Page 1: User Guide
HP 1910 Gigabit Ethernet Switch Series User Guide Part number: 5998-2269 Software version: Release 1513 Document version: 6W100-20130830...
Page 2 HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
Page 3: Table Of Contents
Contents Overview ······································································································································································ 1 Configuring the switch in the Web interface ············································································································· 2 Restrictions and guidelines ··············································································································································· 2 Operating system requirements ······························································································································ 2 Web browser requirements ····································································································································· 2 Others ········································································································································································ 5 Logging in to the Web interface for the first time ·········································································································· 5 ...
Page 4 Displaying topology summary of a stack ···················································································································· 45 Displaying device summary of a stack ························································································································ 45 Logging in to a member device from the master ········································································································ 46 Stack configuration example ········································································································································ 46 Configuration guidelines ··············································································································································· 52 ...
Page 5 Displaying port operation parameters ························································································································· 80 Displaying a specified operation parameter for all ports ················································································· 80 Displaying all the operation parameters for a port ··························································································· 80 Port management configuration example ···················································································································· 81 Network requirements ··········································································································································· 81 ...
Page 6 Displaying RMON event logs ···························································································································· 116 RMON configuration example ··································································································································· 117 Configuring energy saving ····································································································································· 121 Configuring energy saving on a port ························································································································ 121 Configuring SNMP ·················································································································································· 123 Overview ······································································································································································· 123 SNMP mechanism ··············································································································································· 123 ...
Page 7 Voice VLAN assignment modes ························································································································· 169 Security mode and normal mode of voice VLANs ··························································································· 170 Recommended voice VLAN configuration procedure ······························································································ 171 Configuring voice VLAN globally ······························································································································ 172 Configuring voice VLAN on ports ······························································································································ 173 ...
Page 8 Operating modes of LLDP ··································································································································· 234 How LLDP works ·················································································································································· 234 Compatibility of LLDP with CDP ·································································································································· 235 Protocols and standards ·············································································································································· 235 Recommended LLDP configuration procedure ··········································································································· 235 Enabling LLDP on ports ················································································································································ 236 ...
Page 9 How MLD snooping works ································································································································· 289 Protocols and standards ····································································································································· 290 Recommended configuration procedure···················································································································· 290 Enabling MLD snooping globally ······················································································································ 291 Configuring MLD snooping in a VLAN ············································································································· 292 Configuring MLD snooping port functions ········································································································ 293 ...
Page 10 DHCP snooping support for Option 82 ············································································································ 331 Recommended configuration procedure···················································································································· 332 Enabling DHCP snooping ··········································································································································· 332 Configuring DHCP snooping functions on an interface ··························································································· 333 Displaying DHCP snooping entries ···························································································································· 334 DHCP snooping configuration example ···················································································································· 335 ...
Page 11 Configuration procedure ···································································································································· 386 Verifying the configuration ································································································································· 389 Configuring portal authentication ·························································································································· 390 Overview ······································································································································································· 390 Extended portal functions ··································································································································· 390 Portal system components ··································································································································· 390 Portal system using the local portal server ········································································································ 392 ...
Page 12 Creating a PKI domain ······································································································································· 455 Creating an RSA key pair ·································································································································· 458 Destroying the RSA key pair ······························································································································ 459 Retrieving and displaying a certificate ············································································································· 459 Requesting a local certificate ····························································································································· 461 Retrieving and displaying a CRL ························································································································ 462 ...
Page 13 Adding a traffic behavior ············································································································································ 507 Configuring traffic redirecting for a traffic behavior ································································································ 508 Configuring other actions for a traffic behavior ······································································································· 509 Adding a policy ··························································································································································· 510 Configuring classifier-behavior associations for the policy ····················································································· 511 ...
Page 14: Overview
Overview The HP 1910 Switch Series can be configured through the command line interface (CLI), Web interface, and SNMP/MIB. These configuration methods are suitable for different application scenarios. • The Web interface supports all 1910 Switch Series configurations. The CLI provides configuration commands to facilitate your operation. To perform other •...
Page 15: Configuring The Switch In The Web Interface
Configuring the switch in the Web interface The device provides web-based configuration interfaces for visual device management and maintenance. Figure 1 Web-based network management operating environment Restrictions and guidelines To ensure a successful login, verify that your operating system and Web browser meet the requirements, and follow the guidelines in this section.
Page 16 Click the Security tab, and select the content zone where the target Website resides, as shown Figure Figure 2 Internet Explorer settings (1) Click Custom Level. In the Security Settings dialog box, enable Run ActiveX controls and plug-ins, Script ActiveX controls marked safe for scripting, and Active scripting.
Page 17 Figure 3 Internet Explorer settings (2) Click OK to save your settings. Enabling JavaScript in a Firefox browser Launch the Firefox browser, and select Tools > Options. In the Options dialog box, click the Content icon, and select Enable JavaScript.
Page 18: Others
Figure 4 Firefox browser settings Click OK to save your settings. Others Make sure the management PC and the device can reach each other. • Do not use the Back, Next, Refresh buttons provided by the browser. Using these buttons might •...
Page 19: Logging In To The Web Interface By Using The Default Username
Creating an admin user Deleting the default username Logging in to the Web interface by using the default username You can use the following default settings to log in to the web interface through HTTP: • Username—admin. Password—None. • IP address of VLAN-interface 1 on the device—Default IP address of the device, depending on the •...
Page 20: Creating An Admin User
Figure 6 Login page of the Web interface Creating an admin user Select Device > Users from the navigation tree. Click the Create tab. Figure 7 Creating an admin user Set a username and password. Select Management from the access level list. Select at least one service type.
Page 21: Deleting The Default Username
Deleting the default username For security purposes, delete the default username after you create and save the new admin user. To delete the default user name: Log in to the Web interface as an admin. Select Device > Users from the navigation tree, and click the Remove tab. Figure 8 Deleting the default username Select the default username admin, and click Remove.
Page 22: Web Interface
Because the system does not save the current configuration automatically, HP recommends that you perform this step to avoid loss of configuration. Click Logout in the upper-right corner of the Web interface, as shown in Figure Web interface The Web interface includes these parts: navigation area, title area, and body area. Figure 9 Web-based configuration interface (1) Navigation tree (2) Body area...
Page 23: Web-Based Nm Functions
Configure—Users of this level can access device data and configure the device, but they cannot • upgrade the host software, add/delete/modify users, or backup/restore configuration files. Management—Users of this level can perform any operations to the device. • Web-based NM functions User level in Table 1 indicates that users of this level or users of a higher level can perform the...
Page 24 Function menu Description User level Upload the configuration file to be used at the next Restore startup from the host of the current user to the Management device. Save the current configuration to the configuration Save Configure file to be used at the next startup. Initialize Restore the factory default settings.
Page 25 Function menu Description User level Display, create, modify, and clear RMON history History Configure sampling information. Alarm Display, create, modify, and clear alarm entries. Configure Event Display, create, modify, and clear event entries. Configure Display log information about RMON events. Configure Energy Display and configure the energy saving settings of...
Page 26 Function menu Description User level Create Create VLANs. Configure Port Detail Display the VLAN-related details of a port. Monitor Display the member port information about a Detail Monitor VLAN. Modify the description and member ports of a Modify VLAN Configure VLAN.
Page 27 Function menu Description User level Display information about LACP-enabled ports and Summary Monitor their partner ports. LACP Setup Set LACP priorities. Configure Display the LLDP configuration information, local information, neighbor information, statistics Monitor Port Setup information, and status information about a port. Modify LLDP configuration on a port.
Page 28 Function menu Description User level Remove Delete the selected IPv6 static routes. Configure IPv6 Manageme IPv6 Service Enable or disable IPv6 service. Configure Display information about the DHCP status, advanced configuration information about the DHCP relay agent, DHCP server group Monitor configuration, DHCP relay agent interface configuration, and the DHCP client information.
Page 29 Function menu Description User level Display the portal-free rule configuration Monitor information. Free Rule Add and delete a portal-free rule. Configure Display ISP domain configuration information. Monitor Domain Setup Add and remove ISP domains. Management Display the authentication configuration Monitor information about an ISP domain.
Page 30 Function menu Description User level Summary Display time range configuration information. Monitor Time Range Create Create a time range. Configure Remove Delete a time range. Configure Summary Display IPv4 ACL configuration information. Monitor Create Create an IPv4 ACL. Configure Basic Setup Configure a rule for a basic IPv4 ACL.
Page 31: Common Items On The Web Pages
Function menu Description User level Setup Apply a QoS policy to a port. Configure Remove Remove the QoS policy from the port. Configure Display priority mapping table information. Monitor Priority Priority Mapping Mapping Modify the priority mapping entries. Configure Display port priority and trust mode information. Monitor Port Priority Port Priority...
Page 32 Button and icon Function Accesses a configuration page to modify settings. This icon is typically present in the Operation column in a list. Deletes an entry. This icon is typically present in the Operation column in a list. Page display The Web interface can display contents by pages, as shown in Figure 10.
Page 33 Figure 11 Basic search function example • Advanced search—As shown in Figure 10, you can click the Advanced Search link to open the advanced search page, as shown in Figure 12. Specify the search criteria, and click Apply to display the entries that match the criteria. Figure 12 Advanced search Take the ARP table shown in Figure 10...
Page 34 Figure 14 Advanced search function example (II) Figure 15 Advanced search function example (III) Sort function The Web interface provides you with the basic functions to display entries in certain orders. On a list page, you can click the blue heading item of each column to sort the entries based on the heading item you selected.
Page 35 Figure 16 Sort display (based on MAC address in the ascending order)
Page 36: Configuring The Switch At The Cli
Configuring the switch at the CLI The HP 1910 Switch Series can be configured through the CLI, Web interface, and SNMP/MIB. The Web interface supports all 1910 Switch Series configurations. These configuration methods are suitable for different application scenarios. The CLI provides configuration commands to facilitate your operation, which are described in this chapter.
Page 37: Setting Terminal Parameters
NOTE: The serial port on a PC does not support hot swapping. When you connect a PC to a powered-on switch, • connect the DB-9 connector of the console cable to the PC before connecting the RJ-45 connector to the switch.
Page 38 Figure 19 Setting the serial port used by the HyperTerminal connection Set Bits per second to 38400, Data bits to 8, Parity to None, Stop bits to 1, and Flow control to None, and click OK. Figure 20 Setting the serial port parameters Select File >...
Page 39 Figure 21 HyperTerminal window Click the Settings tab, set the emulation to VT100, and click OK in the Switch Properties dialog box. Figure 22 Setting terminal emulation in Switch Properties dialog box...
Page 40: Logging In To The Cli
Username:admin Press Enter. The Password prompt appears. Password: The login information is verified, and the following CLI menu appears: <HP 1910 Switch> If the password is invalid, the following message appears and process restarts. % Login failed! CLI commands This section contains the following commands:...
Page 41: Initialize
initialize Syntax initialize Parameters None Description Use initialize to delete the configuration file to be used at the next startup and reboot the device with the default configuration being used during reboot. Use the command with caution because this command deletes the configuration file to be used at the next startup and restores the factory default settings.
Page 42: Ipsetup Ipv6
# Create VLAN-interface 1 and assign 192.168.1.2 to the interface, and specify 192.168.1.1 as the default gateway. <Sysname> ipsetup ip-address 192.168.1.2 24 default-gateway 192.168.1.1 ipsetup ipv6 Syntax ipsetup ipv6 { auto | address { ipv6-address prefix-length | ipv6-address/prefix-length } [ default-gateway ipv6-address ] } Parameters auto: Enables the stateless address autoconfiguration function.
Page 43: Ping
Change password for user: admin Old password: *** Enter new password: ** Retype password: ** The password has been successfully changed. ping Syntax ping host Parameters host: Specifies a destination IPv4 address (in dotted decimal notation) or host name (a string of 1 to 255 characters).
Page 44: Quit
Use quit to log out of the system. Examples # Log out of the system. <Sysname> quit ****************************************************************************** * Copyright (c) 2004-2012 Hewlett-Packard Development Company, L.P. * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ****************************************************************************** <Sysname>...
Page 45: Reboot
reboot Syntax reboot Parameters None Description Use reboot to reboot the device and run the main configuration file. Use the command with caution because reboot results in service interruption. If the main configuration file is corrupted or does not exist, the device cannot be rebooted with the reboot command.
Page 46: Telnet
Next backup boot app is: NULL HP Comware Platform Software Comware Software, Version 5.20, Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P. HP 1910-8G-PoE+ (65W) Switch uptime is 0 week, 0 day, 2 hours, 1 minute HP 1910-8G-PoE+ (65W) Switch 128M bytes DRAM...
Page 47: Upgrade
To validate the downloaded software package file, reboot the device. NOTE: The HP 1910 Switch Series does not provide an independent Boot ROM image. It integrates the Boot ROM image with the system software image file together in a software package file with the extension name of .bin.
Page 48: Upgrade Ipv6
To validate the downloaded software package file, reboot the device. NOTE: The HP 1910 Switch Series does not provide an independent Boot ROM image. It integrates the Boot ROM image with the system software image file together in a software package file with the extension name of .bin.
Page 49: Configuration Procedure
The administrator upgrades the Boot ROM image and the system software image file of the 1910 switch through the PC and sets the IP address of the switch to 192.168.1.2/24. Figure 23 Network diagram Configuration procedure Run the TFTP server program on the TFTP server, and specify the path of the file to be loaded.
Page 50: Configuration Wizard
Configuration wizard Overview The configuration wizard guides you through configuring the basic service parameters, including the system name, the system location, the contact information, and the management IP address. Basic service setup Entering the configuration wizard homepage Select Wizard from the navigation tree. Figure 24 Configuration wizard homepage Configuring system parameters On the wizard homepage, click Next.
Page 51: Configuring Management Ip Address
Figure 25 System parameter configuration page Configure the parameters as described in Table Table 3 Configuration items Item Description Specify the system name. The system name appears at the top of the navigation tree. Sysname You can also set the system name in the System Name page you enter by selecting Device >...
Page 52 On the system parameter configuration page, click Next. Figure 26 Management IP address configuration page Configure the parameters as described in Table Table 4 Configuration items Item Description Select a VLAN interface. Available VLAN interfaces are those configured in the page that you enter by selecting Network >...
Page 53: Finishing Configuration Wizard
Item Description DHCP Configure how the VLAN interface obtains an IPv4 address. • DHCP—Specifies the VLAN interface to obtain an IPv4 address by BOOTP DHCP. • BOOTP—Specifies the VLAN interface to obtain an IPv4 address Manual through BOOTP. • Manual—Allows you to specify an IPv4 address and a mask length. Configure IPv4 address IPv4...
Page 54 Figure 27 Configuration finishes...
Page 55: Configuring Stack
Configuring stack Overview The stack management feature enables you to configure and monitor a group of connected switches by logging in to one switch in the stack, as shown in Figure Figure 28 Network diagram To set up a stack for a group of connected switches, you must log in to one switch to create the stack. This switch is the master switch for the stack, and you configure and monitor all other member switches on the master switch.
Page 56: Configuring Global Stack Parameters
Task Remarks Optional. Displaying topology summary of a stack Display stack member information. Optional. Display the control panels of stack members. IMPORTANT: Displaying device summary of a stack To successfully display control panel information, make sure the user account you are logged in with to the master has also been created on each member device.
Page 57 Figure 29 Setting up a fabric Table 5 Configuration items Item Description Configure a private IP address pool for the stack. The master device automatically picks an IP address from this pool for each member device for intra-stack communication. Private Net IP IMPORTANT: Mask Make sure the number of IP addresses in the address pool is equal to or greater than the...
Page 58: Configuring Stack Ports
Item Description Create the stack. As the result, the device becomes the master device of the stack and automatically adds the devices connected to its stack ports to the stack. Build Stack IMPORTANT: You can delete the stack only on the master device. The Global Settings area is grayed out for stack member devices.
Page 59: Logging In To A Member Device From The Master
View interfaces and power socket layout on the panel of each stack member by clicking their respective tabs. Figure 31 Device Summary tab (on the master device) Return to Configuration task list. Logging in to a member device from the master Select Stack from the navigation tree.
Page 60 Figure 33 Network diagram Switch A: Master device Eth1/0/1 Eth1/0/2 Stack Eth1/0/1 Eth1/0/3 Switch B: Slave device Eth1/0/1 Eth1/0/1 Switch C: Slave device Switch D: Slave device Configuration procedure Configure global stack parameters on Switch A: Select Stack from the navigation tree of Switch A to enter the page of the Setup tab, and then perform the following configurations, as shown in Figure Type 192.168.1.1 in the field of Private Net IP.
Page 61 Figure 34 Configuring global stack parameters on Switch A Switch A becomes the master device. Configure the stack port on Switch A: On the Setup tab, select GigabitEthernet1/0/1 in the Port Settings area. Click Enable.
Page 62 Figure 35 Configuring a stack port on Switch A On Switch B, configure GigabitEthernet 1/0/2 (connected to Switch A), GigabitEthernet 1/0/1 (connected to Switch C), and GigabitEthernet 1/0/3 (connected to Switch D) as stack ports. Select Stack from the navigation tree of Switch B. On the Setup tab, select GigabitEthernet1/0/1, GigabitEthernet1/0/2, and GigabitEthernet1/0/3 in the Port Settings area.
Page 63 Figure 36 Configuring stack ports on Switch B On Switch C, configure port GigabitEthernet 1/0/1 as a stack port. Select Stack from the navigation tree of Switch C. On the Setup tab, select GigabitEthernet1/0/1 in the Port Settings area. Click Enable.
Page 64 Figure 37 Configuring a stack port on Switch C On Switch D, configure port GigabitEthernet 1/0/1 as a stack port. Select Stack from the navigation tree of Switch D. On the Setup tab, select GigabitEthernet1/0/1 in the Port Settings area. Click Enable.
Page 65: Configuration Guidelines
Figure 38 Verifying the configuration Configuration guidelines If a device is already configured as a stack master device, you cannot modify the private IP address pool on the device. If a device is already configured as a stack member device, the Global Settings area on the member device is not available.
Page 66: Displaying System And Device Information
Displaying system and device information Displaying system information Select Summary from the navigation tree to enter the System Information page to view the basic system information, system resource state, and recent system logs. Figure 39 System information Displaying basic system information Table 7 Field description Item Description...
Page 67: Displaying The System Resource State
Item Description Display the contact information, which you can configure on Contact Information the page you enter by selecting Device > SNMP > Setup SerialNum Display the serial number of the device. Software Version Display the software version of the device. Hardware Version Display the hardware version of the device.
Page 68: Displaying Device Information
Displaying device information Select Summary from the navigation tree, and click the Device Information tab to enter the page displaying the device ports, power supplies, and fans. Hover the cursor over a port and the port details appear, including the port name, type, speed, usage, and status, as shown in Figure 40.
Page 69: Configuring Basic Device Settings
Configuring basic device settings Overview The device basic information feature provides the following functions: • Set the system name of the device. The configured system name is displayed on the top of the navigation bar. Set the idle timeout period for logged-in users. The system logs an idle user off the Web for security •...
Page 70 Figure 42 Configuring idle timeout period Set the idle timeout period for logged-in users. Click Apply.
Page 71: Maintaining Devices
Maintaining devices Upgrading software CAUTION: Software upgrade takes a period of time. Avoid performing any operation on the Web interface during the upgrading procedure. Otherwise, the upgrade operation might be interrupted. A boot file, also known as the system software or device software, is an application file used to boot the device.
Page 72: Rebooting The Device
Item Description Specify whether to overwrite the file with the same name. If a file with the same name already exists, If you do not select the option, when a file with the same name exists, a dialog box overwrite it without any appears, telling you that the file already exists and you cannot continue the prompt upgrade.
Page 73: Displaying The Electronic Label
Displaying the electronic label You can view information about the device electronic label, which is also known as the permanent configuration data or archive information. The information is written into the storage medium of a device or a card during the debugging and testing processes, and includes card name, product bar code, MAC address, debugging and testing dates, and vendor name.
Page 74 Click Create Diagnostic Information File. The system begins to generate a diagnostic information file. After the diagnostic information file is generated, a page as shown in Figure 47 appears. Click Click to Download. The File Download dialog box appears. Figure 47 Downloading the diagnostic information file Open this file to display diagnostic information or save it to the local host.
Page 75: Configuring System Time
Configuring system time Overview You must configure a correct system time so that the device can operate correctly with other devices. The system time module allows you to display and set the device system time and system zone on the web interface.
Page 76: Configuring The System Time By Using Ntp
Figure 49 Calendar page Enter the system date and time in the Time field, or select the date and time in the calendar. To set the time on the calendar page, select one of the following methods: Click Today. The date setting in the calendar is synchronized to the current local date configuration, and the time setting does not change.
Page 77: System Time Configuration Example
Table 10 Configuration items Item Description Clock status Display the synchronization status of the system clock. Set the source interface for an NTP message. This configuration uses the IP address of an interface as the source IP address in the NTP messages. If the specified source interface is down, the source IP address is the IP address of the egress interface.
Page 78: Configuring The System Time
Figure 51 Network diagram Configuring the system time Configure the local clock as the reference clock, with the stratum of 2. Enable NTP authentication, set the key ID to 24, and specify the created authentication key aNiceKey as a trusted key. (Details not shown.) On Switch B, configure Device A as the NTP server: Select Device >...
Page 79 The synchronization process takes a period of time. The clock status might be displayed as • unsynchronized after your configuration. In this case, you can refresh the page to view the clock status and system time later on. • If the system time of the NTP server is ahead of the system time of the device, and the time gap exceeds the web idle time specified on the device, all online web users are logged out because of timeout after the synchronization finishes.
Page 80: Configuring Syslog
Configuring syslog Overview System logs contain a large amount of network and device information, including running status and configuration changes. System logs are an important way for administrators to know network and device running status. With system logs, administrators can take corresponding actions against network problems and security problems.
Page 81: Setting The Log Host
TIP: You can click Reset to clear all system logs saved in the log buffer on the Web interface. • You can click Refresh to manually refresh the page, or you can set the refresh interval on the Log Setup •...
Page 82: Setting Buffer Capacity And Refresh Interval
Figure 54 Setting loghost Configure the IPv4/IPv6 address of the log host. Click Apply. Setting buffer capacity and refresh interval Select Device > Syslog from the navigation tree. Click the Log Setup tab. The syslog configuration page appears. Figure 55 Syslog configuration page...
Page 83 Configure buffer capacity and refresh interval as described in Table Click Apply. Table 12 Configuration items Item Description Buffer Capacity Set the number of logs that can be stored in the log buffer of the Web interface. Set the refresh period on the log information displayed on the Web interface. You can select manual refresh or automatic refresh: •...
Page 84: Managing The Configuration
Managing the configuration You can back up, restore, save, and reset the configuration of the device. Backing up the configuration The configuration backup function allows you to perform the following tasks: View the configuration file (.cfg file) for the next startup, or the next-startup configuration file. •...
Page 85: Saving The Configuration
Figure 57 Restoring the configuration Click the upper Browse button. The file upload dialog box appears. Select the .cfg file to be uploaded, and click Apply. Saving the configuration You can save the running configuration to the next-startup configuration file (.cfg file). Operation guidelines Saving the configuration takes some time.
Page 86: Resetting The Configuration
Figure 58 Saving the configuration To save the configuration in common mode: Select Device > Configuration from the navigation tree. Click the Save tab. Click Save Current Settings. Resetting the configuration Resetting the configuration restores the system to the factory defaults, deletes the current configuration file, and reboots the device.
Page 87: Managing Files
Managing files The device saves files such as the host software file and configuration file on its storage media. The file management function allows you to manage the files on the storage media. Displaying files Select Device > File Management from the navigation tree. Figure 60 File management page Select a medium from the Please select disk list.
Page 88: Uploading A File
Select the file from the list. Only one file can be downloaded at a time. Click Download File. The File Download dialog box appears. Open the file or save the file to a specified path. Uploading a file Uploading a file takes some time. HP recommends not performing any operation in the Web interface during the upgrade.
Page 89: Managing Ports
Managing ports You can use the port management feature to set and view the operation parameters of a Layer 2 Ethernet port and an aggregate interface. • For a Layer 2 Ethernet port, these operation parameters include its state, rate, duplex mode, link type, PVID, MDI mode, flow control settings, MAC learning limit, and storm suppression ratios.
Page 90 Click Apply. Table 13 Configuration items Item Description Enable or disable the port. Port State After you modify the operation parameters of a port, you might need to disable and then enable the port to make the modifications take effect. Set the transmission rate of the port: •...
Page 91 Item Description Set the Medium Dependent Interface (MDI) mode of the port. You can use two types of Ethernet cables to connect Ethernet devices: crossover cable and straight-through cable. To accommodate these two types of cables, an Ethernet port can operate in one of the following MDI modes: across, normal, and auto.
Page 92 Item Description Set broadcast suppression on the port: • ratio—Sets the maximum percentage of broadcast traffic to the total bandwidth of an Ethernet port. When you select this option, you must enter a percentage in the box below. • pps—Sets the maximum number of broadcast packets that can be forwarded on an Ethernet port per second.
Page 93: Displaying Port Operation Parameters
NOTE: If you set operation parameters that a port does not support, you are notified of invalid settings and might fail to set the supported operation parameters for the port or other ports. Displaying port operation parameters Displaying a specified operation parameter for all ports Select Device >...
Page 94: Port Management Configuration Example
The operation parameter settings of the selected port are displayed on the lower part of the page. Whether the parameter takes effect is displayed in the square brackets. Figure 63 The Detail tab Port management configuration example Network requirements As shown in Figure Server A, Server B, and Server C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, •...
Page 95: Configuring The Switch
Figure 64 Network diagram Configuring the switch Set the rate of GigabitEthernet 1/0/4 to 1000 Mbps: Select Device > Port Management from the navigation tree Click the Setup tab to enter the page, as shown in Figure Select 1000 from the Speed list. Select 4 on the chassis front panel.
Page 96 Figure 65 Configuring the rate of GigabitEthernet 1/0/4 Batch configure the autonegotiation rate range on GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 as 100 Mbps: On the Setup tab, select Auto 100 from the Speed list, as shown in Figure Select 1, 2, and 3 on the chassis front panel.
Page 97 Figure 66 Batch configuring the port rate Display the rate settings of ports: Click the Summary tab. Click the Speed button to display the rate information of all ports on the lower part of the page, as shown in Figure...
Page 98 Figure 67 Displaying the rate settings of ports...
Page 99: Configuring Port Mirroring
Port mirroring implementation HP 1910 switch series supports local port mirroring, in which case the mirroring source and the mirroring destination are on the same device. A mirroring group that contains the mirroring source and the...
Page 100: Configuration Restrictions And Guidelines
Figure 68 Local port mirroring implementation As shown in Figure 68, the source port GigabitEthernet 1/0/1 and monitor port GigabitEthernet 1/0/2 reside on the same device. Packets of GigabitEthernet 1/0/1 are copied to GigabitEthernet 1/0/2, which then forwards the packets to the data monitoring device for analysis. Configuration restrictions and guidelines When you configure port mirroring, follow these restrictions and guidelines: A local mirroring group can contain multiple source ports, but only one monitor port.
Page 101: Configuring Ports For The Mirroring Group
Figure 69 Adding a mirroring group Configure the mirroring group as described in Table Click Apply. Table 14 Configuration items Item Description ID of the mirroring group to be added. Mirroring Group ID The range of the mirroring group ID varies with devices. Specify the type of the mirroring group to be added as Local, which indicates Type adding a local mirroring group.
Page 102 Figure 70 Modifing ports Configure ports for the mirroring group as described in Table Click Apply. A progress dialog box appears. After the success notification appears, click Close. Table 15 Configuration items Item Description ID of the mirroring group to be configured. Mirroring The available groups were added previously.
Page 103: Local Port Mirroring Configuration Example
Local port mirroring configuration example Network requirements As shown in Figure 71, configure local port mirroring on Switch A so the server can monitor the packets received and sent by the Marketing department and Technical department. Figure 71 Network diagram Configuration procedure Adding a local mirroring group From the navigation tree, select Device >...
Page 104 Figure 72 Adding a local mirroring group Enter 1 for Mirroring Group ID, and select Local from the Type list. Click Apply. Configuring GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as the source ports Click Modify Port. Select 1 – Local from the Mirroring Group ID list. Select Mirror Port from the Port Type list.
Page 105 Figure 73 Configuring the mirroring ports Click Apply. A configuration progress dialog box appears. After the success notification appears, click Close. Configuring GigabitEthernet 1/0/3 as the monitor port Click Modify Port. Select 1 – Local from the Mirroring Group ID list. Select Monitor Port from the Port Type list.
Page 106 Figure 74 Configuring the monitor port Click Apply. A configuration progress dialog box appears. After the success notification appears, click Close.
Page 107: Managing Users
Managing users The device provides the following user management functions: Add a local user, and specify the password, access level, and service types for the user. • Set the super password for non-management-level users to switch to the management level. •...
Page 108: Setting The Super Password
Item Description Select an access level for the user. Users of different levels can perform different operations. User levels, in order from low to high, are as follows: • Visitor—Visitor-level users can perform only ping and traceroute operations. They cannot access the data on the device or configure the device. Access Level •...
Page 109: Switching To The Management Level
Configure the super password as described in Table Click Apply. Table 17 Configuration items Item Description Select the operation type: • Create/Remove Create—Configures or modifies the super password. • Remove—Removes the current super password. Password Set the password for non-management-level users to switch to the management level. Confirm Password Enter the same password again.
Page 110: Configuring A Loopback Test
Configuring a loopback test Overview You can check whether an Ethernet port operates correctly by performing Ethernet port loopback test. During the test time, the port cannot forward data packets correctly. Ethernet port loopback test has the following types: Internal loopback test—Establishes self loop in the switching chip and checks whether there is a •...
Page 111 Figure 78 Loopback test page Select External or Internal for loopback test type. Select an Ethernet interface from the chassis front panel. Click Test. After the test is complete, the system displays the loopback test result, as shown in Figure Figure 79 Loopback test result...
Page 112: Configuring Vct
Configuring VCT Overview You can use the Virtual Cable Test (VCT) function to check the status of the cable connected to an Ethernet port on the device. The result is returned in less than 5 seconds. The test covers whether short circuit or open circuit occurs on the cable and the length of the faulty cable.
Page 113: Configuring The Flow Interval
Configuring the flow interval Overview With the flow interval module, you can view the number of packets and bytes sent/received by a port and the bandwidth utilization of the port over the specified interval. Setting the traffic statistics generating interval Select Device >...
Page 114 Figure 82 Port traffic statistics NOTE: When the bandwidth utilization is lower than 1%, 1% is displayed.
Page 115: Configuring Storm Constrain
Configuring storm constrain Overview The storm constrain function suppresses packet storms in an Ethernet. This function compares broadcast, multicast, and unknown unicast traffic regularly with their respective traffic thresholds on an Ethernet port. For each type of traffic, storm constrain provides a lower threshold and a higher threshold. For management purposes, you can configure the port to output threshold event traps and log messages when monitored traffic exceeds the upper threshold or falls below the lower threshold from the upper threshold.
Page 116: Configuring Storm Constrain
Figure 83 The storm constrain tab NOTE: For network stability sake, set the traffic statistics generating interval for the storm constrain function to the default or a greater value. Configuring storm constrain Select Device > Storm Constrain from the navigation tree. In the Port Storm Constrain area, click Add.
Page 117 Table 19 Configuration items Item Remarks Specify the action to be performed when a type of traffic exceeds the upper threshold: • None—Performs no action. • Block—Blocks the traffic of this type on a port when the type of traffic exceeds the upper threshold.
Page 118: Configuring Rmon
Configuring RMON Overview Remote Monitoring (RMON) is an enhancement to SNMP for remote device management and traffic monitoring. An RMON monitor, typically the RMON agent embedded in a network device, periodically or continuously collects traffic statistics for the network attached to a port, and when a statistic crosses a threshold, logs the crossing event and sends a trap to the management station.
Page 119: Alarm Group
History group The history group defines that the system periodically collects statistics on traffic information at an interface and saves the statistics in the history record table (etherHistoryTable) for query convenience of the management device. The statistics data includes bandwidth utilization, number of error packets, and total number of packets.
Page 120: Rmon Configuration Task List
RMON configuration task list Configuring the RMON statistics function RMON statistics function can be implemented by either the statistics group or the history group, but the objects of the statistics are different. You can choose to configure a statistics group or a history group accordingly.
Page 121: Displaying Rmon Running Status
Table 22 RMON alarm configuration task list Task Remarks Required. You can create up to 100 statistics entries in a statistics table. As the alarm variables that can be configured through the web interface are MIB variables that defined in the history group or the statistics group, you must make sure the RMON Ethernet statistics function or the RMON history statistics function is configured on the monitored Ethernet interface.
Page 122: Configuring A Statistics Entry
Task Remarks If you have configured the system to log an event after the event is triggered when you configure the event group, the event is recorded into Displaying RMON event logs the RMON log. You can perform this task to display the details of the log table.
Page 123: Configuring A History Entry
Configuring a history entry Select Device > RMON from the navigation tree. Click the History tab. Figure 88 History tab Click Add. Figure 89 Adding a history entry Configure a history entry as described in Table Click Apply. Table 25 Configuration items Item Description Interface Name...
Page 124: Configuring An Event Entry
Configuring an event entry Select Device > RMON from the navigation tree. Click the Event tab. Figure 90 Event tab Click Add. Figure 91 Adding an event entry Configure an event entry as described in Table Click Apply. Table 26 Configuration items Item Description Description...
Page 125: Configuring An Alarm Entry
Configuring an alarm entry Select Device > RMON from the navigation tree. Click the Alarm tab. Figure 92 Alarm tab Click Add. Figure 93 Adding an alarm entry Configure an alarm entry as described in Table Click Apply. Table 27 Configuration items Item Description Alarm variable:...
Page 126: Displaying Rmon Statistics
Item Description Set the name of the interface whose traffic statistics will be collected and Interface Name monitored. Sample Item: Interval Set the sampling interval. Set the sampling type: • Absolute—Absolute sampling, namely, to obtain the value of the variable Sample Type when the sampling time is reached.
Page 127 Figure 94 Statistics tab Table 28 Field description Field Description Total number of octets received by the interface, Number of Received Bytes corresponding to the MIB node etherStatsOctets. Total number of packets received by the interface, Number of Received Packets corresponding to the MIB node etherStatsPkts.
Page 128: Displaying Rmon History Sampling Information
Field Description Total number of collisions received on the interface, Number of Network Conflicts corresponding to the MIB node etherStatsCollisions. Total number of drop events received on the interface, Number of Packet Discarding Events corresponding to the MIB node etherStatsDropEvents. Total number of received packets with 64 octets on the Number of Received 64 Bytes Packets interface, corresponding to the MIB node...
Page 129: Displaying Rmon Event Logs
Table 29 Field description Field Description Number of the entry in the system buffer. Statistics are numbered chronologically when they are saved to the system buffer. Time Time at which the information is saved. Dropped packets during the sampling period, corresponding to the MIB DropEvents node etherHistoryDropEvents.
Page 130: Rmon Configuration Example
Figure 96 Log tab In this example, event 1 has generated one log, which is triggered because the alarm value (11779194) exceeds the rising threshold (10000000). The sampling type is absolute. RMON configuration example Network requirements As shown in Figure 97, Agent is connected to a remote NMS across the Internet.
Page 131 Figure 98 Adding a statistics entry Display RMON statistics for interface GigabitEthernet 1/0/1: Click the icon corresponding to GigabitEthernet 1/0/1. View the information as shown in Figure Figure 99 Displaying RMON statistics Create an event to start logging after the event is triggered: Click the Event tab.
Page 132 Figure 100 Configuring an event group Figure 101 Displaying the index of a event entry Configure an alarm group to sample received bytes on GigabitEthernet 1/0/1. When the received bytes exceed the rising or falling threshold, logging is enabled: Click the Alarm tab. Click Add.
Page 133 Figure 102 Configuring an alarm group Verifying the configuration After the above configuration, when the alarm event is triggered, you can view the log information about event 1 on the web interface. Select Device > RMON from the navigation tree. Click the Log tab.
Page 134: Configuring Energy Saving
Configuring energy saving Energy saving enables a port to operate at the lowest transmission speed, disable PoE, or go down during a specific time range on certain days of a week. The port resumes working normally when the effective time period ends. Configuring energy saving on a port Select Device >...
Page 135 Item Description Set the port to transmit data at the lowest speed. IMPORTANT: Lowest Speed If you configure the lowest speed limit on a port that does not support 10 Mbps, the configuration cannot take effect. Shut down the port. IMPORTANT: Shutdown An energy saving policy can have all the three energy saving schemes configured, of...
Page 136: Configuring Snmp
Configuring SNMP Overview Simple Network Management Protocol (SNMP) is an Internet standard protocol widely used for a management station to access and operate the devices on a network, regardless of their vendors, physical characteristics and interconnect technologies. SNMP enables network administrators to read and set the variables on managed devices for state monitoring, troubleshooting, statistics collection, and other management purposes.
Page 137: Snmp Protocol Versions
Notifications—Includes traps and informs. SNMP agent sends traps or informs to report events to • the NMS. The difference between these two types of notification is that informs require acknowledgement but traps do not. The device supports only traps. SNMP protocol versions HP supports SNMPv1, SNMPv2c, and SNMPv3.
Page 138: Enabling Snmp Agent
Table 32 SNMPv3 configuration task list Task Remarks Required. By default, the SNMP agent function is disabled. Enabling SNMP agent IMPORTANT: If SNMP agent is disabled, all SNMP agent-related configurations will be removed. Optional. Configuring an SNMP view After creating SNMP views, you can specify an SNMP view for an SNMP group to limit the MIB objects that can be accessed by the SNMP group.
Page 139 Figure 107 Setup tab Configure SNMP settings on the upper part of the page as described in Table Click Apply. Table 33 Configuration items Item Description SNMP Specify to enable or disable SNMP agent. Configure the local engine ID. Validity of a user depends on the engine ID of the SNMP agent. If the engine ID Local Engine ID when the user is created is not identical to the current engine ID, the user is invalid.
Page 140: Configuring An Snmp View
Configuring an SNMP view Perform the tasks in this section to configure an SNMP view. Creating an SNMP view Select Device > SNMP from the navigation tree. Click the View tab. The View tab appears. Figure 108 View tab Click Add. The Add View window appears.
Page 141: Adding Rules To An Snmp View
Figure 110 Creating an SNMP view (2) Configure the parameters as described in Table Click Add to add the rule into the list box at the lower part of the page. Repeat steps 6 and 7 to add more rules for the SNMP view. Click Apply.
Page 142: Configuring An Snmp Community
Figure 111 Adding rules to an SNMP view Configure the parameters as described in Table Click Apply. To modify a view, click the icon for the view on the View tab (see Figure 108). Configuring an SNMP community Select Device > SNMP from the navigation tree. Click the Community tab.
Page 143: Configuring An Snmp Group
Figure 113 Creating an SNMP Community Configure the SNMP community as described in Table Click Apply. Table 35 Configuration items Item Description Community Name Set the SNMP community name. Configure SNMP NMS access right: • Read only—The NMS can perform read-only operations to the MIB objects when Access Right it uses this community name to access the agent.
Page 144 Click Add. The Add SNMP Group page appears. Figure 115 Creating an SNMP group Configure SNMP group as described in Table Click Apply. Table 36 Configuration items Item Description Group Name Set the SNMP group name. Select the security level for the SNMP group: •...
Page 145: Configuring An Snmp User
Configuring an SNMP user Select Device > SNMP from the navigation tree. Click the User tab. The User tab appears. Figure 116 User tab Click Add. The Add SNMP User page appears. Figure 117 Creating an SNMP user Configure the SNMP user as described in Table Click Apply.
Page 146: Configuring The Snmp Trap Function
Table 37 Configuration items Item Description User Name Set the SNMP user name. Select the security level for the SNMP group. Available security levels are: • NoAuth/NoPriv—No authentication no privacy. Security Level • Auth/NoPriv—Authentication without privacy. • Auth/Priv—Authentication and privacy. Select an SNMP group to which the user belongs: •...
Page 147 Figure 118 Trap tab Select Enable SNMP Trap. Click Apply to enable the SNMP trap function. Click Add. The page for adding a target host of SNMP traps appears. Figure 119 Adding a target host of SNMP traps Configure the settings for the target host as described in Table Click Apply.
Page 148: Displaying Snmp Packet Statistics
Item Description Set UDP port number. IMPORTANT: UDP Port Default port number is 162, which is the SNMP-specified port used for receiving traps on the NMS. Generally (such as using IMC or MIB Browser as the NMS), you can use the default port number.
Page 149: Snmpv1/V2C Configuration Example
Select Device > SNMP from the navigation tree. The SNMP configuration page appears. Select the Enable option, and select the v1 and v2c options. Set Hewlett-Packard Development Company,L.P. as the contact person, and HP as the physical location. Click Apply.
Page 150 Enter public in the Community Name field, and select Read only from the Access Right list. Click Apply. Figure 123 Configuring an SNMP read-only community Configure a read and write community: Click Add on the Community tab page. The Add SNMP Community page appears. Enter private in the Community Name field, and select Read and write from the Access Right list.
Page 151 Figure 125 Enabling SNMP traps Configure a target host SNMP traps: Click Add on the Trap tab page. The page for adding a target host of SNMP traps appears. Type 1.1.1.2 in the following field, type public in the Security Name field, and select v1 from the Security Model list.
Page 152: Snmpv3 Configuration Example
Enable SNMP agent: Select Device > SNMP from the navigation tree. The SNMP configuration page appears. Select the Enable option, and select the v3 option. Set Hewlett-Packard Development Company,L.P. as the contact person, and HP as the physical location. Click Apply.
Page 153 Figure 128 Configuring the SNMP agent Configure an SNMP view: Click the View tab. Click Add. The page for creating an SNMP view appears. Type view1 in the View Name field. Click Apply. The page in Figure 130 appears. Select the Included option, type the MIB subtree OID interfaces, and click Add. Click Apply.
Page 154 Figure 130 Creating an SNMP view (2) Configure an SNMP group: Click the Group tab. Click Add. The page in Figure 131 appears. Type group1 in the Group Name field, select view1 from the Read View list, select view1 from the Write View list.
Page 155 Authentication Password and Confirm Authentication Password fields, select DES56 from the Privacy Mode list, and type prikey in the Privacy Password and Confirm Privacy Password fields. Click Apply. Figure 132 Creating an SNMP user Enable SNMP traps: Click the Trap tab. The Trap tab page appears.
Page 156 Configure a target host SNMP traps: Click Add on the Trap tab page. The page for adding a target host of SNMP traps appears. Type 1.1.1.2 in the following field, type user1 in the Security Name field, select v3 from the Security Model list, and select Auth/Priv from the Security Level list.
Page 157: Displaying Interface Statistics
Displaying interface statistics Overview The interface statistics module displays statistics about the packets received and sent through interfaces. Configuration procedure From the navigation tree, select Device > Interface Statistics to enter the interface statistics display page, as shown in Figure 135.
Page 158 Field Description OutErrors Number of invalid packets sent through the interface...
Page 159: Configuring Vlans
Configuring VLANs Overview Ethernet is a network technology based on the Carrier Sense Multiple Access/Collision Detect (CSMA/CD) mechanism. As the medium is shared, collisions and excessive broadcasts are common on an Ethernet. To address the issue, virtual LAN (VLAN) was introduced to break a LAN down into separate VLANs.
Page 160: Vlan Types
Figure 137 Traditional Ethernet frame format IEEE 802.1Q inserts a four-byte VLAN tag after the DA&SA field, as shown in Figure 138. Figure 138 Position and format of VLAN tag A VLAN tag comprises the following fields: tag protocol identifier (TPID), priority, canonical format indicator (CFI), and VLAN ID.
Page 161: Port-Based Vlan
Port-based VLAN Port-based VLANs group VLAN members by port. A port forwards traffic for a VLAN only after it is assigned to the VLAN. Port link type You can configure the link type of a port as access, trunk, or hybrid. The link types use the following VLAN tag handling methods: Access—An access port can forward packets from only one specific VLAN and send these packets •...
Page 162: Recommended Vlan Configuration Procedures
Actions Access Trunk Hybrid • Removes the tag and sends Sends the frame if its VLAN the frame if the frame carries is permitted on the port. The the PVID tag and the port frame is sent with the VLAN belongs to the PVID.
Page 163: Assigning A Trunk Port To A Vlan
Assigning a trunk port to a VLAN Step Remarks Required. Creating VLANs Create one or multiple VLANs. Optional. Configuring the link type of a port Configure the link type of the port as trunk. By default, the link type of a port is access. Configure the PVID of Required.
Page 164: Creating Vlans
Step Remarks Optional. Configure the link type of the port as hybrid. If you configure multiple untagged VLANs for a trunk Configuring the link type of a port port at the same time, the trunk port automatically becomes a hybrid port. By default, the link type of a port is access.
Page 165: Configuring The Link Type Of A Port
Figure 139 Creating VLANs Table 40 Configuration items Item Description VLAN IDs IDs of the VLANs to be created • ID—Select the ID of the VLAN whose description string is to be modified. Click the ID of the VLAN to be modified in the list in the middle of the page. Modify the description of the •...
Page 166: Setting The Pvid For A Port
Figure 140 Modifying ports You can also configure the link type of a port on the Setup tab of Device > Port Management. For more information, see "Managing ports." Setting the PVID for a port Select Network > VLAN from the navigation tree. Click the Modify Port tab.
Page 167: Selecting Vlans
Figure 141 Modifying the PVID for a port You can also configure the PVID of a port on the Setup tab of Device > Port Management. For more information, see "Managing ports." Selecting VLANs Select Network > VLAN from the navigation tree. The Select VLAN tab is displayed by default for you to select VLANs.
Page 168: Modifying A Vlan
Select the Display all VLANs option to display all VLANs or select the Display a subnet of all configured VLANs option to enter the VLAN IDs to be displayed. Click Select. Modifying a VLAN Select Network > VLAN from the navigation tree. Click Modify VLAN to enter the page for modifying a VLAN.
Page 169: Modifying Ports
Item Description Set the member type of the port to be modified in the VLAN: • Untagged—Configure the port to send the traffic of the VLAN after removing the VLAN tag. Select membership type • Tagged—Configure the port to send the traffic of the VLAN without removing the VLAN tag.
Page 170: Vlan Configuration Example
Table 42 Configuration items Item Description Select Ports Select the ports to be modified. Set the member types of the selected ports to be modified in the specified VLANs: • Untagged—Configure the ports to send the traffic of the VLANs after removing the VLAN Select tags.
Page 171 Figure 146 Configuring GigabitEthernet 1/0/1 as a trunk port and its PVID as 100 Create VLAN 2, VLAN 6 through VLAN 50, and VLAN 100: Select Network > VLAN from the navigation tree. Click Create to enter the page for creating VLANs. Enter VLAN IDs 2, 6-50, 100.
Page 172 Figure 147 Creating VLAN 2, VLAN 6 through VLAN 50, and VLAN 100 Assign GigabitEthernet 1/0/1 to VLAN 100 as an untagged member: Click Select VLAN to enter the page for selecting VLANs. Select the option before Display a subnet of all configured VLANs and enter 1-100 in the field. Click Select.
Page 173 A configuration progress dialog box appears. After the configuration process is complete, click Close. Figure 149 Assigning GigabitEthernet 1/0/1 to VLAN 100 as an untagged member Assign GigabitEthernet 1/0/1 to VLAN 2, and VLAN 6 through VLAN 50 as a tagged member: Click Modify Port to enter the page for modifying the VLANs to which a port belongs.
Page 174: Configuring Switch B
Figure 150 Assigning GigabitEthernet 1/0/1 to VLAN 2 and to VLANs 6 through 50 as a tagged member Configuring Switch B Configure Switch B in the same way Switch A is configured. Configuration guidelines Follow these guidelines when you configure VLANs: •...
Page 175: Configuring Vlan Interfaces
Configuring VLAN interfaces Overview For hosts of different VLANs to communicate at Layer 3, you can use VLAN interfaces. VLAN interfaces are virtual interfaces used for Layer 3 communication between different VLANs. They do not exist as physical entities on devices. For each VLAN, you can create one VLAN interface. You can assign the VLAN interface an IP address and specify the IP address as the gateway address for the devices in the VLAN, so that traffic can be routed to other IP subnets.
Page 176 Figure 151 Creating a VLAN interface Configure the VLAN interface as described in Table Click Apply. Table 43 Configuration items Item Description Enter the ID of the VLAN interface to be created. Before creating a VLAN interface, Input a VLAN ID: make sure that the corresponding VLAN exists.
Page 177: Modifying A Vlan Interface
Item Description Configure the way in which the VLAN interface obtains an IPv6 Auto link-local address. These items Select the Auto or Manual option: are available • Auto—The device automatically assigns a link-local address for Configure after you the VLAN interface based on the link-local address prefix IPv6 Link select the Manual...
Page 178 Table 44 Configuration items Item Description Select the VLAN interface to be configured. Select VLAN Interface The VLAN interfaces available for selection in the list are those created on the page for creating VLAN interfaces. DHCP Configure the way in which the VLAN interface gets an IPv4 address. Allow the VLAN interface to obtain an IP address automatically by selecting the DHCP BOOTP or BOOTP option, or manually assign the VLAN interface an IP address by selecting...
Page 179: Configuration Guidelines
Item Description Auto Configure the way in which the VLAN interface obtains an IPv6 link-local address. Select the Auto or Manual option: • Auto—The device automatically assigns a link-local address for the VLAN interface according to the link-local address prefix (FE80::/64) and the link-layer address of Manual the VLAN interface.
Page 180 For IPv6 link-local address configuration, manual assignment takes precedence over automatic • generation. If you first adopt the manual assignment and then the automatic generation, the automatically generated link-local address will not take effect and the link-local address of the interface is still the manually assigned one.
Page 181: Configuring A Voice Vlan
Configuring a voice VLAN Overview The voice technology is developing quickly, and more and more voice devices are in use. In broadband communities, data traffic and voice traffic are usually transmitted in the network at the same time. Usually, voice traffic needs higher priority than data traffic to reduce the transmission delay and packet loss ratio. A voice VLAN is configured for voice traffic.
Page 182: Voice Vlan Assignment Modes
Voice VLAN assignment modes A port connected to a voice device, an IP phone for example, can be assigned to a voice VLAN in one of the following modes: • Automatic mode—The system matches the source MAC addresses in the protocol packets (untagged packets) sent by the IP phone upon its power-on against the OUI list.
Page 183: Security Mode And Normal Mode Of Voice Vlans
IP phones send tagged voice traffic • Table 46 Required configurations on ports of different link types for them to support tagged voice traffic Voice VLAN assignment mode Port link type supported for tagged voice Configuration requirements traffic Access In automatic mode, the PVID of the port cannot be the voice VLAN.
Page 184: Recommended Voice Vlan Configuration Procedure
Normal mode—In this mode, both voice packets and non-voice packets are allowed to pass • through a voice VLAN-enabled inbound port. When receiving a voice packet, the port forwards it without checking its source MAC address against the OUI addresses configured for the device. If the PVID of the port is the voice VLAN and the port operates in manual VLAN assignment mode, the port forwards all received untagged packets in the voice VLAN.
Page 185: Configuring Voice Vlan Globally
Recommended configuration procedure for a port in automatic voice VLAN assignment mode Step Remarks (Optional.) Configuring voice VLAN globally Configure the voice VLAN to operate in security mode and configure the aging timer (Required.) Configure the voice VLAN assignment mode of a port as automatic Configuring voice VLAN on ports and enable the voice VLAN function on the port.
Page 186: Configuring Voice Vlan On Ports
Click the Setup tab. Figure 155 Configuring voice VLAN Configure the global voice VLAN settings as described in Table Click Apply. Table 49 Configuration items Item Description Select Enable or Disable in the list to enable or disable the voice VLAN security mode.
Page 187: Adding Oui Addresses To The Oui List
Configure the voice VLAN function for ports as described in Table Click Apply. Table 50 Configuration items Item Description Set the voice VLAN assignment mode of a port to: • Voice VLAN port mode Auto—Automatic voice VLAN assignment mode • Manual—Manual voice VLAN assignment mode Select Enable or Disable in the list to enable or disable the voice VLAN function Voice VLAN port state...
Page 188: Voice Vlan Configuration Examples
Click Apply. Table 51 Configuration items Item Description OUI Address Set the source MAC address of voice traffic. Mask Set the mask length of the source MAC address. Description Set the description of the OUI address entry. Voice VLAN configuration examples Configuring voice VLAN on a port in automatic voice VLAN assignment mode Network requirements...
Page 189 Figure 159 Creating VLAN 2 Configure GigabitEthernet 1/0/1 as a hybrid port: Select Device > Port Management from the navigation tree. Click the Setup tab. Select Hybrid from the Link Type list. Select GigabitEthernet 1/0/1 from the chassis front panel. Click Apply.
Page 190 Figure 160 Configuring GigabitEthernet 1/0/1 as a hybrid port Configure the voice VLAN function globally: Select Network > Voice VLAN from the navigation tree. Click the Setup tab. Select Enable in the Voice VLAN security list. Set the voice VLAN aging timer to 30 minutes. Click Apply.
Page 191 Select Enable in the Voice VLAN port state list. Enter voice VLAN ID 2. Select GigabitEthernet 1/0/1 on the chassis front panel. Click Apply. Figure 162 Configuring voice VLAN on GigabitEthernet 1/0/1 Add OUI addresses to the OUI list: Click the OUI Add tab. Enter OUI address 0011-2200-0000.
Page 192: Configuring A Voice Vlan On A Port In Manual Voice Vlan Assignment Mode
Verifying the configuration When the preceding configurations are completed, the OUI Summary tab is displayed by default, as shown in Figure 164. You can view the information about the newly-added OUI address. Figure 164 Displaying the current OUI list of the device Click the Summary tab, where you can view the current voice VLAN information.
Page 193 The IP phone connected to hybrid port GigabitEthernet 1/0/1 sends untagged voice traffic. • • GigabitEthernet 1/0/1 operates in manual voice VLAN assignment mode and allows voice packets whose source MAC addresses match the OUI addresses specified by OUI address 001 1-2200-0000 and mask ffff-ff00-0000 to pass through.
Page 194 Click the Setup tab. Select Hybrid from the Link Type list. Select the PVID box and enter 2 in the field. Select GigabitEthernet 1/0/1 from the chassis front panel. Click Apply. Figure 168 Configuring GigabitEthernet 1/0/1 as a hybrid port Assign GigabitEthernet 1/0/1 to VLAN 2 as an untagged member: Select Network >...
Page 195 Figure 169 Assigning GigabitEthernet 1/0/1 to VLAN 2 as an untagged member Configure voice VLAN on GigabitEthernet 1/0/1: Select Network > Voice VLAN from the navigation tree. Click the Port Setup tab. Select Manual in the Voice VLAN port mode list. Select Enable in the Voice VLAN port state list.
Page 196 Figure 170 Configuring voice VLAN on GigabitEthernet 1/0/1 Add OUI addresses to the OUI list: Click the OUI Add tab. Enter OUI address 0011-2200-0000. Select FFFF-FF00-0000 as the mask. Enter description string test. Click Apply. Figure 171 Adding OUI addresses to the OUI list Verifying the configuration When the preceding configurations are complete, the OUI Summary tab is displayed by default, as shown in...
Page 197: Configuration Guidelines
Figure 172 Displaying the current OUI list of the device Click the Summary tab, where you can view the current voice VLAN information. Figure 173 Displaying the current voice VLAN information Configuration guidelines When you configure the voice VLAN function, follow these guidelines: •...
Page 198: Configuring Mac Address Tables
Configuring MAC address tables MAC address configurations related to interfaces apply only to Layer 2 Ethernet interfaces. This document covers only the management of unicast MAC address entries, including static, dynamic, and blackhole MAC address entries. Overview To reduce single-destination packet floodings in a switched LAN, an Ethernet device uses a MAC address table to forward frames.
Page 199: Types Of Mac Address Table Entries
Types of MAC address table entries A MAC address table can contain the following types of entries: • Static entries—Manually added and never age out. Dynamic entries—Manually added or dynamically learned, and might age out. • Blackhole entries—Manually configured and never age out. Blackhole entries are configured for •...
Page 200: Setting The Aging Time Of Mac Address Entries
Figure 175 Creating a MAC address entry Configure a MAC address entry as described in Table Click Apply. Table 52 Configuration items Item Description Set the MAC address to be added. Set the type of the MAC address entry: • Static—Static MAC address entries that never age out.
Page 201: Mac Address Configuration Example
Figure 176 Setting the aging time for MAC address entries Configure the aging time for MAC address entries as described in Table Click Apply. Table 53 Configuration items Item Description No-aging Specify that the MAC address entry never ages out. Aging time Set the aging time for the MAC address entry MAC address configuration example...
Page 202 Figure 177 Creating a static MAC address entry...
Page 203: Configuring Mstp
Configuring MSTP As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blocking redundant links in a network, and in the mean time, allows for link redundancy. Like many other protocols, STP evolves as the network grows. The later versions of STP are Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP).
Page 204: How Stp Works
Root port On a non-root bridge, the port nearest to the root bridge is the root port. The root port communicates with the root bridge. Each non-root bridge has only one root port. The root bridge has no root port. Designated bridge and designated port Classification Designated bridge...
Page 205 Root bridge ID—Consisting of the priority and MAC address of the root bridge. • • Root path cost—Cost of the path to the root bridge. Designated bridge ID—Consisting of the priority and MAC address of the designated bridge. • Designated port ID—Designated port priority plus port name. •...
Page 206 Step Description The device compares the calculated configuration BPDU with the configuration BPDU on the port of which the port role is to be defined, and acts depending on the comparison result: • If the calculated configuration BPDU is superior, the device considers this port as the designated port, and replaces the configuration BPDU on the port with the calculated configuration BPDU, which will be sent out periodically.
Page 207 Figure 179 STP network As shown in Figure 179, the priority values of Device A, Device B, and Device C are 0, 1, and 2, and the path costs of links among the three devices are 5, 10 and 4, respectively. The spanning tree calculation process is as follows: Device state initialization.
Page 208 Table 57 Comparison process and result on each device Configuration BPDU on Device Comparison process ports after comparison • Port AP1 receives the configuration BPDU of Device B {1, 0, 1, BP1}. Device A finds that the configuration BPDU of the local port {0, 0, 0, AP1} is superior to the received configuration BPDU, and it discards the received configuration BPDU.
Page 209 Configuration BPDU on Device Comparison process ports after comparison After comparison: • The configuration BPDU of CP1 is elected as the optimum configuration BPDU, so CP1 is identified as the root port, the • Root port CP1: configuration BPDUs of which will not be changed. {0, 0, 0, AP2} •...
Page 210: Rstp
STP configuration BPDU forwarding mechanism The configuration BPDUs of STP are forwarded according to these guidelines: • Upon network initiation, every device regards itself as the root bridge, generates configuration BPDUs with itself as the root, and sends the configuration BPDUs at a regular hello interval. If the root port received a configuration BPDU and the received configuration BPDU is superior to •...
Page 211: Mstp
MSTP MSTP overcomes the following STP and RSTP limitations: • STP limitations—STP does not support rapid state transition of ports. A newly elected port must wait twice the forward delay time before it transits to the forwarding state, even if it connects to a point-to-point link or is an edge port.
Page 212 Figure 181 Basic concepts in MSTP Figure 182 Network diagram and topology of MST region 3 MST region A multiple spanning tree region (MST region) consists of multiple devices in a switched network and the network segments among them. All these devices have the following characteristics: A spanning tree protocol enabled.
Page 213 Same VLAN-to-instance mapping configuration. • • Same MSTP revision level. Physically linked together. • Multiple MST regions can exist in a switched network. You can assign multiple devices to the same MST region. In Figure 181, the switched network comprises four MST regions, MST region 1 through MST region 4, and all devices in each MST region have the same MST region configuration.
Page 214 Port roles A port can play different roles in different MSTIs. As shown in Figure 183, an MST region has Device A, Device B, Device C, and Device D. Port A1 and port A2 of Device A connect to the common root bridge. Port B2 and Port B3 of Device B form a loop.
Page 215: How Mstp Works
Forwarding—The port receives and sends BPDUs, learns MAC addresses, and forwards user • traffic. Learning—The port receives and sends BPDUs, learns MAC addresses, but does not forward user • traffic. Learning is an intermediate port state. Discarding—The port receives and sends BPDUs, but does not learn MAC addresses or forward •...
Page 216: Mstp Implementation On Devices
MSTP implementation on devices MSTP is compatible with STP and RSTP. STP and RSTP protocol packets can be recognized by devices running MSTP and used for spanning tree calculation. In addition to basic MSTP functions, the device provides the following functions for ease of management: Root bridge hold •...
Page 217: Configuring An Mst Region
Step Remarks Required. Enable STP globally and configure MSTP parameters. Configuring MSTP globally By default, STP is disabled globally. All MSTP parameters have default values. Optional. Configuring MSTP on a Enable MSTP on a port and configure MSTP parameters. port By default, MSTP is enabled on a port, and all MSTP parameters adopt the default values.
Page 218: Configuring Mstp Globally
Figure 185 Configuring an MST region Configure the MST region information as described in Table 59, and click Apply. Table 59 Configuration items Item Description MST region name. Region Name By default, the MST region name is the bridge MAC address of the device.
Page 219 Figure 186 Configuring MSTP globally Configure the global MSTP configuration as described in Table 60, and then click Apply. Table 60 Configuration items Item Description Select whether to enable STP globally. Enable STP Globally Other MSTP configurations take effect only after you enable STP globally. Select whether to enable BPDU guard.
Page 220 Item Description Set the operating mode of STP: • STP—Each port on a device sends out STP BPDUs. • RSTP—Each port on a device sends out RSTP BPDUs, and automatically migrates to STP-compatible mode when detecting that it is connected with a Mode device running STP.
Page 221: Configuring Mstp On A Port
Item Description Select whether to enable TC-BPDU guard. When receiving topology change (TC) BPDUs, the device flushes its forwarding address entries. If someone forges TC-BPDUs to attack the device, the device will receive a large number of TC-BPDUs within a short time and frequently flushes its forwarding address entries.
Page 222 Item Description Set the type of protection to be enabled on the port: • Protection Not Set—No protection is enabled on the port. • Edged Port, Root Protection, Loop Protection—For more information, see Table Set the priority and path cost of the port in the current MSTI. •...
Page 223: Displaying Mstp Information Of A Port
Table 62 Protection types Protection type Description Set the port as an edge port. Some ports of access layer devices are directly connected to PCs or file servers, which cannot generate BPDUs. You can set these ports as edge ports to achieve Edged Port fast transition for these ports.
Page 224 Figure 188 The port summary tab Table 63 Field description Field Description The port is in forwarding state, so the port learns MAC addresses and [FORWARDING] forwards user traffic. The port is in learning state, so the port learns MAC addresses but does not [LEARNING] forward user traffic.
Page 225: Mstp Configuration Example
Field Description Whether the port is connected to a point-to-point link: • Point-to-point Config—The configured value. • Active—The actual value. Transmit Limit Maximum number of packets sent within each Hello time. Protection type on the port,: • Root—Root guard • Protection Type Loop—Loop guard •...
Page 226: Configuration Procedure
All devices on the network are in the same MST region. • • Packets of VLAN 10, VLAN 20, VLAN 30, and VLAN 40 are forwarded along MSTI 1, MSTI 2, MSTI 3, and MSTI 0, respectively. Switch A and Switch B operate at the distribution layer; Switch C and Switch D operate at the •...
Page 227 Select Manual. Select 1 from the Instance ID list. Set the VLAN ID to 10. Click Apply. The system maps VLAN 10 to MSTI 1 and adds the VLAN-to-instance mapping entry to the VLAN-to-instance mapping list. Repeat the preceding three steps to map VLAN 20 to MSTI 2 and VLAN 30 to MSTI 3 and add the VLAN-to-instance mapping entries to the VLAN-to-instance mapping list.
Page 228 Figure 192 Configuring MSTP globally (on Switch A) Configuring Switch B Configure an MST region on the switch in the same way the MST region is configured on Switch Configure MSTP globally: From the navigation tree, select Network > MSTP. Click the Global tab.
Page 229 Configuring Switch C Configure an MST region on the switch in the same way the MST region is configured on Switch Configure MSTP globally: From the navigation tree, select Network > MSTP. Click Global. Select Enable from the Enable STP Globally list. Select MSTP from the Mode list.
Page 230 Figure 193 Configuring MSTP globally (on Switch D)
Page 231: Configuring Link Aggregation And Lacp
Configuring link aggregation and LACP Overview Ethernet link aggregation bundles multiple physical Ethernet links into one logical link, called an aggregate link. Link aggregation has the following benefits: • Increased bandwidth beyond the limits of any single link. In an aggregate link, traffic is distributed across the member ports.
Page 232: Link Aggregation Modes
Configuration classes Port configurations include the following classes: • Class-two configurations—A member port can be placed in Selected state only if it has the same class-two configurations as the aggregate interface. Table 64 Class-two configurations Type Considerations Whether a port has joined an isolation group, and the isolation group that the port Port isolation belongs to Permitted VLAN IDs, port VLAN ID (PVID), link type (trunk, hybrid, or access), IP...
Page 233 exceeded, place the candidate selected ports with smaller port numbers in the Selected state and those with greater port numbers in the Unselected state. Place the member ports in the Unselected state if all the member ports are down. Place the ports that cannot aggregate with the reference port in the Unselected state, for example, as a result of the inter-board aggregation restriction.
Page 234: Configuration Procedures
Configuration procedures Configuring a static aggregation group Step Remarks Create a static aggregate interface and configure member ports for the static aggregation group. Creating a link aggregation group By default, no link aggregation group exists. (Optional.) Displaying aggregate Display detailed information of an existing aggregation interface group.
Page 235: Displaying Aggregate Interface Information
Figure 194 Create a link aggregation group Configure a link aggregation group. Click Apply. Table 65 Configuration items Item Description Assign an ID to the link aggregation group to be created. Enter Link Aggregation Interface ID You can view the result in the Summary area at the bottom of the page. Set the type of the link aggregation interface to be created: •...
Page 236 Choose an aggregate interface from the list. The list on the lower part of the page displays the detailed information about the member ports of the link aggregation group. Figure 195 Displaying information of an aggregate interface Table 66 Field description Field Description Type and ID of the aggregate interface.
Page 237: Setting Lacp Priority
Setting LACP priority From the navigation tree, select Network > LACP. Click Setup to enter the page shown in Figure 196. Figure 196 The Setup tab In the Set LACP enabled port(s) parameters area, set the port priority, and select the ports in the chassis front panel.
Page 238 Detailed information about the peer port will be displayed on the lower part of the page. Table 69 describes the fields. Figure 197 Displaying the information of LACP-enabled ports Table 68 Field description Field Description Unit ID of a device in an IRF. Port Port where LACP is enabled.
Page 239: Link Aggregation And Lacp Configuration Example
Field Description States of the peer port: • A—LACP is enabled. • B—LACP short timeout. If B does not appear, it indicates LACP long timeout. • C—The sending system considers the link is aggregatable. • Partner Port State D—The sending system considers the link is synchronized. •...
Page 240 Enter link aggregation interface ID 1. Select the Static (LACP Disabled) option for the aggregate interface type. Select GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 on the chassis front panel. Click Apply. Figure 199 Creating static link aggregation group 1 Method 2: Create dynamic link aggregation group 1 From the navigation tree, select Network >...
Page 241: Configuration Guidelines
Figure 200 Creating dynamic link aggregation group 1 Configuration guidelines When you configure a link aggregation group, follow these guidelines: In an aggregation group, t a Selected port must have the same port attributes and class-two • configurations as the reference port. To keep these configurations consistent, you should configure the port manually.
Page 242 aggregation, make sure that the peer ports of the ports aggregated at one end are also aggregated. The two ends can automatically negotiate the aggregation state of each member port. Removing a Layer 2 aggregate interface also removes its aggregation group and causes all •...
Page 243: Configuring Lldp
Configuring LLDP Overview In a heterogeneous network, a standard configuration exchange platform ensures that different types of network devices from different vendors can discover one another and exchange configuration for the sake of interoperability and management. The Link Layer Discovery Protocol (LLDP) is specified in IEEE 802.1AB. The protocol operates on the data link layer to exchange device information between directly connected devices.
Page 244 Field Description Data LLDP data. Frame check sequence, a 32-bit CRC value used to determine the validity of the received Ethernet frame. LLDPDUs encapsulated in SNAP Figure 202 LLDPDU encapsulated in SNAP Table 71 Description of the fields in a SNAP-encapsulated LLDPDU Field Description MAC address to which the LLDPDU is advertised.
Page 245 LLDPDU TLVs include the following categories: basic management TLVs, organizationally (IEEE 802.1 and IEEE 802.3) specific TLVs, and LLDP-MED (media endpoint discovery) TLVs. Basic management TLVs are essential to device management. Organizationally specific TLVs and LLDP-MED TLVs are used for enhanced device management;...
Page 246 NOTE: HP devices only support receiving protocol identity TLVs. • Layer 3 Ethernet interfaces do not support IEEE 802.1 organizationally specific TLVs. • IEEE 802.3 organizationally specific TLVs Table 74 IEEE 802.3 organizationally specific TLVs Type Description Contains the rate and duplex capabilities of the sending port, support for MAC/PHY auto negotiation, enabling status of auto negotiation, and the current rate Configuration/Status...
Page 247: Operating Modes Of Lldp
Type Description Software Revision Allows a terminal device to advertise its software version. Serial Number Allows a terminal device to advertise its serial number. Manufacturer Name Allows a terminal device to advertise its vendor name. Model Name Allows a terminal device to advertise its model name. Allows a terminal device to advertise its asset ID.
Page 248: Compatibility Of Lldp With Cdp
The LLDP operating mode of the port changes from Disable/Rx to TxRx or Tx. • This is the fast sending mechanism of LLDP. With this mechanism, a specific number of LLDPDUs are sent successively at the 1-second interval to help LLDP neighbors discover the local device as soon as possible. Then, the normal LLDPDU transit interval resumes.
Page 249: Enabling Lldp On Ports
Step Remarks (Optional.) LLDP settings include LLDP operating mode, packet encapsulation, CDP compatibility, device information polling, trapping, and advertisable TLVs. The default settings are as follows: Setting LLDP parameters on ports • The LLDP operating mode is TxRx. • The encapsulation format is Ethernet II. •...
Page 250: Setting Lldp Parameters On Ports
Figure 204 The Port Setup tab Setting LLDP parameters on ports The web interface allows you to set LLDP parameters for a single port and set LLDP parameters for multiple ports in batch. Setting LLDP parameters for a single port Select Network >...
Page 251 Figure 205 Modifying LLDP settings on a port Modify the LLDP parameters for the port as described in Table Click Apply. A progress dialog box appears. Click Close on the progress dialog box when the progress dialog box prompts that the configuration succeeds.
Page 252 Item Description Set the LLDP operating mode on the port or ports you are configuring. Available options include: • TxRx—Sends and receives LLDPDUs. LLDP Operating Mode • Tx—Sends but not receives LLDPDUs. • Rx—Receives but not sends LLDPDUs. • Disable—Neither sends nor receives LLDPDUs. Set the encapsulation for LLDPDUs.
Page 253: Setting Lldp Parameters For Ports In Batch
Item Description Port VLAN ID Select to include the PVID TLV in transmitted LLDPDUs. Select to include port and protocol VLAN ID TLVs in transmitted LLDPDUs and specify the VLAN IDs to be advertised. Protocol VLAN ID DOT1 TLV If no VLAN is specified, the lowest protocol VLAN ID is transmitted. Setting Select to include VLAN name TLVs in transmitted LLDPDUs and specify the VLAN IDs to be advertised.
Page 254: Configuring Lldp Globally
Click Modify Selected to enter the page for modifying these ports in batch. Figure 206 Modifying LLDP settings on ports in batch Set the LLDP settings for these ports as described in Table Click Apply. A progress dialog box appears. Click Close on the progress dialog box when the progress dialog box prompts that the configuration succeeds.
Page 255 Figure 207 The Global Setup tab Set the global LLDP setup as described in Table Click Apply. A progress dialog box appears. Click Close on the progress dialog box when the progress dialog box prompts that the configuration succeeds. Table 77 Configuration items Item Description LLDP Enable...
Page 256: Displaying Lldp Information For A Port
Item Description Set the TTL multiplier. The TTL TLV carried in an LLDPDU determines how long the device information carried in the LLDPDU can be saved on a recipient device. You can configure the TTL of locally sent LLDPDUs to determine how long information about the local device can be saved on a neighbor device by setting the TTL multiplier.
Page 257 By default, the Local Information tab is displayed, as shown in Figure 208. Table 78 describes the fields. Figure 208 The Local Information tab Table 78 Field description Field Description Port ID representation: • Interface alias. • Port component. • MAC address.
Page 258 Field Description Power supply priority on a PSE: • Unknown—Unknown priority • Power priority Critical—Priority 1. • High—Priority 2. • Low—Priority 3. Media policy type: • Unknown. • Voice. • Voice signaling. • Guest voice. Media policy type • Guest voice signaling. •...
Page 259 Table 79 Field description Field Description Chassis ID representation: • Chassis component. • Interface alias. • Port component. Chassis type • MAC address. • Network address. • Interface name. • Locally assigned—Locally-defined chassis type other than those listed above. Port ID representation: •...
Page 260 Field Description Power supply priority on a PD: • Unknown—Unknown priority. • Power priority Critical—Priority 1. • High—Priority 2. • Low—Priority 3. PD requested power value Power (in watts) required by the PD that connects to the port. PSE allocated power value Power (in watts) supplied by the PSE to the connecting port.
Page 261 Field Description SerialNum The serial number advertised by the neighbor. Manufacturer name The manufacturer name advertised by the neighbor. Model name The model name advertised by the neighbor. Asset ID advertised by the neighbor. This ID is used for the purpose of Asset tracking identifier inventory management and asset tracking.
Page 262: Displaying Global Lldp Information
Figure 211 The Status Information tab Displaying global LLDP information Select Network > LLDP from the navigation tree. Click the Global Summary tab to display global local LLDP information and statistics, as shown Figure 212. Table 80 describes the fields. Figure 212 The Global Summary tab...
Page 263: Displaying Lldp Information Received From Lldp Neighbors
Table 80 Field description Field Description Chassis ID The local chassis ID depending on the chassis type defined. The primary network function advertised by the local device: • Repeater. System capabilities supported • Bridge. • Router. The enabled network function advertised by the local device: •...
Page 264: Lldp Configuration Examples
Figure 213 The Neighbor Summary tab LLDP configuration examples LLDP basic settings configuration example Network requirements As shown in Figure 214, configure LLDP on Switch A and Switch B so that the network management station (NMS) can determine the status of the link between Switch A and MED and the link between Switch A and Switch B.
Page 265 Select port GigabitEthernet1/0/1 and GigabitEthernet1/0/2. Click Modify Selected. The page shown in Figure 216 appears. Figure 215 The Port Setup tab Select Rx from the LLDP Operating Mode list. Click Apply. A progress dialog box appears. Click Close on the progress dialog box when the progress dialog box prompts that the configuration succeeds.
Page 266 Figure 216 Setting LLDP on multiple ports Enable global LLDP: Click the Global Setup tab. Select Enable from the LLDP Enable list. Click Apply. A progress dialog box appears. Click Close on the progress dialog box when the progress dialog box prompts that the configuration succeeds.
Page 267 Configuring Switch B Enable LLDP on port GigabitEthernet 1/0/1. (Optional. By default, LLDP is enabled on Ethernet ports.) Set the LLDP operating mode to Tx on GigabitEthernet 1/0/1: Select Network > LLDP from the navigation tree. By default, the Port Setup tab is displayed. Click the icon for port GigabitEthernet1/0/1.
Page 268 By default, the Port Setup tab is displayed. Click the GigabitEthernet1/0/1 port name in the port list. Click the Status Information tab at the lower half of the page. The output shows that port GigabitEthernet 1/0/1 is connected to an MED neighbor device. Figure 219 Viewing the status of port GigabitEthernet 1/0/1 Display the status information of port GigabitEthernet1/0/2 on Switch A: Click the GigabitEthernet1/0/2 port name in the port list.
Page 269: Cdp-Compatible Lldp Configuration Example
Figure 221 Viewing the updated port status information CDP-compatible LLDP configuration example Network requirements As shown in Figure 222, on Switch A, configure VLAN 2 as a voice VLAN and configure CDP-compatible LLDP to enable the Cisco IP phones to automatically configure the voice VLAN, confining their voice traffic within the voice VLAN to be separate from other types of traffic.
Page 270 Figure 223 Creating VLANs Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as trunk ports: Select Device > Port Management from the navigation tree. Click the Setup tab to enter the page for configuring ports. Select Trunk in the Link Type list. Select port GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 from the chassis front panel.
Page 271 Figure 224 Configuring ports Configure the voice VLAN function on the two ports: Select Network > Voice VLAN from the navigation tree. Click the Port Setup tab to enter the page for configuring the voice VLAN function on ports. Select Auto in the Voice VLAN port mode list, select Enable in the Voice VLAN port state list, enter the voice VLAN ID 2, and select port GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 from the chassis front panel.
Page 272 Figure 225 Configuring the voice VLAN function on ports Enable LLDP on ports GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2. Skip this step if LLDP is enabled (the default). Set both the LLDP operating mode and the CDP operating mode to TxRx on ports GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2: Select Network >...
Page 273 Figure 226 Selecting ports Select TxRx from the LLDP Operating Mode list, and select TxRx from the CDP Operating Mode list. Click Apply. A progress dialog box appears. Click Close on the progress dialog box when the progress dialog box prompts that the configuration succeeds.
Page 274 Figure 227 Modifying LLDP settings on ports Enable global LLDP and CDP compatibility of LLDP: Click the Global Setup tab. Select Enable from the LLDP Enable list. Select Enable from the CDP Compatibility list. Click Apply. A progress dialog box appears. Click Close on the progress dialog box when the progress dialog box prompts that the configuration succeeds.
Page 275: Lldp Configuration Guidelines
Figure 228 Enabling global LLDP and CDP compatibility Verifying the configuration Display information about LLDP neighbors on Switch A after completing the configuration. You can see that Switch A has discovered the Cisco IP phones attached to ports GigabitEthernet1/0/1 and GigabitEthernet1/0/2 and obtained their device information.
Page 276: Configuring Arp
Configuring ARP This chapter describes how to configure the Address Resolution Protocol (ARP). Overview ARP resolves IP addresses into MAC addresses on Ethernet networks. ARP message format ARP messages are classified into ARP requests and ARP replies. Figure 229 shows the format of the ARP request/reply messages.
Page 277: Arp Table
Host A looks in its ARP table to see whether there is an ARP entry for Host B. If yes, Host A uses the MAC address in the entry to encapsulate the IP packet into a data link layer frame. Then Host A sends the frame to Host B.
Page 278: Gratuitous Arp
Dynamic ARP entry ARP automatically creates and updates dynamic entries. A dynamic ARP entry is removed when its aging timer expires or the output interface goes down. In addition, a dynamic ARP entry can be overwritten by a static ARP entry. Static ARP entry A static ARP entry is manually configured and maintained.
Page 279: Creating A Static Arp Entry
Figure 231 ARP table configuration page Creating a static ARP entry From the navigation tree, select Network > ARP Management. The ARP Table page appears, as shown in Figure 231. Click Add. The New Static ARP Entry page appears. Figure 232 Adding a static ARP entry...
Page 280: Removing Arp Entries
Configure the static ARP entry as described in Table Click Apply. Table 81 Configuration items Item Description IP Address Enter an IP address for the static ARP entry. MAC Address Enter a MAC address for the static ARP entry. Enter a VLAN ID and specify a port for the static ARP entry. VLAN ID Advanced IMPORTANT:...
Page 281: Static Arp Configuration Example
Item Description Enable the device to send gratuitous ARP packets upon receiving ARP Send gratuitous ARP packets when requests from another network segment. receiving ARP requests from another By default, the device does not send gratuitous ARP packets upon network segment receiving ARP requests from another network segment.
Page 282 Figure 235 Creating VLAN 100 Add GigabitEthernet 1/0/1 to VLAN 100: Click the Modify Port tab Select interface GigabitEthernet 1/0/1 in the Select Ports area. Select the Untagged option in the Select membership type area. Enter 100 for VLAN Ids. Click Apply.
Page 283 Figure 236 Adding GigabitEthernet 1/0/1 to VLAN 100 Create VLAN-interface 100: From the navigation tree, select Network > VLAN Interface. Click the Create tab. Enter 100 for VLAN ID. Select the Configure Primary IPv4 Address box. Select the Manual option. Enter 192.168.1.2 for IPv4 Address, and enter 24 or 255.255.255.0 for Mask Length.
Page 284 Figure 237 Creating VLAN-interface 100 Create a static ARP entry: From the navigation tree, select Network > ARP Management. The ARP Table page appears. Click Add. Enter 192.168.1.1 for IP Address, enter 00e0-fc01-0000 for MAC Address. Select the Advanced Options box. Enter 100 for VLAN ID.
Page 285: Configuring Arp Attack Protection
Configuring ARP attack protection Overview Although ARP is easy to implement, it provides no security mechanism and thus is vulnerable to network attacks. The ARP detection feature enables access devices to block ARP packets from unauthorized clients to prevent user spoofing and gateway spoofing attacks. ARP detection provides user validity check and ARP packet validity check.
Page 286 Figure 239 ARP detection configuration page Configure ARP detection as described in Table Click Apply. Table 83 Configuration items Item Description Select VLANs on which ARP detection is to be enabled. To add VLANs to the Enabled VLANs list, select one or multiple VLANs from the Disabled VLAN Settings VLANs list and click the <<...
Page 287: Configuring Igmp Snooping
Configuring IGMP snooping Overview IGMP snooping runs on a Layer 2 switch as a multicast constraining mechanism to improve multicast forwarding efficiency. It creates Layer 2 multicast forwarding entries from IGMP packets that are exchanged between the hosts and the router. As shown in Figure 240, when IGMP snooping is not enabled, the Layer 2 switch floods multicast packets...
Page 288 Figure 241 IGMP snooping related ports The following describes the ports involved in IGMP snooping: Router port—Layer 3 multicast device-side port. Layer 3 multicast devices include designated • routers and IGMP queriers. In Figure 241, GigabitEthernet 1/0/1 of Switch A and GigabitEthernet 1/0/1 of Switch B are router ports.
Page 289: How Igmp Snooping Works
NOTE: In IGMP snooping, only dynamic ports age out. Static ports never age out. How IGMP snooping works The ports in this section are dynamic ports. IGMP messages include general query, IGMP report, and leave message. An IGMP snooping-enabled switch performs differently depending on the message. General query The IGMP querier periodically sends IGMP general queries to all hosts and routers identified by the address 224.0.0.1 on the local subnet to determine whether any active multicast group members exist on...
Page 290: Protocols And Standards
An IGMPv2 or IGMPv3 host sends an IGMP leave message to the multicast router when it leaves a multicast group. When the switch receives an IGMP leave group message on a member port, the switch first examines whether a forwarding entry matches the group address in the message, and, if a match is found, determines whether the forwarding entry for the group contains the dynamic member port.
Page 291: Enabling Igmp Snooping Globally
Step Remarks Optional. Configure the maximum number of multicast groups and fast-leave processing on a port of the specified VLAN. Configuring IGMP snooping IMPORTANT: port functions • Enable IGMP snooping globally before you enable it on a port. • IGMP snooping enabled on a port takes effect only after IGMP snooping is enabled for the VLAN.
Page 292 Figure 243 Configuring IGMP snooping in a VLAN Configure the parameters as described in Table Click Apply. Table 84 Configuration items Item Description Enable or disable IGMP snooping in the VLAN. IGMP snooping You can proceed with the subsequent configurations only if Enable is selected here.
Page 293: Configuring Igmp Snooping Port Functions
Item Description Enable or disable the IGMP snooping querier function. In an IP multicast network that runs IGMP, a Layer 3 device is elected as the IGMP querier to send IGMP queries, so that all Layer 3 multicast devices can establish and maintain multicast forwarding entries, ensuring correct multicast traffic forwarding at the network layer.
Page 294: Displaying Igmp Snooping Multicast Forwarding Entries
Table 85 Configuration items Item Description Select the port on which advanced IGMP snooping features will be configured. The port can be an Ethernet port or Layer 2 aggregate interface. After a port is selected, advanced features configured on this port are displayed at the lower part of this page.
Page 295: Igmp Snooping Configuration Example
Figure 246 Displaying detailed information about the entry Table 86 Field description Field Description VLAN ID ID of the VLAN to which the entry belongs. Multicast source address. If no multicast sources are specified, this field Source Address displays 0.0.0.0. Group Address Multicast group address.
Page 296: Configuration Procedure
Configuration procedure Configuring Router A Enable IP multicast routing, enable PIM-DM on each interface, and enable IGMP on Ethernet 1/1. (Details not shown.) Configuring Switch A Create VLAN 100: Select Network > VLAN from the navigation tree. Click the Create tab. Enter 100 as the VLAN ID.
Page 297 Figure 249 Assigning ports to the VLAN Enable IGMP snooping globally: Select Network > IGMP snooping from the navigation tree. Select Enable. Click Apply. Figure 250 Enabling IGMP snooping globally Enable IGMP snooping and the function of dropping unknown multicast data for VLAN 100:...
Page 298: Verifying The Configuration
Click the icon for VLAN 100. Select Enable for IGMP snooping. Select 2 for Version. Select Enable for Drop Unknown. Click Apply. Figure 251 Configuring IGMP snooping in VLAN 100 Verifying the configuration Select Network > IGMP snooping from the navigation tree. Click Show Entries in the basic VLAN configuration page to display information about IGMP snooping multicast forwarding entries.
Page 299 Figure 253 Displaying detailed information about the entry The output shows that GigabitEthernet 1/0/3 of Switch A is listening to multicast streams destined for the multicast group 224.1.1.1.
Page 300: Configuring Mld Snooping
Configuring MLD snooping Overview MLD snooping runs on a Layer 2 switch as an IPv6 multicast constraining mechanism to improve multicast forwarding efficiency. It creates Layer 2 multicast forwarding entries from MLD messages that are exchanged between the hosts and the router. As shown in Figure 254, when MLD snooping is not enabled, the Layer 2 switch floods IPv6 multicast...
Page 301 Figure 255 MLD snooping related ports The following describes the ports involved in MLD snooping: Router port—Layer 3 multicast device-side port. Layer 3 multicast devices include designated • routers and MLD queriers. As shown in Figure 255, GigabitEthernet 1/0/1 of Switch A and GigabitEthernet 1/0/1 of Switch B are router ports.
Page 302: How Mld Snooping Works
Message received Action after the timer Timer Description before the timer expires expires When a port dynamically joins an IPv6 multicast The switch removes this group, the switch sets an Dynamic member port port from the MLD aging timer for the port. MLD membership report.
Page 303: Protocols And Standards
A switch does not forward an MLD report through a non-router port. If the switch forwards a report through a member port, the MLD report suppression mechanism causes all attached hosts that monitor the reported IPv6 multicast group address to suppress their own reports. In this case, the switch cannot determine whether the reported IPv6 multicast group still has active members attached to that port.
Page 304: Enabling Mld Snooping Globally
Step Remarks Required. Enable MLD snooping in the VLAN and configure the MLD snooping version and querier. By default, MLD snooping is disabled in a VLAN. Configuring MLD snooping in a VLAN IMPORTANT: • Enable MLD snooping globally before you enable it for a VLAN. •...
Page 305: Configuring Mld Snooping In A Vlan
Configuring MLD snooping in a VLAN Select Network > MLD snooping from the navigation tree. Click the icon for the VLAN. Figure 257 Configuring MLD snooping in a VLAN Configure the parameters as described in Table Click Apply. Table 87 Configuration items Item Description Enable or disable MLD snooping in the VLAN.
Page 306: Configuring Mld Snooping Port Functions
Item Description Enable or disable the function of dropping unknown IPv6 multicast packets. Unknown IPv6 multicast data refers to IPv6 multicast data for which no entries exist in the MLD snooping forwarding table. • If the function of dropping unknown IPv6 multicast data is enabled, the switch forwards the unknown IPv6 multicast packets to the router ports instead of Drop Unknown flooding them in the VLAN.
Page 307 Figure 258 Configuring MLD snooping port functions Configure the parameters as described in Table Click Apply. Table 88 Configuration items Item Description Select the port on which advanced MLD snooping features will be configured. The port can be an Ethernet port or Layer 2 aggregate interface. After a port is selected, advanced features configured on this port are displayed at the lower part of this page.
Page 308: Displaying Mld Snooping Multicast Forwarding Entries
Item Description Enable or disable fast-leave processing on the port. When a port that is enabled with the MLD snooping fast-leave processing feature receives an MLD done message, the switch immediately deletes that port from the IPv6 forwarding table entry for the IPv6 multicast group specified in the message. When the switch receives MLD multicast-address-specific queries for that multicast group, it does not forward them to that port.
Page 309: Mld Snooping Configuration Example
Field Description Group Address IPv6 multicast group address. Router Ports All router ports. Member Ports All member ports. MLD snooping configuration example Network requirements As shown in Figure 261, MLDv1 runs on Router A and MLDv1 snooping runs on Switch A. Router A acts as the MLD querier.
Page 310 Figure 262 Creating VLAN 100 Assign GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to VLAN 100: Click the Modify Port tab. Select GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 in the Select Ports field. Select Untagged for Select membership type. Enter 100 as the VLAN ID. Click Apply.
Page 311 Figure 263 Assigning ports to VLAN 100 Enable MLD snooping globally: Select Network > MLD snooping from the navigation tree. Select Enable. Click Apply. Figure 264 Enabling MLD snooping globally Enable MLD snooping and the function of dropping unknown IPv6 multicast data for VLAN 100: Click the icon for VLAN 100.
Page 312: Verifying The Configuration
Select 1 for Version. Select Enable for Drop Unknown. Click Apply. Figure 265 Enabling MLD snooping in the VLAN Verifying the configuration Select Network > MLD snooping from the navigation tree. Click Show Entries in the basic VLAN configuration page to display information about MLD snooping multicast forwarding entries.
Page 313 Figure 267 Displaying detailed information about the entry The output shows that GigabitEthernet 1/0/3 of Switch A is listening to multicast streams destined for the IPv6 multicast group FF1E::101.
Page 314: Configuring Ipv4 And Ipv6 Routing
Configuring IPv4 and IPv6 routing The term "router" in this document refers to both routers and Layer 3 switches. Overview A router selects an appropriate route according to the destination address of a received packet and forwards the packet to the next router. The last router on the path is responsible for sending the packet to the destination host.
Page 315: Default Route
Static routes cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the network administrator must modify the static routes manually. Default route A default route is used to forward packets that do not match any specific routing entry in the routing table. Without a default route, a packet that does not match any routing entries is discarded and an Internet Control Message Protocol (ICMP) destination-unreachable packet is sent to the source.
Page 316: Creating An Ipv4 Static Route
Field Description Next Hop Next hop IP address of the IPv4 route. Output interface of the IPv4 route. Packets destined for the specified Interface network segment will be sent out of the interface. Creating an IPv4 static route Select Network > IPv4 Routing from the navigation tree. Click the Create tab.
Page 317: Displaying The Ipv6 Active Route Table
Item Description Set a preference value for the static route. The smaller the number, the higher the preference. Preference For example, specifying the same preference for multiple static routes to the same destination enables load sharing on the routes. Specifying different preferences enables route backup.
Page 318: Creating An Ipv6 Static Route
Field Description Output interface of the IPv6 route. Packets destined for the specified network Interface segment will be sent out of the interface. Creating an IPv6 static route Select Network > IPv6 Routing from the navigation tree. Click the Create tab. The page for configuring an IPv6 static route appears.
Page 319: Ipv4 Static Route Configuration Example
Item Description Set a preference value for the static route. The smaller the number, the higher the preference. Preference For example, specifying the same preference for multiple static routes to the same destination enables load sharing on the routes. Specifying different priorities for them enables route backup.
Page 320 Figure 273 Configuring a default route Configure a static route to Switch A and Switch C on Switch B: Select Network > IPv4 Routing from the navigation tree of Switch B. Click the Create tab. The page for configuring a static route appears. Enter 1.1.2.0 for Destination IP Address, 24 for Mask, and 1.1.4.1 for Next Hop.
Page 321 Figure 274 Configuring a static route Enter 1.1.3.0 for Destination IP Address, enter 24 for Mask, and enter 1.1.5.6 for Next Hop. Click Apply. Configure a default route to Switch B on Switch C: Select Network > IPv4 Routing from the navigation tree of Switch C. Click the Create tab.
Page 322 Figure 275 Configuring a default route Verifying the configuration Display the routing table. Enter the IPv4 route page of Switch A, Switch B, and Switch C to verify that the newly configured static routes are displayed as active routes on the page. Ping Host C from Host A (assuming both hosts run Windows XP): C:\Documents and Settings\Administrator>ping 1.1.3.2 Pinging 1.1.3.2 with 32 bytes of data:...
Page 323: Ipv6 Static Route Configuration Example
IPv6 static route configuration example Network requirements As shown in Figure 276, configure IPv6 static routes on Switch A, Switch B, and Switch C for any two hosts to communicate with each other. Figure 276 Network diagram Host B 2::2/64 Vlan-int400 2::1/64 Vlan-int200...
Page 324 Figure 277 Configuring a default route Configure a static route to Switch A and Switch C on Switch B: Select Network > IPv6 Routing from the navigation tree of Switch B. Click the Create tab. The page for configuring a static route appears. Enter 1:: for Destination IP Address, select 64 from the Prefix Length list, and enter 4::1 for Next Hop.
Page 325 Figure 278 Configuring a static route Enter 3:: for Destination IP Address, select 64 from the Prefix Length list, and enter 5::1 for Next Hop. Click Apply. Configure a default route to Switch B on Switch C: Select Network > IPv6 Routing from the navigation tree of Switch C. Click the Create tab.
Page 326: Verifying The Configuration
Figure 279 Configuring a default route Verifying the configuration Display the routing table. Enter the IPv6 route page of Switch A, Switch B, and Switch C respectively to verify that the newly configured static routes are displayed as active routes on the page. Ping Host C from Switch A: <SwitchA>...
Page 327: Configuration Guidelines
0.00% packet loss round-trip min/avg/max = 62/62/63 ms Configuration guidelines When you configure a static route, follow these guidelines: If you do not specify the preference, the default preference will be used. Reconfiguration of the • default preference applies only to newly created static routes. The Web interface does not support configuration of the default preference.
Page 328: Ipv6 Management
IPv6 management IPv6, also called IP next generation (IPng), was designed by the IETF as the successor to IPv4. One significant difference between IPv6 and IPv4 is that IPv6 increases the IP address size from 32 bits to 128 bits. To configure basic IPv6 settings, enable the IPv6 service function first.
Page 329: Dhcp Overview
DHCP overview The Dynamic Host Configuration Protocol (DHCP) provides a framework to assign configuration information to network devices. DHCP uses the client-server model. Figure 281 shows a typical DHCP application. A DHCP client can obtain an IP address and other configuration parameters from a DHCP server on another subnet through a DHCP relay agent.
Page 330: Dynamic Ip Address Allocation Process
Dynamic IP address allocation process Figure 282 Dynamic IP address allocation process The client broadcasts a DHCP-DISCOVER message to locate a DHCP server. A DHCP server offers configuration parameters such as an IP address to the client in a DHCP-OFFER message. The sending mode of the DHCP-OFFER is determined by the flag field in the DHCP-DISCOVER message.
Page 331: Dhcp Message Format
DHCP message format Figure 283 gives the DHCP message format, which is based on the BOOTP message format and involves eight types. These types of messages have the same format except that some fields have different values. The numbers in parentheses indicate the size of each field in bytes. Figure 283 DHCP message format op (1) htype (1)
Page 332: Dhcp Options
DHCP options DHCP uses the same message format as BOOTP, but DHCP uses the Option field to carry information for dynamic address allocation and to provide additional configuration information to clients. Figure 284 DHCP option format Common DHCP options Common DHCP options: Option 3—Router option.
Page 333: Protocols And Standards
The administrator can locate the DHCP client to further implement security control and accounting. The Option 82 supporting server can also use such information to define individual assignment policies of IP address and other parameters for the clients. Option 82 can include at most 255 sub-options and must have at least one sub-option. Option 82 supports two sub-options: sub-option 1 (Circuit ID) and sub-option 2 (Remote ID).
Page 334: Configuring Dhcp Relay Agent
Configuring DHCP relay agent Overview The DHCP relay agent enables clients to get IP addresses from a DHCP server on another subnet. This feature avoids deploying a DHCP server for each subnet to centralize management and reduce investment. Figure 287 shows a typical application of the DHCP relay agent.
Page 335: Recommended Configuration Procedure
Figure 288 DHCP relay agent operation Recommended configuration procedure Step Remarks (Required) Enabling DHCP and configuring advanced parameters for the Enable DHCP globally and configure advanced DHCP parameters. DHCP relay agent By default, global DHCP is disabled. (Required) To improve reliability, you can specify several DHCP servers as a group on the DHCP relay agent and correlate a relay agent interface Creating a DHCP server group with the server group.
Page 336: Enabling Dhcp And Configuring Advanced Parameters For The Dhcp Relay Agent
Enabling DHCP and configuring advanced parameters for the DHCP relay agent Select Network > DHCP from the navigation tree to enter the DHCP Relay page. Click Display Advanced Configuration to expand the advanced DHCP relay agent configuration area. Figure 289 DHCP relay agent configuration page Enable DHCP service and configure advanced parameters for DHCP relay agent as described Table 94.
Page 337: Creating A Dhcp Server Group
Table 94 Configuration items Item Description DHCP Service Enable or disable global DHCP. Enable or disable unauthorized DHCP server detection. There are unauthorized DHCP servers on networks, which reply DHCP clients with wrong IP addresses. With this feature enabled, upon receiving a DHCP request, the DHCP relay agent will Unauthorized Server record the IP address of any DHCP server that assigned an IP address to the DHCP Detect...
Page 338: Enabling The Dhcp Relay Agent On An Interface
Click Apply. Table 95 Configuration items Item Description Enter the ID of a DHCP server group. Server Group ID You can create up to 20 DHCP server groups. Enter the IP address of a server in the DHCP server group. IP Address The server IP address cannot be on the same subnet as the IP address of the DHCP relay agent;...
Page 339: Configuring And Displaying Clients' Ip-To-Mac Bindings
Configuring and displaying clients' IP-to-MAC bindings Select Network > DHCP from the navigation tree to enter the DHCP Relay page shown in Figure 289. In the User Information area, click User Information to view static and dynamic bindings. Figure 292 Displaying clients' IP-to-MAC bindings Click Add to enter the page for creating a static IP-to-MAC binding.
Page 340: Dhcp Relay Agent Configuration Example
DHCP relay agent configuration example Network requirements As shown in Figure 294, VLAN-interface 1 on the DHCP relay agent (Switch A) connects to the network where DHCP clients reside. VLAN-interface 2 is connected to the DHCP server whose IP address is 10.1.1.1/24.
Page 341 Figure 295 Enabling DHCP Configure a DHCP server group: In the Server Group area, click Add. On the page that appears, enter 1 for Server Group ID, and enter 10.1.1.1 for IP Address. Click Apply. Figure 296 Adding a DHCP server group Enable the DHCP relay agent on VLAN-interface 1: In the Interface Config field, click the icon for VLAN-interface 1.
Page 342 On that page that appears, select the Enable option next to DHCP Relay and select 1 for Server Group ID. Click Apply. Figure 297 Enabling the DHCP relay agent on an interface and correlate it with a server group NOTE: Because the DHCP relay agent and server are on different subnets, you need to configure a static route or dynamic routing protocol to make them reachable to each other.
Page 343: Configuring Dhcp Snooping
Configuring DHCP snooping DHCP snooping works between the DHCP client and server, or between the DHCP client and DHCP relay agent. It guarantees that DHCP clients obtain IP addresses from authorized DHCP servers. Also, it records IP-to-MAC bindings of DHCP clients (called DHCP snooping entries) for security purposes. DHCP snooping does not work between the DHCP server and DHCP relay agent.
Page 344: Dhcp Snooping Support For Option 82
In a cascaded network as shown in Figure 299, configure each DHCP snooping device's ports connected to other DHCP snooping devices as trusted ports. To save system resources, you can disable the untrusted ports that are not directly connected to DHCP clients from generating DHCP snooping entries.
Page 345: Recommended Configuration Procedure
Table 99 Handling strategy of DHCP snooping support for Option 82 Handling If a DHCP request has… The DHCP snooping device… strategy Drop Drop the message. Keep Forward the message without changing Option 82. Option 82 Forward the message after replacing the original Option 82 Replace with the Option 82 padded in normal format.
Page 346: Configuring Dhcp Snooping Functions On An Interface
Figure 300 DHCP snooping configuration page Configuring DHCP snooping functions on an interface Select Network > DHCP from the navigation tree. Click the DHCP Snooping tab to enter the page shown in Figure 300. Click the icon for a specific interface in the Interface Config area. Figure 301 DHCP snooping interface configuration page Configure DHCP snooping on the interface as described in Table 100.
Page 347: Displaying Dhcp Snooping Entries
Table 100 Configuration items Item Description Interface Name Displays the name of a specific interface. Interface State Configure the interface as trusted or untrusted. Option 82 Support Configure DHCP snooping to support Option 82 or not. Select the handling strategy for DHCP requests containing Option 82. The strategies include: •...
Page 348: Dhcp Snooping Configuration Example
DHCP snooping configuration example Network requirements As shown in Figure 303, a DHCP snooping device (Switch B) is connected to a DHCP server through GigabitEthernet 1/0/1, and to DHCP clients through GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3. Enable DHCP snooping on Switch B and configure DHCP snooping to support Option 82. •...
Page 349 Figure 304 Enabling DHCP snooping Configure DHCP snooping functions on GigabitEthernet 1/0/1: Click the icon for GigabitEthernet 1/0/1 on the interface list. Select the Trust option next to Interface State. Click Apply. Figure 305 Configuring DHCP snooping functions on GigabitEthernet 1/0/1 Configure DHCP snooping functions on GigabitEthernet 1/0/2: Click the icon for GigabitEthernet 1/0/2 on the interface list.
Page 350 Figure 306 Configuring DHCP snooping functions on GigabitEthernet 1/0/2 Configure DHCP snooping functions on GigabitEthernet 1/0/3: Click the icon for GigabitEthernet 1/0/3 on the interface list. Select the Untrust option for Interface State, select the Enable option next to Option 82 Support, and select Replace for Option 82 Strategy.
Page 351: Managing Services
Managing services Overview The service management module provides six types of services: FTP, Telnet, SSH, SFTP, HTTP and HTTPS. You can enable or disable the services as needed. In this way, the performance and security of the system can be enhanced, thus secure management of the device can be achieved. The service management module also provides the function to modify HTTP and HTTPS port numbers, and the function to associate the FTP, HTTP, or HTTPS service with an ACL, thus reducing attacks of illegal users on these services.
Page 352: Managing Services
Defines certificate attribute-based access control policy for the device to control the access right of • the client, in order to further avoid attacks from illegal clients. Managing services Select Network > Service from the navigation tree. The service management configuration page appears. Figure 308 Service management Manage services as described in Table...
Page 353 Item Description Enable or disable the HTTP service. Enable HTTP service The HTTP service is enabled by default. Set the port number for HTTP service. You can view this configuration item by clicking the expanding button in front of HTTP. Port Number IMPORTANT: HTTP...
Page 354: Using Diagnostic Tools
Using diagnostic tools Ping Use ping to determine if a specific address is reachable. Ping operates as follows: The source device sends ICMP echo requests (ECHO-REQUEST) to the destination device. The destination device responds by sending ICMP echo replies (ECHO-REPLY) to the source device after receiving the ICMP echo requests.
Page 355: Ping Operation
The source device sends a packet with a TTL value of 2 to the destination device. The second hop responds with a TTL-expired ICMP message. In this way, the source device gets the address of the second device. The above process continues until the packet reaches the destination device. The destination device responds with a port-unreachable ICMP message to the source.
Page 356: Ipv6 Ping Operation
Figure 310 IPv4 ping operation result IPv6 ping operation From the navigation tree, select Network > Diagnostic Tools. Click the IPv6 Ping tab. The IPv6 ping configuration page appears. Figure 311 IPv6 ping configuration page Enter the IPv6 address or the host name of the destination device in the Destination IPv6 address or host name field.
Page 357: Traceroute Operation
Figure 312 IPv6 ping operation result Traceroute operation Before performing a traceroute operation, perform the following tasks: • Enable sending of ICMP timeout packets by executing the ip ttl-expires enable command on intermediate devices. Enable sending of ICMP destination unreachable packets by executing the ip unreachables enable •...
Page 358: Ipv6 Traceroute Operation
Enter the IPv4 address or host name of the destination device in the Destination IP address or host name field. Click Start to execute the traceroute command. View the operation result in the Summary area. Figure 314 IPv4 traceroute operation result IPv6 traceroute operation From the navigation tree, select Network >...
Page 359 View the operation result in the Summary area. Figure 316 IPv6 traceroute operation result...
Page 360: Configuring 802.1X
Configuring 802.1X Overview 802.1X is a port-based network access control protocol initially proposed by the IEEE 802 LAN/WAN committee for the security of WLANs. It has been widely used on Ethernet for access control. 802.1X controls network access by authenticating devices connected to the 802.1X-enabled LAN ports. 802.1X architecture 802.1X operates in the client/server model.
Page 361: Controlled/Uncontrolled Port And Port Authorization Status
Controlled/uncontrolled port and port authorization status 802.1X defines two logical ports for the network access port: controlled port and uncontrolled port. Any packet arriving at the network access port is visible to both logical ports. • Controlled port—Allows incoming and outgoing traffic to pass through when it is in the authorized state, and denies incoming and outgoing traffic when it is in the unauthorized state, as shown Figure 318.
Page 362: Packet Formats
Packet formats EAP packet format Figure 319 shows the EAP packet format. Figure 319 EAP packet format Code Identifier Length Data Code—Type of the EAP packet. Options include Request (1), Response (2), Success (3), or Failure • (4). Identifier—Used for matching Responses with Requests. •...
Page 363: Eap Over Radius
Value Type Description The client sends an EAPOL-Logoff message to tell the network access 0x02 EAPOL-Logoff device that it is logging off. Length—Data length in bytes, or length of the Packet body. If packet type is EAPOL-Start or • EAPOL-Logoff, this field is set to 0, and no Packet body field follows. Packet body—Content of the packet.
Page 364: 802.1X Authentication Procedures
Access device as the initiator The access device initiates authentication, if a client cannot send EAPOL-Start packets. One example is the 802.1X client available with Windows XP. The access device supports the following modes: Multicast trigger mode—The access device multicasts Identity EAP-Request packets periodically •...
Page 365 Comparing EAP relay and EAP termination When configuring EAP relay or EAP termination, consider the following factors: • The support of the RADIUS server for EAP packets. The authentication methods supported by the 802.1X client and the RADIUS server. • If the client is using only MD5-Challenge EAP authentication or the "username + password"...
Page 366 Figure 325 802.1X authentication procedure in EAP relay mode When a user launches the 802.1X client software and enters a registered username and password, the 802.1X client software sends an EAPOL-Start packet to the network access device. The network access device responds with an Identity EAP-Request packet to ask for the client username.
Page 367 The authentication server compares the received encrypted password with the one it generated at step 5. If the two are identical, the authentication server considers the client valid and sends a RADIUS Access-Accept packet to the network access device. Up