponding debugging information to help users diagnose errors. This System Maintenance document describes: and Debugging Maintenance and debugging overview Maintenance and debugging configuration As the system information hub, Information Center classifies and manages all types of system information.

  • Page 21

    Features Description Network Time Protocol (NTP) is the TCP/IP that advertises the accurate time throughout the network. This document describes: NTP overview Configuring the Operation Modes of NTP Configuring Optional Parameters of NTP Configuring Access-Control Rights Configuring NTP Authentication A cluster is a group of network devices. Cluster management is to implement management of large numbers of distributed network devices.

  • Page 22

    Appendix A Acronyms # A B C D E F G H I K L M N O P Q R S T U V W X Z Acronyms Full spelling Return 10GE Ten-GigabitEthernet Return Authentication, Authorization and Accounting Activity Based Costing Area Border Router Alternating Current ACKnowledgement...

  • Page 23

    Acronyms Full spelling Border Gateway Protocol BIMS Branch Intelligent Management System BOOTP Bootstrap Protocol BPDU Bridge Protocol Data Unit Basic Rate Interface Bootstrap Router BitTorrent Burst Tolerance Return Call Appearance Certificate Authority Committed Access Rate Committed Burst Size Class Based Queuing Constant Bit Rate Core-Based Tree International Telephone and Telegraph Consultative...

  • Page 24

    Acronyms Full spelling Connectivity Verification Return Deeper Application Recognition Data Circuit-terminal Equipment Database Description Digital Data Network DHCP Dynamic Host Configuration Protocol Designated IS DLCI Data Link Connection Identifier DLDP Device Link Detection Protocol Domain Name System Downstream on Demand Denial of Service Designated Router DSCP...

  • Page 25

    Acronyms Full spelling Forward Defect Indication Forwarding Equivalence Class Fast Failure Detection Forwarding Group Forwarding information base FIFO First In First Out FQDN Full Qualified Domain Name Frame Relay Fast ReRoute FRTT Fairness Round Trip Time Functional Test File Transfer Protocol Return GARP Generic Attribute Registration Protocol...

  • Page 26

    Acronyms Full spelling International Business Machines ICMP Internet Control Message Protocol ICMPv6 Internet Control Message Protocol for IPv6 IDentification/IDentity IEEE Institute of Electrical and Electronics Engineers IETF Internet Engineering Task Force IGMP Internet Group Management Protocol IGMP-Snooping Internet Group Management Protocol Snooping Interior Gateway Protocol Incoming Label Map Internet Locator Service...

  • Page 27

    Acronyms Full spelling LACPDU Link Aggregation Control Protocol Data Unit Local Area Network Link Control Protocol LDAP Lightweight Directory Access Protocol Label Distribution Protocol Label Edge Router LFIB Label Forwarding Information Base Label Information Base Link Layer Control LLDP Link Layer Discovery Protocol Loss of continuity Call Logging Line Rate...

  • Page 28

    Acronyms Full spelling MLD-Snooping Multicast Listener Discovery Snooping Meet-Me Conference MODEM MOdulator-DEModulator Multilink PPP MP-BGP Multiprotocol extensions for BGP-4 Middle-level PE MP-group Multilink Point to Point Protocol group MPLS Multiprotocol Label Switching MPLSFW Multi-protocol Label Switch Forward Multicast Port Management Mobile Switching Center MSDP Multicast Source Discovery Protocol...

  • Page 29

    Acronyms Full spelling NPDU Network Protocol Data Unit Network Provider Edge Network Quality Analyzer NSAP Network Service Access Point NetStream Collector N-SEL NSAP Selector NSSA Not-So-Stubby Area NTDP Neighbor Topology Discovery Protocol Network Time Protocol Return Operation Administration and Maintenance OAMPDU OAM Protocol Data Units OC-3...

  • Page 30

    Acronyms Full spelling Point Of Presence Packet Over SDH Point-to-Point Protocol PPTP Point to Point Tunneling Protocol PPVPN Provider-provisioned Virtual Private Network Priority Queuing Primary Reference Clock Primary Rate Interface Protection Switching Power Sourcing Equipment PSNP Partial SNP Permanent Virtual Channel Pseudo wires Return QACL...

  • Page 31

    Acronyms Full spelling Rendezvous Point Tree RRPP Rapid Ring Protection Protocol Reservation State Block RSOH Regenerator Section Overhead RSTP Rapid Spanning Tree Protocol RSVP Resource ReserVation Protocol RTCP Real-time Transport Control Protocol Route Table Entry Real-time Transport Protocol Real-time Transport Protocol Return Source Active Subnetwork Bandwidth Management...

  • Page 32

    Acronyms Full spelling Shortest Path Tree Secure Shell Synchronization Status Marker Source-Specific Multicast Shared Tree STM-1 SDH Transport Module -1 STM-16 SDH Transport Module -16 STM-16c SDH Transport Module -16c STM-4c SDH Transport Module -4c Spanning Tree Protocol Signalling Virtual Connection Switch-MDT Switch-Multicast Distribution Tree Return...

  • Page 33

    Acronyms Full spelling Virtual Channel Identifier Virtual Ethernet Virtual File System VLAN Virtual Local Area Network Virtual Leased Lines Video On Demand VoIP Voice over IP Virtual Operate System VPDN Virtual Private Dial-up Network VPDN Virtual Private Data Network Virtual Path Identifier VPLS Virtual Private Local Switch Virtual Private Network...

  • Page 34: Manual Version

    Access Volume Organization Manual Version 6W101-20100310 Product Version V05.02.00 Organization The Access Volume is organized as follows: Features Description This document describes: Combo Port Configuration Basic Ethernet Interface Configuration Configuring an Auto-negotiation Transmission Rate Configuring Flow Control on an Ethernet Interface Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface Configuring Loopback Testing on an Ethernet Interface...

  • Page 35

    Features Description MSTP is used to eliminate loops in a LAN. It is compatible with STP and RSTP. This document describes: MSTP Introduction to MSTP Configuring MSTP LLDP enables a device to maintain and manage its own and its immediate neighbor’s device information, based on which the network management system detects and determines the conditions of the communications links.

  • Page 36

    Features Description Port mirroring copies packets passing through a port to another port connected with a monitoring device for packet analysis to help implement network monitoring and troubleshooting. Traffic mirroring is implemented by a QoS policy, which defines certain match criteria to match the packets to be mirrored and defines the action of mirroring such packets to the specified destination.

  • Page 37: Table Of Contents

    Table of Contents 1 Ethernet Port Configuration ·····················································································································1-1 Ethernet Port Configuration ····················································································································1-1 Combo Port Configuration ···············································································································1-1 Basic Ethernet Port Configuration ···································································································1-1 Configuring an Auto-negotiation Transmission Rate·······································································1-2 Configuring Flow Control on an Ethernet Port ················································································1-3 Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Port················1-4 Configuring Loopback Testing on an Ethernet Port ········································································1-4 Configuring a Port Group·················································································································1-5 Configuring Storm Suppression ······································································································1-5...

  • Page 38: Ethernet Port Configuration

    Ethernet Port Configuration Ethernet Port Configuration Combo Port Configuration Introduction to Combo port A Combo port can operate as either an optical port or an electrical port. Inside the device there is only one forwarding port. For a Combo port, the electrical port and the corresponding optical port are TX-SFP multiplexed.

  • Page 39: Configuring An Auto-negotiation Transmission Rate

    Similarly, if you configure the transmission rate for an Ethernet port by using the speed command with the auto keyword specified, the transmission rate is determined through auto-negotiation too. For a Gigabit Ethernet port, you can specify the transmission rate by its auto-negotiation capacity. For details, refer to Configuring an Auto-negotiation Transmission Rate.

  • Page 40: Configuring Flow Control On An Ethernet Port

    Figure 1-1 An application diagram of auto-negotiation transmission rate As shown in Figure 1-1, the network card transmission rate of the server group (Server 1, Server 2, and Server 3) is 1000 Mbps, and the transmission rate of GigabitEthernet 1/0/4, which provides access to the external network for the server group, is 1000 Mbps too.

  • Page 41: Configuring The Suppression Time Of Physical-link-state Change On An Ethernet Port

    Follow these steps to enable flow control on an Ethernet port: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet port view — interface-number Required Enable flow control flow-control Disabled by default Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Port An Ethernet port operates in one of the two physical link states: up or down.

  • Page 42: Configuring A Port Group, Configuring Storm Suppression

    To do… Use the command… Remarks Optional Enable loopback testing loopback { external | internal } Disabled by default. As for the internal loopback test and external loopback test, if a port is down (port state shown as DOWN), only the former is available on it; if the port is shut down (port state shown as ADM or Administratively DOWN), both are unavailable.

  • Page 43: Setting The Interval For Collecting Ethernet Port Statistics

    The storm suppression ratio settings configured for an Ethernet port may get invalid if you enable the storm constrain for the port. For information about the storm constrain function, see Configuring the Storm Constrain Function on an Ethernet Follow these steps to set storm suppression ratios for one or multiple Ethernet ports: To do…...

  • Page 44: Enabling Forwarding Of Jumbo Frames, Enabling Loopback Detection On An Ethernet Port

    To do… Use the command… Remarks Optional Set the interval for collecting By default, the interval for flow-interval interval statistics on the Ethernet port collecting port statistics is 300 seconds. Enabling Forwarding of Jumbo Frames Due to tremendous amount of traffic occurring on an Ethernet port, it is likely that some frames greater than the standard Ethernet frame size are received.

  • Page 45: Configuring The Mdi Mode For An Ethernet Port

    To do… Use the command… Remarks Enter system view system-view — Required Enable global loopback loopback-detection enable detection Disabled by default Optional Configure the interval for port loopback-detection loopback detection interval-time time 30 seconds by default interface interface-type Enter Ethernet port view —...

  • Page 46: Testing The Cable On An Ethernet Port

    3 and pin 6 are used for transmitting signals. To enable normal communication, you should connect the local transmit pins to the remote receive pins. Therefore, you should configure the MDI mode depending on the cable types. Normally, the auto mode is recommended. The other two modes are useful only when the device cannot determine the cable type.

  • Page 47

    and takes corresponding actions (that is, blocking or shutting down the port and sending trap messages and logs) when the traffic detected exceeds the threshold. Alternatively, you can configure the storm suppression function to control a specific type of traffic. As the function and the storm constrain function are mutually exclusive, do not enable them at the same time on an Ethernet port.

  • Page 48: Displaying And Maintaining An Ethernet Port

    To do… Use the command… Remarks Optional Specify to send log when the By default, the system sends traffic detected exceeds the log when the traffic detected upper threshold or drops down storm-constrain enable log exceeds the upper threshold or below the lower threshold from drops down below the lower a point higher than the upper...

  • Page 49

    To do… Use the command… Remarks Display the information about a display port-group manual manual port group or all the Available in any view [ all | name port-group-name ] port groups Display the information about display loopback-detection Available in any view the loopback function display storm-constrain Display the information about...

  • Page 50: Table Of Contents

    Table of Contents 1 Ethernet Link Aggregation Configuration·······························································································1-1 Overview ·················································································································································1-1 Basic Concepts································································································································1-2 Aggregating Links in Static Mode····································································································1-5 Aggregating Links in Dynamic Mode·······························································································1-7 Load Sharing Criteria for Link Aggregation Groups ········································································1-8 Ethernet Link Aggregation Configuration Task List ················································································1-9 Configuring an Aggregation Group ·········································································································1-9 Configuration Guidelines ·················································································································1-9 Configuring a Static Aggregation Group························································································1-10 Configuring a Dynamic Aggregation Group···················································································1-10...

  • Page 51: Ethernet Link Aggregation Configuration

    Ethernet Link Aggregation Configuration When configuring Ethernet link aggregation, go to these sections for information you are interested in: Overview Ethernet Link Aggregation Configuration Task List Configuring an Aggregation Group Configuring an Aggregate Interface Configuring Load Sharing for Link Aggregation Groups Displaying and Maintaining Ethernet Link Aggregation Ethernet Link Aggregation Configuration Examples The extended LACP function is added in V05.02.00P19 on the 3Com Switch 4500G.

  • Page 52

    Basic Concepts Aggregation group, member port, aggregate interface Link aggregation is implemented through link aggregation groups. An aggregation group is a group of Ethernet interfaces aggregated together. For each aggregation group, a logical interface, called an aggregate interface is created. To an upper layer entity that uses the link aggregation service, a link aggregation group looks like a single logical link and data traffic is transmitted through the aggregate interface.

  • Page 53

    Table 1-1 Class-two configurations Item Considerations Port isolation Whether the port has joined an isolation group QinQ enable state (enable/disable), TPID for VLAN tags, outer VLAN QinQ tags to be added, inner-to-outer VLAN priority mappings, inner-to-outer VLAN tag mappings, inner VLAN ID substitution mappings Permitted VLAN IDs, default VLAN, link type (trunk, hybrid, or access), IP VLAN subnet-based VLAN configuration, protocol-based VLAN configuration,...

  • Page 54

    Table 1-2 Basic and extended LACP functions Category Description Implemented through the basic LACPDU fields including the system LACP priority, system MAC address, port LACP priority, port number, and operational key. Each member port in a LACP-enabled aggregation group exchanges the Basic LACP functions above information with its peer.

  • Page 55: Aggregating Links In Static Mode

    Currently, the 3Com Switch 4500G family support returning Marker Response PDUs only after dynamic link aggregation member ports receive Marker PDUs. Link aggregation modes There are two link aggregation modes: dynamic and static.

  • Page 56

    Selecting a reference port The system selects a reference port from the member ports that are in the up state and have the same class-two configurations as the aggregate interface. The candidate ports are sorted by duplex and speed in this order: full duplex/high speed, full duplex/low speed, half duplex/high speed, and half duplex/low speed.

  • Page 57: Aggregating Links In Dynamic Mode

    Because any port attribute or class-two configuration change on a member port may cause the aggregation state of the port and other member ports to change and thus affect services, you are recommended to do that with caution. A port that joins the static aggregation group after the selected port limit has been reached will not be placed in the selected state even if it should be in normal cases.

  • Page 58: Load Sharing Criteria For Link Aggregation Groups

    Figure 1-3 Set the state of a member port in a dynamic aggregation group Set the aggregation state of a member port Is there any hardware restriction? Is the port up? Port attribute/class-two configurations same as the reference port? Port attribute/class-two configurations same as the peer port of the reference port? More candidate ports than...

  • Page 59: Ethernet Link Aggregation Configuration Task List, Configuring An Aggregation Group, Configuration Guidelines

    MAC addresses carried in packets IP addresses carried in packets Port numbers carried in packets Ethernet Link Aggregation Configuration Task List Complete the following tasks to configure Ethernet link aggregation: Task Remarks Configuring an Configuring a Static Aggregation Group Aggregation Select either task Configuring a Dynamic Aggregation Group Group...

  • Page 60: Configuring A Static Aggregation Group, Configuring A Dynamic Aggregation Group

    Configuring a Static Aggregation Group To guarantee a successful static aggregation, ensure that the ports at both ends of each link are in the same aggregation state. Follow these steps to configure a static aggregation group: To do... Use the command... Remarks Enter system view system-view...

  • Page 61: Configuring An Aggregate Interface, Configuring The Description Of An Aggregate Interface

    To do... Use the command... Remarks Required When you create a Layer 2 Create a Layer 2 aggregate interface bridge-aggregation aggregate interface, the system interface and enter the Layer 2 interface-number automatically creates a Layer 2 aggregate interface view static aggregation group numbered the same.

  • Page 62: Enabling Link State Trapping For An Aggregate Interface, Shutting Down An Aggregate Interface

    Enabling Link State Trapping for an Aggregate Interface With the link state trapping function enabled, an aggregate interface generates linkUp trap messages when its link goes up and linkDown trap messages when its link goes down. For more information, refer to SNMP Configuration in the System Volume.

  • Page 63

    You can configure global or group-specific load sharing criteria. A link aggregation group preferentially uses the group-specific load sharing criteria. If no group-specific load sharing criteria is available, it uses the global load sharing criteria. Configuring the global link-aggregation load sharing criteria Follow these steps to configure the global link-aggregation load sharing criteria: To do...

  • Page 64: Displaying And Maintaining Ethernet Link Aggregation, Ethernet Link Aggregation Configuration Examples

    Currently, when you configure the load sharing criterion or criteria for a link aggregation group, the switch supports the following criteria: Use a source IP address alone. Use a destination IP address alone. Use a source MAC address alone. Use or a destination MAC address alone. Combine a source IP address and a destination IP address.

  • Page 65: Static Aggregation Configuration Example

    Static Aggregation Configuration Example Network requirements As shown in Figure 1-4: Device A and Device B are connected through their respective Layer 2 Ethernet interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3. Configure a Layer 2 static link aggregation group on Device A and Device B respectively , enable VLAN 10 at one end of the aggregate link to communicate with VLAN 10 at the other end, and VLAN 20 at one end to communicate with VLAN 20 at the other end.

  • Page 66

    [DeviceA-gigabitethernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-gigabitethernet1/0/2] port link-aggregation group 1 [DeviceA-gigabitethernet1/0/2] quit [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-gigabitethernet1/0/3] port link-aggregation group 1 [DeviceA-gigabitethernet1/0/3] quit # Configure Layer 2 aggregate interface 1 as a trunk port and assign it to VLANs 10 and 20. This configuration automatically propagates to all the member ports in link aggregation group 1.

  • Page 67: Dynamic Aggregation Configuration Example

    [DeviceA] display link-aggregation load-sharing mode Link-Aggregation Load-Sharing Mode: destination-mac address, source-mac address The output shows that all link aggregation groups created on the device perform load sharing based on source and destination MAC addresses. Dynamic Aggregation Configuration Example Network requirements As shown in Figure 1-5: Device A and Device B are connected through their respective Layer 2 Ethernet interfaces...

  • Page 68

    [DeviceA-Bridge-Aggregation1] link-aggregation mode dynamic [DeviceA-Bridge-Aggregation1] quit # Assign ports GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to link aggregation group 1. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-gigabitethernet1/0/1] port link-aggregation group 1 [DeviceA-gigabitethernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-gigabitethernet1/0/2] port link-aggregation group 1 [DeviceA-gigabitethernet1/0/2] quit [DeviceA] interface gigabitethernet 1/0/3 [DeviceA-gigabitethernet1/0/3] port link-aggregation group 1 [DeviceA-gigabitethernet1/0/3] quit...

  • Page 69: Aggregation Load Sharing Configuration Example

    ------------------------------------------------------------------------------- BAGG1 0x8000, 000f-e2ff-0002 Shar The output shows that link aggregation group 1 is a load sharing Layer 2 dynamic aggregation group and it contains three selected ports. # Display the global link-aggregation load sharing criteria on Device A. [DeviceA] display link-aggregation load-sharing mode Link-Aggregation Load-Sharing Mode: destination-mac address, source-mac address The output shows that all link aggregation groups created on the device perform load sharing based on...

  • Page 70

    # Create VLAN 20, and assign port GigabitEthernet1/0/6 to VLAN 20. [DeviceA] vlan 20 [DeviceA-vlan20] port gigabitEthernet 1/0/6 [DeviceA-vlan20] quit # Create Layer 2 aggregate interface 1, and configure the load sharing criterion for the link aggregation group as the source MAC addresses of packets. [DeviceA] interface bridge-aggregation 1 [DeviceA-Bridge-Aggregation1] link-aggregation load-sharing mode source-mac [DeviceA-Bridge-Aggregation1] quit...

  • Page 71

    This configuration automatically propagates to all the member ports in link aggregation group 2. [DeviceA] interface bridge-aggregation 2 [DeviceA-Bridge-Aggregation2] port link-type trunk [DeviceA-Bridge-Aggregation2] port trunk permit vlan 10 20 Please wait... Done. Configuring GigabitEthernet1/0/3... Done. Configuring GigabitEthernet1/0/4... Done. [DeviceA-Bridge-Aggregation2] quit Configure Device B Configure Device B as you configure Device A.

  • Page 72: Table Of Contents

    Table of Contents 1 Port Isolation Configuration ·····················································································································1-1 Introduction to Port Isolation ···················································································································1-1 Configuring the Isolation Group ··············································································································1-1 Assigning a Port to the Isolation Group···························································································1-1 Displaying and Maintaining Isolation Groups··························································································1-2 Port Isolation Configuration Example······································································································1-2...

  • Page 73: Port Isolation Configuration, Introduction To Port Isolation, Configuring The Isolation Group

    VLAN, allowing for great flexibility and security. Currently: 3Com Switch 4500G family support only one isolation group that is created automatically by the system as isolation group 1. You can neither remove the isolation group nor create other isolation groups on such devices.

  • Page 74: Port Isolation Configuration Example, Displaying And Maintaining Isolation Groups

    Displaying and Maintaining Isolation Groups To do… Use the command… Remarks Display the isolation group display port-isolate group Available in any view information Port Isolation Configuration Example Network requirements Users Host A, Host B, and Host C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 of Device.

  • Page 75

    Uplink port support: NO Group ID: 1 Group members: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3...

  • Page 76: Table Of Contents

    Table of Contents 1 MSTP Configuration ··································································································································1-1 Overview ·················································································································································1-1 Introduction to STP ·································································································································1-1 Why STP ·········································································································································1-1 Protocol Packets of STP··················································································································1-2 Basic Concepts in STP····················································································································1-2 How STP works ·······························································································································1-3 Introduction to RSTP·······························································································································1-9 Introduction to MSTP ····························································································································1-10 Why MSTP ····································································································································1-10 Basic Concepts in MSTP···············································································································1-11 How MSTP Works ·························································································································1-14 Implementation of MSTP on Devices ····························································································1-15 Protocols and Standards ···············································································································1-15...

  • Page 77: Mstp Configuration, Introduction To Stp, Why Stp

    MSTP Configuration BPDU dropping is added in V05.02.00P19 on the 3Com Switch 4500G. For details, please refer to Enabling BPDU Dropping. When configuring MSTP, go to these sections for information you are interested in: Overview Introduction to STP Introduction to RSTP Introduction to MSTP MSTP Configuration Task List Configuring MSTP...

  • Page 78: Protocol Packets Of Stp, Basic Concepts In Stp

    Protocol Packets of STP STP uses bridge protocol data units (BPDUs), also known as configuration messages, as its protocol packets. STP-enabled network devices exchange BPDUs to establish a spanning tree. BPDUs contain sufficient information for the network devices to complete spanning tree calculation. In STP, BPDUs come in two types: Configuration BPDUs, used for calculating a spanning tree and maintaining the spanning tree topology.

  • Page 79: How Stp Works

    Figure 1-1 A schematic diagram of designated bridges and designated ports All the ports on the root bridge are designated ports. Path cost Path cost is a reference value used for link selection in STP. By calculating path costs, STP selects relatively robust links and blocks redundant links, and finally prunes the network into a loop-free tree.

  • Page 80

    For simplicity, the descriptions and examples below involve only four fields of configuration BPDUs: Root bridge ID (represented by device priority) Root path cost (related to the rate of the link connecting the port) Designated bridge ID (represented by device priority) Designated port ID (represented by port name) Calculation process of the STP algorithm Initial state...

  • Page 81

    Initially, each STP-enabled device on the network assumes itself to be the root bridge, with the root bridge ID being its own device ID. By exchanging configuration BPDUs, the devices compare their root bridge IDs to elect the device with the smallest root bridge ID as the root bridge. Selection of the root port and designated ports on a non-root device Table 1-3 describes the process of selecting the root port and designated ports.

  • Page 82

    Figure 1-2 Network diagram for the STP algorithm Device A With priority 0 Device B With priority 1 Device C With priority 2 Initial state of each device Table 1-4 shows the initial state of each device. Table 1-4 Initial state of each device Device Port name BPDU of port...

  • Page 83

    BPDU of port Device Comparison process after comparison Port BP1 receives the configuration BPDU of Device A {0, 0, 0, AP1}. Device B finds that the received configuration BPDU is superior to the configuration BPDU of the local port {1, 0, 1, BP1}, and updates the configuration BPDU of BP1.

  • Page 84

    BPDU of port Device Comparison process after comparison After comparison: Because the root path cost of CP2 (9) (root path cost of the BPDU (5) plus path cost corresponding to CP2 (4)) is smaller than the root path cost of CP1 (10) (root path cost of the BPDU (0) + path cost corresponding to CP2 (10)), the BPDU Blocked port CP2: of CP2 is elected as the optimum BPDU, and CP2 is elected...

  • Page 85: Introduction To Rstp

    If a path becomes faulty, the root port on this path will no longer receive new configuration BPDUs and the old configuration BPDUs will be discarded due to timeout. In this case, the device will generate a configuration BPDU with itself as the root and send out the BPDUs and TCN BPDUs. This triggers a new spanning tree calculation process to establish a new path to restore the network connectivity.

  • Page 86: Introduction To Mstp, Why Mstp

    Introduction to MSTP Why MSTP Weaknesses of STP and RSTP STP does not support rapid state transition of ports. A newly elected root port or designated port must wait twice the forward delay time before transiting to the forwarding state, even if it is a port on a point-to-point link or an edge port, which directly connects to a user terminal rather than to another device or a shared LAN segment.

  • Page 87: Basic Concepts In Mstp

    Basic Concepts in MSTP Figure 1-4 Basic concepts in MSTP Region A0 VLAN 1 mapped to instance 1 VLAN 2 mapped to instance 2 Other VLANs mapped to CIST BPDU BPDU Region D0 BPDU Region B0 VLAN 1 mapped to instance 1, VLAN 1 mapped to instance 1 B as regional root bridge VLAN 2 mapped to instance 2...

  • Page 88

    VLAN-to-instance mapping table As an attribute of an MST region, the VLAN-to-instance mapping table describes the mapping relationships between VLANs and MSTIs. In Figure 1-4, for example, the VLAN-to-instance mapping table of region A0 is as follows: VLAN 1 is mapped to MSTI 1, VLAN 2 to MSTI 2, and the rest to CIST. MSTP achieves load balancing by means of the VLAN-to-instance mapping table.

  • Page 89

    During MSTP calculation, a boundary port’s role on an MSTI is consistent with its role on the CIST. But that is not true with master ports. A master port on MSTIs is a root port on the CIST. Roles of ports MSTP calculation involves these port roles: root port, designated port, master port, alternate port, backup port, and so on.

  • Page 90: How Mstp Works

    Port states In MSTP, port states fall into the following three: Forwarding: the port learns MAC addresses and forwards user traffic; Learning: the port learns MAC addresses but does not forward user traffic; Discarding: the port neither learns MAC addresses nor forwards user traffic. When in different MSTIs, a port can be in different states.

  • Page 91: Implementation Of Mstp On Devices, Mstp Configuration Task List

    Within an MST region, the packet is forwarded along the corresponding MSTI. Between two MST regions, the packet is forwarded along the CST. Implementation of MSTP on Devices MSTP is compatible with STP and RSTP. STP and RSTP protocol packets can be recognized by devices running MSTP and used for spanning tree calculation.

  • Page 92

    Task Remarks Enabling the MSTP Feature Required Configuring an MST Region Required Configuring the Work Mode of an MSTP Device Optional Configuring the Timeout Factor Optional Configuring the Maximum Port Rate Optional Configuring Ports as Edge Ports Optional Configuring Configuring Path Costs of Ports Optional the leaf nodes Configuring Port Priority...

  • Page 93: Configuring Mstp, Configuring An Mst Region

    Configuring MSTP Configuring an MST Region Make the following configurations on the root bridge and on the leaf nodes separately. Follow these steps to configure an MST region: To do... Use the command... Remarks Enter system view — system-view Enter MST region view —...

  • Page 94: Configuring The Root Bridge Or A Secondary Root Bridge

    Configuring the Root Bridge or a Secondary Root Bridge MSTP can determine the root bridge of a spanning tree through MSTP calculation. Alternatively, you can specify the current device as the root bridge or a secondary root bridge using the commands provided by the system.

  • Page 95: Configuring The Work Mode Of An Mstp Device, Configuring The Priority Of A Device

    After specifying the current device as the root bridge or a secondary root bridge, you cannot change the priority of the device. Alternatively, you can also configure the current device as the root bridge by setting the priority of the device to 0. For the device priority configuration, refer to Configuring the Priority of a Device.

  • Page 96: Configuring The Maximum Hops Of An Mst Region

    After configuring a device as the root bridge or a secondary root bridge, you cannot change the priority of the device. During root bridge selection, if all devices in a spanning tree have the same priority, the one with the lowest MAC address will be selected as the root bridge of the spanning tree. Configuring the Maximum Hops of an MST Region By setting the maximum hops of an MST region, you can restrict the region size.

  • Page 97: Configuring Timers Of Mstp

    Based on the network diameter you configured, MSTP automatically sets an optimal hello time, forward delay, and max age for the device. The configured network diameter is effective for the CIST only, and not for MSTIs. Each MST region is considered as a device. The network diameter must be configured on the root bridge.

  • Page 98: Configuring The Timeout Factor

    To do... Use the command... Remarks Optional Configure the max age timer stp timer max-age time 2,000 centiseconds (20 seconds) by default The length of the forward delay time is related to the network diameter of the switched network. Typically, the larger the network diameter is, the longer the forward delay time should be. Note that if the forward delay setting is too small, temporary redundant paths may be introduced;...

  • Page 99: Configuring The Maximum Port Rate, Configuring Ports As Edge Ports

    To do... Use the command... Remarks Enter system view — system-view Required Configure the timeout factor of the device stp timer-factor factor 3 by default Configuring the Maximum Port Rate The maximum rate of a port refers to the maximum number of BPDUs the port can send within each hello time.

  • Page 100: Configuring Path Costs Of Ports

    To do... Use the command... Remarks Enter Ethernet interface interface interface-type Enter view, or Layer 2 aggregate interface-number Required interface interface view view or port Use either command. group view port-group manual Enter port group view port-group-name Required Configure the current ports as edge ports stp edged-port enable All ports are non-edge ports by default.

  • Page 101

    Table 1-7 Link speed vs. path cost Duplex state Link speed 802.1d-1998 802.1t Private standard — 65535 200,000,000 200,000 Single Port 2,000,000 2,000 Aggregate Link 2 Ports 1,000,000 1,800 10 Mbps Aggregate Link 3 Ports 666,666 1,600 Aggregate Link 4 Ports 500,000 1,400 Single Port...

  • Page 102: Configuring Port Priority

    If you change the standard that the device uses in calculating the default path cost, the port path cost value set through the stp cost command will be invalid. When the path cost of a port is changed, MSTP will re-calculate the role of the port and initiate a state transition.

  • Page 103: Configuring The Link Type Of Ports

    When the priority of a port is changed, MSTP will re-calculate the role of the port and initiate a state transition. Generally, a lower priority value indicates a higher priority. If you configure the same priority value for all the ports on a device, the specific priority of a port depends on the index number of the port. Changing the priority of a port triggers a new spanning tree calculation process.

  • Page 104: Enabling The Output Of Port State Transition Information

    dot1s: 802.1s-compliant standard format, and legacy: Compatible format By default, the packet format recognition mode of a port is auto, namely the port automatically distinguishes the two MSTP packet formats, and determines the format of packets it will send based on the recognized format.

  • Page 105: Enabling The Mstp Feature, Performing Mcheck

    To do... Use the command... Remarks Required Enable output of port state transition stp port-log { all | This function is enabled by information instance instance-id } default. Enabling the MSTP Feature You must enable MSTP for the device before any other MSTP-related configurations can take effect. Make this configuration on the root bridge and on the leaf nodes separately.

  • Page 106: Configuring Digest Snooping

    By then, you can perform an mCheck operation to force the port to migrate to the MSTP (or RSTP) mode. You can perform mCheck on a port through the following two approaches, which lead to the same result. Performing mCheck globally Follow these steps to perform global mCheck: To do...

  • Page 107

    Before enabling digest snooping, ensure that associated devices of different vendors are interconnected and run MSTP. Configuring the Digest Snooping feature You can enable Digest Snooping only on a device that is connected to a third-party device that uses its private key to calculate the configuration digest.

  • Page 108: Configuring No Agreement Check

    Digest Snooping configuration example Network requirements Device A and Device B connect to Device C, a third-party device, and all these devices are in the same region. Enable Digest Snooping on Device A and Device B so that the three devices can communicate with one another.

  • Page 109

    Figure 1-7 shows the rapid state transition mechanism on MSTP designated ports. Figure 1-7 Rapid state transition of an MSTP designated port Figure 1-8 shows rapid state transition of an RSTP designated port. Figure 1-8 Rapid state transition of an RSTP designated port Downstream device Upstream device Proposal for rapid transition...

  • Page 110: Configuring Protection Functions

    To do... Use the command... Remarks Enter system view — system-view Enter Ethernet interface view, or interface interface-type Enter interface Layer 2 aggregate interface-number Required or port group interface view Use either command. view port-group manual Enter port group view port-group-name Required Enable No Agreement Check...

  • Page 111

    ports and start a new spanning tree calculation process. This will cause a change of network topology. Under normal conditions, these ports should not receive configuration BPDUs. However, if someone forges configuration BPDUs maliciously to attack the devices, network instability will occur. MSTP provides the BPDU guard function to protect the system against such attacks.

  • Page 112

    To do... Use the command... Remarks Enter port group port-group manual view port-group-name Required Enable the root guard function for stp root-protection the port(s) Disabled by default Among loop guard, root guard and edge port settings, only one function (whichever is configured the earliest) can take effect on a port at the same time.

  • Page 113

    Enabling TC-BPDU guard When receiving topology change (TC) BPDUs (the BPDUs used to notify topology changes), a switch flushes its forwarding address entries. If someone forges TC-BPDUs to attack the switch, the switch will receive a large number of TC-BPDUs within a short time and be busy with forwarding address entry flushing.

  • Page 114: Displaying And Maintaining Mstp, Mstp Configuration Example

    To do... Use the command... Remarks Required Enable BPDU dropping for the bpdu-drop any port(s) Disabled by default Displaying and Maintaining MSTP To do... Use the command... Remarks View information about abnormally Available in any view display stp abnormal-port blocked ports View information about ports blocked Available in any view display stp down-port...

  • Page 115

    Figure 1-10 Network diagram for MSTP configuration Configuration procedure VLAN and VLAN member port configuration Create VLAN 10, VLAN 20, and VLAN 30 on Device A and Device B respectively, create VLAN 10, VLAN 20, and VLAN 40 on Device C, and create VLAN 20, VLAN 30, and VLAN 40 on Device D; configure the ports on these devices as trunk ports and assign them to related VLANs.

  • Page 116

    <DeviceB> system-view [DeviceB] stp region-configuration [DeviceB-mst-region] region-name example [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30 [DeviceB-mst-region] instance 4 vlan 40 [DeviceB-mst-region] revision-level 0 # Activate MST region configuration. [DeviceB-mst-region] active region-configuration [DeviceB-mst-region] quit # Specify the current device as the root bridge of MSTI 3. [DeviceB] stp instance 3 root primary # Enable MSTP globally.

  • Page 117

    # Activate MST region configuration. [DeviceD-mst-region] active region-configuration [DeviceD-mst-region] quit # Enable MSTP globally. [DeviceD] stp enable Verifying the configurations You can use the display stp brief command to display brief spanning tree information on each device after the network is stable. # Display brief spanning tree information on Device A.

  • Page 118

    GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/3 ROOT FORWARDING NONE Based on the above information, you can draw the MSTI corresponding to each VLAN, as shown in Figure 1-11. Figure 1-11 MSTIs corresponding to different VLANs 1-42...

  • Page 119: Table Of Contents

    Table of Contents 1 LLDP Configuration···································································································································1-1 Overview ·················································································································································1-1 Background ·····································································································································1-1 Basic Concepts································································································································1-2 How LLDP Works ····························································································································1-5 Protocols and Standards ·················································································································1-6 LLDP Configuration Task List ·················································································································1-6 Performing Basic LLDP Configuration ····································································································1-7 Enabling LLDP·································································································································1-7 Setting LLDP Operating Mode ········································································································1-7 Setting the LLDP Re-Initialization Delay ·························································································1-8 Enabling LLDP Polling·····················································································································1-8 Configuring the TLVs to Be Advertised ···························································································1-8 Configuring the Management Address and Its Encoding Format ···················································1-9...

  • Page 120: Lldp Configuration

    LLDP Configuration Displaying the LLDP information about the neighboring devices in the form of a list is added in V05.02.00P19 on the 3Com Switch 4500G. For details, please refer to the keyword list in the command display lldp neighbor-information. When configuring LLDP, go to these sections for information you are interested in: Overview LLDP Configuration Task List Performing Basic LLDP Configuration...

  • Page 121

    Basic Concepts LLDP frames LLDP sends device information in LLDP data units (LLDPDUs). LLDPDUs are encapsulated in Ethernet II or SNAP frames. Ethernet II-encapsulated LLDP frame format Figure 1-1 Ethernet II-encapsulated LLDP frame format The fields in the frame are described in Table 1-1: Table 1-1 Description of the fields in an Ethernet II-encapsulated LLDP frame...

  • Page 122

    The fields in the frame are described in Table 1-2: Table 1-2 Description of the fields in a SNAP-encapsulated LLDP frame Field Description The MAC address to which the LLDPDU is advertised. It is fixed to Destination MAC address 0x0180-C200-000E, a multicast MAC address. The MAC address of the sending port.

  • Page 123

    Type Description Remarks ID of the sending port. If MED TLVs are included in the LLDPDU, the port ID TLV carries the MAC address of the sending port or the bridge Port ID MAC in case the port does not have a MAC address. If no MED TLVs are included, the port ID TLV carries the port name.

  • Page 124: How Lldp Works

    Type Description Indicates the supported maximum frame size. It is now the MTU Maximum Frame Size of the port. LLDP-MED TLVs LLDP-MED TLVs provide multiple advanced applications for voice over IP (VoIP), such as basic configuration, network policy configuration, and address and directory management. LLDP-MED TLVs satisfy the voice device vendors’...

  • Page 125: Lldp Configuration Task List

    TxRx mode. A port in this mode sends and receives LLDP frames. Tx mode. A port in this mode only sends LLDP frames. Rx mode. A port in this mode only receives LLDP frames. Disable mode. A port in this mode does not send or receive LLDP frames. Each time the LLDP operating mode of a port changes, its LLDP protocol state machine re-initializes.

  • Page 126: Performing Basic Lldp Configuration, Enabling Lldp, Setting Lldp Operating Mode

    Task Remarks Setting Other LLDP Parameters Optional Setting an Encapsulation Format for LLDPDUs Optional Configuring CDP Compatibility Optional Configuring LLDP Trapping Optional LLDP-related configurations made in Ethernet interface view takes effect only on the current port, and those made in port group view takes effect on all ports in the current port group. Performing Basic LLDP Configuration Enabling LLDP To make LLDP take effect on certain ports, you need to enable LLDP both globally and on these ports.

  • Page 127: Setting The Lldp Re-initialization Delay, Enabling Lldp Polling, Configuring The Tlvs To Be Advertised

    To do… Use the command… Remarks Enter system view system-view — Enter Ethernet interface interface-type Enter interface view interface-number Ethernet Required interface Use either command. view or port Enter port port-group manual group view group view port-group-name Optional lldp admin-status { disable | Set the LLDP operating mode rx | tx | txrx } TxRx by default.

  • Page 128: Configuring The Management Address And Its Encoding Format

    To do… Use the command… Remarks Enter Enter Ethernet interface interface-type interface-number Ethernet interface view Required interface Use either view or Enter port command. port-group manual port-group-name port group group view view Optional lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | By default, all system-name } | dot1-tlv { all | port-vlan-id |...

  • Page 129: Setting Other Lldp Parameters, Setting An Encapsulation Format For Lldpdus

    Setting Other LLDP Parameters The TTL TLV carried in an LLDPDU determines how long the device information carried in the LLDPDU can be saved on a recipient device. You can configure the TTL of locally sent LLDP frames to determine how long information about the local device can be saved on a neighbor device by setting the TTL multiplier.

  • Page 130: Configuring Cdp Compatibility

    To do… Use the command… Remarks Enter system view system-view — Enter Ethernet interface interface-type Enter Ethernet interface view interface-number Required interface view or Use either command. Enter port port-group manual port group view group view port-group-name Required Ethernet II encapsulation Set the encapsulation format for format applies by default.

  • Page 131: Configuring Lldp Trapping

    Configuring CDP Compatibility CDP-compatible LLDP operates in one of the follows two modes: TxRx, where CDP packets can be transmitted and received. Disable, where CDP packets can neither be transmitted nor be received. To make CDP-compatible LLDP take effect on certain ports, first enable CDP-compatible LLDP globally and configure CDP-compatible LLDP to operate in TxRx mode.

  • Page 132: Displaying And Maintaining Lldp, Lldp Configuration Examples, Basic Lldp Configuration Example

    To do… Use the command… Remarks Required lldp notification remote-change Enable LLDP trap sending enable Disabled by default — Quit to system view quit Optional Set the interval to send LLDP lldp timer notification-interval traps interval 5 seconds by default Displaying and Maintaining LLDP To do…...

  • Page 133: Configuration Procedure

    Configuration procedure Configure Switch A. # Enable LLDP globally. <SwitchA> system-view [SwitchA] lldp enable # Enable LLDP on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 (you can skip this step because LLDP is enabled on ports by default), and set the LLDP operating mode to Rx. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] lldp enable [SwitchA-GigabitEthernet1/0/1] lldp admin-status rx...

  • Page 134

    Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV Port 2 [GigabitEthernet1/0/2]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Roll time : 0s Number of neighbors Number of MED neighbors...

  • Page 135: Cdp-compatible Lldp Configuration Example

    Port 2 [GigabitEthernet1/0/2]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Roll time : 0s Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV As the sample output shows, GigabitEthernet 1/0/2 of Switch A does not connect any neighboring devices.

  • Page 136

    # Enable LLDP globally and enable LLDP to be compatible with CDP globally. [SwitchA] lldp enable [SwitchA] lldp compliance cdp # Enable LLDP (you can skip this step because LLDP is enabled on ports by default), configure LLDP to operate in TxRx mode, and configure CDP-compatible LLDP to operate in TxRx mode on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2.

  • Page 137: Table Of Contents

    Table of Contents 1 VLAN Configuration ··································································································································1-1 Introduction to VLAN ·······························································································································1-1 VLAN Overview ·······························································································································1-1 VLAN Fundamentals ·······················································································································1-2 Types of VLAN ································································································································1-3 Configuring Basic VLAN Settings ···········································································································1-3 Configuring Basic Settings of a VLAN Interface ·····················································································1-4 Port-Based VLAN Configuration ·············································································································1-5 Introduction to Port-Based VLAN ····································································································1-5 Assigning an Access Port to a VLAN ······························································································1-7 Assigning a Trunk Port to a VLAN···································································································1-8 Assigning a Hybrid Port to a VLAN ·································································································1-9...

  • Page 138: Vlan Configuration, Introduction To Vlan, Vlan Overview

    VLAN Configuration When configuring VLAN, go to these sections for information you are interested in: Introduction to VLAN Configuring Basic VLAN Settings Configuring Basic Settings of a VLAN Interface Port-Based VLAN Configuration MAC-Based VLAN Configuration Protocol-Based VLAN Configuration Displaying and Maintaining VLAN VLAN Configuration Example Introduction to VLAN VLAN Overview...

  • Page 139: Vlan Fundamentals

    Confining broadcast traffic within individual VLANs. This reduces bandwidth waste and improves network performance. Improving LAN security. By assigning user groups to different VLANs, you can isolate them at Layer 2. To enable communication between VLANs, routers or Layer 3 switches are required. Flexible virtual workgroup creation.

  • Page 140: Types Of Vlan, Configuring Basic Vlan Settings

    The Ethernet II encapsulation format is used here. Besides the Ethernet II encapsulation format, other encapsulation formats, including 802.2 LLC, 802.2 SNAP, and 802.3 raw, are also supported by Ethernet. The VLAN tag fields are also added to frames encapsulated in these formats for VLAN identification.

  • Page 141: Configuring Basic Settings Of A Vlan Interface

    As the default VLAN, VLAN 1 cannot be created or removed. You cannot manually create or remove VLANs reserved for special purposes. Dynamic VLANs cannot be removed with the undo vlan command. A VLAN with a QoS policy applied cannot be removed. For isolate-user-VLANs or secondary VLANs, if you have used the isolate-user-vlan command to create mappings between them, you cannot remove them until you remove the mappings between them first.

  • Page 142: Port-based Vlan Configuration, Introduction To Port-based Vlan

    Before creating a VLAN interface for a VLAN, create the VLAN first. Port-Based VLAN Configuration Introduction to Port-Based VLAN Port-based VLANs group VLAN members by port. A port forwards traffic for a VLAN only after it is assigned to the VLAN. Port link type You can configure the link type of a port as access, trunk, or hybrid.

  • Page 143

    Figure 1-4 Network diagram for port link type configuration Default VLAN By default, VLAN 1 is the default VLAN for all ports. You can configure the default VLAN for a port as required. Use the following guidelines when configuring the default VLAN on a port: Because an access port can join only one VLAN, its default VLAN is the VLAN to which it belongs and cannot be configured.

  • Page 144: Assigning An Access Port To A Vlan

    Actions (in the inbound direction) Actions (in the outbound Port type direction) Untagged frame Tagged frame Receive the frame if its VLAN ID is the same as the default VLAN ID. Tag the frame with Remove the default VLAN tag and Access the default VLAN Drop the frame if its...

  • Page 145: Assigning A Trunk Port To A Vlan

    To do… Use the command… Remarks Enter system view system-view — Enter Ethernet interface interface-type Required interface view interface-number Use either command. In Ethernet interface view, the Enter Layer-2 interface subsequent configurations apply aggregate bridge-aggregation to the current port. interface view interface-number Enter port...

  • Page 146: Assigning A Hybrid Port To A Vlan

    Follow these steps to assign a trunk port to one or multiple VLANs: To do… Use the command… Remarks Enter system view system-view — Enter Required interface interface-type Ethernet Use either command. interface-number interface view In Ethernet interface view, the subsequent configurations Enter Layer-2...

  • Page 147

    Follow these steps to assign a hybrid port to one or multiple VLANs: To do… Use the command… Remarks Enter system view system-view — Enter Ethernet interface interface-type Required interface view interface-number Use either command. In Ethernet interface view, Enter Layer-2 interface bridge-aggregation subsequent aggregate...

  • Page 148: Mac-based Vlan Configuration, Introduction To Mac-based Vlan, Configuring A Mac Address-based Vlan

    MAC-Based VLAN Configuration Introduction to MAC-Based VLAN MAC-based VLANs group VLAN members by MAC address. They are mostly used in conjunction with security technologies such as 802.1X to provide secure, flexible network access for terminal devices. MAC-based VLAN implementation With MAC-based VLAN configured, the device processes received packets as follows: When receiving an untagged frame, the device looks up the list of MAC-to-VLAN mappings based on the source MAC address of the frame for a match.

  • Page 149: Protocol-based Vlan Configuration, Introduction To Protocol-based Vlan

    MAC-based VLANs are available only on hybrid ports. Because MAC-based dynamic port assignment is mainly configured on the downlink ports of the user access devices, do not enable this function together with link aggregation. With MSTP enabled, if the MST instance for the corresponding VLAN is blocked, the packet with the unknown source MAC address will fail to be sent to the CPU.

  • Page 150: Configuring A Protocol-based Vlan

    Protocol-based VLANs are only applicable on hybrid ports. In this approach, inbound packets are assigned to different VLANs based on their protocol types and encapsulation formats. The protocols that can be used for VLAN assignment include IP, IPX, and AppleTalk (AT). The encapsulation formats include Ethernet II, 802.3 raw, 802.2 LLC, and 802.2 SNAP. A protocol-based VLAN is defined by a protocol template comprised of encapsulation format and protocol type.

  • Page 151

    To do… Use the command… Remarks current port. In port group view, the subsequent configurations apply to all ports in the port group. Enter port port-group manual Layer-2 aggregate group view port-group-name interface view, subsequent configurations apply Layer-2 aggregate interface and all its member ports.

  • Page 152: Ip Subnet-based Vlan Configuration, Configuring An Ip Subnet-based Vlan

    IP Subnet-Based VLAN Configuration Introduction In this approach, packets are assigned to VLANs based on their source IP addresses and subnet masks. A port configured with IP subnet-based VLANs assigns a received untagged packet to a VLAN based on the source address of the packet. This feature is used to assign packets from the specified network segment or IP address to a specific VLAN.

  • Page 153: Displaying And Maintaining Vlan, Vlan Configuration Example

    After you configure a command on a Layer-2 aggregate interface, the system starts applying the configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports. If it fails to do that on an aggregation member port, it simply skips the port and moves to the next port.

  • Page 154

    GigabitEthernet 1/0/1 allows packets from VLAN 2, VLAN 6 through VLAN 50, and VLAN 100 to pass through. Figure 1-5 Network diagram for port-based VLAN configuration Configuration procedure Configure Device A # Create VLAN 2, VLAN 6 through VLAN 50, and VLAN 100. <DeviceA>...

  • Page 155

    Unknown-speed mode, unknown-duplex mode Link speed type is autonegotiation, link duplex type is autonegotiation Flow-control is not enabled The Maximum Frame Length is 9216 Broadcast MAX-ratio: 100% Unicast MAX-ratio: 100% Multicast MAX-ratio: 100% Allow jumbo frame to pass PVID: 100 Mdi type: auto Link delay is 0(sec) Port link-type: trunk...

  • Page 156: Isolate-user-vlan Configuration, Configuring Isolate-user-vlan

    Isolate-User-VLAN Configuration When configuring an isolate-user VLAN, go to these sections for information you are interested in: Overview Configuring Isolate-User-VLAN Displaying and Maintaining Isolate-User-VLAN Isolate-User-VLAN Configuration Example Overview An isolate-user-VLAN adopts a two-tier VLAN structure. In this approach, two types of VLANs, isolate-user-VLAN and secondary VLAN, are configured on the same device.

  • Page 157

    Assign non-trunk ports to the isolate-user-VLAN and ensure that at least one port takes the isolate-user-VLAN as its default VLAN; Assign non-trunk ports to each secondary VLAN and ensure that at least one port in a secondary VLAN takes the secondary VLAN as its default VLAN; Associate the isolate-user-VLAN with the specified secondary VLANs.

  • Page 158: Displaying And Maintaining Isolate-user-vlan, Isolate-user-vlan Configuration Example

    Displaying and Maintaining Isolate-User-VLAN To do... Use the command... Remarks Display the mapping between an display isolate-user-vlan isolate-user-VLAN and its secondary Available in any view [ isolate-user-vlan-id ] VLAN(s) Isolate-User-VLAN Configuration Example Network requirements Connect Device A to downstream devices Device B and Device C; Configure VLAN 5 on Device B as an isolate-user-VLAN, assign the uplink port GigabitEthernet 1/0/5 to VLAN 5, and associate VLAN 5 with secondary VLANs VLAN 2 and VLAN 3.

  • Page 159

    [DeviceB] vlan 2 [DeviceB-vlan2] port gigabitethernet 1/0/2 [DeviceB-vlan2] quit # Associate the isolate-user-VLAN with the secondary VLANs. [DeviceB] isolate-user-vlan 5 secondary 2 to 3 Configure Device C # Configure the isolate-user-VLAN. <DeviceC> system-view [DeviceC] vlan 6 [DeviceC-vlan6] isolate-user-vlan enable [DeviceC-vlan6] port gigabitethernet 1/0/5 [DeviceC-vlan6] quit # Configure the secondary VLANs.

  • Page 160

    gigabitethernet 1/0/2 gigabitethernet 1/0/5 VLAN ID: 3 VLAN Type: static Isolate-user-VLAN type : secondary Route Interface: not configured Description: VLAN 0003 Name: VLAN 0003 Tagged Ports: none Untagged Ports: gigabitethernet 1/0/1 gigabitethernet 1/0/5...

  • Page 161: Voice Vlan Configuration, Oui Addresses

    Voice VLAN Configuration When configuring a voice VLAN, go to these sections for information you are interested in: Overview Configuring a Voice VLAN Displaying and Maintaining Voice VLAN Voice VLAN Configuration Overview As voice communication technologies grow more mature, voice devices are more and more widely deployed, especially on broadband networks, where voice traffic and data traffic often co-exist.

  • Page 162: Voice Vlan Assignment Modes

    Number OUI address Vendor 00e0-bb00-0000 3Com phone In general, as the first 24 bits of a MAC address (in binary format), an OUI address is a globally unique identifier assigned to a vendor by IEEE. OUI addresses mentioned in this document, however, are different from those in common sense.

  • Page 163

    Figure 3-2 Only IP phones access the network Both modes forward tagged packets according to their tags. The following tables list the required configurations on ports of different link types in order for these ports to support tagged or untagged voice traffic sent from IP phones when different voice VLAN assignment modes are configured.

  • Page 164: Security Mode And Normal Mode Of Voice Vlans

    Table 3-3 Required configurations on ports of different links types in order for the ports to support tagged voice traffic Voice VLAN Support for Port link type assignment untagged voice Configuration requirements mode traffic Automatic — Access Configure the default VLAN of the port as Manual the voice VLAN.

  • Page 165: Configuring A Voice Vlan, Setting A Port To Operate In Automatic Voice Vlan Assignment Mode

    Table 3-4 How a voice VLAN-enable port processes packets in security/normal mode Voice VLAN Packet type Packet processing mode working mode Untagged packets If the source MAC address of a packet matches an OUI address configured for the device, it is forwarded in the Packets carrying the voice VLAN;...

  • Page 166: Setting A Port To Operate In Manual Voice Vlan Assignment Mode

    To do... Use the command... Remarks Optional voice vlan mac-address By default, each voice VLAN has default OUI Add a recognizable oui mask oui-mask addresses configured. Refer to Table 3-1 OUI address [ description text ] the default OUI addresses of different vendors.

  • Page 167: Displaying And Maintaining Voice Vlan, Voice Vlan Configuration Examples, Automatic Voice Vlan Mode Configuration Example

    To do... Use the command... Remarks Refer to Assigning an Access Access port Use one of the three Assign the Port to a VLAN. approaches. port in manual voice VLAN Refer to Assigning a Trunk Port After you assign an access port Trunk port assignment to a...

  • Page 168

    Device A uses voice VLAN 2 to transmit voice packets for IP phone A and voice VLAN 3 to transmit voice packets for IP phone B. Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to work in automatic voice VLAN assignment mode. In addition, if one of them has not received any voice packet in 30 minutes, the port is removed from the corresponding voice VLAN automatically.

  • Page 169: Manual Voice Vlan Assignment Mode Configuration Example

    [DeviceA-GigabitEthernet1/0/1] quit # Configure GigabitEthernet 1/0/2. [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] voice vlan mode auto [DeviceA-GigabitEthernet1/0/2] port link-type hybrid [DeviceA-GigabitEthernet1/0/2] voice vlan 3 enable [DeviceA-GigabitEthernet1/0/2] quit Verification # Display the OUI addresses, OUI address masks, and description strings supported currently. <DeviceA>...

  • Page 170

    Figure 3-4 Network diagram for manual voice VLAN assignment mode configuration Configuration procedure # Configure the voice VLAN to operate in security mode. (Optional. A voice VLAN operates in security mode by default.) <DeviceA> system-view [DeviceA] voice vlan security enable # Add a recognizable OUI address 0011-2200-0000.

  • Page 171

    0060-b900-0000 ffff-ff00-0000 Philips/NEC phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3com phone # Display the current voice VLAN state. <DeviceA> display voice vlan state Maximum of Voice VLANs: 8 Current Voice VLANs: 1 Voice VLAN security mode: Security Voice VLAN aging time: 1440 minutes Voice VLAN enabled port and its mode: PORT VLAN...

  • Page 172

    Table of Contents 1 GVRP Configuration ··································································································································1-1 Introduction to GVRP ······························································································································1-1 GARP···············································································································································1-1 GVRP···············································································································································1-3 Protocols and Standards ·················································································································1-4 GVRP Configuration Task List ················································································································1-4 Configuring GVRP Functions··················································································································1-4 Configuring GARP Timers·······················································································································1-5 Displaying and Maintaining GVRP··········································································································1-6 GVRP Configuration Examples···············································································································1-7 GVRP Configuration Example I·······································································································1-7 GVRP Configuration Example II······································································································1-8 GVRP Configuration Example III·····································································································1-9...

  • Page 173: Gvrp Configuration, Introduction To Gvrp

    GVRP Configuration The GARP VLAN Registration Protocol (GVRP) is a GARP application. It functions based on the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for the GVRP devices on the network. When configuring GVRP, go to these sections for information you are interested in: Introduction to GVRP GVRP Configuration Task List Configuring GVRP Functions...

  • Page 174

    Hold timer –– When a GARP application entity receives the first registration request, it starts a Hold timer and collects succeeding requests. When the timer expires, the entity sends all these requests in one Join message. This helps you save bandwidth. Join timer ––...

  • Page 175

    GARP message format Figure 1-1 GARP message format Figure 1-1 illustrates the GARP message format. Table 1-1 describes the GARP message fields. Table 1-1 Description on the GARP message fields Field Description Value Protocol ID Protocol identifier for GARP One or multiple messages, each containing Message ––...

  • Page 176: Gvrp Configuration Task List, Configuring Gvrp Functions

    about active VLAN members and through which port they can be reached. It thus ensures that all GVRP participants on a bridged LAN maintain the same VLAN registration information. The VLAN registration information propagated by GVRP includes both manually configured local static entries and dynamic entries from other devices.

  • Page 177: Configuring Garp Timers

    To do… Use the command… Remarks Enter Ethernet Enter Ethernet interface view, interface view or interface interface-type Required Layer 2 Layer 2 aggregate interface-number aggregate interface view Perform either of the interface view, commands. or port-group Enter port-group port-group manual view view port-group-name...

  • Page 178: Displaying And Maintaining Gvrp

    To do… Use the command… Remarks Enter Required Enter Ethernet or Ethernet Layer 2 interface interface-type Perform either of the interface aggregate interface-number commands. view, Layer interface view Depending on the view you 2 aggregate accessed, the subsequent interface configuration takes effect on a view, or Enter port-group port-group manual...

  • Page 179: Gvrp Configuration Examples, Gvrp Configuration Example I

    To do… Use the command… Remarks display gvrp state interface Display the current GVRP state interface-type interface-number vlan Available in any view vlan-id display gvrp statistics [ interface Display statistics about GVRP Available in any view interface-list ] Display the global GVRP state display gvrp status Available in any view Display the information about...

  • Page 180: Gvrp Configuration Example Ii

    [DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, allowing all VLANs to pass through. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on trunk port GigabitEthernet 1/0/1. [DeviceB-GigabitEthernet1/0/1] gvrp [DeviceB-GigabitEthernet1/0/1] quit # Create VLAN 3 (a static VLAN).

  • Page 181: Gvrp Configuration Example Iii

    [DeviceA-GigabitEthernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 Configure Device B # Enable GVRP globally. <DeviceB> system-view [DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, allowing all VLANs to pass through. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1.

  • Page 182

    [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1 and set the GVRP registration type to forbidden on the port. [DeviceA-GigabitEthernet1/0/1] gvrp [DeviceA-GigabitEthernet1/0/1] gvrp registration forbidden [DeviceA-GigabitEthernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 Configure Device B # Enable GVRP globally.

  • Page 183: Table Of Contents

    Table of Contents 1 QinQ Configuration ···································································································································1-1 Introduction to QinQ ································································································································1-1 Background and Benefits ················································································································1-1 How QinQ Works·····························································································································1-2 QinQ Frame Structure ·····················································································································1-2 Implementations of QinQ·················································································································1-3 Modifying the TPID in a VLAN Tag ·································································································1-3 Protocols and Standards ·················································································································1-4 QinQ Configuration Task List··················································································································1-5 Configuring Basic QinQ ··························································································································1-5 Enabling Basic QinQ ·······················································································································1-5 Configuring Selective QinQ·····················································································································1-5...

  • Page 184: Qinq Configuration, Introduction To Qinq, Background And Benefits

    QinQ Configuration When configuring QinQ, go to these sections for information you are interested in: Introduction to QinQ QinQ Configuration Task List Configuring Basic QinQ Configuring Selective QinQ Configuring the TPID Value in VLAN Tags QinQ Configuration Examples Throughout this document, customer network VLANs (CVLANs), also called inner VLANs, refer to the VLANs that a customer uses on the private network;...

  • Page 185: How Qinq Works, Qinq Frame Structure

    How QinQ Works The devices in the public network forward a frame only according to its outer VLAN tag and learn its source MAC address into the MAC address table of the outer VLAN. The inner VLAN tag of the frame is transmitted as the payload.

  • Page 186: Implementations Of Qinq, Modifying The Tpid In A Vlan Tag

    Figure 1-2 Single-tagged frame structure vs. double-tagged Ethernet frame structure The default maximum transmission unit (MTU) of an interface is 1500 bytes. The size of an outer VLAN tag is 4 bytes. Therefore, you are recommended to increase the MTU of each interface on the service provider network.

  • Page 187

    Figure 1-3 VLAN tag structure of an Ethernet frame The device determines whether a received frame carries a SVLAN tag or a CVLAN tag by checking the corresponding TPID value. Upon receiving a frame, the device compares the configured TPID value with the value of the TPID field in the frame.

  • Page 188: Configuring Basic Qinq, Configuring Selective Qinq, Qinq Configuration Task List, Enabling Basic Qinq

    QinQ Configuration Task List Table 1-2 QinQ configuration task list Configuration task Remarks Configuring Basic QinQ Optional Configuring Selective QinQ Configuring an Outer VLAN Tagging Policy Optional Configuring the TPID Value in VLAN Tags Optional QinQ requires configurations only on the service provider network, not on the customer network. QinQ configurations made in Ethernet interface view take effect on the current interface only;...

  • Page 189: Configuring The Tpid Value In Vlan Tags, Qinq Configuration Examples, Basic Qinq Configuration Example

    Follow these steps to configure an outer VLAN tagging policy: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet or Layer-2 interface interface-type Enter aggregate interface-number Required interface interface view view or port Use either command group view Enter port group port-group manual...

  • Page 190

    Make configuration to achieve the following: Frames of VLAN 200 through VLAN 299 can be exchanged between Customer A1and Customer A2 through VLAN 10 of the service provider network. Frames of VLAN 250 through VLAN 350 can be exchanged between Customer B1 and Customer B2 through VLAN 50 of the service provider network.

  • Page 191

    [ProviderA-GigabitEthernet1/0/2] port hybrid vlan 50 untagged # Enable basic QinQ on GigabitEthernet 1/0/2. [ProviderA-GigabitEthernet1/0/2] qinq enable [ProviderA-GigabitEthernet1/0/2] quit Configure GigabitEthernet 1/0/3 # Configure GigabitEthernet 1/0/3 as a trunk port to permit frames of VLAN 10 and 50 to pass through. [ProviderA] interface gigabitethernet 1/0/3 [ProviderA-GigabitEthernet1/0/3] port link-type trunk [ProviderA-GigabitEthernet1/0/3] port trunk permit vlan 10 50...

  • Page 192: Comprehensive Selective Qinq Configuration Example

    Comprehensive Selective QinQ Configuration Example Network requirements Provider A and Provider B are edge devices on the service provider network and are interconnected through trunk ports. They belong to SVLAN 1000 and SVLAN 2000 separately. Customer A, Customer B and Customer C are edge devices on the customer network. Third-party devices with a TPID value of 0x8200 are deployed between Provider A and Provider B.

  • Page 193

    # Tag CVLAN 10 frames with SVLAN 1000. [ProviderA-GigabitEthernet1/0/1] qinq vid 1000 [ProviderA-GigabitEthernet1/0/1-vid-1000] raw-vlan-id inbound 10 [ProviderA-GigabitEthernet1/0/1-vid-1000] quit # Tag CVLAN 20 frames with SVLAN 2000. [ProviderA-GigabitEthernet1/0/1] qinq vid 2000 [ProviderA-GigabitEthernet1/0/1-vid-2000] raw-vlan-id inbound 20 [ProviderA-GigabitEthernet1/0/1-vid-2000] quit [ProviderA-GigabitEthernet1/0/1] quit Configure GigabitEthernet 1/0/2 # Configure GigabitEthernet 1/0/2 as a hybrid port to permit frames of VLAN 1000 to pass through, and configure GigabitEthernet 1/0/2 to send packets of VLAN 1000 with tag removed.

  • Page 194

    [ProviderB-GigabitEthernet1/0/2] qinq vid 2000 [ProviderB-GigabitEthernet1/0/2-vid-2000] raw-vlan-id inbound 20 # Set the TPID value in the outer tag to 0x8200. [ProviderA-GigabitEthernet1/0/3] quit [ProviderA] qinq ethernet-type 8200 Configuration on third-party devices Configure the third-party devices between Provider A and Provider B as follows: configure the port connecting GigabitEthernet 1/0/3 of Provider A and that connecting GigabitEthernet 1/0/1 of Provider B to allow tagged frames of VLAN 1000 and VLAN 2000 to pass through.

  • Page 195: Table Of Contents

    Table of Contents 1 BPDU Tunneling Configuration················································································································1-1 Introduction to BPDU Tunneling ·············································································································1-1 Background ·····································································································································1-1 BPDU Tunneling Implementation ····································································································1-2 Configuring BPDU Tunneling··················································································································1-4 Configuration Prerequisites ·············································································································1-4 Enabling BPDU Tunneling···············································································································1-4 Configuring Destination Multicast MAC Address for BPDUs ··························································1-5 BPDU Tunneling Configuration Examples ······························································································1-5 BPDU Tunneling for STP Configuration Example···········································································1-5 BPDU Tunneling for PVST Configuration Example ········································································1-6...

  • Page 196: Introduction To Bpdu Tunneling, Bpdu Tunneling Configuration

    BPDU Tunneling Configuration BPDU tunneling support the transparent transmission of these types of Layer 2 protocol packets in V05.02.00P19: CDP, DLDP, EOAM, GVRP, HGMP, LACP, LLDP, PAGP, PVST, UDLD and VTP. When configuring BPDU tunneling, go to these sections for information you are interested in: Introduction to BPDU Tunneling Configuring BPDU Tunneling BPDU Tunneling Configuration Examples...

  • Page 197: Bpdu Tunneling Implementation

    After receiving a Layer 2 protocol packet from User A network 1, PE 1 in the service provider network encapsulates the packet, replaces its destination MAC address with a specific multicast MAC address, and then forwards the packet in the service provider network; The encapsulated Layer 2 protocol packet (called bridge protocol data unit, BPDU) is forwarded to PE 2 at the other end of the service provider network, which decapsulates the packet, restores the original destination MAC address of the packet, and then sends the packet to User A network 2.

  • Page 198

    To allow each network to calculate an independent spanning tree with STP, BPDU tunneling was introduced. BPDU tunneling delivers the following benefits: BPDUs can be transparently transmitted. BPDUs of the same customer network can be broadcast in a specific VLAN across the service provider network, so that the geographically dispersed networks of the same customer can implement consistent spanning tree calculation across the service provider network.

  • Page 199: Configuring Bpdu Tunneling, Enabling Bpdu Tunneling

    Configuring BPDU Tunneling Configuration Prerequisites Before configuring BPDU tunneling for a protocol, enable the protocol in the customer network first. Assign the port on which you want to enable BPDU tunneling on the PE device and the connected port on the CE device to the same VLAN. Configure ports connecting network devices in the service provider network as trunk ports allowing packets of any VLAN to pass through.

  • Page 200: Configuring Destination Multicast Mac Address For Bpdus, Bpdu Tunneling Configuration Examples

    To do… Use the command… Remarks Enter system view — system-view Enter Layer 2 aggregate interface bridge-aggregation — interface view interface-number Required Enable BPDU tunneling for a bpdu-tunnel dot1q { cdp | protocol on the Layer 2 By default, BPDU tunneling for gvrp | hgmp | pvst | stp | vtp } aggregate interface a protocol is disabled.

  • Page 201: Bpdu Tunneling For Pvst Configuration Example

    Figure 1-3 Network diagram for configuring BPDU tunneling for STP Configuration procedure Configuration on PE 1 # Configure the destination multicast MAC address for BPDUs as 0x0100-0CCD-CDD0. <PE1> system-view [PE1] bpdu-tunnel tunnel-dmac 0100-0ccd-cdd0 # Create VLAN 2 and assign GigabitEthernet1/0/1 to VLAN 2. [PE1] vlan 2 [PE1-vlan2] quit [PE1] interface gigabitethernet 1/0/1...

  • Page 202

    All ports that connect service provider devices and customer devices and those that interconnect service provider devices are trunk ports and allow packets of any VLAN to pass through. PVST is enabled for VLANs 1 through 4094 on User A’s network. It is required that, after the configuration, CE 1 and CE 2 implement consistent PVST calculation across the service provider network, that...

  • Page 203: Table Of Contents

    Table of Contents 1 Port Mirroring Configuration ····················································································································1-1 Introduction to Port Mirroring ··················································································································1-1 Classification of Port Mirroring ········································································································1-1 Implementing Port Mirroring ············································································································1-1 Configuring Local Port Mirroring ·············································································································1-3 Configuring Remote Port Mirroring ·········································································································1-4 Configuration Prerequisites ·············································································································1-4 Configuring a Remote Source Mirroring Group (on the Source Device)·········································1-4 Configuring a Remote Destination Mirroring Group (on the Destination Device) ···························1-6 Displaying and Maintaining Port Mirroring ······························································································1-7 Port Mirroring Configuration Examples ···································································································1-7...

  • Page 204: Port Mirroring Configuration, Introduction To Port Mirroring, Classification Of Port Mirroring, Implementing Port Mirroring

    Port Mirroring Configuration When configuring port mirroring, go to these sections for information you are interested in: Introduction to Port Mirroring Configuring Local Port Mirroring Configuring Remote Port Mirroring Displaying and Maintaining Port Mirroring Port Mirroring Configuration Examples Introduction to Port Mirroring Port mirroring is to copy the packets passing through a port (called a mirroring port) to another port (called the monitor port) connected with a monitoring device for packet analysis.

  • Page 205

    Figure 1-1 Local port mirroring implementation How the device processes packets Traffic mirrored to Mirroring port Monitor port Monitor port Mirroring port Data monitoring device Remote port mirroring Remote port mirroring can mirror all packets but protocol packets. Remote port mirroring is implemented through the cooperation of a remote source mirroring group and a remote destination mirroring group as shown Figure 1-2.

  • Page 206: Configuring Local Port Mirroring

    Destination device The destination device is the device where the monitor port is located. On it, you must create the remote destination mirroring group. When receiving a packet, the destination device compares the VLAN ID carried in the packet with the ID of the probe VLAN configured in the remote destination mirroring group.

  • Page 207: Configuring Remote Port Mirroring, Configuring A Remote Source Mirroring Group (on The Source Device)

    A local port mirroring group takes effect only after its mirroring and monitor ports are configured. To ensure operation of your device, do not enable STP, MSTP, or RSTP on the monitor port. A port mirroring group can have multiple mirroring ports, but only one monitor port. A mirroring or monitor port to be configured cannot belong to an existing port mirroring group.

  • Page 208

    To do… Use the command… Remarks mirroring-group groupid Required In system view mirroring-port mirroring-port-list You configure multiple { both | inbound | outbound } mirroring ports in a mirroring group. interface interface-type In system view, you can interface-number Configure assign a list of mirroring [ mirroring-group groupid ] mirroring ports to the mirroring...

  • Page 209: Configuring A Remote Destination Mirroring Group (on The Destination Device)

    To remove the VLAN configured as a remote probe VLAN, you must remove the remote probe VLAN with undo mirroring-group remote-probe vlan command first. Removing the probe VLAN can invalidate the remote source mirroring group. You are recommended to use a remote probe VLAN exclusively for the mirroring purpose. A port can belong to only one mirroring group.

  • Page 210: Displaying And Maintaining Port Mirroring, Port Mirroring Configuration Examples, Local Port Mirroring Configuration Example

    When configuring the monitor port, use the following guidelines: The port can belong to only the current mirroring group. Disable these functions on the port: STP, MSTP, and RSTP. You are recommended to use a monitor port only for port mirroring. This is to ensure that the data monitoring device receives and analyzes only the mirrored traffic rather than a mix of mirrored traffic and normally forwarded traffic.

  • Page 211: Remote Port Mirroring Configuration Example

    Figure 1-3 Network diagram for local port mirroring configuration Switch A R&D department GE1/0/1 GE1/0/3 GE1/0/2 Switch C Data monitoring device Switch B Marketing department Configuration procedure Configure Switch C. # Create a local port mirroring group. <SwitchC> system-view [SwitchC] mirroring-group 1 local # Add port GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to the port mirroring group as source ports.

  • Page 212

    As shown in Figure 1-4, the administrator wants to monitor the packets sent from Department 1 and 2 through the data monitoring device. Use the remote port mirroring function to meet the requirement. Perform the following configurations: Use Switch A as the source device, Switch B as the intermediate device, and Switch C as the destination device.

  • Page 213

    [SwitchA-GigabitEthernet1/0/3] port link-type trunk [SwitchA-GigabitEthernet1/0/3] port trunk permit vlan 2 Configure Switch B (the intermediate device). # Configure port GigabitEthernet 1/0/1 as a trunk port and configure the port to permit the packets of VLAN 2. <SwitchB> system-view [SwitchB] interface GigabitEthernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] port link-type trunk [SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 2 [SwitchB-GigabitEthernet1/0/1] quit...

  • Page 214: Configuring Traffic Mirroring, Traffic Mirroring Configuration, Traffic Mirroring Overview, Mirroring Traffic To An Interface

    Traffic Mirroring Configuration When configuring traffic mirroring, go to these sections for information you are interested in: Traffic Mirroring Overview Configuring Traffic Mirroring Displaying and Maintaining Traffic Mirroring Traffic Mirroring Configuration Examples Traffic Mirroring Overview Traffic mirroring is the action of copying the specified packets to the specified destination for packet analyzing and monitoring.

  • Page 215: Mirroring Traffic To The Cpu

    To do… Use the command… Remarks Required Create a behavior and enter traffic behavior behavior-name By default, no traffic behavior view behavior exists. Required Specify the destination mirror-to interface interface-type By default, traffic mirroring is interface for traffic mirroring interface-number not configured in a traffic behavior.

  • Page 216: Applying A Qos Policy

    To do… Use the command… Remarks Exit policy view quit — Apply the QoS policy Applying a QoS Policy Required Applying a QoS Policy For details about applying a QoS policy, see QoS Configuration in the QoS Volume. Apply a QoS policy to an interface By applying a QoS policy to an interface, you can regulate the traffic sent or received on the interface.

  • Page 217: Displaying And Maintaining Traffic Mirroring, Traffic Mirroring Configuration Examples

    For details about the qos vlan-policy command, see QoS Commands in the QoS Volume. Applying the QoS policy globally You can apply a QoS policy globally to the inbound or outbound direction of all ports. Follow these steps to apply the QoS policy globally: To do…...

  • Page 218

    Figure 2-1 Network diagram for configuring traffic mirroring to a port Configuration Procedure Configure Switch: # Enter system view. <Sysname> system-view # Configure basic IPv4 ACL 2000 to match packets with the source IP address 192.168.0.1. [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 192.168.0.1 0 [Sysname-acl-basic-2000] quit # Create class 1 and configure the class to use ACL 2000 for traffic classification.

  • Page 219

    IP Services Volume Organization Manual Version 6W101-20100310 Product Version V05.02.00 Organization The IP Services Volume is organized as follows: Features Description An IP address is a 32-bit address allocated to a network interface on a device that is attached to the Internet. This document describes: IP Address Introduction to IP addresses IP address configuration...

  • Page 220

    Features Description UDP Helper functions as a relay agent that converts UDP broadcast packets into unicast packets and forwards them to a specified server. This document describes: UDP Helper UDP Helper overview UDP Helper configuration Internet protocol version 6 (IPv6), also called IP next generation (IPng), was designed by the Internet Engineering Task Force (IETF) as the successor to Internet protocol version 4 (IPv4).

  • Page 221: Table Of Contents

    Table of Contents 1 IP Addressing Configuration····················································································································1-1 IP Addressing Overview··························································································································1-1 IP Address Classes ·························································································································1-1 Special IP Addresses ······················································································································1-2 Subnetting and Masking ··················································································································1-2 Configuring IP Addresses ·······················································································································1-3 Assigning an IP Address to an Interface ·························································································1-3 IP Addressing Configuration Example·····························································································1-4 Displaying and Maintaining IP Addressing······························································································1-5...

  • Page 222: Ip Addressing Overview, Ip Addressing Configuration, Ip Address Classes

    IP Addressing Configuration When assigning IP addresses to interfaces on your device, go to these sections for information you are interested in: IP Addressing Overview Configuring IP Addresses Displaying and Maintaining IP Addressing IP Addressing Overview This section covers these topics: IP Address Classes Special IP Addresses IP Address Classes...

  • Page 223: Special Ip Addresses, Subnetting And Masking

    Table 1-1 IP address classes and ranges Class Address range Remarks The IP address 0.0.0.0 is used by a host at bootstrap for temporary communication. This address is never a valid destination address. 0.0.0.0 to 127.255.255.255 Addresses starting with 127 are reserved for loopback test. Packets destined to these addresses are processed locally as input packets rather than sent to the link.

  • Page 224: Configuring Ip Addresses, Assigning An Ip Address To An Interface

    In the absence of subnetting, some special addresses such as the addresses with the net ID of all zeros and the addresses with the host ID of all ones, are not assignable to hosts. The same is true for subnetting. When designing your network, you should note that subnetting is somewhat a tradeoff between subnets and accommodated hosts.

  • Page 225: Ip Addressing Configuration Example

    The primary IP address you assigned to the interface can overwrite the old one if there is any. You cannot assign secondary IP addresses to an interface that has BOOTP or DHCP configured. The primary and secondary IP addresses you assign to the interface can be located on the same network segment.

  • Page 226: Displaying And Maintaining Ip Addressing

    <Switch> ping 172.16.1.2 PING 172.16.1.2: 56 data bytes, press CTRL_C to break Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=255 time=25 ms Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=255 time=27 ms Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=255 time=26 ms Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=255 time=26 ms Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=255 time=26 ms --- 172.16.1.2 ping statistics --- 5 packet(s) transmitted...

  • Page 227: Table Of Contents

    Table of Contents 1 ARP Configuration·····································································································································1-1 ARP Overview·········································································································································1-1 ARP Function ··································································································································1-1 ARP Message Format ·····················································································································1-2 ARP Address Resolution Process···································································································1-2 ARP Table ·······································································································································1-3 Configuring ARP ·····································································································································1-4 Configuring a Static ARP Entry ·······································································································1-4 Configuring the Maximum Number of ARP Entries for an Interface ···············································1-4 Setting the Aging Time for Dynamic ARP Entries ···········································································1-5 Enabling the ARP Entry Check ·······································································································1-5 Configuring ARP Quick Notify ·········································································································1-5...

  • Page 228: Arp Configuration, Arp Overview, Arp Function

    This document is organized as follows: ARP Configuration Proxy ARP Configuration ARP Configuration When configuring ARP, go to these sections for information you are interested in: ARP Overview Configuring ARP Configuring Gratuitous ARP Displaying and Maintaining ARP Support for configuring ARP Quick Notify is newly added in V05.02.00P19 of 3Com 4500G series Ethernet switches, For details, refer to Configuring ARP Quick Notify.

  • Page 229: Arp Message Format, Arp Address Resolution Process

    ARP Message Format Figure 1-1 ARP message format The following explains the fields in Figure 1-1. Hardware type: This field specifies the hardware address type. The value “1” represents Ethernet. Protocol type: This field specifies the type of the protocol address to be mapped. The hexadecimal value “0x0800”...

  • Page 230: Arp Table

    After receiving the ARP reply, Host A adds the MAC address of Host B to its ARP table. Meanwhile, Host A encapsulates the IP packet and sends it out. Figure 1-2 ARP address resolution process If Host A is not on the same subnet with Host B, Host A first sends an ARP request to the gateway. The target IP address in the ARP request is the IP address of the gateway.

  • Page 231: Configuring Arp, Configuring A Static Arp Entry

    in the non-permanent static ARP entry, the device adds the interface receiving the ARP reply to the non-permanent static ARP entry. Then the entry can be used for forwarding IP packets. Usually ARP dynamically resolves IP addresses to MAC addresses, without manual intervention. To allow communication with a device using a fixed IP-to-MAC mapping, configure a short static ARP entry for it.

  • Page 232: Enabling The Arp Entry Check, Setting The Aging Time For Dynamic Arp Entries

    To do… Use the command… Remarks Set the maximum number of Optional dynamic ARP entries that an arp max-learning-num number 2048 by default. interface can learn Setting the Aging Time for Dynamic ARP Entries To keep pace with the network changes, the ARP table is refreshed. Each dynamic ARP entry in the ARP table has a limited lifetime rather than is always valid.

  • Page 233: Arp Configuration Example

    Figure 1-3 ARP quick notify application scenario With ARP quick notify enabled, the device updates the corresponding ARP entry immediately after the change of the mapping between a MAC address and an outbound interface to ensure nonstop data forwarding. Follow these steps to enable ARP quick notify: To do…...

  • Page 234: Configuring Gratuitous Arp, Displaying And Maintaining Arp, Introduction To Gratuitous Arp

    [Sysname-GigabitEthernet1/0/1] port access vlan 10 [Sysname-GigabitEthernet1/0/1] quit [Sysname] interface vlan-interface 10 [Sysname-vlan-interface10] arp max-learning-num 1000 [Sysname-vlan-interface10] quit [Sysname] arp static 192.168.1.1 000f-e201-0000 10 gigabitethernet 1/0/1 Configuring Gratuitous ARP Introduction to Gratuitous ARP A gratuitous ARP packet is a special ARP packet, in which the sender IP address and the target IP address are both the IP address of the sender, the sender MAC address is the MAC address of the sender, and the target MAC address is the broadcast address ff:ff:ff:ff:ff:ff.

  • Page 235

    To do… Use the command… Remarks Clear ARP entries from the reset arp { all | dynamic | static | interface ARP table Available in user view interface-type interface-number } For distributed devices Clearing ARP entries from the ARP table may cause communication failures.

  • Page 236: Proxy Arp Configuration, Proxy Arp Overview, Proxy Arp

    Proxy ARP Configuration When configuring proxy ARP, go to these sections for information you are interested in: Proxy ARP Overview Enabling Proxy ARP Displaying and Maintaining Proxy ARP Proxy ARP Overview If a host sends an ARP request for the MAC address of another host that actually resides on another network (but the sending host considers the requested host is on the same network) or that is isolated from the sending host at Layer 2, the device in between must be able to respond to the request with the MAC address of the receiving interface to allow Layer 3 communication between the two hosts.

  • Page 237: Enabling Proxy Arp, Local Proxy Arp

    You can solve the problem by enabling proxy ARP on Switch. After that, Switch can reply to the ARP request from Host A with the MAC address of VLAN-interface 1, and forward packets sent from Host A to Host B. In this case, Switch seems to be a proxy of Host B. A main advantage of proxy ARP is that it is added on a single router without disturbing routing tables of other routers in the network.

  • Page 238: Displaying And Maintaining Proxy Arp, Proxy Arp Configuration Examples, Proxy Arp Configuration Example

    To do… Use the command… Remarks Required Enable local proxy ARP local-proxy-arp enable Disabled by default. Displaying and Maintaining Proxy ARP To do… Use the command… Remarks Display whether proxy ARP is display proxy-arp [ interface Available in any view enabled vlan-interface vlan-id ] Display whether local proxy...

  • Page 239: Local Proxy Arp Configuration Example In Case Of Port Isolation

    [Switch-Vlan-interface1] quit [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0 [Switch-Vlan-interface2] proxy-arp enable [Switch-Vlan-interface2] quit Local Proxy ARP Configuration Example in Case of Port Isolation Network requirements Host A and Host B belong to the same VLAN, and connect to Switch B via GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3, respectively.

  • Page 240: Local Proxy Arp Configuration Example In Isolate-user-vlan

    # Configure an IP address of VLAN-interface 2. <SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] port gigabitethernet 1/0/2 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 192.168.10.100 255.255.0.0 The ping operation from Host A to Host B is unsuccessful because they are isolated at Layer 2. # Configure local proxy ARP to let Host A and Host B communicate at Layer 3.

  • Page 241

    [SwitchB-vlan2] port gigabitethernet 1/0/2 [SwitchB-vlan2] quit [SwitchB] vlan 3 [SwitchB-vlan3] port gigabitethernet 1/0/3 [SwitchB-vlan3] quit [SwitchB] vlan 5 [SwitchB-vlan5] port gigabitethernet 1/0/1 [SwitchB-vlan5] isolate-user-vlan enable [SwitchB-vlan5] quit [SwitchB] isolate-user-vlan 5 secondary 2 3 Configure Switch A # Create VLAN 5 and add GigabitEthernet 1/0/1 to it. <SwitchA>...

  • Page 242: Table Of Contents

    Table of Contents 1 DHCP Overview··········································································································································1-1 Introduction to DHCP ······························································································································1-1 DHCP Address Allocation ·······················································································································1-2 Allocation Mechanisms····················································································································1-2 Dynamic IP Address Allocation Process ·························································································1-2 IP Address Lease Extension ···········································································································1-3 DHCP Message Format ··························································································································1-3 DHCP Options·········································································································································1-4 DHCP Options Overview ·················································································································1-4 Introduction to DHCP Options ·········································································································1-4 Self-Defined Options ·······················································································································1-5 Protocols and Standards·························································································································1-8 2 DHCP Relay Agent Configuration ············································································································2-1...

  • Page 243: Table Of Contents

    Prerequisites····································································································································4-5 Configuring DHCP Snooping to Support Option 82 ········································································4-5 Displaying and Maintaining DHCP Snooping ·························································································4-7 DHCP Snooping Configuration Examples ······························································································4-7 DHCP Snooping Configuration Example·························································································4-7 DHCP Snooping Option 82 Support Configuration Example ··························································4-8 5 BOOTP Client Configuration ····················································································································5-1 Introduction to BOOTP Client ·················································································································5-1 BOOTP Application ·························································································································5-1 Obtaining an IP Address Dynamically ·····························································································5-2 Protocols and Standards ·················································································································5-2...

  • Page 244: Dhcp Overview, Introduction To Dhcp

    This document is organized as follows: DHCP Overview DHCP Relay Agent Configuration DHCP Client Configuration DHCP Snooping Configuration BOOTP Client Configuration DHCP Overview Support for enabling the DHCP relay agent to periodically refresh dynamic client entries is newly added in V05.02.00P19 of 3Com 4500G series Ethernet switches. For details, refer to Configuring dynamic binding update interval.

  • Page 245: Dhcp Address Allocation, Allocation Mechanisms, Dynamic Ip Address Allocation Process

    A DHCP client can get an IP address and other configuration parameters from a DHCP server on another subnet via a DHCP relay agent. For information about the DHCP relay agent, refer to Introduction to DHCP Relay Agent. DHCP Address Allocation Allocation Mechanisms DHCP supports three mechanisms for IP address allocation.

  • Page 246: Ip Address Lease Extension, Dhcp Message Format

    After receiving the DHCP-ACK message, the client probes whether the IP address assigned by the server is in use by broadcasting a gratuitous ARP packet. If the client receives no response within a specified time, the client can use this IP address. Otherwise, the client sends a DHCP-DECLINE message to the server and requests an IP address again.

  • Page 247: Dhcp Options, Dhcp Options Overview, Introduction To Dhcp Options

    secs: Filled in by the client, the number of seconds elapsed since the client began address acquisition or renewal process. Currently this field is reserved and set to 0. flags: The leftmost bit is defined as the BROADCAST (B) flag. If this flag is set to 0, the DHCP server sent a reply back by unicast;...

  • Page 248: Self-defined Options

    Option 121: Classless route option. It specifies a list of classless static routes (the destination addresses in these static routes are classless) that the requesting client should add to its routing table. Option 33: Static route option. It specifies a list of classful static routes (the destination addresses in these static routes are classful) that a client should add to its routing table.

  • Page 249

    Figure 1-6 Format of the value field of the ACS parameter sub-option The value field of the service provider identifier sub-option contains the service provider identifier. Figure 1-7 shows the format of the value field of the PXE server address sub-option. Currently, the value of the PXE server type can only be 0.

  • Page 250

    Figure 1-8 Sub-option 1 in normal padding format Sub-option 2: Padded with the MAC address of the DHCP relay agent interface or the MAC address of the DHCP snooping device that received the client’s request. The following figure gives its format. The value of the sub-option type is 2, and that of the remote ID type is 0. Figure 1-9 Sub-option 2 in normal padding format Verbose padding format The padding contents for sub-options in the verbose padding format are as follows:...

  • Page 251: Protocols And Standards

    Sub-option 1: IP address of the primary network calling processor, which is a server serving as the network calling control source and providing program downloads. Sub-option 2: IP address of the backup network calling processor that DHCP clients will contact when the primary one is unreachable.

  • Page 252: Dhcp Relay Agent Configuration, Introduction To Dhcp Relay Agent

    DHCP Relay Agent Configuration When configuring the DHCP relay agent, go to these sections for information you are interested in: Introduction to DHCP Relay Agent DHCP Relay Agent Configuration Task List Configuring the DHCP Relay Agent Displaying and Maintaining DHCP Relay Agent Configuration DHCP Relay Agent Configuration Examples Troubleshooting DHCP Relay Agent Configuration The DHCP relay agent configuration is supported only on VLAN interfaces.

  • Page 253: Dhcp Relay Agent Support For Option

    Figure 2-1 DHCP relay agent application DHCP client DHCP client IP network DHCP relay agent DHCP client DHCP client DHCP server No matter whether a relay agent exists or not, the DHCP server and client interact with each other in a similar way (see section Dynamic IP Address Allocation Process).

  • Page 254: Dhcp Relay Agent Configuration Task List, Configuring The Dhcp Relay Agent, Enabling Dhcp

    If a client’s Handling requesting Padding format The DHCP relay agent will… strategy message has… Drop Random Drop the message. Forward the message without changing Keep Random Option 82. Forward the message after replacing normal the original Option 82 with the Option 82 padded in normal format.

  • Page 255: Enabling The Dhcp Relay Agent On An Interface

    Follow these steps to enable DHCP: To do… Use the command… Remarks Enter system view system-view — Required Enable DHCP dhcp enable Disabled by default. Enabling the DHCP Relay Agent on an Interface With this task completed, upon receiving a DHCP request from the enabled interface, the relay agent will forward the request to a DHCP server for address allocation.

  • Page 256: Configuring The Dhcp Relay Agent Security Functions

    To do… Use the command… Remarks Required Correlate the DHCP server dhcp relay server-select By default, no interface is group with the current interface group-id correlated with any DHCP server group. You can specify up to twenty DHCP server groups on the relay agent and eight DHCP server addresses for each DHCP server group.

  • Page 257

    Before enabling IP address check on an interface, you need to enable the DHCP service, and enable the DHCP relay agent on the interface; otherwise, the IP address check configuration is ineffective. The dhcp relay address-check enable command only checks IP and MAC addresses of clients. When using the dhcp relay security static command to bind an interface to a static binding entry, make sure that the interface is configured as a DHCP relay agent;...

  • Page 258: Configuring The Dhcp Relay Agent To Send A Dhcp-release Request

    Follow these steps to enable unauthorized DHCP server detection: To do… Use the command… Remarks Enter system view system-view — Required Enable unauthorized DHCP dhcp relay server-detect server detection Disabled by default. With the unauthorized DHCP server detection enabled, the device puts a record once for each DHCP server.

  • Page 259

    Configuring the DHCP relay agent to support Option 82 Follow these steps to configure the DHCP relay agent to support Option 82: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Required Enable the relay agent to dhcp relay information...

  • Page 260: Displaying And Maintaining Dhcp Relay Agent Configuration, Dhcp Relay Agent Configuration Examples

    Displaying and Maintaining DHCP Relay Agent Configuration To do… Use the command… Remarks Display information about DHCP display dhcp relay { all | server groups correlated to a specified interface interface-type or all interfaces interface-number } display dhcp relay information Display Option 82 configuration { all | interface interface-type information on the DHCP relay agent...

  • Page 261: Dhcp Relay Agent Option 82 Support Configuration Example

    Configuration procedure # Specify IP addresses for the interfaces (omitted). # Enable DHCP. <SwitchA> system-view [SwitchA] dhcp enable # Add DHCP server 10.1.1.1 into DHCP server group 1. [SwitchA] dhcp relay server-group 1 ip 10.1.1.1 # Enable the DHCP relay agent on VLAN-interface 1. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] dhcp select relay # Correlate VLAN-interface 1 to DHCP server group 1.

  • Page 262: Troubleshooting Dhcp Relay Agent Configuration

    # Enable the DHCP relay agent to support Option 82, and perform Option 82-related configurations. [SwitchA-Vlan-interface1] dhcp relay information enable [SwitchA-Vlan-interface1] dhcp relay information strategy replace [SwitchA-Vlan-interface1] dhcp relay information circuit-id string company001 [SwitchA-Vlan-interface1] dhcp relay information remote-id string device001 You need to perform corresponding configurations on the DHCP server to make the Option 82 configurations function normally.

  • Page 263: Dhcp Client Configuration, Introduction To Dhcp Client, Enabling The Dhcp Client On An Interface

    DHCP Client Configuration When configuring the DHCP client, go to these sections for information you are interested in: Introduction to DHCP Client Enabling the DHCP Client on an Interface Displaying and Maintaining the DHCP Client DHCP Client Configuration Example The DHCP client configuration is supported only on VLAN interfaces. When multiple VLAN interfaces with the same MAC address use DHCP for IP address acquisition via a relay agent, the DHCP server cannot be a Windows 2000 Server or Windows 2003 Server.

  • Page 264: Displaying And Maintaining The Dhcp Client, Dhcp Client Configuration Example

    An interface can be configured to acquire an IP address in multiple ways, but these ways are mutually exclusive. The latest configuration will overwrite the previous one. After the DHCP client is enabled on an interface, no secondary IP address is configurable for the interface.

  • Page 265

    <SwitchB> system-view [SwitchB] interface vlan-interface 1 [SwitchB-Vlan-interface1] ip address dhcp-alloc...

  • Page 266: Dhcp Snooping Configuration, Dhcp Snooping Overview, Function Of Dhcp Snooping

    DHCP Snooping Configuration When configuring DHCP snooping, go to these sections for information you are interested in: DHCP Snooping Overview Configuring DHCP Snooping Basic Functions Configuring DHCP Snooping to Support Option 82 Displaying and Maintaining DHCP Snooping DHCP Snooping Configuration Examples The DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP server, and it can work when it is between the DHCP client and relay agent or between the DHCP client and server.

  • Page 267: Application Environment Of Trusted Ports

    Recording IP-to-MAC mappings of DHCP clients DHCP snooping reads DHCP-REQUEST messages and DHCP-ACK messages from trusted ports to record DHCP snooping entries, including MAC addresses of clients, IP addresses obtained by the clients, ports that connect to DHCP clients, and VLANs to which the ports belong. With DHCP snooping entries, DHCP snooping can implement the following: ARP detection: Whether ARP packets are sent from an authorized client is determined based on DHCP snooping entries.

  • Page 268: Dhcp Snooping Support For Option

    Figure 4-2 Configure trusted ports in a cascaded network Table 4-1 describes roles of the ports shown in Figure 4-2. Table 4-1 Roles of ports Trusted port disabled from Trusted port enabled to Device Untrusted port recording binding entries record binding entries Switch A GE1/0/1 GE1/0/3...

  • Page 269: Configuring Dhcp Snooping Basic Functions

    If a client’s Handling Padding requesting The DHCP snooping device will… strategy format message has… Drop Random Drop the message. Forward the message without changing Keep Random Option 82. Forward the message after replacing the normal original Option 82 with the Option 82 padded in normal format.

  • Page 270: Configuring Dhcp Snooping To Support Option 82

    You need to specify the ports connected to the valid DHCP servers as trusted to ensure that DHCP clients can obtain valid IP addresses. The trusted port and the port connected to the DHCP client must be in the same VLAN. You can specify Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces as trusted ports.

  • Page 271

    To do… Use the command… Remarks dhcp-snooping information format Configure the Optional { normal | verbose padding format for [ node-identifier { mac | normal by default. Option 82 sysname | user-defined node-identifier } ] } Optional By default, the code type depends on the padding format of Option 82.

  • Page 272: Displaying And Maintaining Dhcp Snooping, Dhcp Snooping Configuration Examples, Dhcp Snooping Configuration Example

    Displaying and Maintaining DHCP Snooping To do… Use the command… Remarks display dhcp-snooping [ ip Display DHCP snooping entries ip-address ] display dhcp-snooping Display Option 82 configuration information information { all | interface Available in any on the DHCP snooping device interface-type interface-number } view Display DHCP packet statistics on the...

  • Page 273: Dhcp Snooping Option 82 Support Configuration Example

    [SwitchB-GigabitEthernet1/0/1] dhcp-snooping trust [SwitchB-GigabitEthernet1/0/1] quit DHCP Snooping Option 82 Support Configuration Example Network requirements As shown in Figure 4-3, enable DHCP snooping and Option 82 support on Switch B. Configure the handling strategy for DHCP requests containing Option 82 as replace. On GigabitEthernet 1/0/2, configure the padding content for the circuit ID sub-option as company001 and for the remote ID sub-option as device001.

  • Page 274: Bootp Client Configuration, Introduction To Bootp Client, Bootp Application

    BOOTP Client Configuration While configuring a BOOTP client, go to these sections for information you are interested in: Introduction to BOOTP Client Configuring an Interface to Dynamically Obtain an IP Address Through BOOTP Displaying and Maintaining BOOTP Client Configuration BOOTP client configuration only applies to VLAN interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows 2000 Server or Windows 2003 Server.

  • Page 275: Configuring An Interface To Dynamically Obtain An Ip Address Through Bootp

    Because a DHCP server can interact with a BOOTP client, you can use the DHCP server to configure an IP address for the BOOTP client, without any BOOTP server. Obtaining an IP Address Dynamically A DHCP server can take the place of the BOOTP server in the following dynamic IP address acquisition.

  • Page 276: Displaying And Maintaining Bootp Client Configuration, Bootp Client Configuration Example

    Displaying and Maintaining BOOTP Client Configuration To do… Use the command… Remarks Display related information on a display bootp client [ interface Available in any view BOOTP client interface-type interface-number ] BOOTP Client Configuration Example Network requirement As shown in Figure 5-1, Switch B’s port belonging to VLAN 1 is connected to the LAN.

  • Page 277: Table Of Contents

    Table of Contents 1 DNS Configuration·····································································································································1-1 DNS Overview·········································································································································1-1 Static Domain Name Resolution ·····································································································1-1 Dynamic Domain Name Resolution ································································································1-1 DNS Proxy·······································································································································1-3 Configuring the DNS Client·····················································································································1-4 Configuring Static Domain Name Resolution ··················································································1-4 Configuring Dynamic Domain Name Resolution·············································································1-4 Configuring the DNS Proxy·····················································································································1-5 Displaying and Maintaining DNS ············································································································1-5 DNS Configuration Examples ·················································································································1-5 Static Domain Name Resolution Configuration Example································································1-5 Dynamic Domain Name Resolution Configuration Example···························································1-6...

  • Page 278: Dns Configuration, Dns Overview, Static Domain Name Resolution, Dynamic Domain Name Resolution

    DNS Configuration When configuring DNS, go to these sections for information you are interested in: DNS Overview Configuring the DNS Client Configuring the DNS Proxy Displaying and Maintaining DNS DNS Configuration Examples Troubleshooting DNS Configuration This document only covers IPv4 DNS configuration. For information about IPv6 DNS configuration, refer to IPv6 Basics Configuration in the IP Services Volume.

  • Page 279

    The DNS server looks up the corresponding IP address of the domain name in its DNS database. If no match is found, it sends a query to a higher level DNS server. This process continues until a result, whether successful or not, is returned. The DNS client returns the resolution result to the application after receiving a response from the DNS server.

  • Page 280: Dns Proxy

    If an alias is configured for a domain name on the DNS server, the device can resolve the alias into the IP address of the host. DNS Proxy Introduction to DNS proxy A DNS proxy forwards DNS requests and replies between DNS clients and a DNS server. As shown in Figure 1-2, a DNS client sends a DNS request to the DNS proxy, which forwards the...

  • Page 281: Configuring The Dns Client, Configuring Static Domain Name Resolution, Configuring Dynamic Domain Name Resolution

    Configuring the DNS Client Configuring Static Domain Name Resolution Follow these steps to configure static domain name resolution: To do… Use the command… Remarks Enter system view system-view –– Configure a mapping between a host Required name and IP address in the static ip host hostname ip-address Not configured by default.

  • Page 282: Configuring The Dns Proxy, Displaying And Maintaining Dns, Dns Configuration Examples

    Configuring the DNS Proxy Follow these steps to configure the DNS proxy: To do… Use the command… Remarks Enter system view system-view — Required Enable DNS proxy dns proxy enable Disabled by default. Displaying and Maintaining DNS To do… Use the command… Remarks Display the static domain name display ip host...

  • Page 283: Dynamic Domain Name Resolution Configuration Example

    data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=128 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=128 time=4 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=128 time=3 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=128 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=128 time=3 ms --- host.com ping statistics --- 5 packet(s) transmitted 5 packet(s) received...

  • Page 284

    Figure 1-5, right click Forward Lookup Zones, select New zone, and then follow the instructions to create a new zone named com. Figure 1-5 Create a zone # Create a mapping between the host name and IP address. Figure 1-6 Add a host Figure 1-6, right click zone com, and then select New Host to bring up a dialog box as shown in Figure...

  • Page 285

    Figure 1-7 Add a mapping between domain name and IP address Configure the DNS client # Enable dynamic domain name resolution. <Sysname> system-view [Sysname] dns resolve # Specify the DNS server 2.1.1.2. [Sysname] dns server 2.1.1.2 # Configure com as the name suffix. [Sysname] dns domain com Configuration verification # Execute the ping host command on the Switch to verify that the communication between the Switch...

  • Page 286: Dns Proxy Configuration Example

    DNS Proxy Configuration Example Network requirements Specify Switch A as the DNS server of Switch B (the DNS client). Switch A acts as a DNS proxy. The IP address of the real DNS server is 4.1.1.1. Switch B implements domain name resolution through Switch A. Figure 1-8 Network diagram for DNS proxy Configuration procedure Before performing the following configuration, assume that Switch A, the DNS server, and the host are...

  • Page 287: Troubleshooting Dns Configuration

    # Specify the DNS server 2.1.1.2. [SwitchB] dns server 2.1.1.2 Configuration verification # Execute the ping host.com command on Switch B to verify that the communication between the Switch and the host is normal and that the corresponding destination IP address is 3.1.1.1. [SwitchB] ping host.com Trying DNS resolve, press CTRL_C to break Trying DNS server (2.1.1.2)

  • Page 288: Table Of Contents

    Table of Contents 1 IP Performance Optimization Configuration···························································································1-1 IP Performance Overview ·······················································································································1-1 Enabling Reception and Forwarding of Directed Broadcasts to a Directly Connected Network ············1-1 Enabling Reception of Directed Broadcasts to a Directly Connected Network·······························1-1 Enabling Forwarding of Directed Broadcasts to a Directly Connected Network ·····························1-2 Configuration Example ····················································································································1-2 Configuring TCP Optional Parameters ···································································································1-3 Configuring ICMP to Send Error Packets ·······························································································1-4...

  • Page 289: Ip Performance Overview, Enabling Reception And Forwarding Of Directed Broadcasts To A Directly Connected Network

    IP Performance Optimization Configuration When optimizing IP performance, go to these sections for information you are interested in: IP Performance Overview Enabling Reception and Forwarding of Directed Broadcasts to a Directly Connected Network Configuring TCP Optional Parameters Configuring ICMP to Send Error Packets Displaying and Maintaining IP Performance Optimization IP Performance Overview In some network environments, you can adjust the IP parameters to achieve best network performance.

  • Page 290: Enabling Forwarding Of Directed Broadcasts To A Directly Connected Network

    Enabling Forwarding of Directed Broadcasts to a Directly Connected Network Follow these steps to enable the device to forward directed broadcasts: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Required Enable the interface to forward ip forward-broadcast [ acl By default, the device is...

  • Page 291: Configuring Tcp Optional Parameters

    [SwitchA-Vlan-interface3] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 2.2.2.2 24 # Enable VLAN-interface 2 to forward directed broadcasts. [SwitchA-Vlan-interface2] ip forward-broadcast Configure Switch B # Enable Switch B to receive directed broadcasts. <SwitchB> system-view [SwitchB] ip forward-broadcast # Configure a static route to the host. [SwitchB] ip route-static 1.1.1.1 24 2.2.2.2 # Configure an IP address for VLAN-interface 2.

  • Page 292: Configuring Icmp To Send Error Packets

    Actual length of the finwait timer = (Configured length of the finwait timer – 75) + configured length of the synwait timer Configuring ICMP to Send Error Packets Sending error packets is a major function of ICMP. In case of network abnormalities, ICMP packets are usually sent by the network or transport layer protocols to notify corresponding devices so as to facilitate control and management.

  • Page 293

    If the source uses “strict source routing" to send packets, but the intermediate device finds that the next hop specified by the source is not directly connected, the device will send the source a “source routing failure” ICMP error packet. When forwarding a packet, if the MTU of the sending interface is smaller than the packet but the packet has been set “Don’t Fragment”, the device will send the source a “fragmentation needed and Don’t Fragment (DF)-set”...

  • Page 294: Displaying And Maintaining Ip Performance Optimization

    Displaying and Maintaining IP Performance Optimization To do… Use the command… Remarks Display current TCP connection state display tcp status Display TCP connection statistics display tcp statistics Display UDP statistics display udp statistics Display statistics of IP packets display ip statistics Display statistics of ICMP flows display icmp statistics Available in any view...

  • Page 295: Table Of Contents

    Table of Contents 1 UDP Helper Configuration ························································································································1-1 Introduction to UDP Helper ·····················································································································1-1 Configuring UDP Helper ·························································································································1-1 Displaying and Maintaining UDP Helper·································································································1-2 UDP Helper Configuration Examples······································································································1-2 UDP Helper Configuration Example································································································1-2...

  • Page 296: Udp Helper Configuration, Introduction To Udp Helper, Configuring Udp Helper

    UDP Helper Configuration When configuring UDP Helper, go to these sections for information you are interested in: Introduction to UDP Helper Configuring UDP Helper Displaying and Maintaining UDP Helper UDP Helper Configuration Examples UDP Helper can be currently configured on VLAN interfaces only. Introduction to UDP Helper Sometimes, a host needs to forward broadcasts to obtain network configuration information or request the names of other devices on the network.

  • Page 297: Displaying And Maintaining Udp Helper, Udp Helper Configuration Examples, Udp Helper Configuration Example

    To do… Use the command… Remarks interface interface-type Enter interface view — interface-number Required Specify the destination server to which UDP packets udp-helper server ip-address No destination server is specified are to be forwarded by default. The UDP Helper enabled device cannot forward DHCP broadcast packets. That is to say, the UDP port number cannot be set to 67 or 68.

  • Page 298

    Figure 1-1 Network diagram for UDP Helper configuration Configuration procedure The following configuration assumes that a route from Switch A to the network segment 10.2.0.0/16 is available. # Enable UDP Helper. <SwitchA> system-view [SwitchA] udp-helper enable # Enable the forwarding broadcast packets with the UDP destination port 55. [SwitchA] udp-helper port 55 # Specify the destination server 10.2.1.1 on VLAN-interface 1.

  • Page 299: Table Of Contents

    Table of Contents 1 IPv6 Basics Configuration ························································································································1-1 IPv6 Overview ·········································································································································1-1 IPv6 Features ··································································································································1-1 Introduction to IPv6 Address ···········································································································1-3 Introduction to IPv6 Neighbor Discovery Protocol···········································································1-5 IPv6 PMTU Discovery ·····················································································································1-8 Introduction to IPv6 DNS ·················································································································1-9 Protocols and Standards ·················································································································1-9 IPv6 Basics Configuration Task List ·······································································································1-9 Configuring Basic IPv6 Functions ·········································································································1-10 Enabling IPv6 ································································································································1-10 Configuring an IPv6 Unicast Address····························································································1-10...

  • Page 300: Ipv6 Overview, Ipv6 Basics Configuration, Ipv6 Features

    IPv6 Basics Configuration When configuring IPv6 basics, go to these sections for information you are interested in: IPv6 Overview IPv6 Basics Configuration Task List Configuring Basic IPv6 Functions Configuring IPv6 NDP Configuring PMTU Discovery Configuring IPv6 TCP Properties Configuring ICMPv6 Packet Sending Configuring IPv6 DNS Client Displaying and Maintaining IPv6 Basics Configuration IPv6 Configuration Example...

  • Page 301

    the IPv4 address size, the basic IPv6 header size is 40 bytes and is only twice the IPv4 header size (excluding the Options field). Figure 1-1 Comparison between IPv4 packet header format and basic IPv6 packet header format Adequate address space The source and destination IPv6 addresses are both 128 bits (16 bytes) long.

  • Page 302: Introduction To Ipv6 Address

    Enhanced neighbor discovery mechanism The IPv6 neighbor discovery protocol is implemented through a group of Internet Control Message Protocol Version 6 (ICMPv6) messages that manage the information exchange between neighbor nodes on the same link. The group of ICMPv6 messages takes the place of Address Resolution Protocol (ARP) messages, Internet Control Message Protocol version 4 (ICMPv4) router discovery messages, and ICMPv4 redirection messages and provides a series of other functions.

  • Page 303

    Anycast address: An identifier for a set of interfaces (typically belonging to different nodes). A packet sent to an anycast address is delivered to one of the interfaces identified by that address (the target interface is nearest to the source, according to a routing protocol’s measure of distance).

  • Page 304: Introduction To Ipv6 Neighbor Discovery Protocol

    Multicast address IPv6 multicast addresses listed in Table 1-2 are reserved for special purpose. Table 1-2 Reserved IPv6 multicast addresses Address Application FF01::1 Node-local scope all nodes multicast address FF02::1 Link-local scope all nodes multicast address FF01::2 Node-local scope all routers multicast address FF02::2 Link-local scope all routers multicast address FF05::2...

  • Page 305

    Duplicate address detection Router/prefix discovery and address autoconfiguration Redirection Table 1-3 lists the types and functions of ICMPv6 messages used by the NDP. Table 1-3 Types and functions of ICMPv6 messages ICMPv6 message Number Function Used to acquire the link-layer address of a neighbor Neighbor solicitation (NS) Used to verify whether the neighbor is reachable message...

  • Page 306

    After receiving the NS message, node B judges whether the destination address of the packet is its solicited-node multicast address. If yes, node B learns the link-layer address of node A, and then unicasts an NA message containing its link-layer address. Node A acquires the link-layer address of node B from the NA message.

  • Page 307: Ipv6 Pmtu Discovery

    The router returns an RA message containing information such as prefix information option. (The router also regularly sends an RA message.) The node automatically generates an IPv6 address and other information for its interface according to the address prefix and other configuration parameters in the RA message. In addition to an address prefix, the prefix information option also contains the preferred lifetime and valid lifetime of the address prefix.

  • Page 308: Ipv6 Basics Configuration Task List, Introduction To Ipv6 Dns

    The source host uses its MTU to send packets to the destination host. If the MTU supported by a forwarding interface is smaller than the packet size, the forwarding device will discard the packet and return an ICMPv6 error packet containing the interface MTU to the source host.

  • Page 309: Configuring Basic Ipv6 Functions, Enabling Ipv, Configuring An Ipv6 Unicast Address

    Task Remarks Configuring ICMPv6 Packet Sending Optional Configuring IPv6 DNS Client Optional Configuring Basic IPv6 Functions Enabling IPv6 Before performing IPv6-related configurations, you need to Enable IPv6. Otherwise, an interface cannot forward IPv6 packets even if it has an IPv6 address configured. Follow these steps to Enable IPv6: To do...

  • Page 310: Configuring Ipv6 Ndp, Configuring A Static Neighbor Entry

    To do... Use the command... Remarks Automatically Optional generate a link-local ipv6 address auto By default, after an IPv6 address for the link-local Configure site-local address or interface an IPv6 aggregatable global unicast link-local address is configured for an Manually assign a address interface, a link-local address ipv6 address...

  • Page 311: Configuring The Maximum Number Of Neighbors Dynamically Learned, Configuring Parameters Related To Ra Messages

    Follow these steps to configure a static neighbor entry: To do... Use the command... Remarks Enter system view system-view — ipv6 neighbor ipv6-address mac-address { vlan-id Configure a static port-type port-number | interface interface-type Required neighbor entry interface-number } You can adopt either of the two methods above to configure a static neighbor entry. After a static neighbor entry is configured by using the first method, the device needs to resolve the corresponding Layer 2 port information of the VLAN interface.

  • Page 312

    Table 1-4 Parameters in an RA message and their descriptions Parameters Description When sending an IPv6 packet, a host uses the value to fill the Cur Hop Limit Cur hop limit field in IPv6 headers. The value is also filled into the Cur Hop Limit field in response messages of a device.

  • Page 313

    To do… Use the command… Remarks Disable the RA Required message undo ipv6 nd ra halt By default, RA messages are suppressed. suppression Optional By default, the maximum interval for sending RA messages is 600 seconds, and Configure the the minimum interval is 200 seconds. maximum and ipv6 nd ra interval minimum intervals for...

  • Page 314: Configuring Pmtu Discovery

    Configuring the Maximum Number of Attempts to Send an NS Message for DAD An interface sends a neighbor solicitation (NS) message for duplicate address detection after acquiring an IPv6 address. If the interface does not receive a response within a specified time (determined by the ipv6 nd ns retrans-timer command), it continues to send an NS message.

  • Page 315: Configuring Ipv6 Tcp Properties, Configuring Icmpv6 Packet Sending

    Follow these steps to configure the aging time for dynamic PMTUs: To do… Use the command… Remarks Enter system view system-view — Optional Configure the aging time for ipv6 pathmtu age age-time dynamic PMTUs 10 minutes by default. Configuring IPv6 TCP Properties The IPv6 TCP properties you can configure include: synwait timer: When a SYN packet is sent, the synwait timer is triggered.

  • Page 316: Enable Sending Of Multicast Echo Replies, Enabling Sending Of Icmpv6 Time Exceeded Packets

    To do… Use the command… Remarks Enter system view system-view — Optional By default, the capacity of a token bucket is 10 Configure the Ipv6 icmp-error { bucket and the update interval is 100 milliseconds. That capacity and bucket-size | ratelimit is, at most 10 IPv6 ICMP error packets can be update interval of interval } *...

  • Page 317: Configuring Ipv6 Dns Client, Configuring Static Ipv6 Domain Name Resolution

    Configuring IPv6 DNS Client Configuring Static IPv6 Domain Name Resolution Configuring static IPv6 domain name resolution is to establish the mapping between a host name and an IPv6 address. When using such applications as Telnet, you can directly input a host name and the system will resolve the host name into an IPv6 address.

  • Page 318: Displaying And Maintaining Ipv6 Basics Configuration

    Displaying and Maintaining IPv6 Basics Configuration To do… Use the command… Remarks Display DNS suffix information display dns domain [ dynamic ] Display IPv6 dynamic domain name display dns ipv6 dynamic-host cache information Display IPv6 DNS server information display dns ipv6 server [ dynamic ] Display the IPv6 FIB entries display ipv6 fib [ ipv6-address ] Display the host name to IPv6...

  • Page 319: Ipv6 Configuration Example

    The display dns domain command is the same as the one of IPv4 DNS. For details about the commands, refer to DNS Commands in the IP Services Volume. IPv6 Configuration Example Network requirements Host, Switch A and Switch B are directly connected through Ethernet ports. Add the Ethernet ports into corresponding VLANs, configure IPv6 addresses for the VLAN interfaces and verify the connectivity between them.

  • Page 320

    Configure Switch B # Enable IPv6. <SwitchB> system-view [SwitchB] ipv6 # Configure an aggregatable global unicast address for VLAN-interface 2. [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] ipv6 address 3001::2/64 # Configure an IPv6 static route with destination IP address 2001::/64 and next hop address 3001::1. [SwitchB-Vlan-interface2] ipv6 route-static 2001:: 64 3001::1 Configure Host Enable IPv6 for Host to automatically get an IPv6 address through IPv6 NDP.

  • Page 321

    ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: 25747 OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: [SwitchA-Vlan-interface1] display ipv6 interface vlan-interface 1 verbose Vlan-interface1 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1C0 Global unicast address(es): 2001::1, subnet is 2001::/64 Joined group address(es):...

  • Page 322

    ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: 1012 OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Display the IPv6 interface settings on Switch B. [SwitchB-Vlan-interface2] display ipv6 interface vlan-interface 2 verbose Vlan-interface2 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1234 Global unicast address(es): 3001::2, subnet is 3001::/64...

  • Page 323

    OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Ping Switch A and Switch B on Host, and ping Switch A and Host on Switch B to verify the connectivity between them. When you ping a link-local address, you should use the “–i” parameter to specify an interface for the link-local address.

  • Page 324: Troubleshooting Ipv6 Basics Configuration

    Troubleshooting IPv6 Basics Configuration Symptom The peer IPv6 address cannot be pinged. Solution Use the display current-configuration command in any view or the display this command in system view to verify that IPv6 is enabled. Use the display ipv6 interface command in any view to verify that the IPv6 address of the interface is correct and the interface is up.

  • Page 325: Table Of Contents

    Table of Contents 1 Dual Stack Configuration··························································································································1-1 Dual Stack Overview·······························································································································1-1 Configuring Dual Stack ···························································································································1-1...

  • Page 326: Dual Stack Overview, Configuring Dual Stack, Dual Stack Configuration

    Dual Stack Configuration When configuring dual stack, go to these sections for information you are interested in: Dual Stack Overview Configuring Dual Stack Dual Stack Overview Dual stack is the most direct approach to making IPv6 nodes compatible with IPv4 nodes. The best way for an IPv6 node to be compatible with an IPv4 node is to maintain a complete IPv4 stack.

  • Page 327

    To do… Use the command… Remarks Required ip address ip-address By default, no IP Configure an IPv4 address for the interface { mask | mask-length } address is [ sub ] configured. ipv6 address Use either Manually specify { ipv6-address prefix-length command.

  • Page 328: Table Of Contents

    Table of Contents 1 sFlow Configuration ··································································································································1-1 sFlow Overview·······································································································································1-1 Introduction to sFlow ·······················································································································1-1 Operation of sFlow ··························································································································1-1 Configuring sFlow ···································································································································1-2 Displaying and Maintaining sFlow···········································································································1-2 sFlow Configuration Example ·················································································································1-3 Troubleshooting sFlow Configuration ·····································································································1-4 The Remote sFlow Collector Cannot Receive sFlow Packets ························································1-4...

  • Page 329: Sflow Configuration, Sflow Overview, Introduction To Sflow, Operation Of Sflow

    Supporting traffic monitoring on Gigabit and higher-speed networks. Providing scalability to allow one sFlow collector to monitor multiple or more sFlow agents. Implementing the low-cost sFlow agent. Currently, only the sFlow agent function is supported on 3Com Switch 4500G family. Operation of sFlow sFlow operates as follows: With sFlow enabled, a physical port encapsulates sampled data into packets and sends them to the sFlow agent.

  • Page 330: Configuring Sflow, Displaying And Maintaining Sflow

    200000 by default. a packet The sFlow agent and sFlow collector must not have the same IP address. Currently, you can specify at most two sFlow collectors on 3Com Switch 4500G family. Displaying and Maintaining sFlow To do… Use the command…...

  • Page 331: Sflow Configuration Example

    sFlow Configuration Example Network requirements Host A and Server are connected to Switch through GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 respectively. Host B works as an sFlow collector with IP address 3.3.3.2 and port number 6343, and is connected to Switch through GigabitEthernet 1/0/3. GigabitEthernet 1/0/3 belongs to VLAN 1, having an IP address of 3.3.3.1.

  • Page 332: Troubleshooting Sflow Configuration, The Remote Sflow Collector Cannot Receive Sflow Packets

    Collector IP:3.3.3.2 Port:6343 Interval(s): 30 sFlow Port Information: Interface Direction Rate Mode Status Eth1/1 In/Out 100000 Random Active Troubleshooting sFlow Configuration The Remote sFlow Collector Cannot Receive sFlow Packets Symptom The remote sFlow collector cannot receive sFlow packets. Analysis sFlow is not enabled globally because the sFlow agent or/and the sFlow collector is/are not specified.

  • Page 333

    IP Routing Volume Organization Manual Version 6W101-20100310 Product Version V05.02.00 Organization The IP Routing Volume is organized as follows: Features Description This document describes: IP Routing Overview Introduction to IP routing and routing table Routing protocol overview A static route is manually configured by the administrator. The proper configuration and usage of static routes can improve network performance and ensure bandwidth for important network applications.

  • Page 334

    Table of Contents 1 IP Routing Overview··································································································································1-1 Routing····················································································································································1-1 Routing Table and FIB Table ··········································································································1-1 Routing Protocol Overview ·····················································································································1-3 Static Routing and Dynamic Routing·······························································································1-3 Routing Protocols and Routing Priority ···························································································1-3 Displaying and Maintaining a Routing Table···························································································1-4...

  • Page 335: Ip Routing Overview

    IP Routing Overview Go to these sections for information you are interested in: Routing Routing Protocol Overview Displaying and Maintaining a Routing Table The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. ting Routing in the Internet is achieved through routers.

  • Page 336

    A local routing table store s the routes found by all protocols and determines the optimal routes that the router will deliver to the FIB table to guide p acket forwarding. The selection of an optimal route is based on the preferences of routing protoc ols and metrics of routes.

  • Page 337: Routing Protocol Overview, Static Routing And Dynamic Routing, Routing Protocols And Routing Priority

    Figure 1-1 A sample routing tabl Router A Router F 17.0.0.1 17.0.0.0 17.0.0.3 16.0.0.2 11.0.0.2 17.0.0.2 Router D 16.0.0.0 11.0.0.0 14.0.0.3 11.0.0.1 16.0.0.1 14.0.0.2 14.0.0.4 Router B Router G 14.0.0.0 15.0.0.2 12.0.0.1 14.0.0.1 Router E 12.0.0.0 15.0.0.0 13.0.0.2 15.0.0.1 12.0.0.2 13.0.0.3 13.0.0.1 13.0.0.0...

  • Page 338: Displaying And Maintaining A Routing Table

    Routing approach Priority DIRECT STATIC UNKNOWN The smaller the priority value, the higher the priority. The priority for a direct route is always 0, which you cannot change. Any other type of routes can have their priorities manually configured. Each static route can be configured with a different priority. IPv4 and IPv6 routes have their own respective routing tables.

  • Page 339

    To do… Use the command… Remarks Display routing information display ipv6 routing-table acl acl6-number Available in any permitted by an IPv6 ACL [ verbose ] view Display routing information display ipv6 routing-table ipv6-prefix Available in any permitted by an IPv6 prefix list ipv6-prefix-name [ verbose ] view Display IPv6 routing...

  • Page 340: Table Of Contents

    Table of Contents 1 Static Routing Configuration····················································································································1-1 Introduction ·············································································································································1-1 Static Route ·····································································································································1-1 Default Route···································································································································1-1 Application Environment of Static Routing ······················································································1-2 Configuring a Static Route ······················································································································1-2 Configuration Prerequisites ·············································································································1-2 Configuration Procedure··················································································································1-3 Detecting Reachability of the Static Route’s Nexthop ············································································1-3 Detecting Nexthop Reachability Through Track··············································································1-3 Displaying and Maintaining Static Routes·······························································································1-4 Static Route Configuration Example ·······································································································1-5 Basic Static Route Configuration Example······················································································1-5...

  • Page 341: Static Routing Configuration, Static Route, Default Route

    Static Routing Configuration When configuring a static route, go to these sections for information you are interested in: Introduction Configuring a Static Route Detecting Reachability of the Static Route’s Nexthop Displaying and Maintaining Static Routes Static Route Configuration Example The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. Introduction Static Route A static route is a manually configured.

  • Page 342: Configuring A Static Route, Application Environment Of Static Routing

    The network administrator can configure a default route with both destination and mask being 0.0.0.0. The router forwards any packet whose destination address fails to match any entry in the routing table to the next hop of the default static route. Some dynamic routing protocols, such as RIP.

  • Page 343: Detecting Reachability Of The Static Route's Nexthop, Detecting Nexthop Reachability Through Track

    Configuration Procedure Follow these steps to configure a static route: To do… Use the command… Remarks Enter system view system-view — Required By default, ip route-static dest-address { mask | mask-length } preference for { next-hop-address | interface-type interface-number Configure a static static routes is 60, [ next-hop-address ] } [ preference route...

  • Page 344: Displaying And Maintaining Static Routes

    Network requirements To detect the reachability of a static route's nexthop through a Track entry, you need to create a Track first. For detailed Track configuration procedure, refer to Track Configuration in the High Availability Volume. Configuration procedure Follow these steps to detect the reachability of a static route's nexthop through Track: To do…...

  • Page 345: Static Route Configuration Example, Basic Static Route Configuration Example

    Static Route Configuration Example Basic Static Route Configuration Example Network requirements The IP addresses and masks of the switches and hosts are shown in the following figure. Static routes are required for interconnection between any two hosts. Figure 1-1 Network diagram for static route configuration Configuration procedure Configuring IP addresses for interfaces (omitted) Configuring static routes...

  • Page 346

    Destination/Mask Proto Cost NextHop Interface 0.0.0.0/0 Static 60 1.1.4.2 Vlan500 1.1.2.0/24 Direct 0 1.1.2.3 Vlan300 1.1.2.3/32 Direct 0 127.0.0.1 InLoop0 1.1.4.0/30 Direct 0 1.1.4.1 Vlan500 1.1.4.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Display the IP routing table of Switch B.

  • Page 347

    <1 ms <1 ms <1 ms 1.1.6.1 <1 ms <1 ms <1 ms 1.1.4.1 1 ms <1 ms <1 ms 1.1.2.2 Trace complete.

  • Page 348: Table Of Contents

    Table of Contents 1 RIP Configuration ······································································································································1-1 RIP Overview ··········································································································································1-1 Operation of RIP······························································································································1-1 Operation of RIP······························································································································1-2 RIP Version ·····································································································································1-2 RIP Message Format·······················································································································1-3 Supported RIP Features··················································································································1-5 Protocols and Standards ·················································································································1-5 Configuring RIP Basic Functions ············································································································1-5 Configuration Prerequisites ·············································································································1-5 Configuration Procedure··················································································································1-5 Configuring RIP Route Control ···············································································································1-7 Configuring an Additional Routing Metric ························································································1-7 Configuring RIPv2 Route Summarization························································································1-8 Disabling Host Route Reception ·····································································································1-9...

  • Page 349: Rip Configuration, Rip Overview, Operation Of Rip

    RIP Configuration The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. When configuring RIP, go to these sections for information you are interested in: RIP Overview Configuring RIP Basic Functions Configuring RIP Route Control Configuring RIP Network Optimization Displaying and Maintaining RIP...

  • Page 350: Rip Version

    Egress interface: Packet outgoing interface. Metric: Cost from the local router to the destination. Route time: Time elapsed since the routing entry was last updated. The time is reset to 0 every time the routing entry is updated. Route tag: Identifies a route, used in a routing policy to flexibly control routes. For information about routing policy, refer to Routing Policy Configuration in the IP Routing Volume.

  • Page 351: Rip Message Format

    RIPv1, a classful routing protocol, supports message advertisement via broadcast only. RIPv1 protocol messages do not carry mask information, which means it can only recognize routing information of natural networks such as Class A, B, C. That is why RIPv1 does not support discontiguous subnets. RIPv2 is a classless routing protocol.

  • Page 352

    RIPv2 message format The format of RIPv2 message is similar to RIPv1. Figure 1-2 shows it. Figure 1-2 RIPv2 Message Format The differences from RIPv1 are stated as following. Version: Version of RIP. For RIPv2 the value is 0x02. Route Tag: Route Tag. IP Address: Destination IP address.

  • Page 353: Configuring Rip Basic Functions, Supported Rip Features

    RFC 1723 only defines plain text authentication. For information about MD5 authentication, refer to RFC 2453 “RIP Version 2”. With RIPv1, you can configure the authentication mode in interface view. However, the configuration will not take effect because RIPv1 does not support authentication. Supported RIP Features The current implementation supports the following RIP features.

  • Page 354

    If you make some RIP configurations in interface view before enabling RIP, those configurations will take effect after RIP is enabled. RIP runs only on the interfaces residing on the specified networks. Therefore, you need to specify the network after enabling RIP to validate RIP on a specific interface. You can enable RIP on all interfaces using the command network 0.0.0.0.

  • Page 355: Configuring Rip Route Control

    Follow these steps to configure a RIP version: To do… Use the command… Remarks Enter system view system-view –– Enter RIP view rip [ process-id ] –– Optional By default, if an interface has a RIP version specified, the version takes precedence over the global one.

  • Page 356: Configuring Ripv2 Route Summarization

    The outbound additional metric is added to the metric of a sent route, and the route’s metric in the routing table is not changed. The inbound additional metric is added to the metric of a received route before the route is added into the routing table, and the route’s metric is changed.

  • Page 357: Disabling Host Route Reception

    To do… Use the command… Remarks rip summary-address ip-address Advertise a summary route Required { mask | mask-length } You need to disable RIPv2 route automatic summarization before advertising a summary route on an interface. Disabling Host Route Reception Sometimes a router may receive from the same network many host routes, which are not helpful for routing and consume a large amount of network resources.

  • Page 358: Configuring Inbound/outbound Route Filtering

    To do… Use the command… Remarks Optional Enable RIP to advertise a default-route { only | originate } default route [ cost cost ] Not enabled by default Return to system view quit –– interface interface-type Enter interface view –– interface-number Optional rip default-route { { only |...

  • Page 359: Configuring Rip Network Optimization, Configuring A Priority For Rip

    Configuring a Priority for RIP Multiple IGP protocols may run in a router. If you want RIP routes to have a higher priority than those learned by other routing protocols, you can assign RIP a smaller priority value to influence optimal route selection.

  • Page 360: Configuring Rip Timers

    Configuring RIP Timers Follow these steps to configure RIP timers: To do… Use the command… Remarks Enter system view system-view –– Enter RIP view rip [ process-id ] –– Optional timers { garbage-collect garbage-collect-value | suppress The default update timer, timeout Configure values for suppress-value | timeout timer, suppress timer, and...

  • Page 361: Enabling Zero Field Check On Incoming Ripv1 Messages

    To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Required Enable poison reverse rip poison-reverse Disabled by default Enabling Zero Field Check on Incoming RIPv1 Messages Some fields in the RIPv1 message must be zero. These fields are called zero fields. You can enable zero field check on received RIPv1 messages.

  • Page 362: Configuring Ripv2 Message Authentication, Specifying A Rip Neighbor

    Configuring RIPv2 Message Authentication RIPv2 supports two authentication modes: plain text and MD5. In plain text authentication, the authentication information is sent with the RIP message, which however cannot meet high security needs. Follow these steps to configure RIPv2 message authentication: To do…...

  • Page 363: Displaying And Maintaining Rip, Configuring Rip-to-mib Binding, Configuring The Rip Packet Sending Rate

    Configuring RIP-to-MIB Binding This task allows you to enable a specific RIP process to receive SNMP requests. Follow these steps to bind RIP to MIB: To do… Use the command… Remarks Enter system view system-view –– Optional Bind RIP to MIB rip mib-binding process-id By default, MIB is bound to RIP process 1.

  • Page 364: Rip Configuration Examples, Configuring Rip Version

    RIP Configuration Examples Configuring RIP Version Network requirements As shown in Figure 1-4, enable RIPv2 on all interfaces on Switch A and Switch B. Figure 1-4 Network diagram for RIP version configuration Configuration procedure Configure an IP address for each interface (only the IP address configuration for the VLAN interfaces is given in the following examples) # Configure Switch A.

  • Page 365

    # Display the RIP routing table of Switch A. [SwitchA] display rip 1 route Route Flags: R - RIP, T - TRIP P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect -------------------------------------------------------------------------- Peer 192.168.1.2 on Vlan-interface100 Destination/Mask Nexthop Cost Flags...

  • Page 366

    Configure route redistribution on Switch B to make RIP 200 redistribute direct routes and routes from RIP 100. Thus, Switch C can learn routes destined for 10.2.1.0/24 and 11.1.1.0/24, while Switch A cannot learn routes destined for 12.3.1.0/24 and 16.4.1.0/24. Configure a filtering policy on Switch B to filter out the route 10.2.1.1/24 from RIP 100, making the route not advertised to Switch C.

  • Page 367

    [SwitchC] display ip routing-table Routing Tables: Public Destinations : 6 Routes : 6 Destination/Mask Proto Cost NextHop Interface 12.3.1.0/24 Direct 0 12.3.1.2 Vlan200 12.3.1.2/32 Direct 0 127.0.0.1 InLoop0 16.4.1.0/24 Direct 0 16.4.1.1 Vlan400 16.4.1.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32...

  • Page 368: Configuring An Additional Metric For A Rip Interface

    16.4.1.0/24 Direct 0 16.4.1.1 Vlan400 16.4.1.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configuring an Additional Metric for a RIP Interface Network requirements As shown in the following figure: RIP is enabled on all the interfaces of Switch A, Switch B, Switch C, Switch D, and Switch E. The switches are interconnected through RIPv2.

  • Page 369: Troubleshooting Rip

    [SwitchC-rip-1] network 1.0.0.0 [SwitchC-rip-1] version 2 [SwitchC-rip-1] undo summary # Configure Switch D. <SwitchD> system-view [SwitchD] rip 1 [SwitchD-rip-1] network 1.0.0.0 [SwitchD-rip-1] version 2 [SwitchD-rip-1] undo summary # Configure Switch E. <SwitchE> system-view [SwitchE] rip 1 [SwitchE-rip-1] network 1.0.0.0 [SwitchE-rip-1] version 2 [SwitchE-rip-1] undo summary # Display the IP routing table of Switch A.

  • Page 370: Route Oscillation Occurred

    No RIP updates are received when the links work well. Analysis: After enabling RIP, you must use the network command to enable corresponding interfaces. Make sure no interfaces are disabled from handling RIP messages. If the peer is configured to send multicast messages, the same should be configured on the local end. Solution: Use the display current-configuration command to check RIP configuration Use the display rip command to check whether some interface is disabled...

  • Page 371

    Table of Contents 1 IPv6 Static Routing Configuration ···········································································································1-1 Introduction to IPv6 Static Routing··········································································································1-1 Features of IPv6 Static Routes········································································································1-1 Default IPv6 Route ··························································································································1-1 Configuring an IPv6 Static Route············································································································1-1 Configuration prerequisites ·············································································································1-1 Configuring an IPv6 Static Route ····································································································1-2 Displaying and Maintaining IPv6 Static Routes ······················································································1-2 IPv6 Static Routing Configuration Example ····························································································1-2...

  • Page 372: Ipv6 Static Routing Configuration, Introduction To Ipv6 Static Routing, Configuring An Ipv6 Static Route

    IPv6 Static Routing Configuration When configuring IPv6 Static Routing, go to these sections for information you are interested in: Introduction to IPv6 Static Routing Configuring an IPv6 Static Route Displaying and Maintaining IPv6 Static Routes IPv6 Static Routing Configuration Example The term “router”...

  • Page 373: Displaying And Maintaining Ipv6 Static Routes, Ipv6 Static Routing Configuration Example

    Enabling IPv6 packet forwarding Ensuring that the neighboring nodes are IPv6 reachable Configuring an IPv6 Static Route Follow these steps to configure an IPv6 static route: To do… Use the commands… Remarks Enter system view system-view — Required ipv6 route-static ipv6-address prefix-length [ interface-type The default Configure an IPv6 static route...

  • Page 374

    Figure 1-1 Network diagram for static routes Configuration procedure Configure the IPv6 addresses of all VLAN interfaces (Omitted) Configure IPv6 static routes. # Configure the default IPv6 static route on SwitchA. <SwitchA> system-view [SwitchA] ipv6 route-static :: 0 4::2 # Configure two IPv6 static routes on SwitchB. <SwitchB>...

  • Page 375

    NextHop : 1::1 Preference Interface : Vlan-interface100 Cost Destination : 1::1/128 Protocol : Direct NextHop : ::1 Preference Interface : InLoop0 Cost Destination : FE80::/10 Protocol : Direct NextHop : :: Preference Interface : NULL0 Cost # Verify the connectivity with the ping command. [SwitchA] ping ipv6 3::1 PING 3::1 : 56 data bytes, press CTRL_C to break...

  • Page 376: Table Of Contents

    Table of Contents 1 RIPng Configuration··································································································································1-1 Introduction to RIPng ······························································································································1-1 RIPng Working Mechanism ·············································································································1-1 RIPng Packet Format ······················································································································1-2 RIPng Packet Processing Procedure ······························································································1-3 Protocols and Standards ·················································································································1-3 Configuring RIPng Basic Functions ········································································································1-3 Configuration Prerequisites ·············································································································1-3 Configuration Procedure··················································································································1-4 Configuring RIPng Route Control ···········································································································1-4 Configuring an Additional Routing Metric ························································································1-4 Configuring RIPng Route Summarization ·······················································································1-5 Advertising a Default Route·············································································································1-5...

  • Page 377: Ripng Configuration, Introduction To Ripng, Ripng Working Mechanism

    RIPng Configuration When configuring RIPng, go to these sections for information you are interested in: Introduction to RIPng Configuring RIPng Basic Functions Configuring RIPng Route Control Tuning and Optimizing the RIPng Network Displaying and Maintaining RIPng RIPng Configuration Example The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. Introduction to RIPng RIP next generation (RIPng) is an extension of RIP-2 for IPv4.

  • Page 378: Ripng Packet Format

    Each RIPng router maintains a routing database, including route entries of all reachable destinations. A route entry contains the following information: Destination address: IPv6 address of a host or a network. Next hop address: IPv6 address of a neighbor along the path to the destination. Egress interface: Outbound interface that forwards IPv6 packets.

  • Page 379: Configuring Ripng Basic Functions, Ripng Packet Processing Procedure

    Figure 1-3 IPv6 prefix RTE format IPv6 prefix (16 octets) Route tag Prefix length Metric IPv6 prefix: Destination IPv6 address prefix. Route tag: Route tag. Prefix len: Length of the IPv6 address prefix. Metric: Cost of a route. RIPng Packet Processing Procedure Request packet When a RIPng router first starts or needs to update some entries in its routing table, generally a multicast request packet is sent to ask for needed routes from neighbors.

  • Page 380: Configuring Ripng Route Control

    Configure an IP address for each interface, and make sure all nodes are reachable to one another. Configuration Procedure Follow these steps to configure the basic RIPng functions: To do… Use the command… Remarks Enter system view system-view –– Required Create a RIPng process and ripng [ process-id ] enter RIPng view...

  • Page 381: Configuring Ripng Route Summarization

    The inbound additional metric is added to the metric of a received route before the route is added into the routing table, so the route’s metric is changed. Follow these steps to configure an inbound/outbound additional routing metric: To do… Use the command…...

  • Page 382: Configuring A Ripng Route Filtering Policy, Configuring A Priority For Ripng, Configuring Ripng Route Redistribution

    Configuring a RIPng Route Filtering Policy You can reference a configured IPv6 ACL or prefix list to filter received/advertised routing information as needed. For filtering outbound routes, you can also specify a routing protocol from which to filter routing information redistributed. Follow these steps to configure a RIPng route filtering policy: To do…...

  • Page 383: Tuning And Optimizing The Ripng Network, Configuring Ripng Timers

    Tuning and Optimizing the RIPng Network This section describes how to tune and optimize the performance of the RIPng network as well as applications under special network environments. Before tuning and optimizing the RIPng network, complete the following tasks: Configure a network layer address for each interface Configure the basic RIPng functions This section covers the following topics: Configuring RIPng Timers...

  • Page 384: Configuring Zero Field Check On Ripng Packets

    same interface to prevent routing loops between neighbors. Follow these steps to configure split horizon: To do… Use the command… Remarks Enter system view system-view –– Enter interface view interface interface-type interface-number –– Optional Enable the split horizon ripng split-horizon function Enabled by default Generally, you are recommended to enable split horizon to prevent routing loops.

  • Page 385: Displaying And Maintaining Ripng, Ripng Configuration Example, Configure Ripng Basic Functions

    Displaying and Maintaining RIPng To do… Use the command… Remarks Display configuration display ripng [ process-id ] Available in any view information of a RIPng process Display routes in the RIPng display ripng process-id database Available in any view database Display the routing information display ripng process-id route Available in any view...

  • Page 386

    [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] ripng 1 enable [SwitchB-Vlan-interface200] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ripng 1 enable [SwitchB-Vlan-interface100] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ripng 1 [SwitchC-ripng-1] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] ripng 1 enable [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 500 [SwitchC-Vlan-interface500] ripng 1 enable [SwitchC-Vlan-interface500] quit...

  • Page 387

    via FE80::200:2FF:FE64:8904, cost 2, tag 0, A, 31 Sec Dest 5::/64, via FE80::200:2FF:FE64:8904, cost 2, tag 0, A, 31 Sec Dest 3::/64, via FE80::200:2FF:FE64:8904, cost 1, tag 0, A, 31 Sec Configure Switch B to filter incoming and outgoing routes. [SwitchB] acl ipv6 number 2000 [SwitchB-acl6-basic-2000] rule deny source 3::/64 [SwitchB-acl6-basic-2000] rule permit...

  • Page 388: Table Of Contents

    Table of Contents 1 Route Policy Configuration ······················································································································1-1 Introduction to Route Policy ····················································································································1-1 Route Policy Application··················································································································1-1 Route Policy Implementation···········································································································1-1 Filters ···············································································································································1-2 Route Policy Application··················································································································1-2 Route Policy Configuration Task List ······································································································1-2 Defining Filters ········································································································································1-3 Prerequisites····································································································································1-3 Defining an IP-prefix List ·················································································································1-3 Configuring a Route Policy ·····················································································································1-4 Prerequisites····································································································································1-4 Creating a Route Policy···················································································································1-5 Defining if-match Clauses················································································································1-5...

  • Page 389: Route Policy Configuration, Introduction To Route Policy, Route Policy Application, Route Policy Implementation

    Route Policy Configuration A route policy is used on a router for route filtering and attributes modification when routes are received, advertised, or redistributed. When configuring route policy, go to these sections for information you are interested in: Introduction to Route Policy Route Policy Configuration Task List Defining Filters Configuring a Route Policy...

  • Page 390: Route Policy Configuration Task List

    Filters There are six types of filters: ACL, IP prefix list, and route policy. ACL involves IPv4 ACL and IPv6 ACL. An ACL is configured to match the destinations or next hops of routing information. For ACL configuration, refer to ACL configuration in the Security Volume. IP prefix list IP prefix list involves IPv4 and IPv6 prefix list.

  • Page 391: Defining Filters, Defining An Ip-prefix List

    Task Defining Filters Defining an IP-prefix List Creating a Route Policy Configuring a Route Policy Defining if-match Clauses Defining apply Clauses Defining Filters Prerequisites Before configuring this task, you need to decide on: IP-prefix list name Matching address range Defining an IP-prefix List Define an IPv4 prefix list Identified by name, an IPv4 prefix list can comprise multiple items.

  • Page 392: Configuring A Route Policy

    Define an IPv6 prefix list Identified by name, each IPv6 prefix list can comprise multiple items. Each item specifies a prefix range to match and is identified by an index number. An item with a smaller index number is matched first. If one item is matched, the IPv6 prefix list is passed, and the routing information will not go to the next item.

  • Page 393: Creating A Route Policy, Defining If-match Clauses

    Name of the route policy, and node numbers Match criteria Attributes to be modified Creating a Route Policy Follow these steps to create a route policy: To do… Use the command… Remarks Enter system view system-view — Create a route policy, specify a route-policy route-policy-name { permit | node for it and enter route Required...

  • Page 394: Defining Apply Clauses

    To do… Use the command… Remarks Match IPv4 routing if-match ip { next-hop | information whose next Optional route-source } { acl hop or source is acl-number | ip-prefix Not configured by default. specified in the ACL or ip-prefix-name } IP prefix list if-match ipv6 { address | Match IPv6 routing information...

  • Page 395: Displaying And Maintaining The Route Policy, Route Policy Configuration Example

    To do… Use the command… Remarks Optional Not set by default. apply ip-address for IPv4 routes next-hop ip-address The setting does not apply to redistributed routing information. Set the next Optional apply ipv6 next-hop Not set by default. for IPv6 routes ipv6-address The setting does not apply to redistributed routing information.

  • Page 396

    Figure 1-1 Network diagram for route policy application to route redistribution Configuration procedure Configure Switch A. # Configure IP addresses of the interfaces (omitted). # Configure RIP basic functions. <SwitchA> system-view [SwitchA] rip [SwitchA-rip-1] version 2 [SwitchA-rip-1] undo summary [SwitchA-rip-1] network 192.168.1.0 [SwitchA-rip-1] quit # Configure three static routes.

  • Page 397: Applying A Route Policy To Ipv6 Route Redistribution

    Display the RIP routing table of Switch B and verify the configuration. [SwitchB] display rip 1 route Route Flags: R - RIP, T - TRIP Permanent, Aging, Suppressed, Garbage-collect ---------------------------------------------------------------------- Peer 192.168.1.3 on Vlan-interface100 Destination/Mask Nexthop Cost Flags 20.0.0.0/8 192.168.1.3 40.0.0.0/8 192.168.1.3 The display shows that Switch B has only the routing information permitted by ACL 2000.

  • Page 398: Troubleshooting Route Policy Configuration, Ipv4 Routing Information Filtering Failure

    [SwitchA] ipv6 route-static 20:: 32 11::2 [SwitchA] ipv6 route-static 30:: 32 11::2 [SwitchA] ipv6 route-static 40:: 32 11::2 # Configure a route policy. [SwitchA] ip ipv6-prefix a index 10 permit 30:: 32 [SwitchA] route-policy static2ripng deny node 0 [SwitchA-route-policy] if-match ipv6 address prefix-list a [SwitchA-route-policy] quit [SwitchA] route-policy static2ripng permit node 10 [SwitchA-route-policy] quit...

  • Page 399: Ipv6 Routing Information Filtering Failure

    Analysis At least one item of the IP prefix list should be configured as permit mode, and at least one node in the Route policy should be configured as permit mode. Solution Use the display ip ip-prefix command to display IP prefix list information. Use the display route-policy command to display route policy information.

  • Page 400

    IP Multicast Volume Organization Manual Version 6W101-20100310 Product Version V05.02.00 Organization The IP Multicast Volume is organized as follows: Features Description This document describes the main concepts in multicast: Introduction to Multicast Multicast Overview Multicast Models Multicast Architecture Multicast Packets Forwarding Mechanism Running at the data link layer, IGMP Snooping is a multicast control mechanism on the Layer 2 Ethernet switch and it is used for multicast group management and control.

  • Page 401: Table Of Contents

    Table of Contents 1 Multicast Overview ····································································································································1-1 Introduction to Multicast ··························································································································1-1 Comparison of Information Transmission Techniques····································································1-1 Features of Multicast ·······················································································································1-4 Common Notations in Multicast·······································································································1-5 Advantages and Applications of Multicast·······················································································1-5 Multicast Models ·····································································································································1-5 Multicast Architecture······························································································································1-6 Multicast Addresses ························································································································1-7 Multicast Protocols ························································································································1-11 Multicast Packet Forwarding Mechanism ·····························································································1-13...

  • Page 402: Multicast Overview, Introduction To Multicast

    Multicast Overview This manual chiefly focuses on the IP multicast technology and device operations. Unless otherwise stated, the term “multicast” in this document refers to IP multicast. Introduction to Multicast As a technique coexisting with unicast and broadcast, the multicast technique effectively addresses the issue of point-to-multipoint data transmission.

  • Page 403

    Figure 1-1 Unicast transmission Host A Receiver Host B Source Host C Receiver Host D IP network Receiver Packets for Host B Host E Packets for Host D Packets for Host E Assume that Host B, Host D and Host E need the information. A separate transmission channel needs to be established from the information source to each of these hosts.

  • Page 404

    Figure 1-2 Broadcast transmission Assume that only Host B, Host D, and Host E need the information. If the information is broadcast to the subnet, Host A and Host C also receive it. In addition to information security issues, this also causes traffic flooding on the same subnet.

  • Page 405: Features Of Multicast

    Figure 1-3 Multicast transmission The multicast source (Source in the figure) sends only one copy of the information to a multicast group. Host B, Host D and Host E, which are receivers of the information, need to join the multicast group. The routers on the network duplicate and forward the information based on the distribution of the group members.

  • Page 406: Multicast Models, Common Notations In Multicast, Advantages And Applications Of Multicast

    For a better understanding of the multicast concept, you can assimilate multicast transmission to the transmission of TV programs, as shown in Table 1-1. Table 1-1 An analogy between TV transmission and multicast transmission TV transmission Multicast transmission A TV station transmits a TV program through A multicast source sends multicast data to a a channel.

  • Page 407: Multicast Architecture

    ASM model In the ASM model, any sender can send information to a multicast group as a multicast source, and numbers of receivers can join a multicast group identified by a group address and obtain multicast information addressed to that multicast group. In this model, receivers are not aware of the position of multicast sources in advance.

  • Page 408: Multicast Addresses

    Multicast Addresses To allow communication between multicast sources and multicast group members, network-layer multicast addresses, namely, multicast IP addresses must be provided. In addition, a technique must be available to map multicast IP addresses to link-layer multicast MAC addresses. IP multicast addresses IPv4 multicast addresses Internet Assigned Numbers Authority (IANA) assigned the Class D address space (224.0.0.0 to 239.255.255.255) for IPv4 multicast.

  • Page 409

    Address Description 224.0.0.7 Shared Tree (ST) routers 224.0.0.8 ST hosts 224.0.0.9 Routing Information Protocol version 2 (RIPv2) routers 224.0.0.11 Mobile agents 224.0.0.12 Dynamic Host Configuration Protocol (DHCP) server/relay agent 224.0.0.13 All Protocol Independent Multicast (PIM) routers 224.0.0.14 Resource Reservation Protocol (RSVP) encapsulation 224.0.0.15 All Core-Based Tree (CBT) routers 224.0.0.16...

  • Page 410

    Description When set to 0, it indicates that this address is an IPv6 multicast address permanently-assigned by IANA When set to 1, it indicates that this address is a transient, or dynamically assigned IPv6 multicast address Scope: 4 bits, indicating the scope of the IPv6 internetwork for which the multicast traffic is intended. Possible values of this field are given in Table 1-5.

  • Page 411

    Figure 1-6 IPv4-to-MAC address mapping The high-order four bits of a multicast IPv4 address are 1110, indicating that this address is a multicast address, and only 23 bits of the remaining 28 bits are mapped to a MAC address, so five bits of the multicast IPv4 address are lost.

  • Page 412: Multicast Protocols

    Multicast Protocols Generally, we refer to IP multicast working at the network layer as Layer 3 multicast and the corresponding multicast protocols as Layer 3 multicast protocols, which include IGMP/MLD, PIM/IPv6 PIM, MSDP, and MBGP/IPv6 MBGP; we refer to IP multicast working at the data link layer as Layer 2 multicast and the corresponding multicast protocols as Layer 2 multicast protocols, which include IGMP Snooping/MLD Snooping, and multicast VLAN/IPv6 multicast VLAN.

  • Page 413

    In the ASM model, multicast routes come in intra-domain routes and inter-domain routes. An intra-domain multicast routing protocol is used to discover multicast sources and build multicast distribution trees within an AS so as to deliver multicast data to receivers. Among a variety of mature intra-domain multicast routing protocols, protocol independent multicast (PIM) is a popular one.

  • Page 414: Multicast Packet Forwarding Mechanism

    Multicast Packet Forwarding Mechanism In a multicast model, a multicast source sends information to the host group identified by the multicast group address in the destination address field of IP multicast packets. Therefore, to deliver multicast packets to receivers located in different parts of the network, multicast routers on the forwarding path usually need to forward multicast packets received on one incoming interface to multiple outgoing interfaces.

  • Page 415: Table Of Contents

    Table of Contents 1 IGMP Snooping Configuration ·················································································································1-1 IGMP Snooping Overview·······················································································································1-1 Principle of IGMP Snooping ············································································································1-1 Basic Concepts in IGMP Snooping ·································································································1-2 How IGMP Snooping Works············································································································1-3 Protocols and Standards ·················································································································1-5 IGMP Snooping Configuration Task List·································································································1-5 Configuring Basic Functions of IGMP Snooping·····················································································1-6 Configuration Prerequisites ·············································································································1-6 Enabling IGMP Snooping ················································································································1-6 Configuring the Version of IGMP Snooping ····················································································1-7...

  • Page 416: Igmp Snooping Configuration, Igmp Snooping Overview, Principle Of Igmp Snooping

    IGMP Snooping Configuration When configuring IGMP Snooping, go to the following sections for information you are interested in: IGMP Snooping Overview IGMP Snooping Configuration Task List Displaying and Maintaining IGMP Snooping IGMP Snooping Configuration Examples Troubleshooting IGMP Snooping Configuration IGMP Snooping Overview Internet Group Management Protocol Snooping (IGMP Snooping) is a multicast constraining mechanism that runs on Layer 2 devices to manage and control multicast groups.

  • Page 417: Basic Concepts In Igmp Snooping

    Reducing Layer 2 broadcast packets, thus saving network bandwidth. Enhancing the security of multicast traffic. Facilitating the implementation of per-host accounting. Basic Concepts in IGMP Snooping IGMP Snooping related ports As shown in Figure 1-2, Router A connects to the multicast source, IGMP Snooping runs on Switch A and Switch B, Host A and Host C are receiver hosts (namely, multicast group members).

  • Page 418: How Igmp Snooping Works

    Aging timers for dynamic ports in IGMP Snooping and related messages and actions Table 1-1 Aging timers for dynamic ports in IGMP Snooping and related messages and actions Message before Timer Description Action after expiry expiry For each dynamic IGMP general query of router port, the switch The switch removes Dynamic router port...

  • Page 419

    When receiving a membership report A host sends an IGMP report to the IGMP querier in the following circumstances: Upon receiving an IGMP query, a multicast group member host responds with an IGMP report. When intended to join a multicast group, a host sends an IGMP report to the IGMP querier to announce that it is interested in the multicast information addressed to that group.

  • Page 420: Igmp Snooping Configuration Task List

    Upon receiving the IGMP leave message from a host, the IGMP querier resolves the multicast group address in the message and sends an IGMP group-specific query to that multicast group through the port that received the leave message. Upon receiving the IGMP group-specific query, the switch forwards it through all its router ports in the VLAN and all member ports for that multicast group, and performs the following to the port on which it received the IGMP leave message: If any IGMP report in response to the group-specific query is received on the port (suppose it is a...

  • Page 421: Configuring Basic Functions Of Igmp Snooping, Enabling Igmp Snooping

    Configurations made in IGMP Snooping view are effective for all VLANs, while configurations made in VLAN view are effective only for ports belonging to the current VLAN. For a given VLAN, a configuration made in IGMP Snooping view is effective only if the same configuration is not made in VLAN view.

  • Page 422: Configuring Igmp Snooping Port Functions, Configuring The Version Of Igmp Snooping

    IGMP Snooping must be enabled globally before it can be enabled in a VLAN. When you enable IGMP Snooping in a specified VLAN, this function takes effect for the ports in this VLAN only. Configuring the Version of IGMP Snooping By configuring an IGMP Snooping version, you actually configure the version of IGMP messages that IGMP Snooping can process.

  • Page 423

    Configuring Aging Timers for Dynamic Ports If the switch receives no IGMP general queries or PIM hello messages on a dynamic router port, the switch removes the port from the router port list when the aging timer of the port expires. If the switch receives no IGMP reports for a multicast group on a dynamic member port, the switch removes the port from the outgoing port list of the forwarding table entry for that multicast group when the aging timer of the port for that group expires.

  • Page 424: Configuring Simulated Joining

    Follow these steps to configure static ports: To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter Ethernet port/Layer 2 interface-number Required aggregate port view or port Use either approach port-group manual group view port-group-name Required igmp-snooping static-group Configure the port(s) as static group-address [ source-ip...

  • Page 425

    Follow these steps to configure simulated joining: To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter Ethernet port/Layer 2 Required interface-number aggregate port view or port Use either approach group view port-group manual port-group-name igmp-snooping host-join Required Configure simulated (*, G) or group-address [ source-ip...

  • Page 426: Configuring Igmp Snooping Querier, Enabling Igmp Snooping Querier

    Configuring fast leave processing on a port or a group of ports Follow these steps to configure fast leave processing on a port or a group of ports: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet port/Layer 2 interface interface-type interface-number Required aggregate port view or port...

  • Page 427: Configuring Igmp Queries And Responses

    It is meaningless to configure an IGMP Snooping querier in a multicast network running IGMP. Although an IGMP Snooping querier does not take part in IGMP querier elections, it may affect IGMP querier elections because it sends IGMP general queries with a low source IP address. Configuring IGMP Queries and Responses You can tune the IGMP general query interval based on actual condition of the network.

  • Page 428: Configuring An Igmp Snooping Policy, Configuring Source Ip Address Of Igmp Queries

    To do... Use the command... Remarks Configure the maximum Optional igmp-snooping max-response-time response time to IGMP general interval 10 seconds by default queries Optional Configure the IGMP igmp-snooping last-member query interval last-member-query-interval interval 1 second by default In the configuration, make sure that the IGMP general query interval is larger than the maximum response time for IGMP general queries.

  • Page 429: Configuring A Multicast Group Filter, Configuring Multicast Source Port Filtering

    Before configuring an IGMP Snooping policy, prepare the following data: ACL rule for multicast group filtering The maximum number of multicast groups that can pass the ports Configuring a Multicast Group Filter On an IGMP Snooping–enabled switch, the configuration of a multicast group allows the service provider to define restrictions on multicast programs available to different users.

  • Page 430: Configuring The Function Of Dropping Unknown Multicast Data

    Disabled by default 3Com Switch 4500G family, when enabled to filter IPv4 multicast data based on the source ports, are automatically enabled to filter IPv6 multicast data based on the source ports. Configuring the Function of Dropping Unknown Multicast Data Unknown multicast data refers to multicast data for which no entries exist in the IGMP Snooping forwarding table.

  • Page 431: Configuring Igmp Report Suppression

    To do... Use the command... Remarks Required Enable the function of dropping igmp-snooping unknown multicast data drop-unknown Disabled by default Configuring IGMP Report Suppression When a Layer 2 device receives an IGMP report from a multicast group member, the device forwards the message to the Layer 3 device directly connected with it.

  • Page 432: Configuring Multicast Group Replacement

    When the number of multicast groups a port has joined reaches the maximum number configured, the system deletes all the forwarding entries persistent to that port from the IGMP Snooping forwarding table, and the hosts on this port need to join the multicast groups again. If you have configured static or simulated joins on a port, however, when the number of multicast groups on the port exceeds the configured threshold, the system deletes all the forwarding entries persistent to that port from the IGMP Snooping forwarding table and applies the static or simulated...

  • Page 433: Displaying And Maintaining Igmp Snooping

    Configuring multicast group replacement on a port or a group of ports Follow these steps to configure multicast group replacement on a port or a group of ports: To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter Ethernet port/Layer 2 interface-number Required...

  • Page 434: Igmp Snooping Configuration Examples, Configuring Group Policy And Simulated Joining

    IGMP Snooping Configuration Examples Configuring Group Policy and Simulated Joining Network requirements As shown in Figure 1-3, Router A connects to the multicast source through GigabitEthernet 1/0/2 and to Switch A through GigabitEthernet 1/0/1. IGMPv2 is required on Router A, IGMP Snooping version 2 is required on Switch A, and Router A will act as the IGMP querier on the subnet.

  • Page 435

    [RouterA-GigabitEthernet1/0/2] pim dm [RouterA-GigabitEthernet1/0/2] quit Configure Switch A # Enable IGMP Snooping globally. <SwitchA> system-view [SwitchA] igmp-snooping [SwitchA-igmp-snooping] quit # Create VLAN 100, assign GigabitEthernet 1/0/1 through GigabitEthernet 1/0/4 to this VLAN, and enable IGMP Snooping and the function of dropping unknown multicast traffic in the VLAN. [SwitchA] vlan 100 [SwitchA-vlan100] port gigabitethernet 1/0/1 to gigabitethernet 1/0/4 [SwitchA-vlan100] igmp-snooping enable...

  • Page 436

    IP group(s):the following ip group(s) match to one mac group. IP group address:224.1.1.1 (0.0.0.0, 224.1.1.1): Attribute: Host Port Host port(s):total 2 port. GE1/0/3 (D) ( 00:03:23 ) GE1/0/4 (D) ( 00:04:10 ) MAC group(s): MAC group address:0100-5e01-0101 Host port(s):total 2 port. GE1/0/3 GE1/0/4 As shown above, GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 of Switch A has joined multicast...

  • Page 437: Network Diagram

    Network diagram Figure 1-4 Network diagram for static port configuration Source Switch A GE1/0/2 GE1/0/1 1.1.1.2/24 10.1.1.1/24 GE1/0/1 Router A 1.1.1.1/24 IGMP querier Switch C GE1/0/5 GE1/0/2 GE1/0/2 Host C Switch B Receiver Host B Host A Receiver Configuration procedure Configure IP addresses Configure an IP address and subnet mask for each interface as per Figure...

  • Page 438

    [SwitchA-vlan100] quit # Configure GigabitEthernet 1/0/3 to be a static router port. [SwitchA] interface gigabitethernet 1/0/3 [SwitchA-GigabitEthernet1/0/3] igmp-snooping static-router-port vlan 100 [SwitchA-GigabitEthernet1/0/3] quit Configure Switch B # Enable IGMP Snooping globally. <SwitchB> system-view [SwitchB] igmp-snooping [SwitchB-igmp-snooping] quit # Create VLAN 100, assign GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to this VLAN, and enable IGMP Snooping in the VLAN.

  • Page 439

    Vlan(id):100. Total 1 IP Group(s). Total 1 IP Source(s). Total 1 MAC Group(s). Router port(s):total 2 port. GE1/0/1 (D) ( 00:01:30 ) GE1/0/3 IP group(s):the following ip group(s) match to one mac group. IP group address:224.1.1.1 (0.0.0.0, 224.1.1.1): Attribute: Host Port Host port(s):total 1 port.

  • Page 440: Igmp Snooping Querier Configuration

    IGMP Snooping Querier Configuration Network requirements As shown in Figure 1-5, in a Layer 2–only network environment, two multicast sources Source 1 and Source 2 send multicast data to multicast groups 224.1.1.1 and 225.1.1.1 respectively, Host A and Host C are receivers of multicast group 224.1.1.1, while Host B and Host D are receivers of multicast group 225.1.1.1.

  • Page 441

    # Enable the IGMP-Snooping querier function in VLAN 100 [SwitchA-vlan100] igmp-snooping querier # Set the source IP address of IGMP general queries and group-specific queries to 192.168.1.1 in VLAN 100. [SwitchA-vlan100] igmp-snooping general-query source-ip 192.168.1.1 [SwitchA-vlan100] igmp-snooping special-query source-ip 192.168.1.1 [SwitchA-vlan100] quit Configure Switch B # Enable IGMP Snooping globally.

  • Page 442: Troubleshooting Igmp Snooping Configuration

    Troubleshooting IGMP Snooping Configuration Switch Fails in Layer 2 Multicast Forwarding Symptom A switch fails to implement Layer 2 multicast forwarding. Analysis IGMP Snooping is not enabled. Solution Enter the display current-configuration command to view the running status of IGMP Snooping. If IGMP Snooping is not enabled, use the igmp-snooping command to enable IGMP Snooping globally, and then use igmp-snooping enable command to enable IGMP Snooping in VLAN view.

  • Page 443: Table Of Contents

    Table of Contents 1 Multicast VLAN Configuration··················································································································1-1 Introduction to Multicast VLAN················································································································1-1 Multicast VLAN Configuration Task List··································································································1-3 Configuring Sub-VLAN-Based Multicast VLAN ······················································································1-3 Configuration Prerequisites ·············································································································1-3 Configuring Sub-VLAN-Based Multicast VLAN···············································································1-3 Configuring Port-Based Multicast VLAN ·································································································1-4 Configuration Prerequisites ·············································································································1-4 Configuring User Port Attributes······································································································1-4 Configuring Multicast VLAN Ports ···································································································1-5 Displaying and Maintaining Multicast VLAN ···························································································1-6 Multicast VLAN Configuration Examples ································································································1-6...

  • Page 444: Multicast Vlan Configuration, Introduction To Multicast Vlan

    Multicast VLAN Configuration When configuring multicast VLAN, go to these sections for information you are interested in: Introduction to Multicast VLAN Multicast VLAN Configuration Task List Configuring Sub-VLAN-Based Multicast VLAN Configuring Port-Based Multicast VLAN Displaying and Maintaining Multicast VLAN Multicast VLAN Configuration Examples Introduction to Multicast VLAN As shown in Figure...

  • Page 445

    Figure 1-2 Sub-VLAN-based multicast VLAN Multicast packets VLAN 10 (Multicast VLAN) VLAN 2 VLAN 2 Receiver VLAN 3 Host A VLAN 4 VLAN 3 Receiver Host B Source Router A Switch A IGMP querier VLAN 4 Receiver Host C After the configuration, IGMP Snooping manages router ports in the multicast VLAN and member ports in the sub-VLANs.

  • Page 446: Multicast Vlan Configuration Task List

    For information about IGMP Snooping, router ports, and member ports, refer to IGMP Snooping Configuration in the IP Multicast Volume. For information about VLAN tags, refer to VLAN Configuration in the Access Volume. Multicast VLAN Configuration Task List Complete the following tasks to configure multicast VLAN: Task Remarks Configuring Sub-VLAN-Based Multicast VLAN...

  • Page 447: Configuring Port-based Multicast Vlan

    The VLAN to be configured as a multicast VLAN must exist. The VLANs to be configured as sub-VLANs of the multicast VLAN must exist and must not be sub-VLANs of another multicast VLAN. The total number of sub-VLANs of a multicast VLAN must not exceed 63. Configuring Port-Based Multicast VLAN When configuring port-based multicast VLAN, you need to configure the attributes of each user port and then assign the ports to the multicast VLAN.

  • Page 448: Configuring Multicast Vlan Ports

    Follow these steps to configure user port attributes: To do... Use the command... Remarks Enter system view system-view — interface interface-type interface-number Required Enter port view or port group port-group { manual view Use either command port-group-name | aggregation agg-id } Required Configure the user port link port link-type hybrid...

  • Page 449: Displaying And Maintaining Multicast Vlan, Multicast Vlan Configuration Examples, Sub-vlan-based Multicast Vlan Configuration

    Configuring multicast VLAN ports in port view or port group view Follow these steps to configure multicast VLAN ports in port view or port group view: To do… Use this command… Remarks Enter system view system-view — Required Configure the specified VLAN as a multicast VLAN and enter multicast-vlan vlan-id Not a multicast VLAN by...

  • Page 450

    Configure the sub-VLAN-based multicast VLAN feature so that Router A just sends multicast data to Switch A through the multicast VLAN and Switch A forwards the traffic to the receivers that belong to different user VLANs. Network diagram Figure 1-4 Network diagram for sub-VLAN-based multicast VLAN configuration Source IGMP querier Router A...

  • Page 451

    [SwitchA-vlan2] port gigabitethernet 1/0/2 [SwitchA-vlan2] quit The configuration for VLAN 3 and VLAN 4 is similar to the configuration for VLAN 2. # Create VLAN 10, assign GigabitEthernet 1/0/1 to this VLAN and enable IGMP Snooping in the VLAN. [SwitchA] vlan 10 [SwitchA-vlan10] port gigabitethernet 1/0/1 [SwitchA-vlan10] igmp-snooping enable [SwitchA-vlan10] quit...

  • Page 452

    Total 1 IP Group(s). Total 1 IP Source(s). Total 1 MAC Group(s). Router port(s):total 0 port. IP group(s):the following ip group(s) match to one mac group. IP group address:224.1.1.1 (0.0.0.0, 224.1.1.1): Host port(s):total 1 port. GE1/0/3 MAC group(s): MAC group address:0100-5e01-0101 Host port(s):total 1 port.

  • Page 453: Port-based Multicast Vlan Configuration

    Port-Based Multicast VLAN Configuration Network requirements As shown in Figure 1-5, Router A connects to a multicast source (Source) through GigabitEthernet 1/0/1, and to Switch A through GigabitEthernet 1/0/2. IGMPv2 is required on Router A. IGMPv2 Snooping is required on Switch A. Router A acts as the IGMP querier.

  • Page 454

    [RouterA-GigabitEthernet1/0/1] quit [RouterA] interface gigabitethernet 1/0/2 [RouterA-GigabitEthernet1/0/2] pim dm [RouterA-GigabitEthernet1/0/2] igmp enable Configure Switch A # Enable IGMP Snooping globally. <SwitchA> system-view [SwitchA] igmp-snooping [SwitchA-igmp-snooping] quit # Create VLAN 10, assign GigabitEthernet 1/0/1 to VLAN 10, and enable IGMP Snooping in this VLAN. [SwitchA] vlan 10 [SwitchA-vlan10] port gigabitethernet 1/0/1 [SwitchA-vlan10] igmp-snooping enable...

  • Page 455

    Total 1 multicast-vlan(s) Multicast vlan 10 subvlan list: no subvlan port list: GE1/0/2 GE1/0/3 GE1/0/4 # View the IGMP Snooping multicast group information on Switch A. [SwitchA] display igmp-snooping group Total 1 IP Group(s). Total 1 IP Source(s). Total 1 MAC Group(s). Port flags: D-Dynamic port, S-Static port, C-Copy port Subvlan flags: R-Real VLAN, C-Copy VLAN Vlan(id):10.

  • Page 456: Table Of Contents

    Table of Contents 1 MLD Snooping Configuration···················································································································1-1 MLD Snooping Overview ························································································································1-1 Introduction to MLD Snooping·········································································································1-1 Basic Concepts in MLD Snooping···································································································1-2 How MLD Snooping Works ·············································································································1-3 Protocols and Standards ·················································································································1-5 MLD Snooping Configuration Task List ··································································································1-5 Configuring Basic Functions of MLD Snooping ······················································································1-6 Configuration Prerequisites ·············································································································1-6 Enabling MLD Snooping··················································································································1-6 Configuring the Version of MLD Snooping ······················································································1-7...

  • Page 457: Mld Snooping Configuration, Mld Snooping Overview, Introduction To Mld Snooping

    MLD Snooping Configuration When configuring MLD Snooping, go to these sections for information you are interested in: MLD Snooping Overview MLD Snooping Configuration Task List Displaying and Maintaining MLD Snooping MLD Snooping Configuration Examples Troubleshooting MLD Snooping MLD Snooping Overview Multicast Listener Discovery Snooping (MLD Snooping) is an IPv6 multicast constraining mechanism that runs on Layer 2 devices to manage and control IPv6 multicast groups.

  • Page 458: Basic Concepts In Mld Snooping

    Reducing Layer 2 broadcast packets, thus saving network bandwidth. Enhancing the security of multicast traffic. Facilitating the implementation of per-host accounting. Basic Concepts in MLD Snooping MLD Snooping related ports As shown in Figure 1-2, Router A connects to the multicast source, MLD Snooping runs on Switch A and Switch B, Host A and Host C are receiver hosts (namely, IPv6 multicast group members).

  • Page 459: How Mld Snooping Works

    Whenever mentioned in this document, a router port is a router-connecting port on the switch, rather than a port on a router. Unless otherwise specified, router/member ports mentioned in this document include static and dynamic ports. On an MLD Snooping-enabled switch, the ports that received MLD general queries with the source address other than 0::0 or IPv6 PIM hello messages are dynamic router ports.

  • Page 460

    General queries The MLD querier periodically sends MLD general queries to all hosts and routers (FF02::1) on the local subnet to find out whether IPv6 multicast group members exist on the subnet. Upon receiving an MLD general query, the switch forwards it through all ports in the VLAN except the port on which it received the MLD query and performs the following: If the port on which it the switch received the MLD query is a dynamic router port in its router port list, the switch resets the aging timer for this dynamic router port.

  • Page 461: Mld Snooping Configuration Task List

    If the forwarding table entry does not exist or if the outgoing port list does not contain the port, the switch discards the MLD done message instead of forwarding it to any port. If the forwarding table entry exists and the outgoing port list contains the port, the switch forwards the MLD done message to all router ports in the native VLAN.

  • Page 462: Configuring Basic Functions Of Mld Snooping, Enabling Mld Snooping

    Task Remarks Configuring an IPv6 Multicast Group Filter Optional Configuring IPv6 Multicast Source Port Filtering Optional Configuring an MLD Configuring MLD Report Suppression Optional Snooping Policy Configuring Maximum Multicast Groups that Can Be Optional Joined on a Port Configuring IPv6 Multicast Group Replacement Optional Configurations made in MLD Snooping view are effective for all VLANs, while configurations made in VLAN view are effective only for ports belonging to the current VLAN.

  • Page 463: Configuring Mld Snooping Port Functions, Configuring The Version Of Mld Snooping

    To do... Use the command... Remarks Enter VLAN view vlan vlan-id — Required Enable MLD Snooping in the mld-snooping enable VLAN Disabled by default MLD Snooping must be enabled globally before it can be enabled in a VLAN. When you enable MLD Snooping in a specified VLAN, this function takes effect for ports in this VLAN only.

  • Page 464

    Configure the corresponding port groups Before configuring MLD Snooping port functions, prepare the following data: Aging time of dynamic router ports, Aging timer of dynamic member ports, and IPv6 multicast group and IPv6 multicast source addresses Configuring Aging Timers for Dynamic Ports If the switch receives no MLD general queries or IPv6 PIM hello messages on a dynamic router port, the switch removes the port from the router port list when the aging timer of the port expires.

  • Page 465

    Follow these steps to configure static ports: To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter Ethernet port/Layer 2 interface-number Required aggregate port view or port Use either approach port-group manual group view port-group-name mld-snooping static-group Required Configure the port(s) as static ipv6-group-address [ source-ip...

  • Page 466

    Follow these steps to configure simulated joining: To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter Ethernet port/Layer 2 Required interface-number aggregate port view or port Use either approach group view port-group manual port-group-name mld-snooping host-join Required Configure simulated joining ipv6-group-address [ source-ip...

  • Page 467: Configuring Mld Snooping Querier, Enabling Mld Snooping Querier

    Configuring fast leave processing on a port or a group of ports Follow these steps to configure fast leave processing on a port or a group of ports: To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter Ethernet port/Layer 2 Required interface-number...

  • Page 468: Configuring Mld Queries And Responses

    To do... Use the command... Remarks Enter system view system-view — Enter VLAN view — vlan vlan-id Required Enable the MLD Snooping mld-snooping querier querier Disabled by default It is meaningless to configure an MLD Snooping querier in an IPv6 multicast network running MLD. Although an MLD Snooping querier does not take part in MLD querier elections, it may affect MLD querier elections because it sends MLD general queries with a low source IPv6 address.

  • Page 469: Configuring Source Ipv6 Addresses Of Mld Queries

    Configuring MLD queries and responses in a VLAN Follow these steps to configure MLD queries and responses in a VLAN To do... Use the command... Remarks Enter system view system-view — Enter VLAN view vlan vlan-id — Optional mld-snooping query-interval Configure MLD query interval interval 125 seconds by default...

  • Page 470: Configuring An Mld Snooping Policy, Configuring An Ipv6 Multicast Group Filter

    Configuring an MLD Snooping Policy Configuration Prerequisites Before configuring an MLD Snooping policy, complete the following tasks: Enable MLD Snooping in the VLAN Before configuring an MLD Snooping policy, prepare the following data: IPv6 ACL rule for IPv6 multicast group filtering The maximum number of IPv6 multicast groups that can pass the ports Configuring an IPv6 Multicast Group Filter On a MLD Snooping–enabled switch, the configuration of an IPv6 multicast group filter allows the...

  • Page 471: Configuring Ipv6 Multicast Source Port Filtering

    To do... Use the command... Remarks Required By default, no group filter is Configure an IPv6 multicast mld-snooping group-policy configured on the current group filter acl6-number [ vlan vlan-list ] port, that is, hosts on this port can join any valid IPv6 multicast group.

  • Page 472: Configuring Mld Report Suppression

    Configuring MLD Report Suppression When a Layer 2 device receives an MLD report from an IPv6 multicast group member, the Layer 2 device forwards the message to the Layer 3 device directly connected with it. Thus, when multiple members belonging to an IPv6 multicast group exist on the Layer 2 device, the Layer 3 device directly connected with it will receive duplicate MLD reports from these members.

  • Page 473: Configuring Ipv6 Multicast Group Replacement

    When the number of IPv6 multicast groups that can be joined on a port reaches the maximum number configured, the system deletes all the forwarding entries persistent to that port from the MLD Snooping forwarding table, and the hosts on this port need to join IPv6 multicast groups again.

  • Page 474: Displaying And Maintaining Mld Snooping

    Configuring IPv6 multicast group replacement on a port or a group of ports Follow these steps to configure IPv6 multicast group replacement on a port or a group of ports: To do... Use the command... Remarks Enter system view system-view —...

  • Page 475: Mld Snooping Configuration Examples, Configuring Ipv6 Group Policy And Simulated Joining

    MLD Snooping Configuration Examples Configuring IPv6 Group Policy and Simulated Joining Network requirements As shown in Figure 1-3, Router A connects to the IPv6 multicast source through GigabitEthernet 1/0/2 and to Switch A through GigabitEthernet 1/0/1. Router A is the MLD querier on the subnet. MLDv1 is required on Router A, MLD Snooping version 1 is required on Switch A, and Router A will act as the MLD querier on the subnet.

  • Page 476

    [RouterA-GigabitEthernet1/0/2] pim ipv6 dm [RouterA-GigabitEthernet1/0/2] quit Configure Switch A # Enable MLD Snooping globally. <SwitchA> system-view [SwitchA] mld-snooping [SwitchA-mld-snooping] quit # Create VLAN 100, assign GigabitEthernet 1/0/1 through GigabitEthernet 1/0/4 to this VLAN, and enable MLD Snooping in the VLAN. [SwitchA] vlan 100 [SwitchA-vlan100] port gigabitethernet 1/0/1 to gigabitethernet 1/0/4 [SwitchA-vlan100] mld-snooping enable...

  • Page 477

    IP group address:FF1E::101 (::, FF1E::101): Attribute: Host Port Host port(s):total 2 port. GE1/0/3 (D) ( 00:03:23 ) GE1/0/4 (D) ( 00:04:10 ) MAC group(s): MAC group address:3333-0000-0101 Host port(s):total 2 port. GE1/0/3 GE1/0/4 As shown above, GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 of Switch A have joined IPv6 multicast group FF1E::101.

  • Page 478

    Network diagram Figure 1-4 Network diagram for static port configuration Source Switch A GE1/0/2 GE1/0/1 1::2/64 GE1/0/1 2001::1/64 Router A 1::1/64 MLD querier Switch C GE1/0/5 GE1/0/2 GE1/0/2 Host C Switch B Receiver Host B Host A Receiver Configuration procedure Enable IPv6 forwarding and configure IPv6 addresses Enable IPv6 forwarding and configure an IPv6 address and prefix length for each interface as per Figure...

  • Page 479

    [SwitchA-vlan100] quit # Configure GigabitEthernet 1/0/3 to be a static router port. [SwitchA] interface gigabitethernet 1/0/3 [SwitchA-GigabitEthernet1/0/3] mld-snooping static-router-port vlan 100 [SwitchA-GigabitEthernet1/0/3] quit Configure Switch B # Enable MLD Snooping globally. <SwitchB> system-view [SwitchB] mld-snooping [SwitchB-mld-snooping] quit # Create VLAN 100, assign GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to this VLAN, and enable MLD Snooping in the VLAN.

  • Page 480

    Vlan(id):100. Total 1 IP Group(s). Total 1 IP Source(s). Total 1 MAC Group(s). Router port(s):total 2 port. GE1/0/1 (D) ( 00:01:30 ) GE1/0/3 IP group(s):the following ip group(s) match to one mac group. IP group address:FF1E::101 (::, FF1E::101): Attribute: Host Port Host port(s):total 1 port.

  • Page 481: Mld Snooping Querier Configuration

    MLD Snooping Querier Configuration Network requirements As shown in Figure 1-5, in a Layer-2-only network environment, two multicast sources Source 1 and Source 2 send IPv6 multicast data to multicast groups FF1E::101 and FF1E::102 respectively, Host A and Host C are receivers of multicast group FF1E::101, while Host B and Host D are receivers of multicast group FF1E::102.

  • Page 482: Troubleshooting Mld Snooping

    [SwitchB] ipv6 [SwitchB] mld-snooping [SwitchB-mld-snooping] quit # Create VLAN 100, add GigabitEthernet 1/0/1 through GigabitEthernet 1/0/4 into VLAN 100. [SwitchB] vlan 100 [SwitchB-vlan100] port gigabitethernet 1/0/1 to gigabitethernet 1/0/4 # Enable the MLD Snooping feature in VLAN 100. [SwitchB-vlan100] mld-snooping enable [SwitchB-vlan100] quit Configurations of Switch C and Switch D are similar to the configuration of Switch B.

  • Page 483: Configured Ipv6 Multicast Group Policy Fails To Take Effect

    Configured IPv6 Multicast Group Policy Fails to Take Effect Symptom Although an IPv6 multicast group policy has been configured to allow hosts to join specific IPv6 multicast groups, the hosts can still receive IPv6 multicast data addressed to other groups. Analysis The IPv6 ACL rule is incorrectly configured.

  • Page 484: Table Of Contents

    Table of Contents 1 IPv6 Multicast VLAN Configuration ·········································································································1-1 Introduction to IPv6 Multicast VLAN ·······································································································1-1 IPv6 Multicast VLAN Configuration Task List ·························································································1-3 Configuring IPv6 Sub-VLAN-Based IPv6 Multicast VLAN ······································································1-3 Configuration Prerequisites ·············································································································1-3 Configuring Sub-VLAN-Based IPv6 Multicast VLAN·······································································1-3 Configuring Port-Based IPv6 Multicast VLAN·························································································1-4 Configuration Prerequisites ·············································································································1-4 Configuring User Port Attributes······································································································1-4 Configuring IPv6 Multicast VLAN Ports···························································································1-5...

  • Page 485: Introduction To Ipv6 Multicast Vlan, Ipv6 Multicast Vlan Configuration

    IPv6 Multicast VLAN Configuration When configuring IPv6 multicast VLAN, go to these sections for information you are interested in: Introduction to IPv6 Multicast VLAN IPv6 Multicast VLAN Configuration Task List Configuring IPv6 Sub-VLAN-Based IPv6 Multicast VLAN Configuring Port-Based IPv6 Multicast VLAN Displaying and Maintaining IPv6 Multicast VLAN IPv6 Multicast VLAN Configuration Examples Introduction to IPv6 Multicast VLAN...

  • Page 486

    Figure 1-2 Sub-VLAN-based IPv6 multicast VLAN IPv6 Multicast packets VLAN 10 (IPv6 Multicast VLAN) VLAN 2 VLAN 2 Receiver VLAN 3 Host A VLAN 4 VLAN 3 Receiver Host B Source Router A Switch A MLD querier VLAN 4 Receiver Host C After the configuration, MLD snooping manages router ports in the IPv6 multicast VLAN and member ports in the sub-VLANs.

  • Page 487: Ipv6 Multicast Vlan Configuration Task List, Configuring Ipv6 Sub-vlan-based Ipv6 Multicast Vlan

    For information about MLD Snooping, router ports, and member ports, refer to MLD Snooping Configuration in the IP Multicast Volume. For information about VLAN tags, refer to VLAN Configuration in the Access Volume. IPv6 Multicast VLAN Configuration Task List Complete the following tasks to configure IPv6 multicast VLAN: Configuration task Remarks Configuring IPv6 Sub-VLAN-Based IPv6 Multicast VLAN...

  • Page 488: Configuring Port-based Ipv6 Multicast Vlan

    To do… Use the command… Remarks Required Configure the specified VLAN(s) as sub-VLAN(s) of the subvlan vlan-list By default, an IPv6 multicast IPv6 multicast VLAN VLAN has no sub-VLANs. The VLAN to be configured as an IPv6 multicast VLAN must exist. The VLANs to be configured as the sub-VLANs of the IPv6 multicast VLAN must exist and must not be sub-VLANs of another IPv6 multicast VLAN.

  • Page 489: Configuring Ipv6 Multicast Vlan Ports

    To do... Use the command... Remarks Enter system view system-view — interface interface-type interface-number Required Enter port view or port group view Use either approach. port-group manual port-group-name Required Configue the user port link type port link-type hybrid as hybrid Access by default Specify the user VLAN that Required...

  • Page 490: Displaying And Maintaining Ipv6 Multicast Vlan, Ipv6 Multicast Vlan Configuration Examples

    Configure IPv6 multicast VLAN ports in terface view or port group view Follow these steps to configure IPv6 multicast VLAN ports in port view or port group view: To do… Use this command… Remarks Enter system view system-view — Configure the specified Required VLAN as an IPv6 multicast multicast-vlan ipv6 vlan-id...

  • Page 491

    Configure the sub-VLAN-based IPv6 multicast VLAN feature so that Router A just sends IPv6 multicast data to Switch A through the IPv6 multicast VLAN and Switch A forwards the traffic to the receivers that belong to different user VLANs. Figure 1-4 Network diagram for sub-VLAN-based IPv6 multicast VLAN configuration Source MLD querier Router A...

  • Page 492

    The configuration for VLAN 3 and VLAN 4 is similar to the configuration for VLAN 2. # Create VLAN 10, assign GigabitEthernet 1/0/1 to this VLAN and enable MLD Snooping in the VLAN. [SwitchA] vlan 10 [SwitchA-vlan10] port gigabitethernet 1/0/1 [SwitchA-vlan10] mld-snooping enable [SwitchA-vlan10] quit # Configure VLAN 10 as an IPv6 multicast VLAN and configure VLAN 2 through VLAN 4 as its...

  • Page 493: Port-based Multicast Vlan Configuration Example

    IP group(s):the following ip group(s) match to one mac group. IP group address:FF1E::101 (::, FF1E::101): Host port(s):total 1 port. GE1/0/3 MAC group(s): MAC group address:3333-0000-0101 Host port(s):total 1 port. GE1/0/3 Vlan(id):4. Total 1 IP Group(s). Total 1 IP Source(s). Total 1 MAC Group(s). Router port(s):total 0 port.

  • Page 494

    Switch A’s GigabitEthernet 1/0/1 belongs to VLAN 10, GigabitEthernet 1/0/2 through GigabitEthernet 1/0/4 belong to VLAN 2 through VLAN 4 respectively, and Host A through Host C are attached to GigabitEthernet 1/0/2 through GigabitEthernet 1/0/4 of Switch A. The IPv6 multicast source sends IPv6 multicast data to IPv6 multicast group FF1E::101. Host A, Host B, and Host C are receivers of the IPv6 multicast group.

  • Page 495

    # Create VLAN 10, assign GigabitEthernet 1/0/1 to VLAN 10, and enable MLD Snooping in this VLAN. [SwitchA] vlan 10 [SwitchA-vlan10] port gigabitethernet 1/0/1 [SwitchA-vlan10] mld-snooping enable [SwitchA-vlan10] quit # Create VLAN 2 and enable MLD Snooping in the VLAN. [SwitchA] vlan 2 [SwitchA-vlan2] mld-snooping enable [SwitchA-vlan2] quit...

  • Page 496

    Total 1 MAC Group(s). Port flags: D-Dynamic port, S-Static port, C-Copy port Subvlan flags: R-Real VLAN, C-Copy VLAN Vlan(id):10. Total 1 IP Group(s). Total 1 IP Source(s). Total 1 MAC Group(s). Router port(s):total 1 port. GE1/0/1 IP group(s):the following ip group(s) match to one mac group. IP group address:FF1E::101 (::, FF1E::101): Host port(s):total 3 port.

  • Page 497

    QoS Volume Organization Manual Version 6W101-20100310 Product Version V05.02.00 Organization The QoS Volume is organized as follows: Features Description For network traffic, the Quality of Service (QoS) involves bandwidth, delay, and packet loss rate during traffic forwarding process. In a network, you can improve the QoS by guaranteeing the bandwidth, and reducing the delay, jitter, and packet loss rate.

  • Page 498: Table Of Contents

    Table of Contents 1 QoS Overview ············································································································································1-1 Introduction to QoS ·································································································································1-1 Introduction to QoS Service Models ·······································································································1-1 Best-Effort Service Model················································································································1-1 IntServ Service Model ·····················································································································1-1 DiffServ Service Model ····················································································································1-2 QoS Techniques Overview ·····················································································································1-2 Positions of the QoS Techniques in a Network···············································································1-2 2 QoS Configuration Approaches···············································································································2-1 QoS Configuration Approach Overview ··································································································2-1 Non Policy-Based Configuration ·····································································································2-1...

  • Page 499: Table Of Contents

    Configuration Example ····················································································································4-5 Displaying and Maintaining Traffic Policing, GTS, and Line Rate ··························································4-5 5 Congestion Management Configuration ·································································································5-1 Congestion Management Overview········································································································5-1 Causes, Impacts, and Countermeasures of Congestion·································································5-1 Congestion Management Policies···································································································5-1 Congestion Management Configuration Approaches ·············································································5-4 Configuring Congestion Management ····································································································5-5 Configuring SP Queuing··················································································································5-5 Configure WRR Queuing·················································································································5-5 Configuring WFQ Queuing ··············································································································5-6 Configuring SP+WRR Queues ········································································································5-7...

  • Page 500: Qos Overview, Introduction To Qos, Introduction To Qos Service Models, Best-effort Service Model

    QoS Overview This chapter covers the following topics: Introduction to QoS Introduction to QoS Service Models QoS Techniques Overview Introduction to QoS For network traffic, the Quality of Service (QoS) involves bandwidth, delay, and packet loss rate during traffic forwarding process. In a network, you can improve the QoS by guaranteeing the bandwidth, and reducing the delay, jitter, and packet loss rate.

  • Page 501: Diffserv Service Model, Qos Techniques Overview, Positions Of The Qos Techniques In A Network

    However, the Inter-Serv model imposes extremely high requirements on devices. In a network with heavy data traffic, the Inter-Serv model imposes very great pressure on the storage and processing capabilities of devices. On the other hand, the Inter-Serv model is poor in scalability, and therefore, it is hard to be deployed in the core Internet network.

  • Page 502

    Congestion avoidance monitors the usage status of network resources and is usually applied to the outgoing traffic of a port. As congestion becomes worse, it actively reduces the amount of traffic by dropping packets.

  • Page 503: Qos Configuration Approaches, Qos Configuration Approach Overview, Non Policy-based Configuration, Policy-based Configuration

    QoS Configuration Approaches This chapter covers the following topics: QoS Configuration Approach Overview Configuring a QoS Policy QoS Configuration Approach Overview Two approaches are available for you to configure QoS: policy-based and non policy-based. Some QoS features can be configured in either approach while some can be configured only in one approach.

  • Page 504: Configuring A Qos Policy, Defining A Class

    Configuring a QoS Policy Figure 2-1 shows how to configure a QoS policy. Figure 2-1 QoS policy configuration procedure Defining a Class To define a class, you need to specify a name for it and then configure match criteria in class view. Follow these steps to define a class: To do…...

  • Page 505

    Form Description Specifies to match an IPv6 ACL specified by its number or name. The access-list-number argument specifies an ACL by its number, which acl ipv6 { access-list-number | name acl-name } ranges from 2000 to 3999; the name acl-name keyword-argument combination specifies an ACL by its name.