Page of 1969
Download Print This PagePrint Bookmark

HP 4800G Configuration Manual

3com switch.
Hide thumbs
   
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990

Advertisement

3Com Switch 4800G Family
Switch 4800G 24-Port
Switch 4800G 48-Port
Switch 4800G PWR 24-Port
Switch 4800G PWR 48-Port
Switch 4800G 24-Port SFP
Product Version:
Release 2202
6W101-20091012
www.3com.com
3Com Corporation
350 Campus Drive, Marlborough,
MA, USA 01752 3064

Advertisement

   Related Manuals for HP 4800G

   Summary of Contents for HP 4800G

  • Page 1: Configuration Guide

    3Com Switch 4800G Family Configuration Guide Switch 4800G 24-Port Switch 4800G 48-Port Switch 4800G PWR 24-Port Switch 4800G PWR 48-Port Switch 4800G 24-Port SFP Product Version: Release 2202 Manual Version: 6W101-20091012 www.3com.com 3Com Corporation 350 Campus Drive, Marlborough, MA, USA 01752 3064...

  • Page 2

    Copyright © 2009, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation. 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.

  • Page 3: About This Manual

    About This Manual Organization 3Com Switch 4800G Family Configuration Guide is organized as follows: Volume Features 00-Product Product Overview Acronyms Overview Service Loopback Ethernet Interface Link Aggregation Port Isolation Group 01-Access Volume MSTP LLDP VLAN GVRP QinQ BPDU Tunneling VLAN Mapping...

  • Page 4

    Volume Features Basic System Device File System Login Configuration Management Management MAC Address HTTP SNMP RMON Table Management System 08-System Information Maintaining and Hotfix Volume Center Debugging Cluster Management Automatic Configuration Conventions The manual uses the following conventions: Command conventions Convention Description The keywords of a command line are in Boldface.

  • Page 5: Related Documentation, Obtaining Documentation

    Means reader be careful. Improper operation may cause data loss or damage to equipment. Means a complementary description. Related Documentation In addition to this manual, each 3com Switch 4800G documentation set includes the following: Manual Description 3Com Switch 4800G Family Command...

  • Page 6: Table Of Contents

    Table of Contents 1 Product Features ·······································································································································1-1 Introduction to Product ····························································································································1-1 Feature Lists ···········································································································································1-1 2 Features······················································································································································2-1 Access Volume ·······································································································································2-1 IP Services Volume·································································································································2-3 IP Routing Volume ··································································································································2-4 Multicast Volume·····································································································································2-6 QoS Volume············································································································································2-8 Security Volume ······································································································································2-8 High Availability Volume························································································································2-10 System Volume ·····································································································································2-11...

  • Page 7: Product Features, Introduction To Product, Feature Lists

    (MANs). They can also be used for connecting server groups in data centers. The 3Com Switches 4800G support the innovative Intelligent Resilient Framework (IRF) technology. With IRF, multiple 4800G switches can be interconnected as a logical entity to form a new intelligent network featuring high availability, scalability, and manageability.

  • Page 8

    Volume Features 802.1X HABP Authentication Portal Port Security IP Source Guard SSH2.0 06-Security Volume Public Key ARP Attack URPF Protection VRRP Smart Link Monitor Link RRPP 07-High Connectivity Fault Availability DLDP Ethernet OAM Detection Volume Track GR Overview Basic System Device File System Login...

  • Page 9: Access Volume

    Features The following sections provide an overview of the main features of each module supported by the Switch 4800G. Access Volume Table 2-1 Features in Access volume Features Description This document describes: Basic Ethernet Interface Configuration Combo Port Configuration Configuring Flow Control on an Ethernet Interface...

  • Page 10

    Features Description LLDP enables a device to maintain and manage its own and its immediate neighbor’s device information, based on which the network management system detects and determines the conditions of the communications links. This document describes: LLDP Introduction to LLDP Performing Basic LLDP Configuration Configuring CDP Compatibility Configuring LLDP Trapping...

  • Page 11: Ip Services Volume

    IP Services Volume Table 2-2 Features in the IP Services volume Features Description An IP address is a 32-bit address allocated to a network interface on a device that is attached to the Internet. This document describes: IP Address Introduction to IP addresses IP address configuration Address Resolution Protocol (ARP) is used to resolve an IP address into a data link layer address.

  • Page 12: Ip Routing Volume

    Features Description A network node that supports both IPv4 and IPv6 is called a dual stack node. A dual stack node configured with an IPv4 address and an IPv6 address can have both IPv4 and IPv6 packets transmitted. This document Dual Stack describes: Dual stack overview...

  • Page 13

    Features Description Intermediate System-to-Intermediate System (IS-IS) is a link state protocol, which uses the shortest path first (SPF) algorithm. This document describes: Configuring IS-IS Basic Functions Configuring IS-IS Routing Information Control IS-IS Tuning and Optimizing IS-IS Networks Configuring IS-IS Authentication Configuring System ID to Host Name Mappings Configuring IS-IS GR Enabling the Logging of Neighbor State Changes...

  • Page 14: Multicast Volume

    IP address. Policy Routing The Switch 4800G implements policy routing through QoS policies. For details about traffic classification, traffic behavior and QoS policy configuration commands, refer to QoS Commands in the QoS Volume.

  • Page 15

    Features Description Multicast source discovery protocol (MSDP) describes interconnection mechanism of multiple PIM-SM domains. It is used is to discover multicast source information in other PIM-SM domains. This document describes: MSDP MSDP configuration Configuring an MSDP Peer Connection Configuring SA Messages Related Parameters As a multicast extension of MP-BGP, MBGP enables BGP to provide routing information for multicast applications.

  • Page 16: Qos Volume, Security Volume

    QoS Volume Table 2-5 Features in the QoS ACL volume Features Description This document describes: QoS overview Traffic classification configuration Traffic policing Configuration Traffic shaping Configuration Line rate configuration QoS policy configuration Congestion management Congestion avoidance configuration Priority mapping configuration Traffic mirroring configuration User profile provides a configuration template to save predefined configurations.

  • Page 17

    Features Description Portal authentication, as its name implies, helps control access to the Internet. This document describes: Portal Portal overview Portal configuration Port security is a MAC address-based security mechanism for network access controlling. It is an extension to the existing 802.1X authentication and MAC authentication.

  • Page 18: High Availability Volume

    Features Description Unicast Reverse Path Forwarding (URPF) protects a network against source address spoofing attacks. This document describes: URPF URPF Overview URPF configuration High Availability Volume Table 2-7 Features in the High Availability volume Features Description Virtual Router Redundancy Protocol (VRRP) combines a group of switches (including a master and multiple backups) on a LAN into a virtual router called VRRP group.

  • Page 19: System Volume

    Features Description Ethernet OAM is a tool monitoring Layer-2 link status. It helps network administrators manage their networks effectively. This document describes: Ethernet OAM Ethernet OAM overview Configuring Basic Ethernet OAM Functions Configuring Link Monitoring Enabling OAM Loopback Testing Connectivity fault detection is an end-to-end, per-VLAN link-layer OAM mechanism for link connectivity detection, fault verification, and fault location.

  • Page 20

    Features Description Basic system configuration involves the configuration of device name, system clock, welcome message, user privilege levels and so on. This document describes: Basic System Configuration Configuration display Basic configurations CLI features Through the device management function, you can view the current condition of your device and configure running parameters.

  • Page 21

    Features Description For the majority of protocols and features supported, the system provides corresponding debugging information to help users diagnose errors. This System Maintenance document describes: and Debugging Maintenance and debugging overview Maintenance and debugging configuration As the system information hub, Information Center classifies and manages all types of system information.

  • Page 22

    Features Description Network Time Protocol (NTP) is the TCP/IP that advertises the accurate time throughout the network. This document describes: NTP overview Configuring the Operation Modes of NTP Configuring Optional Parameters of NTP Configuring Access-Control Rights Configuring NTP Authentication A cluster is a group of network devices. Cluster management is to implement management of large numbers of distributed network devices.

  • Page 23

    Appendix A Acronyms # A B C D E F G H I K L M N O P Q R S T U V W X Z Acronyms Full spelling Return 10GE Ten-GigabitEthernet Return Authentication, Authorization and Accounting Activity Based Costing Area Border Router Alternating Current ACKnowledgement...

  • Page 24

    Acronyms Full spelling Border Gateway Protocol BIMS Branch Intelligent Management System BOOTP Bootstrap Protocol BPDU Bridge Protocol Data Unit Basic Rate Interface Bootstrap Router BitTorrent Burst Tolerance Return Call Appearance Certificate Authority Committed Access Rate Committed Burst Size Class Based Queuing Constant Bit Rate Core-Based Tree International Telephone and Telegraph Consultative...

  • Page 25

    Acronyms Full spelling Connectivity Verification Return Deeper Application Recognition Data Circuit-terminal Equipment Database Description Digital Data Network DHCP Dynamic Host Configuration Protocol Designated IS DLCI Data Link Connection Identifier DLDP Device Link Detection Protocol Domain Name System Downstream on Demand Denial of Service Designated Router DSCP...

  • Page 26

    Acronyms Full spelling Forward Defect Indication Forwarding Equivalence Class Fast Failure Detection Forwarding Group Forwarding information base FIFO First In First Out FQDN Full Qualified Domain Name Frame Relay Fast ReRoute FRTT Fairness Round Trip Time Functional Test File Transfer Protocol Return GARP Generic Attribute Registration Protocol...

  • Page 27

    Acronyms Full spelling International Business Machines ICMP Internet Control Message Protocol ICMPv6 Internet Control Message Protocol for IPv6 IDentification/IDentity IEEE Institute of Electrical and Electronics Engineers IETF Internet Engineering Task Force IGMP Internet Group Management Protocol IGMP-Snooping Internet Group Management Protocol Snooping Interior Gateway Protocol Incoming Label Map Internet Locator Service...

  • Page 28

    Acronyms Full spelling LACP Link Aggregation Control Protocol LACPDU Link Aggregation Control Protocol Data Unit Local Area Network Link Control Protocol LDAP Lightweight Directory Access Protocol Label Distribution Protocol Label Edge Router LFIB Label Forwarding Information Base Label Information Base Link Layer Control LLDP Link Layer Discovery Protocol...

  • Page 29

    Acronyms Full spelling Multicast Listener Discovery Protocol MLD-Snooping Multicast Listener Discovery Snooping Meet-Me Conference MODEM MOdulator-DEModulator Multilink PPP MP-BGP Multiprotocol extensions for BGP-4 Middle-level PE MP-group Multilink Point to Point Protocol group MPLS Multiprotocol Label Switching MPLSFW Multi-protocol Label Switch Forward Multicast Port Management Mobile Switching Center MSDP...

  • Page 30

    Acronyms Full spelling Network Management Station NPDU Network Protocol Data Unit Network Provider Edge Network Quality Analyzer NSAP Network Service Access Point NetStream Collector N-SEL NSAP Selector NSSA Not-So-Stubby Area NTDP Neighbor Topology Discovery Protocol Network Time Protocol Return Operation Administration and Maintenance OAMPDU OAM Protocol Data Units OC-3...

  • Page 31

    Acronyms Full spelling Power over Ethernet Point Of Presence Packet Over SDH Point-to-Point Protocol PPTP Point to Point Tunneling Protocol PPVPN Provider-provisioned Virtual Private Network Priority Queuing Primary Reference Clock Primary Rate Interface Protection Switching Power Sourcing Equipment PSNP Partial SNP Permanent Virtual Channel Pseudo wires Return...

  • Page 32

    Acronyms Full spelling Resilient Packet Ring Rendezvous Point Tree RRPP Rapid Ring Protection Protocol Reservation State Block RSOH Regenerator Section Overhead RSTP Rapid Spanning Tree Protocol RSVP Resource ReserVation Protocol RTCP Real-time Transport Control Protocol Route Table Entry Real-time Transport Protocol Real-time Transport Protocol Return Source Active...

  • Page 33

    Acronyms Full spelling Shortest Path First Shortest Path Tree Secure Shell Synchronization Status Marker Source-Specific Multicast Shared Tree STM-1 SDH Transport Module -1 STM-16 SDH Transport Module -16 STM-16c SDH Transport Module -16c STM-4c SDH Transport Module -4c Spanning Tree Protocol Signalling Virtual Connection Switch-MDT Switch-Multicast Distribution Tree...

  • Page 34

    Acronyms Full spelling Return Variable Bit Rate Virtual Channel Identifier Virtual Ethernet Virtual File System VLAN Virtual Local Area Network Virtual Leased Lines Video On Demand VoIP Voice over IP Virtual Operate System VPDN Virtual Private Dial-up Network VPDN Virtual Private Data Network Virtual Path Identifier VPLS Virtual Private Local Switch...

  • Page 35: Manual Version

    Access Volume Organization Manual Version 6W101-20091012 Product Version Release 2202 Organization The Access Volume is organized as follows: Features Description This document describes: Basic Ethernet Interface Configuration Combo Port Configuration Configuring Flow Control on an Ethernet Interface Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface Configuring Loopback Testing on an Ethernet Interface Ethernet Interface...

  • Page 36

    Features Description To increase service redirecting throughput, you can bundle multiple service loopback ports into a logical link, called a service loopback group. Service Loopback This document describes: Group Introduction to Service Loopback Groups Configuring a Service Loopback Group MSTP is used to eliminate loops in a LAN. It is compatible with STP and RSTP.

  • Page 37

    Features Description Port mirroring copies packets passing through a port to another port connected with a monitoring device for packet analysis to help implement network monitoring and troubleshooting. This document describes: Port Mirroring Port Mirroring overview Local port mirroring configuration Remote port mirroring configuration...

  • Page 38: Table Of Contents

    Table of Contents 1 Ethernet Interface Configuration ·············································································································1-1 Ethernet Interface Configuration ·············································································································1-1 Combo Port Configuration ···············································································································1-1 Basic Ethernet Interface Configuration····························································································1-1 Configuring an Auto-negotiation Transmission Rate·······································································1-2 Configuring Flow Control on an Ethernet Interface ·········································································1-3 Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface ········1-4 Configuring Loopback Testing on an Ethernet Interface·································································1-4 Configuring a Port Group·················································································································1-5 Configuring Storm Suppression ······································································································1-5...

  • Page 39: Ethernet Interface Configuration

    Ethernet Interface Configuration Ethernet Interface Configuration Combo Port Configuration Introduction to Combo port A Combo port can operate as either an optical port or an electrical port. Inside the device there is only one forwarding interface. For a Combo port, the electrical port and the corresponding optical port are TX-SFP multiplexed.

  • Page 40: Configuring An Auto-negotiation Transmission Rate

    Auto-negotiation mode (auto). Interfaces operating in this mode determine their duplex mode through auto-negotiation. Similarly, if you configure the transmission rate for an Ethernet interface by using the speed command with the auto keyword specified, the transmission rate is determined through auto-negotiation too. For a Gigabit Ethernet interface, you can specify the transmission rate by its auto-negotiation capacity.

  • Page 41: Configuring Flow Control On An Ethernet Interface

    Figure 1-1 An application diagram of auto-negotiation transmission rate As shown in Figure 1-1, the network card transmission rate of the server group (Server 1, Server 2, and Server 3) is 1000 Mbps, and the transmission rate of GigabitEthernet 1/0/4, which provides access to the external network for the server group, is 1000 Mbps too.

  • Page 42

    Follow these steps to enable flow control on an Ethernet interface: To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter Ethernet interface view — interface-number Required Enable flow control flow-control Disabled by default Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface An Ethernet interface operates in one of the two physical link states: up or down.

  • Page 43: Configuring A Port Group, Configuring Storm Suppression

    To do… Use the command… Remarks Optional Enable loopback testing loopback { external | internal } Disabled by default. As for the internal loopback test and external loopback test, if an interface is down, only the former is available on it; if the interface is shut down, both are unavailable. The speed, duplex, mdi, and shutdown commands are not applicable during loopback testing.

  • Page 44: Setting The Interval For Collecting Ethernet Interface Statistics

    The storm suppression ratio settings configured for an Ethernet interface may get invalid if you enable the storm constrain for the interface. For information about the storm constrain function, see Configuring the Storm Constrain Function on an Ethernet Interface. Follow these steps to set storm suppression ratios for one or multiple Ethernet interfaces: To do…...

  • Page 45: Enabling Forwarding Of Jumbo Frames, Enabling Loopback Detection On An Ethernet Interface

    To do… Use the command… Remarks Optional Set the interval for collecting By default, the interval for flow-interval interval statistics on the Ethernet port collecting port statistics is 300 seconds. Enabling Forwarding of Jumbo Frames Due to tremendous amount of traffic occurring on an Ethernet interface, it is likely that some frames greater than the standard Ethernet frame size are received.

  • Page 46: Configuring The Mdi Mode For An Ethernet Interface

    To do… Use the command… Remarks Enter system view — system-view Required Enable global loopback loopback-detection enable detection Disabled by default Optional Configure the interval for port loopback-detection loopback detection 30 seconds by default interval-time time interface interface-type Enter Ethernet interface view —...

  • Page 47: Testing The Cable On An Ethernet Interface

    signals; pin 3 and pin 6 are used for transmitting signals. To enable normal communication, you should connect the local transmit pins to the remote receive pins. Therefore, you should configure the MDI mode depending on the cable types. Normally, the auto mode is recommended. The other two modes are useful only when the device cannot determine the cable type.

  • Page 48

    periodically and takes corresponding actions (that is, blocking or shutting down the interface and sending trap messages and logs) when the traffic detected exceeds the threshold. Alternatively, you can configure the storm suppression function to control a specific type of traffic. As the function and the storm constrain function are mutually exclusive, do not enable them at the same time on an Ethernet interface.

  • Page 49: Displaying And Maintaining An Ethernet Interface

    To do… Use the command… Remarks Optional Specify to send log when the By default, the system sends traffic detected exceeds the log when the traffic detected upper threshold or drops down exceeds the upper threshold or storm-constrain enable log below the lower threshold from drops down below the lower a point higher than the upper...

  • Page 50

    To do… Use the command… Remarks Display the information about a display port-group manual manual port group or all the Available in any view [ all | name port-group-name ] port groups Display the information about Available in any view display loopback-detection the loopback function display storm-constrain...

  • Page 51: Table Of Contents

    Table of Contents 1 Link Aggregation Configuration ··············································································································1-1 Overview ·················································································································································1-1 Basic Concepts of Link Aggregation ·······························································································1-1 Link Aggregation Modes··················································································································1-3 Load Sharing Mode of an Aggregation Group ················································································1-5 Link Aggregation Configuration Task List ·······························································································1-5 Configuring an Aggregation Group ·········································································································1-6 Configuring a Static Aggregation Group··························································································1-6 Configuring a Dynamic Aggregation Group·····················································································1-7 Configuring an Aggregate Interface ········································································································1-8 Configuring the Description of an Aggregate Interface ···································································1-8...

  • Page 52: Link Aggregation Configuration, Basic Concepts Of Link Aggregation

    Link Aggregation Configuration When configuring link aggregation, go to these sections for information you are interested in: Overview Link Aggregation Configuration Task List Configuring an Aggregation Group Configuring an Aggregate Interface Configuring a Load Sharing Mode for Load-Sharing Link Aggregation Groups Displaying and Maintaining Link Aggregation Link Aggregation Configuration Examples Overview...

  • Page 53

    Selected: a selected port can forward user traffic. Unselected: an unselected port cannot forward user traffic. The rate of an aggregate interface is the sum of the selected member ports’ rates. The duplex mode of an aggregate interface is consistent with that of the selected member ports. Note that all selected member ports use the same duplex mode.

  • Page 54: Link Aggregation Modes

    Some configurations are called class-one configurations. Such configurations, for example, GVRP and MSTP, can be configured on aggregate interfaces and member ports but are not considered during operational key calculation. The change of a class-two configuration setting may affect the select state of link aggregation member ports and thus the ongoing service.

  • Page 55

    A port that joins the aggregation group after the limit on the number of selected ports has been reached will not be placed in the selected state even if it should be in normal cases. This can prevent the ongoing traffic on the current selected ports from being interrupted.

  • Page 56: Load Sharing Mode Of An Aggregation Group, Link Aggregation Configuration Task List

    Load Sharing Mode of an Aggregation Group The link aggregation groups created on the 3Com Switch 4800G always operates in load sharing mode, even when they contain only one member port. Link Aggregation Configuration Task List...

  • Page 57: Configuring An Aggregation Group, Configuring A Static Aggregation Group

    Configuring an Aggregation Group The following ports cannot be assigned to an aggregation group: Stack ports, RRPP-enabled ports, MAC address authentication-enabled ports, port security-enabled ports, IP source guard-enabled ports, and 802.1x-enabled ports. You are recommended not to assign reflector ports of port mirroring to an aggregation group. For details about reflector ports, refer to Port Mirroring Configuration in the Access Volume.

  • Page 58: Configuring A Dynamic Aggregation Group

    Configuring a Dynamic Aggregation Group Follow these steps to configure a Layer 2 dynamic aggregation group: To do... Use the command... Remarks Enter system view — system-view Optional By default, the system LACP priority is 32768. Set the system LACP lacp system-priority Changing the system LACP priority priority...

  • Page 59: Configuring An Aggregate Interface

    Removing a dynamic aggregate interface also removes the corresponding aggregation group. At the same time, the member ports of the aggregation group, if any, leave the aggregation group. To guarantee a successful dynamic aggregation, ensure that the peer ports of the ports aggregated at one end are also aggregated.

  • Page 60: Configuring A Load Sharing Mode For Load-sharing Link Aggregation Groups

    Follow these steps to enable linkUp/linkDown trap generation for an aggregate interface: To do... Use the command... Remarks Enter system view — system-view Optional snmp-agent trap enable Enable the trap function By default, linkUp/linkDown [ standard [ linkdown | linkup ] globally trap generation is enabled globally and on all interfaces.

  • Page 61: Displaying And Maintaining Link Aggregation

    sharing mode. You can change the load sharing mode of a link aggregation group for different types of traffic as needed. Follow these steps to configure load sharing mode for link aggregation groups: To do... Use the command... Remarks Enter system view —...

  • Page 62: Link Aggregation Configuration Examples, Layer 2 Static Aggregation Configuration Example

    Link Aggregation Configuration Examples In an aggregation group, the port to be a selected port must be the same as the reference port in port attributes, and class-two configurations. To keep these configurations consistent, you should configure the port manually. Reference port: Select a port as the reference port from the ports that are in up state and with the same class-two configurations as the corresponding aggregate interface.

  • Page 63: Layer 2 Dynamic Aggregation Configuration Example

    [DeviceA-Bridge-Aggregation1] quit # Assign Layer 2 Ethernet interfaces GigabitEthernet1/0/1 through GigabitEthernet1/0/3 to aggregation group 1. [DeviceA] interface GigabitEthernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface GigabitEthernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface GigabitEthernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 Configure Device B Follow the same configuration procedure performed on Device A to configure Device B.

  • Page 64

    # Assign Layer 2 Ethernet interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to aggregation group 1. [DeviceA] interface GigabitEthernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA- GigabitEthernet1/0/1] quit [DeviceA] interface GigabitEthernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface GigabitEthernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 Configure Device B Follow the same configuration procedure performed on Device A to configure Device B.

  • Page 65: Table Of Contents

    Table of Contents 1 Port Isolation Configuration ·····················································································································1-1 Introduction to Port Isolation ···················································································································1-1 Configuring the Isolation Group ··············································································································1-1 Assigning a Port to the Isolation Group···························································································1-1 Displaying and Maintaining Isolation Groups··························································································1-2 Port Isolation Configuration Example······································································································1-2...

  • Page 66: Port Isolation Configuration, Introduction To Port Isolation, Configuring The Isolation Group

    VLAN, allowing for great flexibility and security. Currently: 3Com Switch 4800G support only one isolation group that is created automatically by the system as isolation group 1. You can neither remove the isolation group nor create other isolation groups on such devices.

  • Page 67: Port Isolation Configuration Example, Displaying And Maintaining Isolation Groups

    Displaying and Maintaining Isolation Groups To do… Use the command… Remarks Display the isolation group Available in any view display port-isolate group information Port Isolation Configuration Example Network requirements Users Host A, Host B, and Host C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 of Device.

  • Page 68

    Uplink port support: NO Group ID: 1 Group members: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3...

  • Page 69

    Table of Contents 1 Service Loopback Group Configuration ·································································································1-1 Overview ·················································································································································1-1 Functions of Service Loopback Groups ··························································································1-1 Port Configuration Prerequisites of Service Loopback Groups·······················································1-1 States of the Ports in a Service Loopback Group ···········································································1-2 Configuring a Service Loopback Group ··································································································1-2 Displaying and Maintaining Service Loopback Groups ··········································································1-3 Configuration Example····························································································································1-3...

  • Page 70: Service Loopback Group Configuration

    Displaying and Maintaining Service Loopback Groups Configuration Example Overview The SFP+ subcards and GE subcards of the 3Com Switch 4800G do not support service loopback groups. Functions of Service Loopback Groups To increase service redirecting throughput, you can bundle multiple service loopback ports into a logical link, called a service loopback group.

  • Page 71: Configuring A Service Loopback Group

    The port is not configured with MSTP, 802.1x, MAC address authentication, port security mode, or IP source guard. Additionally, the member port of a service loopback group cannot be configured with any of the above-mentioned configurations. The port belongs to VLAN 1. The port is not a member of any aggregation group or service loopback group.

  • Page 72: Displaying And Maintaining Service Loopback Groups, Configuration Example

    You can change the service type of an existing service loopback group. For the change to be successful, you must ensure that the service group has not been referenced; the attributes of all member ports (if any) are not conflicting with the target service type; and no service loopback group has been created for the target service type, because only one service loopback group is allowed for a service type.

  • Page 73: Table Of Contents

    Table of Contents 1 MSTP Configuration ··································································································································1-1 Overview ·················································································································································1-1 Introduction to STP ·································································································································1-1 Why STP ·········································································································································1-1 Protocol Packets of STP··················································································································1-1 Basic Concepts in STP····················································································································1-2 How STP works ·······························································································································1-3 Introduction to RSTP·······························································································································1-9 Introduction to MSTP ····························································································································1-10 Why MSTP ····································································································································1-10 Basic Concepts in MSTP···············································································································1-11 How MSTP Works ·························································································································1-14 Implementation of MSTP on Devices ····························································································1-15 Protocols and Standards ···············································································································1-15...

  • Page 74: Mstp Configuration, Introduction To Stp, Why Stp, Protocol Packets Of Stp

    MSTP Configuration When configuring MSTP, go to these sections for information you are interested in: Overview Introduction to STP Introduction to RSTP Introduction to MSTP MSTP Configuration Task List Configuring MSTP Displaying and Maintaining MSTP MSTP Configuration Example Overview As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blocking redundant links in a network, and in the mean time, allows for link redundancy.

  • Page 75: Basic Concepts In Stp

    Topology change notification (TCN) BPDUs, used for notifying the concerned devices of network topology changes, if any. Basic Concepts in STP Root bridge A tree network must have a root; hence the concept of root bridge was introduced in STP. There is one and only one root bridge in the entire network, and the root bridge can change along with changes of the network topology.

  • Page 76: How Stp Works

    Figure 1-1 A schematic diagram of designated bridges and designated ports All the ports on the root bridge are designated ports. Path cost Path cost is a reference value used for link selection in STP. By calculating path costs, STP selects relatively robust links and blocks redundant links, and finally prunes the network into a loop-free tree.

  • Page 77

    For simplicity, the descriptions and examples below involve only four fields of configuration BPDUs: Root bridge ID (represented by device priority) Root path cost (related to the rate of the link connecting the port) Designated bridge ID (represented by device priority) Designated port ID (represented by port name) Calculation process of the STP algorithm Initial state...

  • Page 78

    Initially, each STP-enabled device on the network assumes itself to be the root bridge, with the root bridge ID being its own device ID. By exchanging configuration BPDUs, the devices compare their root bridge IDs to elect the device with the smallest root bridge ID as the root bridge. Selection of the root port and designated ports on a non-root device Table 1-3 describes the process of selecting the root port and designated ports.

  • Page 79

    Figure 1-2 Network diagram for the STP algorithm Device A With priority 0 Device B With priority 1 Device C With priority 2 Initial state of each device Table 1-4 shows the initial state of each device. Table 1-4 Initial state of each device Device Port name BPDU of port...

  • Page 80

    BPDU of port Device Comparison process after comparison Port BP1 receives the configuration BPDU of Device A {0, 0, 0, AP1}. Device B finds that the received configuration BPDU is superior to the configuration BPDU of the local port {1, 0, 1, BP1}, and updates the configuration BPDU of BP1.

  • Page 81

    BPDU of port Device Comparison process after comparison After comparison: Because the root path cost of CP2 (9) (root path cost of the BPDU (5) plus path cost corresponding to CP2 (4)) is smaller than the root path cost of CP1 (10) (root path cost of the BPDU (0) + path cost corresponding to CP2 (10)), the BPDU Blocked port CP2: of CP2 is elected as the optimum BPDU, and CP2 is elected...

  • Page 82: Introduction To Rstp

    If a path becomes faulty, the root port on this path will no longer receive new configuration BPDUs and the old configuration BPDUs will be discarded due to timeout. In this case, the device will generate a configuration BPDU with itself as the root and send out the BPDUs and TCN BPDUs. This triggers a new spanning tree calculation process to establish a new path to restore the network connectivity.

  • Page 83: Introduction To Mstp, Why Mstp

    Introduction to MSTP Why MSTP Weaknesses of STP and RSTP STP does not support rapid state transition of ports. A newly elected root port or designated port must wait twice the forward delay time before transiting to the forwarding state, even if it is a port on a point-to-point link or an edge port, which directly connects to a user terminal rather than to another device or a shared LAN segment.

  • Page 84: Basic Concepts In Mstp

    Basic Concepts in MSTP Figure 1-4 Basic concepts in MSTP Region A0 VLAN 1 mapped to instance 1 VLAN 2 mapped to instance 2 Other VLANs mapped to CIST BPDU BPDU Region D0 BPDU Region B0 VLAN 1 mapped to instance 1, VLAN 1 mapped to instance 1 B as regional root bridge VLAN 2 mapped to instance 2...

  • Page 85

    VLAN-to-instance mapping table As an attribute of an MST region, the VLAN-to-instance mapping table describes the mapping relationships between VLANs and MSTIs. In Figure 1-4, for example, the VLAN-to-instance mapping table of region A0 is as follows: VLAN 1 is mapped to MSTI 1, VLAN 2 to MSTI 2, and the rest to CIST. MSTP achieves load balancing by means of the VLAN-to-instance mapping table.

  • Page 86

    During MSTP calculation, a boundary port’s role on an MSTI is consistent with its role on the CIST. But that is not true with master ports. A master port on MSTIs is a root port on the CIST. Roles of ports MSTP calculation involves these port roles: root port, designated port, master port, alternate port, backup port, and so on.

  • Page 87: How Mstp Works

    Port states In MSTP, port states fall into the following three: Forwarding: the port learns MAC addresses and forwards user traffic; Learning: the port learns MAC addresses but does not forward user traffic; Discarding: the port neither learns MAC addresses nor forwards user traffic. When in different MSTIs, a port can be in different states.

  • Page 88: Implementation Of Mstp On Devices, Mstp Configuration Task List

    Within an MST region, the packet is forwarded along the corresponding MSTI. Between two MST regions, the packet is forwarded along the CST. Implementation of MSTP on Devices MSTP is compatible with STP and RSTP. STP and RSTP protocol packets can be recognized by devices running MSTP and used for spanning tree calculation.

  • Page 89

    Task Remarks Configuring an MST Region Required Configuring the Work Mode of an MSTP Device Optional Configuring the Timeout Factor Optional Configuring the Maximum Port Rate Optional Configuring Ports as Edge Ports Optional Configuring the Configuring Path Costs of Ports Optional leaf nodes Configuring Port Priority...

  • Page 90: Configuring Mstp, Configuring An Mst Region

    Configuring MSTP Configuring an MST Region Make the following configurations on the root bridge and on the leaf nodes separately. Follow these steps to configure an MST region: To do... Use the command... Remarks Enter system view — system-view Enter MST region view —...

  • Page 91: Configuring The Root Bridge Or A Secondary Root Bridge

    Configuring the Root Bridge or a Secondary Root Bridge MSTP can determine the root bridge of a spanning tree through MSTP calculation. Alternatively, you can specify the current device as the root bridge or a secondary root bridge using the commands provided by the system.

  • Page 92: Configuring The Work Mode Of An Mstp Device, Configuring The Priority Of A Device

    After specifying the current device as the root bridge or a secondary root bridge, you cannot change the priority of the device. Alternatively, you can also configure the current device as the root bridge by setting the priority of the device to 0. For the device priority configuration, refer to Configuring the Priority of a Device.

  • Page 93: Configuring The Maximum Hops Of An Mst Region

    After configuring a device as the root bridge or a secondary root bridge, you cannot change the priority of the device. During root bridge selection, if all devices in a spanning tree have the same priority, the one with the lowest MAC address will be selected as the root bridge of the spanning tree. Configuring the Maximum Hops of an MST Region By setting the maximum hops of an MST region, you can restrict the region size.

  • Page 94: Configuring Timers Of Mstp

    Based on the network diameter you configured, MSTP automatically sets an optimal hello time, forward delay, and max age for the device. The configured network diameter is effective for the CIST only, and not for MSTIs. Each MST region is considered as a device. The network diameter must be configured on the root bridge.

  • Page 95: Configuring The Timeout Factor

    To do... Use the command... Remarks Optional Configure the max age timer stp timer max-age time 2,000 centiseconds (20 seconds) by default The length of the forward delay time is related to the network diameter of the switched network. Typically, the larger the network diameter is, the longer the forward delay time should be. Note that if the forward delay setting is too small, temporary redundant paths may be introduced;...

  • Page 96: Configuring The Maximum Port Rate, Configuring Ports As Edge Ports

    To do... Use the command... Remarks Enter system view — system-view Required Configure the timeout factor of the device stp timer-factor factor 3 by default Configuring the Maximum Port Rate The maximum rate of a port refers to the maximum number of BPDUs the port can send within each hello time.

  • Page 97: Configuring Path Costs Of Ports

    To do... Use the command... Remarks Enter Ethernet interface interface interface-type Enter view, or Layer 2 aggregate interface-number Required interface interface view view or port Use either command. group view port-group manual Enter port group view port-group-name Required Configure the current ports as edge ports stp edged-port enable All ports are non-edge ports by default.

  • Page 98

    Table 1-7 Link speed vs. path cost Duplex state Link speed 802.1d-1998 802.1t Private standard — 65535 200,000,000 200,000 Single Port 2,000,000 2,000 Aggregate Link 2 Ports 1,000,000 1,800 10 Mbps Aggregate Link 3 Ports 666,666 1,600 Aggregate Link 4 Ports 500,000 1,400 Single Port...

  • Page 99: Configuring Port Priority

    If you change the standard that the device uses in calculating the default path cost, the port path cost value set through the stp cost command will be invalid. When the path cost of a port is changed, MSTP will re-calculate the role of the port and initiate a state transition.

  • Page 100: Configuring The Link Type Of Ports

    When the priority of a port is changed, MSTP will re-calculate the role of the port and initiate a state transition. Generally, a lower priority value indicates a higher priority. If you configure the same priority value for all the ports on a device, the specific priority of a port depends on the index number of the port. Changing the priority of a port triggers a new spanning tree calculation process.

  • Page 101: Enabling The Output Of Port State Transition Information

    dot1s: 802.1s-compliant standard format, and legacy: Compatible format By default, the packet format recognition mode of a port is auto, namely the port automatically distinguishes the two MSTP packet formats, and determines the format of packets it will send based on the recognized format.

  • Page 102: Enabling The Mstp Feature, Performing Mcheck

    To do... Use the command... Remarks Required Enable output of port state transition stp port-log { all | This function is enabled by information instance instance-id } default. Enabling the MSTP Feature You must enable MSTP for the device before any other MSTP-related configurations can take effect. Make this configuration on the root bridge and on the leaf nodes separately.

  • Page 103: Configuring Digest Snooping

    By then, you can perform an mCheck operation to force the port to migrate to the MSTP (or RSTP) mode. You can perform mCheck on a port through the following two approaches, which lead to the same result. Performing mCheck globally Follow these steps to perform global mCheck: To do...

  • Page 104

    Before enabling digest snooping, ensure that associated devices of different vendors are interconnected and run MSTP. Configuring the Digest Snooping feature You can enable Digest Snooping only on a device that is connected to a third-party device that uses its private key to calculate the configuration digest.

  • Page 105: Configuring No Agreement Check

    Digest Snooping configuration example Network requirements Device A and Device B connect to Device C, a third-party device, and all these devices are in the same region. Enable Digest Snooping on Device A and Device B so that the three devices can communicate with one another.

  • Page 106

    Figure 1-7 shows the rapid state transition mechanism on MSTP designated ports. Figure 1-7 Rapid state transition of an MSTP designated port Figure 1-8 shows rapid state transition of an RSTP designated port. Figure 1-8 Rapid state transition of an RSTP designated port Downstream device Upstream device Proposal for rapid transition...

  • Page 107: Configuring Protection Functions

    To do... Use the command... Remarks Enter system view — system-view Enter Ethernet interface view, or interface interface-type Enter interface Layer 2 aggregate interface-number Required or port group interface view Use either command. view port-group manual Enter port group view port-group-name Required Enable No Agreement Check...

  • Page 108

    Configuration prerequisites MSTP has been correctly configured on the device. Enabling BPDU guard For access layer devices, the access ports generally connect directly with user terminals (such as PCs) or file servers. In this case, the access ports are configured as edge ports to allow rapid transition. When these ports receive configuration BPDUs, the system will automatically set these ports as non-edge ports and start a new spanning tree calculation process.

  • Page 109

    Follow these steps to enable root guard: To do... Use the command... Remarks Enter system view — system-view Enter Ethernet interface view, or interface interface-type Enter Layer 2 interface-number Required interface view aggregate or port group interface view Use either command. view Enter port group port-group manual...

  • Page 110: Displaying And Maintaining Mstp

    With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address entry flushes that the switch can perform within a certain period of time after receiving the first TC-BPDU. For TC-BPDUs received in excess of the limit, the switch performs forwarding address entry flush only when the time period expires.

  • Page 111: Mstp Configuration Example

    MSTP Configuration Example Network requirements All devices on the network are in the same MST region. Device A and Device B work on the distribution layer, while Device C and Device D work on the access layer. Configure MSTP so that packets of different VLANs are forwarded along different spanning trees: Packets of VLAN 10 are forwarded along MSTI 1, those of VLAN 30 are forwarded along MSTI 3, those of VLAN 40 are forwarded along MSTI 4, and those of VLAN 20 are forwarded along MSTI 0.

  • Page 112

    [DeviceA-mst-region] active region-configuration [DeviceA-mst-region] quit # Specify the current device as the root bridge of MSTI 1. [DeviceA] stp instance 1 root primary # Enable MSTP globally. [DeviceA] stp enable Configuration on Device B # Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4 respectively, and configure the revision level of the MST region as 0.

  • Page 113

    Configuration on Device D. # Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4 respectively, and configure the revision level of the MST region as 0.

  • Page 114

    GigabitEthernet1/0/3 DESI FORWARDING NONE GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/3 DESI FORWARDING NONE # Display brief spanning tree information on Device D. [DeviceD] display stp brief MSTID Port Role STP State Protection GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE DISCARDING NONE...

  • Page 115: Table Of Contents

    Table of Contents 1 LLDP Configuration···································································································································1-1 Overview ·················································································································································1-1 Background ·····································································································································1-1 Basic Concepts································································································································1-1 Operating Modes of LLDP···············································································································1-5 How LLDP Works ····························································································································1-6 Protocols and Standards ·················································································································1-6 LLDP Configuration Task List ·················································································································1-6 Performing Basic LLDP Configuration ····································································································1-7 Enabling LLDP·································································································································1-7 Setting LLDP Operating Mode ········································································································1-7 Setting the LLDP Re-Initialization Delay ·························································································1-8 Enabling LLDP Polling·····················································································································1-8 Configuring the TLVs to Be Advertised ···························································································1-8...

  • Page 116: Lldp Configuration

    LLDP Configuration When configuring LLDP, go to these sections for information you are interested in: Overview LLDP Configuration Task List Performing Basic LLDP Configuration Configuring CDP Compatibility Configuring LLDP Trapping Displaying and Maintaining LLDP LLDP Configuration Examples Overview Background In a heterogeneous network, it is important that different types of network devices from different vendors can discover one other and exchange configuration for interoperability and management sake.

  • Page 117

    Figure 1-1 Ethernet II-encapsulated LLDP frame format The fields in the frame are described in Table 1-1: Table 1-1 Description of the fields in an Ethernet II-encapsulated LLDP frame Field Description The MAC address to which the LLDPDU is advertised. It is fixed to Destination MAC address 0x0180-C200-000E, a multicast MAC address.

  • Page 118

    Field Description The MAC address of the sending port. If the port does not have a MAC Source MAC address address, the MAC address of the sending bridge is used. The SNAP type for the upper layer protocol. It is Type 0xAAAA-0300-0000-88CC for LLDP.

  • Page 119

    VLAN Name A specific VLAN name on the port Protocol Identity Protocols supported on the port Currently, 3Com switches 4800G support receiving but not sending protocol identity TLVs. IEEE 802.3 organizationally specific TLVs Table 1-5 IEEE 802.3 organizationally specific TLVs Type...

  • Page 120: Operating Modes Of Lldp

    management. In addition, LLDP-MED TLVs make deploying voice devices in Ethernet easier. LLDP-MED TLVs are shown in Table 1-6: Table 1-6 LLDP-MED TLVs Type Description Allows a MED endpoint to advertise the supported LLDP-MED LLDP-MED Capabilities TLVs and its device type. Allows a network device or MED endpoint to advertise LAN type Network Policy and VLAN ID of the specific port, and the Layer 2 and Layer 3...

  • Page 121: Lldp Configuration Task List, How Lldp Works

    How LLDP Works Transmitting LLDP frames An LLDP-enabled port operating in TxRx mode or Tx mode sends LLDP frames to its directly connected devices both periodically and when the local configuration changes. To prevent the network from being overwhelmed by LLDP frames at times of frequent local device information change, an interval is introduced between two successive LLDP frames.

  • Page 122: Performing Basic Lldp Configuration, Enabling Lldp, Setting Lldp Operating Mode

    LLDP-related configurations made in Ethernet interface view takes effect only on the current port, and those made in port group view takes effect on all ports in the current port group. Performing Basic LLDP Configuration Enabling LLDP To make LLDP take effect on certain ports, you need to enable LLDP both globally and on these ports. Follow these steps to enable LLDP: To do…...

  • Page 123: Setting The Lldp Re-initialization Delay, Enabling Lldp Polling, Configuring The Tlvs To Be Advertised

    Setting the LLDP Re-Initialization Delay When LLDP operating mode changes on a port, the port initializes the protocol state machines after a certain delay. By adjusting the LLDP re-initialization delay, you can avoid frequent initializations caused by frequent LLDP operating mode changes on a port. Follow these steps to set the LLDP re-initialization delay for ports: To do…...

  • Page 124: Configuring The Management Address And Its Encoding Format, Setting Other Lldp Parameters

    To do… Use the command… Remarks lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name } | dot1-tlv { all | port-vlan-id | Optional protocol-vlan-id [ vlan-id ] | vlan-name [ vlan-id ] } | dot3-tlv { all | link-aggregation | mac-physic | By default, all types of Configure the TLVs to be max-frame-size | power } | med-tlv { all |...

  • Page 125: Setting An Encapsulation Format For Lldpdus

    You can configure the TTL of locally sent LLDP frames to determine how long information about the local device can be saved on a neighbor device by setting the TTL multiplier. The TTL is expressed as follows: TTL = Min (65535, (TTL multiplier × LLDPDU transmit interval)) As the expression shows, the TTL can be up to 65535 seconds.

  • Page 126: Configuring Cdp Compatibility

    To do… Use the command… Remarks Enter Ethernet interface interface-type Enter Ethernet interface view Required interface-number interface view or Use either command. Enter port port group view port-group manual port-group-name group view Required Ethernet II encapsulation format Set the encapsulation format for applies by default.

  • Page 127: Configuring Lldp Trapping

    Configuring CDP Compatibility CDP-compatible LLDP operates in one of the follows two modes: TxRx, where CDP packets can be transmitted and received. Disable, where CDP packets can neither be transmitted nor be received. To make CDP-compatible LLDP take effect on certain ports, first enable CDP-compatible LLDP globally and configure CDP-compatible LLDP to operate in TxRx mode.

  • Page 128: Displaying And Maintaining Lldp, Lldp Configuration Examples, Basic Lldp Configuration Example

    To do… Use the command… Remarks Required lldp notification remote-change Enable LLDP trap sending Disabled by default enable Quit to system view — quit Optional Set the interval to send LLDP lldp timer notification-interval traps 5 seconds by default interval Displaying and Maintaining LLDP To do…...

  • Page 129: Configuration Procedure

    Configuration procedure Configure Switch A. # Enable LLDP globally. <SwitchA> system-view [SwitchA] lldp enable # Enable LLDP on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 (you can skip this step because LLDP is enabled on ports by default), and set the LLDP operating mode to Rx. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] lldp enable [SwitchA-GigabitEthernet1/0/1] lldp admin-status rx...

  • Page 130

    Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV Port 2 [GigabitEthernet1/0/2]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Roll time : 0s Number of neighbors Number of MED neighbors...

  • Page 131: Cdp-compatible Lldp Configuration Example

    Port 2 [GigabitEthernet1/0/2]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Roll time : 0s Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV As the sample output shows, GigabitEthernet 1/0/2 of Switch A does not connect any neighboring devices.

  • Page 132

    # Enable LLDP globally and enable LLDP to be compatible with CDP globally. [SwitchA] lldp enable [SwitchA] lldp compliance cdp # Enable LLDP (you can skip this step because LLDP is enabled on ports by default), configure LLDP to operate in TxRx mode, and configure CDP-compatible LLDP to operate in TxRx mode on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2.

  • Page 133: Table Of Contents

    Table of Contents 1 VLAN Configuration ··································································································································1-1 Introduction to VLAN ·······························································································································1-1 VLAN Overview ·······························································································································1-1 VLAN Fundamentals ·······················································································································1-2 Types of VLAN ································································································································1-3 Configuring Basic VLAN Settings ···········································································································1-3 Configuring Basic Settings of a VLAN Interface ·····················································································1-4 Port-Based VLAN Configuration ·············································································································1-5 Introduction to Port-Based VLAN ····································································································1-5 Assigning an Access Port to a VLAN ······························································································1-6 Assigning a Trunk Port to a VLAN···································································································1-8 Assigning a Hybrid Port to a VLAN ·································································································1-9...

  • Page 134: Vlan Configuration, Introduction To Vlan, Vlan Overview

    VLAN Configuration When configuring VLAN, go to these sections for information you are interested in: Introduction to VLAN Configuring Basic VLAN Settings Configuring Basic Settings of a VLAN Interface Port-Based VLAN Configuration MAC-Based VLAN Configuration Protocol-Based VLAN Configuration Displaying and Maintaining VLAN VLAN Configuration Example Introduction to VLAN VLAN Overview...

  • Page 135: Vlan Fundamentals

    Confining broadcast traffic within individual VLANs. This reduces bandwidth waste and improves network performance. Improving LAN security. By assigning user groups to different VLANs, you can isolate them at Layer 2. To enable communication between VLANs, routers or Layer 3 switches are required. Flexible virtual workgroup creation.

  • Page 136: Types Of Vlan, Configuring Basic Vlan Settings

    The Ethernet II encapsulation format is used here. Besides the Ethernet II encapsulation format, other encapsulation formats, including 802.2 LLC, 802.2 SNAP, and 802.3 raw, are also supported by Ethernet. The VLAN tag fields are also added to frames encapsulated in these formats for VLAN identification.

  • Page 137: Configuring Basic Settings Of A Vlan Interface

    As the default VLAN, VLAN 1 cannot be created or removed. You cannot manually create or remove VLANs reserved for special purposes. Dynamic VLANs cannot be removed with the undo vlan command. A VLAN with a QoS policy applied cannot be removed. For isolate-user-VLANs or secondary VLANs, if you have used the isolate-user-vlan command to create mappings between them, you cannot remove them until you remove the mappings between them first.

  • Page 138: Port-based Vlan Configuration, Introduction To Port-based Vlan

    Before creating a VLAN interface for a VLAN, create the VLAN first. Port-Based VLAN Configuration Introduction to Port-Based VLAN Port-based VLANs group VLAN members by port. A port forwards traffic for a VLAN only after it is assigned to the VLAN. Port link type You can configure the link type of a port as access, trunk, or hybrid.

  • Page 139: Assigning An Access Port To A Vlan

    Do not set the voice VLAN as the default VLAN of a port in automatic voice VLAN assignment mode. Otherwise, the system prompts error information. For information about voice VLAN, refer to Voice VLAN Configuration. The local and remote ports must use the same default VLAN ID for the traffic of the default VLAN to be transmitted properly.

  • Page 140

    To do… Use the command… Remarks Assign one or a group of Required access ports to the current port interface-list By default, all ports belong to VLAN 1. VLAN In VLAN view to assign a Layer-2 aggregate interface to a VLAN, this command assigns the Layer-2 aggregate interface but not its member ports to the current VLAN.

  • Page 141: Assigning A Trunk Port To A Vlan

    Before assigning an access port to a VLAN, create the VLAN first. After you configure a command on a Layer-2 aggregate interface, the system starts applying the configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports.

  • Page 142: Assigning A Hybrid Port To A Vlan

    To change the link type of a port from trunk to hybrid or vice versa, you must set the link type to access first. The local and remote hybrid ports must use the same default VLAN ID for the traffic of the default VLAN to be transmitted properly.

  • Page 143: Mac-based Vlan Configuration, Introduction To Mac-based Vlan

    To change the link type of a port from trunk to hybrid or vice versa, you must set the link type to access first. Before assigning a hybrid port to a VLAN, create the VLAN first. The local and remote hybrid ports must use the same default VLAN ID for the traffic of the default VLAN to be transmitted properly.

  • Page 144: Configuring A Mac Address-based Vlan

    The device associates MAC addresses with VLANs dynamically based on the information provided by the authentication server. If a user goes offline, the corresponding MAC address-to-VLAN association is removed automatically. Automatic configuration requires MAC address-to–VLAN mapping be configured on the authentication server. For detailed information, refer to 802.1X Configuration in the Security Volume.

  • Page 145: Protocol-based Vlan Configuration, Introduction To Protocol-based Vlan, Configuring A Protocol-based Vlan

    Protocol-Based VLAN Configuration Introduction to Protocol-Based VLAN Protocol-based VLANs are only applicable on hybrid ports. In this approach, inbound packets are assigned to different VLANs based on their protocol types and encapsulation formats. The protocols that can be used for VLAN assignment include IP, IPX, and AppleTalk (AT).

  • Page 146

    To do… Use the command… Remarks group view Use either command. Enter Layer-2 interface aggregate In Ethernet interface view, bridge-aggregation interface view subsequent interface-number configurations apply to the current port. In port group view, the subsequent configurations apply to all ports in the port group.

  • Page 147: Ip Subnet-based Vlan Configuration, Configuring An Ip Subnet-based Vlan

    IP Subnet-Based VLAN Configuration Introduction In this approach, packets are assigned to VLANs based on their source IP addresses and subnet masks. A port configured with IP subnet-based VLANs assigns a received untagged packet to a VLAN based on the source address of the packet. This feature is used to assign packets from the specified network segment or IP address to a specific VLAN.

  • Page 148: Displaying And Maintaining Vlan

    To do… Use the command… Remarks Associate the hybrid port(s) with port hybrid ip-subnet-vlan the specified IP subnet-based Required vlan vlan-id VLAN After you configure a command on a Layer-2 aggregate interface, the system starts applying the configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports.

  • Page 149: Vlan Configuration Example

    To do... Use the command… Remarks reset counters interface Clear statistics on a port [ interface-type Available in user view [ interface-number ] ] The reset counters interface command can be used to clear statistics on a VLAN interface. For more information, refer to Ethernet Interface Commands in the Access Volume.

  • Page 150

    # Configure GigabitEthernet 1/0/1 to permit packets from VLAN 2, VLAN 6 through VLAN 50, and VLAN 100 to pass through. [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan 2 6 to 50 100 Please wait... Done. [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] quit Configure Device B as you configure Device A. Verification Verifying the configuration on Device A is similar to that of Device B.

  • Page 151

    0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses Output (normal): 0 packets, - bytes 0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses Output: 0 output errors, - underruns, - buffer failures 0 aborts, 0 deferred, 0 collisions, 0 late collisions 0 lost carrier, - no carrier The output above shows that: The port (GigabitEthernet 1/0/1) is a trunk port.

  • Page 152: Isolate-user-vlan Configuration, Configuring Isolate-user-vlan

    Isolate-User-VLAN Configuration When configuring an isolate-user VLAN, go to these sections for information you are interested in: Overview Configuring Isolate-User-VLAN Displaying and Maintaining Isolate-User-VLAN Isolate-User-VLAN Configuration Example Overview An isolate-user-VLAN adopts a two-tier VLAN structure. In this approach, two types of VLANs, isolate-user-VLAN and secondary VLAN, are configured on the same device.

  • Page 153

    Assign non-trunk ports to the isolate-user-VLAN and ensure that at least one port takes the isolate-user-VLAN as its default VLAN; Assign non-trunk ports to each secondary VLAN and ensure that at least one port in a secondary VLAN takes the secondary VLAN as its default VLAN; Associate the isolate-user-VLAN with the specified secondary VLANs.

  • Page 154: Displaying And Maintaining Isolate-user-vlan, Isolate-user-vlan Configuration Example

    Displaying and Maintaining Isolate-User-VLAN To do... Use the command... Remarks Display the mapping between an display isolate-user-vlan isolate-user-VLAN and its secondary Available in any view [ isolate-user-vlan-id ] VLAN(s) Isolate-User-VLAN Configuration Example Network requirements Connect Device A to downstream devices Device B and Device C; Configure VLAN 5 on Device B as an isolate-user-VLAN, assign the uplink port GigabitEthernet 1/0/5 to VLAN 5, and associate VLAN 5 with secondary VLANs VLAN 2 and VLAN 3.

  • Page 155

    [DeviceB] vlan 2 [DeviceB-vlan2] port gigabitethernet 1/0/2 [DeviceB-vlan2] quit # Associate the isolate-user-VLAN with the secondary VLANs. [DeviceB] isolate-user-vlan 5 secondary 2 to 3 Configure Device C # Configure the isolate-user-VLAN. <DeviceC> system-view [DeviceC] vlan 6 [DeviceC-vlan6] isolate-user-vlan enable [DeviceC-vlan6] port gigabitethernet 1/0/5 [DeviceC-vlan6] quit # Configure the secondary VLANs.

  • Page 156

    gigabitethernet 1/0/2 gigabitethernet 1/0/5 VLAN ID: 3 VLAN Type: static Isolate-user-VLAN type : secondary Route Interface: not configured Description: VLAN 0003 Name: VLAN 0003 Tagged Ports: none Untagged Ports: gigabitethernet 1/0/1 gigabitethernet 1/0/5...

  • Page 157: Voice Vlan Configuration, Oui Addresses

    Voice VLAN Configuration When configuring a voice VLAN, go to these sections for information you are interested in: Overview Configuring a Voice VLAN Displaying and Maintaining Voice VLAN Voice VLAN Configuration Overview A voice VLAN is configured specially for voice traffic. After assigning the ports connecting to voice devices to a voice VLAN, you can configure quality of service (QoS) parameters for the voice traffic, thus improving transmission priority and ensuring voice quality.

  • Page 158: Voice Vlan Assignment Modes

    In general, as the first 24 bits of a MAC address (in binary format), an OUI address is a globally unique identifier assigned to a vendor by IEEE. OUI addresses mentioned in this document, however, are different from those in common sense. OUI addresses in this document are used by the system to determine whether a received packet is a voice packet.

  • Page 159: Security Mode And Normal Mode Of Voice Vlans

    Voice VLAN assignment Voice traffic Port link type mode type Access: not supported Trunk: supported if the default VLAN of the connecting port exists and is not the voice VLAN and the connecting port belongs to the default VLAN Tagged voice traffic Hybrid: supported if the default VLAN of the connecting port exists and is not the voice VLAN, the...

  • Page 160: Configuring A Voice Vlan, Setting A Port To Operate In Automatic Voice Vlan Assignment Mode

    Table 3-3 How a voice VLAN-enable port processes packets in security/normal mode Voice VLAN Packet type Packet processing mode working mode Untagged packets If the source MAC address of a packet matches an OUI address configured for the device, it is forwarded in the Packets carrying the voice VLAN;...

  • Page 161: Setting A Port To Operate In Manual Voice Vlan Assignment Mode

    Not enabled by default An switch 4800G supports up to eight voice VLANs globally. A protocol-based VLAN on a hybrid port can process only untagged inbound packets, whereas the voice VLAN in automatic mode on a hybrid port can process only tagged voice traffic. Therefore, do not configure a VLAN as both a protocol-based VLAN and a voice VLAN.

  • Page 162: Displaying And Maintaining Voice Vlan, Voice Vlan Configuration Examples, Automatic Voice Vlan Mode Configuration Example

    Required voice vlan enable An switch 4800G supports up to eight voice VLANs globally. You can configure different voice VLANs on different ports at the same time. However, one port can be configured with only one voice VLAN, and this voice VLAN must be a static VLAN that already exists on the device.

  • Page 163

    Figure 3-1 Network diagram for automatic voice VLAN assignment mode configuration Device A Device B Internet GE1/0/1 GE1/0/1 GE1/0/2 VLAN 3 VLAN 2 IP phone A IP phone B 010-1001 010-1002 MAC: 0011-1100-0001 MAC: 0011-2200-0001 0755-2002 Mask: ffff-ff00-0000 Mask: ffff-ff00-0000 PC A PC B MAC: 0022-1100-0002...

  • Page 164: Manual Voice Vlan Assignment Mode Configuration Example

    [DeviceA-GigabitEthernet1/0/2] voice vlan mode auto [DeviceA-GigabitEthernet1/0/2] port link-type access Please wait... Done. [DeviceA-GigabitEthernet1/0/2] port link-type hybrid [DeviceA-GigabitEthernet1/0/2] voice vlan 3 enable Verification # Display the OUI addresses, OUI address masks, and description strings supported currently. <DeviceA> display voice vlan oui Oui Address Mask Description...

  • Page 165

    Figure 3-2 Network diagram for manual voice VLAN assignment mode configuration Configuration procedure # Configure the voice VLAN to operate in security mode. (Optional. A voice VLAN operates in security mode by default.) <DeviceA> system-view [DeviceA] voice vlan security enable # Add a recognizable OUI address 0011-2200-0000.

  • Page 166

    0011-2200-0000 ffff-ff00-0000 test 00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3com phone # Display the current voice VLAN state. <DeviceA> display voice vlan state Maximum of Voice VLANs: 16 Current Voice VLANs: 2 Voice VLAN security mode: Security Voice VLAN aging time: 100 minutes Voice VLAN enabled port and its mode:...

  • Page 167

    Table of Contents 1 GVRP Configuration ··································································································································1-1 Introduction to GVRP ······························································································································1-1 GARP···············································································································································1-1 GVRP···············································································································································1-3 Protocols and Standards ·················································································································1-4 GVRP Configuration Task List ················································································································1-4 Configuring GVRP Functions··················································································································1-4 Configuring GARP Timers·······················································································································1-5 Displaying and Maintaining GVRP··········································································································1-6 GVRP Configuration Examples···············································································································1-7 GVRP Configuration Example I·······································································································1-7 GVRP Configuration Example II······································································································1-8 GVRP Configuration Example III·····································································································1-9...

  • Page 168: Gvrp Configuration, Introduction To Gvrp

    GVRP Configuration The GARP VLAN Registration Protocol (GVRP) is a GARP application. It functions based on the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for the GVRP devices on the network. When configuring GVRP, go to these sections for information you are interested in: Introduction to GVRP GVRP Configuration Task List Configuring GVRP Functions...

  • Page 169

    Hold timer –– When a GARP application entity receives the first registration request, it starts a Hold timer and collects succeeding requests. When the timer expires, the entity sends all these requests in one Join message. This helps you save bandwidth. Join timer ––...

  • Page 170

    GARP message format Figure 1-1 GARP message format Figure 1-1 illustrates the GARP message format. Table 1-1 describes the GARP message fields. Table 1-1 Description on the GARP message fields Field Description Value Protocol ID Protocol identifier for GARP One or multiple messages, each containing Message ––...

  • Page 171: Gvrp Configuration Task List, Configuring Gvrp Functions

    about active VLAN members and through which port they can be reached. It thus ensures that all GVRP participants on a bridged LAN maintain the same VLAN registration information. The VLAN registration information propagated by GVRP includes both manually configured local static entries and dynamic entries from other devices.

  • Page 172: Configuring Garp Timers

    To do… Use the command… Remarks Enter Ethernet Enter Ethernet interface view, interface view or Layer interface interface-type Required Layer 2 2 aggregate interface interface-number aggregate view Perform either of the interface view, commands. or port-group port-group manual Enter port-group view view port-group-name Required...

  • Page 173: Displaying And Maintaining Gvrp

    To do… Use the command… Remarks Enter Required Enter Ethernet or Ethernet Layer 2 Perform either of the interface interface-type interface aggregate commands. interface-number view, Layer interface view Depending on the view you 2 aggregate accessed, the subsequent interface configuration takes effect on a view, or Enter port-group port-group manual...

  • Page 174: Gvrp Configuration Examples, Gvrp Configuration Example I

    To do… Use the command… Remarks display gvrp state interface Display the current GVRP state Available in any view interface-type interface-number vlan vlan-id display gvrp statistics [ interface Display statistics about GVRP Available in any view interface-list ] Display the global GVRP state Available in any view display gvrp status Display the information about...

  • Page 175: Gvrp Configuration Example Ii

    [DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, allowing all VLANs to pass through. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on trunk port GigabitEthernet 1/0/1. [DeviceB-GigabitEthernet1/0/1] gvrp [DeviceB-GigabitEthernet1/0/1] quit # Create VLAN 3 (a static VLAN).

  • Page 176: Gvrp Configuration Example Iii

    [DeviceA-GigabitEthernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 Configure Device B # Enable GVRP globally. <DeviceB> system-view [DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, allowing all VLANs to pass through. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1.

  • Page 177

    [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1 and set the GVRP registration type to forbidden on the port. [DeviceA-GigabitEthernet1/0/1] gvrp [DeviceA-GigabitEthernet1/0/1] gvrp registration forbidden [DeviceA-GigabitEthernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 Configure Device B # Enable GVRP globally.

  • Page 178: Table Of Contents

    Table of Contents 1 QinQ Configuration ···································································································································1-1 Introduction to QinQ ································································································································1-1 Background ·····································································································································1-1 QinQ Mechanism and Benefits········································································································1-1 QinQ Frame Structure ·····················································································································1-2 Implementations of QinQ·················································································································1-3 Modifying the TPID in a VLAN Tag ·································································································1-3 QinQ Configuration Task List··················································································································1-5 Configuring Basic QinQ ··························································································································1-5 Enabling Basic QinQ ·······················································································································1-5 Configuring Selective QinQ·····················································································································1-5 Configuring Selective QinQ Based on Ports ···················································································1-6...

  • Page 179: Qinq Configuration, Introduction To Qinq, Qinq Mechanism And Benefits

    QinQ Configuration When configuring QinQ, go to these sections for information you are interested in: Introduction to QinQ QinQ Configuration Task List Configuring Basic QinQ Configuring Selective QinQ Configuring the TPID Value in VLAN Tags QinQ Configuration Examples Throughout this document, customer network VLANs (CVLANs), also called inner VLANs, refer to the VLANs that a customer uses on the private network;...

  • Page 180: Qinq Frame Structure

    Figure 1-1 Schematic diagram of the QinQ feature Customer network A VLAN 1~10 Customer network A VLAN 1~10 VLAN 3 VLAN 3 Network VLAN 4 VLAN 4 Service provider network VLAN 1~20 VLAN 1~20 Customer network B Customer network B As shown in Figure 1-1, customer network A has CVLANs 1 through 10, while customer network B has...

  • Page 181: Implementations Of Qinq, Modifying The Tpid In A Vlan Tag

    Figure 1-2 Single-tagged frame structure vs. double-tagged Ethernet frame structure The default maximum transmission unit (MTU) of an interface is 1500 bytes. The size of an outer VLAN tag is 4 bytes. Therefore, you are recommended to increase the MTU of each interface on the service provider network.

  • Page 182

    Figure 1-3 VLAN tag structure of an Ethernet frame The device determines whether a received frame carries a SVLAN tag or a CVLAN tag by checking the corresponding TPID value. Upon receiving a frame, the device compares the configured TPID value with the value of the TPID field in the frame.

  • Page 183: Configuring Basic Qinq, Configuring Selective Qinq, Qinq Configuration Task List, Enabling Basic Qinq

    QinQ Configuration Task List Table 1-2 QinQ configuration task list Configuration task Remarks Configuring Basic QinQ Optional Configuring Selective QinQ Based on Ports Use either Configuring Selective QinQ Configuring Selective QinQ through QoS approach Policies Configuring the TPID Value in VLAN Tags Optional QinQ requires configurations only on the service provider network, not on the customer network.

  • Page 184: Configuring Selective Qinq Based On Ports, Configuring Selective Qinq Through Qos Policies

    Configuring Selective QinQ Based on Ports Switch 4800G switches support the configuration of basic QinQ and selective QinQ at the same time on a port and when the two features are both enabled on the port, frames that meet the selective QinQ condition are handled with selective QinQ on this port first, and the left frames are handled with basic QinQ.

  • Page 185: Configuring The Tpid Value In Vlan Tags

    To do... Use the command... Remarks Required Create a class and enter By default, the relationship traffic classifier classifier-name class view [ operator { and | or } ] between the match criteria in a class is logical AND. Specify the inner VLAN if-match customer-vlan-id Required ID(s) of matching frames...

  • Page 186: Qinq Configuration Examples, Basic Qinq Configuration Example

    Follow these steps to configure a TPID value globally: To do... Use the command... Remarks Enter system view — system-view qinq ethernet-type Optional Configure the TPID value in the [ customer-tag | CVLAN tag or the SVLAN tag Both 0x8100 by default service-tag ] hex-value QinQ Configuration Examples Basic QinQ Configuration Example...

  • Page 187

    Make sure that the devices in the service provider network have been configured to allow QinQ packets to pass through. Configuration on Provider A Configure GigabitEthernet 1/0/1 # Configure VLAN 10 as the default VLAN of GigabitEthernet 1/0/1. <ProviderA> system-view [ProviderA] interface gigabitethernet 1/0/1 [ProviderA-GigabitEthernet1/0/1] port access vlan 10 # Enable basic QinQ on GigabitEthernet 1/0/1.

  • Page 188: Selective Qinq Configuration Example (port-based Configuration)

    # Configure GigabitEthernet 1/0/2 as a hybrid port and configure VLAN 10 as the default VLAN of the port. [ProviderB] interface gigabitethernet 1/0/2 [ProviderB-GigabitEthernet1/0/2] port link-type hybrid [ProviderB-GigabitEthernet1/0/2] port hybrid pvid vlan 10 [ProviderB-GigabitEthernet1/0/2] port hybrid vlan 10 untagged # Enable basic QinQ on GigabitEthernet 1/0/2. [ProviderB-GigabitEthernet1/0/2] qinq enable [ProviderB-GigabitEthernet1/0/2] quit Configure GigabitEthernet 1/0/3...

  • Page 189

    Figure 1-5 Network diagram for comprehensive selective QinQ configuration Configuration procedure Make sure that the devices in the service provider network have been configured to allow QinQ packets to pass through. Configuration on Provider A Configure GigabitEthernet 1/0/1 # Configure GigabitEthernet 1/0/1 as a hybrid port to permit frames of VLAN 1000 and VLAN 2000 to pass through, and configure GigabitEthernet 1/0/1 to send packets of these VLANs with tags removed.

  • Page 190

    [ProviderA] interface gigabitethernet 1/0/2 [ProviderA-GigabitEthernet1/0/2] port link-type hybrid [ProviderA-GigabitEthernet1/0/2] port hybrid vlan 1000 untagged # Tag CVLAN 10 frames with SVLAN 1000. [ProviderA-GigabitEthernet1/0/2] qinq vid 1000 [ProviderA-GigabitEthernet1/0/2-vid-1000] raw-vlan-id inbound 10 [ProviderA-GigabitEthernet1/0/2-vid-1000] quit [ProviderA-GigabitEthernet1/0/2] quit Configure GigabitEthernet 1/0/3 # Configure GigabitEthernet 1/0/3 as a trunk port to permit frames of VLAN 1000 and VLAN 2000 to pass through.

  • Page 191: Selective Qinq Configuration Example (qos Policy-based Configuration)

    Selective QinQ Configuration Example (QoS Policy-Based Configuration) Network requirements As shown in Figure 1-6, Provider A and Provider B are service provider network access devices. Customer A, Customer B, Customer C, and Customer D are customer network access devices. Provider A and Provider B are interconnected through a trunk port, which permits the frames of VLAN 1000, VLAN 2000, and VLAN 3000 to pass through.

  • Page 192

    Configuration on GigabitEthernet 1/0/1 # Configure the port as a hybrid port permitting frames of VLAN 1000, VLAN 2000, and VLAN 3000 to pass through with the outer VLAN tag removed. [ProviderA] interface gigabitethernet 1/0/1 [ProviderA-GigabitEthernet1/0/1] port link-type hybrid [ProviderA-GigabitEthernet1/0/1] port hybrid vlan 1000 2000 3000 untagged # Configure VLAN 3000 as the default VLAN of GigabitEthernet 1/0/1, and enable basic QinQ on GigabitEthernet 1/0/1.

  • Page 193

    # Enable basic QinQ. Tag frames from VLAN 10 with the outer VLAN tag 1000. [ProviderA-GigabitEthernet1/0/2] qinq enable [ProviderA-GigabitEthernet1/0/2] quit Configuration on GigabitEthernet 1/0/3. # Configure the port as a trunk port permitting frames of VLAN 1000, VLAN 2000 and VLAN 3000 to pass through.

  • Page 194

    so that their corresponding ports send tagged frames of VLAN 1000, VLAN 2000 and VLAN 3000. The configuration steps are omitted here. 1-16...

  • Page 195: Table Of Contents

    Table of Contents 1 BPDU Tunneling Configuration················································································································1-1 Introduction to BPDU Tunneling ·············································································································1-1 Configuring BPDU Transparent Transmission························································································1-3 Configuring Destination Multicast MAC Address for BPDU Tunnel Frames ··········································1-3 BPDU Tunneling Configuration Example································································································1-3...

  • Page 196: Introduction To Bpdu Tunneling, Bpdu Tunneling Configuration

    BPDU Tunneling Configuration When configuring BPDU tunneling, go to these sections for information you are interested in: Introduction to BPDU Tunneling Configuring BPDU Transparent Transmission Configuring Destination Multicast MAC Address for BPDU Tunnel Frames BPDU Tunneling Configuration Example Introduction to BPDU Tunneling To avoid loops in your network, you can enable the Spanning Tree Protocol (STP) on your device.

  • Page 197

    Figure 1-1 Network hierarchy of BPDU tunneling At the input side of the service provider network, the edge device changes the destination MAC address of a BPDU from a customer network from 0x0180-C200-0000 to a special multicast MAC address, 0x010F-E200-0003 by default. In the service provider’s network, the modified BPDUs are forwarded as data packets in the user VLAN.

  • Page 198: Configuring Bpdu Transparent Transmission, Configuring Destination Multicast Mac Address For Bpdu Tunnel Frames

    Configuring BPDU Transparent Transmission Perform the following tasks to configure BPDU transparent transmission: To do... Use the command... Remarks Enter system view — system-view Enter Ethernet or Required interface interface-type Layer-2 aggregate Use either command. interface-number interface view Settings made in interface view take effect only on the current Enter port.

  • Page 199

    Provider A and Provider B are service provider network edge devices, which are interconnected through configured trunk ports. The configuration is required to satisfy the following requirements: Geographically dispersed customer network access devices Customer A and Customer B can implement consistent spanning tree calculation across the service provider network. destination multicast address...

  • Page 200

    [ProviderB-GigabitEthernet1/0/2] undo stp enable [ProviderB-GigabitEthernet1/0/2] bpdu-tunnel dot1q stp...

  • Page 201: Table Of Contents

    Table of Contents 1 VLAN Mapping Configuration ··················································································································1-1 VLAN Mapping Overview ························································································································1-1 One-to-One VLAN Mapping and Many-to-One VLAN Mapping······················································1-2 Two-to-Two VLAN Mapping ············································································································1-3 Basic Concepts of VLAN Mapping ··································································································1-3 How VLAN Mapping Is Implemented ······························································································1-4 VLAN Mapping Configuration Task List ··································································································1-5 Configuring One-to-One VLAN Mapping ································································································1-6 Configuring One-to-One VLAN Mapping·························································································1-6 Configuring Many-to-One VLAN Mapping ······························································································1-8...

  • Page 202: Vlan Mapping Configuration, Vlan Mapping Overview

    VLAN Mapping Configuration When configuring VLAN mapping, go to these sections for information you are interested in: VLAN Mapping Overview VLAN Mapping Configuration Task List Configuring One-to-One VLAN Mapping Configuring Many-to-One VLAN Mapping Configuring Two-to-Two VLAN Mapping VLAN Mapping Configuration Examples VLAN Mapping Overview VLAN mapping maps the customer VLANs (CVLANs) to service-provider VLANs (SVLANs).

  • Page 203: One-to-one Vlan Mapping And Many-to-one Vlan Mapping

    One-to-One VLAN Mapping and Many-to-One VLAN Mapping Figure 1-1 Scenario for one-to-one/many-to-one VLAN mapping DHCP client VLAN 1 VLAN 2 Home gateway VLAN 1-> VLAN 101 VLAN 2-> VLAN 201 VLAN 3-> VLAN 301 VoIP VLAN 3 Corridor switch VLAN 1 VLAN 1->...

  • Page 204: Two-to-two Vlan Mapping, Basic Concepts Of Vlan Mapping

    Two-to-Two VLAN Mapping Figure 1-2 Scenario for two-to-two VLAN mapping SP 1 SP 2 Device A Device D VLAN VLAN VLAN VLAN 10/200 30/200 10/100 10/100 Device B VLAN VLAN Device C 10/100 30/200 VLAN 10 VLAN 30 VPN 1 VPN 1 Two-to-two VLAN mapping are mainly applied in networking environments as shown in Figure...

  • Page 205: How Vlan Mapping Is Implemented

    Uplink policy: A QoS policy containing VLAN mappings for uplink traffic. Downlink policy: A QoS policy containing VLAN mappings for downlink traffic. How VLAN Mapping Is Implemented This section describes how VLAN mapping is implemented on your device. One-to-one VLAN mapping On the downlink port For uplink traffic For downlink traffic...

  • Page 206: Vlan Mapping Configuration Task List

    Two-to-two VLAN mapping In two-to-two VLAN mapping, the outer VLAN and the inner VLAN carried in a double-tagged uplink frame received at the downlink port on the edge device of an SP network are called the original SVLAN and CVLAN, and the VLANs that the edge device substitutes for the original SVLAN and CVLAN are called the new SVLAN and CVLAN.

  • Page 207

    For many-to-one VLAN mapping, enable customer-side QinQ on the downlink port and service provider-side QinQ on the uplink port. To save system resources, disable user bindings recording on the DHCP snooping trusted ports that forward DHCP packets. For information about this feature, refer to DHCP Configuration in the IP Services Volume.

  • Page 208

    To do... Use the command... Remarks Set the link type of the uplink port to Required port link-type trunk trunk Required Configure the uplink port to permit the By default, a trunk port port trunk permit vlan specified SVLANs to pass through { vlan-id-list | all } permits only VLAN 1 to pass through.

  • Page 209

    To do... Use the command... Remarks Map the SVLAN to the CVLAN classifier tcl-name behavior by associating the traffic class Required behavior-name with the traffic behavior Exit to system view — quit Configuring Many-to-One VLAN Mapping Perform many-to-one VLAN mapping on the campus switches shown in Figure 1-1 to carry the same service of different users using the same VLAN on the service provider’s network.

  • Page 210

    To do... Use the command... Remarks Exit to system view — quit Enter the interface view of the uplink interface interface-type — port interface-number Required By default, all ports with Configure the uplink port as a DHCP DHCP snooping dhcp-snooping trust snooping trusted port enabled are DHCP snooping untrusted...

  • Page 211: Configuring Two-to-two Vlan Mapping

    To do... Use the command... Remarks Create a traffic behavior and traffic behavior Required enter traffic behavior view behavior-name Specify the SVLAN for the remark service-vlan-id Required VLAN mapping vlan-id-value Exit to system view — quit Create a QoS policy and enter Required qos policy policy-name QoS policy view...

  • Page 212

    To do... Use the command... Remarks Required Configure the downlink port to permit By default, a trunk port port trunk permit vlan the packets of the SVLANs to pass permits only the packets { vlan-id-list | all } through of VLAN 1 to pass through.

  • Page 213

    To do... Use the command... Remarks Map the original CVLAN and the new SVLAN classifier tcl-name behavior to the new CVLAN by associating the traffic Required behavior-name class with the traffic behavior Exit to system view — quit Table 1-5 Configure an uplink policy for the downlink port To do...

  • Page 214: Vlan Mapping Configuration Examples, One-to-one/many-to-one Vlan Mapping Configuration Example

    To do... Use the command... Remarks Specify the original SVLAN used for Required remark service-vlan-id vlan-id-value replacing the new SVLAN Exit to system view — quit Create a QoS policy and enter QoS Required qos policy policy-name policy view Map the new CVLAN and SVLAN to the original CVLAN and SVLAN by classifier tcl-name behavior Required...

  • Page 215

    Figure 1-3 Network diagram for one-to-one/many-to-one VLAN mapping configuration VLAN 1 Home gateway VLAN 2 VLAN 1-> VLAN 101 VLAN 2-> VLAN 201 VLAN 3-> VLAN 301 VoIP VLAN 3 Corridor switch GE1/0/1 GE1/0/3 Switch A GE1/0/2 VLAN 1 VLAN 1-> VLAN 102 VLAN 2->...

  • Page 216

    [SwitchA] traffic behavior b1 [SwitchA-behavior-b1] remark service-vlan-id 101 [SwitchA-behavior-b1] traffic behavior b2 [SwitchA-behavior-b2] remark service-vlan-id 201 [SwitchA-behavior-b2] traffic behavior b3 [SwitchA-behavior-b3] remark service-vlan-id 301 [SwitchA-behavior-b3] traffic behavior b4 [SwitchA-behavior-b4] remark service-vlan-id 102 [SwitchA-behavior-b4] traffic behavior b5 [SwitchA-behavior-b5] remark service-vlan-id 202 [SwitchA-behavior-b5] traffic behavior b6 [SwitchA-behavior-b6] remark service-vlan-id 302 [SwitchA-behavior-b6] quit...

  • Page 217

    [SwitchA-policy-p11] classifier c33 behavior b33 [SwitchA-policy-p11] quit [SwitchA] qos policy p22 [SwitchA-policy-p22] classifier c44 behavior b11 [SwitchA-policy-p22] classifier c55 behavior b22 [SwitchA-policy-p22] classifier c66 behavior b33 [SwitchA-policy-p22] quit # Configure GigabitEthernet 1/0/1 to permit frames of the specified CVLANs and SLVANs to pass through.

  • Page 218

    # Configure uplink policies to map the CVLANs to the SVLANs. [SwitchB] traffic classifier c1 [SwitchB-classifier-c1] if-match customer-vlan-id 1 [SwitchB-classifier-c1] traffic classifier c2 [SwitchB-classifier-c2] if-match customer-vlan-id 2 [SwitchB-classifier-c2] traffic classifier c3 [SwitchB-classifier-c3] if-match customer-vlan-id 3 [SwitchB-classifier-c3] quit [SwitchB] traffic behavior b1 [SwitchB-behavior-b1] remark service-vlan-id 111 [SwitchB-behavior-b1] traffic behavior b2 [SwitchB-behavior-b2] remark service-vlan-id 211...

  • Page 219

    [SwitchB-behavior-b11] traffic behavior b22 [SwitchB-behavior-b22] remark customer-vlan-id 2 [SwitchB-behavior-b22] traffic behavior b33 [SwitchB-behavior-b33] remark customer-vlan-id 3 [SwitchB-behavior-b33] quit [SwitchB] qos policy p11 [SwitchB-policy-p11] classifier c11 behavior b11 [SwitchB-policy-p11] classifier c22 behavior b22 [SwitchB-policy-p11] classifier c33 behavior b33 [SwitchB-policy-p11] quit [SwitchB] qos policy p22 [SwitchB-policy-p22] classifier c44 behavior b11 [SwitchB-policy-p22] classifier c55 behavior b22 [SwitchB-policy-p22] classifier c66 behavior b33...

  • Page 220: Enable Dhcp Snooping

    Configuration on Switch C # Enable DHCP snooping. <SwitchC> system-view [SwitchC] dhcp-snooping # Enable ARP detection on each VLAN involved in VLAN mapping. [SwitchC] vlan 101 [SwitchC-vlan101] arp detection enable [SwitchC-vlan101] vlan 201 [SwitchC-vlan201] arp detection enable [SwitchC-vlan201] vlan 301 [SwitchC-vlan301] arp detection enable [SwitchC-vlan301] vlan 102 [SwitchC-vlan102] arp detection enable...

  • Page 221

    [SwitchC-classifier-c4] traffic classifier c5 [SwitchC-classifier-c5] if-match customer-vlan-id 211 to 310 [SwitchC-classifier-c5] traffic classifier c6 [SwitchC-classifier-c6] if-match customer-vlan-id 311 to 410 [SwitchC-classifier-c6] quit [SwitchC] traffic behavior b1 [SwitchC-behavior-b1] remark service-vlan-id 501 [SwitchC-behavior-b1] traffic behavior b2 [SwitchC-behavior-b2] remark service-vlan-id 502 [SwitchC-behavior-b2] traffic behavior b3 [SwitchC-behavior-b3] remark service-vlan-id 503 [SwitchC-behavior-b3] quit [SwitchC] qos policy p1...

  • Page 222: Two-to-two Vlan Mapping Configuration Example

    [SwitchC-GigabitEthernet1/0/3] port link-type trunk [SwitchC-GigabitEthernet1/0/3] port trunk permit vlan 501 502 503 # Configure GigabitEthernet 1/0/3 as a DHCP snooping trusted port. [SwitchC-GigabitEthernet1/0/3] dhcp-snooping trust # Configure GigabitEthernet 1/0/3 as an ARP trusted port. [SwitchC-GigabitEthernet1/0/3] arp detection trust # Enable SP-side QinQ on GigabitEthernet 1/0/3. [SwitchC-GigabitEthernet1/0/3] qinq enable uplink Configuration on Switch D # Enable DHCP snooping.

  • Page 223

    Configuration procedure Configuration on Device A # Configure QinQ function on GigabitEthernet 1/0/1 to add outer VLAN tag 100 to the traffic tagged with VLAN 10. <DeviceA> system-view [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port access vlan 100 [DeviceA-GigabitEthernet1/0/1] qinq enable [DeviceA-GigabitEthernet1/0/1] quit # Configure the uplink port GigabitEthernet 1/0/2 to permit frames of VLAN 100 to pass through.

  • Page 224

    [DeviceC] traffic classifier downlink_out [DeviceC-classifier-downlink_out] if-match customer-vlan-id 30 [DeviceC-classifier-downlink_out] if-match service-vlan-id 200 [DeviceC-classifier-downlink_out] quit # Specify the original CVLAN and SVLAN for outgoing VPN 1 traffic on GigabitEthernet 1/0/1. [DeviceC] traffic behavior downlink_out [DeviceC-behavior-downlink_out] remark customer-vlan-id 10 [DeviceC-behavior-downlink_out] remark service-vlan-id 100 [DeviceC-behavior-downlink_out] quit # Configure a downlink policy to map the new CVLAN and SVLAN to the original CVLAN and SVLAN for the outgoing VPN 1 traffic on GigabitEthernet 1/0/1.

  • Page 225

    <DeviceD> system-view [DeviceD] interface gigabitethernet 1/0/2 [DeviceD-GigabitEthernet1/0/2] port access vlan 200 [DeviceD-GigabitEthernet1/0/2] qinq enable # Configure GigabitEthernet 1/0/1 to permit frames of VLAN 200 to pass through. [DeviceD] interface gigabitethernet 1/0/1 [DeviceD-GigabitEthernet1/0/1] port link-type trunk [DeviceD-GigabitEthernet1/0/1] port trunk permit vlan 200 1-24...

  • Page 226: Table Of Contents

    Table of Contents 1 Port Mirroring Configuration ····················································································································1-1 Introduction to Port Mirroring ··················································································································1-1 Classification of Port Mirroring ········································································································1-1 Implementing Port Mirroring ············································································································1-1 Configuring Local Port Mirroring ·············································································································1-3 Configuring Remote Port Mirroring ·········································································································1-4 Configuration Prerequisites ·············································································································1-4 Configuring a Remote Source Mirroring Group (on the Source Device)·········································1-4 Configuring a Remote Destination Mirroring Group (on the Destination Device) ···························1-6 Displaying and Maintaining Port Mirroring ······························································································1-7 Port Mirroring Configuration Examples ···································································································1-7...

  • Page 227: Port Mirroring Configuration, Introduction To Port Mirroring, Classification Of Port Mirroring, Implementing Port Mirroring

    Port Mirroring Configuration When configuring port mirroring, go to these sections for information you are interested in: Introduction to Port Mirroring Configuring Local Port Mirroring Configuring Remote Port Mirroring Displaying and Maintaining Port Mirroring Port Mirroring Configuration Examples Introduction to Port Mirroring Port mirroring is to copy the packets passing through a port (called a mirroring port) to another port (called the monitor port) connected with a monitoring device for packet analysis.

  • Page 228

    Figure 1-1 Local port mirroring implementation How the device processes packets Traffic mirrored to Mirroring port Monitor port Monitor port Mirroring port Data monitoring device Remote port mirroring Remote port mirroring can mirror all packets but protocol packets. Remote port mirroring is implemented through the cooperation of a remote source mirroring group and a remote destination mirroring group as shown Figure 1-2.

  • Page 229: Configuring Local Port Mirroring

    Destination device The destination device is the device where the monitor port is located. On it, you must create the remote destination mirroring group. When receiving a packet, the destination device compares the VLAN ID carried in the packet with the ID of the probe VLAN configured in the remote destination mirroring group.

  • Page 230: Configuring Remote Port Mirroring, Configuring A Remote Source Mirroring Group (on The Source Device)

    A local port mirroring group takes effect only after its mirroring and monitor ports are configured. To ensure operation of your device, do not enable STP, MSTP, or RSTP on the monitor port. A port mirroring group can have multiple mirroring ports, but only one monitor port. A mirroring or monitor port to be configured cannot belong to an existing port mirroring group.

  • Page 231

    To do… Use the command… Remarks Required mirroring-group groupid In system view mirroring-port mirroring-port-list You configure multiple { both | inbound | outbound } mirroring ports in a mirroring group. interface interface-type In system view, you can interface-number Configure assign a list of mirroring mirroring [ mirroring-group groupid ] ports to the mirroring...

  • Page 232: Configuring A Remote Destination Mirroring Group (on The Destination Device)

    To remove the VLAN configured as a remote probe VLAN, you must remove the remote probe VLAN with undo mirroring-group remote-probe vlan command first. Removing the probe VLAN can invalidate the remote source mirroring group. Configuring a Remote Destination Mirroring Group (on the Destination Device) A remote destination mirroring group comprises a remote probe VLAN and a monitor port.

  • Page 233: Displaying And Maintaining Port Mirroring, Port Mirroring Configuration Examples, Local Port Mirroring Configuration Example

    When configuring the monitor port, use the following guidelines: The port can belong to only the current mirroring group. To ensure operation of your device, do not assign the monitor port to a mirroring VLAN. Disable these functions on the port: STP, MSTP, and RSTP. You are recommended to use a monitor port only for port mirroring.

  • Page 234: Remote Port Mirroring Configuration Example

    Figure 1-3 Network diagram for local port mirroring configuration Switch A R&D department GE1/0/1 GE1/0/3 GE1/0/2 Switch C Data monitoring device Switch B Marketing department Configuration procedure Configure Switch C. # Create a local port mirroring group. <SwitchC> system-view [SwitchC] mirroring-group 1 local # Add port GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to the port mirroring group as source ports.

  • Page 235

    As shown in Figure 1-4, the administrator wants to monitor the packets sent from Department 1 and 2 through the data monitoring device. Use the remote port mirroring function to meet the requirement. Perform the following configurations: Use Switch A as the source device, Switch B as the intermediate device, and Switch C as the destination device.

  • Page 236

    [SwitchA-GigabitEthernet1/0/3] port link-type trunk [SwitchA-GigabitEthernet1/0/3] port trunk permit vlan 2 Configure Switch B (the intermediate device). # Configure port GigabitEthernet 1/0/1 as a trunk port and configure the port to permit the packets of VLAN 2. <SwitchB> system-view [SwitchB] interface GigabitEthernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] port link-type trunk [SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 2 [SwitchB-GigabitEthernet1/0/1] quit...

  • Page 237

    IP Services Volume Organization Manual Version 6W101-20091012 Product Version Release 2202 Organization The IP Services Volume is organized as follows: Features Description An IP address is a 32-bit address allocated to a network interface on a device that is attached to the Internet. This document describes: IP Address Introduction to IP addresses IP address configuration...

  • Page 238

    Features Description UDP Helper functions as a relay agent that converts UDP broadcast packets into unicast packets and forwards them to a specified server. This document describes: UDP Helper UDP Helper overview UDP Helper configuration Internet protocol version 6 (IPv6), also called IP next generation (IPng), was designed by the Internet Engineering Task Force (IETF) as the successor to Internet protocol version 4 (IPv4).

  • Page 239: Table Of Contents

    Table of Contents 1 IP Addressing Configuration····················································································································1-1 IP Addressing Overview··························································································································1-1 IP Address Classes ·························································································································1-1 Special IP Addresses ······················································································································1-2 Subnetting and Masking ··················································································································1-2 Configuring IP Addresses ·······················································································································1-3 Assigning an IP Address to an Interface ·························································································1-3 IP Addressing Configuration Example·····························································································1-4 Displaying and Maintaining IP Addressing······························································································1-5...

  • Page 240: Ip Addressing Overview, Ip Addressing Configuration, Ip Address Classes

    IP Addressing Configuration When assigning IP addresses to interfaces on your device, go to these sections for information you are interested in: IP Addressing Overview Configuring IP Addresses Displaying and Maintaining IP Addressing IP Addressing Overview This section covers these topics: IP Address Classes Special IP Addresses IP Address Classes...

  • Page 241: Special Ip Addresses, Subnetting And Masking

    Table 1-1 IP address classes and ranges Class Address range Remarks The IP address 0.0.0.0 is used by a host at bootstrap for temporary communication. This address is never a valid destination address. 0.0.0.0 to 127.255.255.255 Addresses starting with 127 are reserved for loopback test. Packets destined to these addresses are processed locally as input packets rather than sent to the link.

  • Page 242: Configuring Ip Addresses, Assigning An Ip Address To An Interface

    In the absence of subnetting, some special addresses such as the addresses with the net ID of all zeros and the addresses with the host ID of all ones, are not assignable to hosts. The same is true for subnetting. When designing your network, you should note that subnetting is somewhat a tradeoff between subnets and accommodated hosts.

  • Page 243: Ip Addressing Configuration Example

    The primary IP address you assigned to the interface can overwrite the old one if there is any. You cannot assign secondary IP addresses to an interface that has BOOTP or DHCP configured. The primary and secondary IP addresses you assign to the interface can be located on the same network segment.

  • Page 244: Displaying And Maintaining Ip Addressing

    <Switch> ping 172.16.1.2 PING 172.16.1.2: 56 data bytes, press CTRL_C to break Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=255 time=25 ms Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=255 time=27 ms Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=255 time=26 ms Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=255 time=26 ms Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=255 time=26 ms --- 172.16.1.2 ping statistics --- 5 packet(s) transmitted...

  • Page 245: Table Of Contents

    Table of Contents 1 ARP Configuration·····································································································································1-1 ARP Overview·········································································································································1-1 ARP Function ··································································································································1-1 ARP Message Format ·····················································································································1-1 ARP Address Resolution Process···································································································1-2 ARP Table ·······································································································································1-3 Configuring ARP ·····································································································································1-4 Configuring a Static ARP Entry ·······································································································1-4 Configuring the Maximum Number of ARP Entries for an Interface ···············································1-4 Setting the Aging Time for Dynamic ARP Entries ···········································································1-4 Enabling the ARP Entry Check ·······································································································1-5 ARP Configuration Example············································································································1-5...

  • Page 246: Arp Configuration, Arp Overview, Arp Function, Arp Message Format

    This document is organized as follows: ARP Configuration Proxy ARP Configuration ARP Configuration When configuring ARP, go to these sections for information you are interested in: ARP Overview Configuring ARP Configuring Gratuitous ARP Displaying and Maintaining ARP ARP Overview ARP Function The Address Resolution Protocol (ARP) is used to resolve an IP address into an Ethernet MAC address (or physical address).

  • Page 247: Arp Address Resolution Process

    hardware address length field is "6”. For an IP(v4) address, the value of the protocol address length field is “4”. OP: Operation code. This field specifies the type of ARP message. The value “1” represents an ARP request and “2” represents an ARP reply. Sender hardware address: This field specifies the hardware address of the device sending the message.

  • Page 248: Arp Table

    which the target IP address is the IP address of Host B. After obtaining the MAC address of Host B, the gateway sends the packet to Host B. ARP Table After obtaining the MAC address for the destination host, the device puts the IP-to-MAC mapping into its own ARP table.

  • Page 249: Configuring Arp, Configuring A Static Arp Entry

    Configuring ARP Configuring a Static ARP Entry A static ARP entry is effective when the device works normally. However, when a VLAN or VLAN interface to which a static ARP entry corresponds is deleted, the entry, if permanent, will be deleted, and if non-permanent and resolved, will become unresolved.

  • Page 250: Enabling The Arp Entry Check, Arp Configuration Example

    To do… Use the command… Remarks Enter system view — system-view Optional Set the aging time for dynamic arp timer aging aging-time ARP entries 20 minutes by default. Enabling the ARP Entry Check The ARP entry check function disables the device from learning multicast MAC addresses. With the ARP entry check enabled, the device cannot learn any ARP entry with a multicast MAC address, and configuring such a static ARP entry is not allowed;...

  • Page 251: Configuring Gratuitous Arp, Displaying And Maintaining Arp, Introduction To Gratuitous Arp

    Configuring Gratuitous ARP Introduction to Gratuitous ARP A gratuitous ARP packet is a special ARP packet, in which the sender IP address and the target IP address are both the IP address of the sender, the sender MAC address is the MAC address of the sender, and the target MAC address is the broadcast address ff:ff:ff:ff:ff:ff.

  • Page 252

    Clearing ARP entries from the ARP table may cause communication failures.

  • Page 253: Proxy Arp Configuration, Proxy Arp Overview, Proxy Arp

    Proxy ARP Configuration When configuring proxy ARP, go to these sections for information you are interested in: Proxy ARP Overview Enabling Proxy ARP Displaying and Maintaining Proxy ARP Proxy ARP Overview If a host sends an ARP request for the MAC address of another host that actually resides on another network (but the sending host considers the requested host is on the same network) or that is isolated from the sending host at Layer 2, the device in between must be able to respond to the request with the MAC address of the receiving interface to allow Layer 3 communication between the two hosts.

  • Page 254: Enabling Proxy Arp, Local Proxy Arp

    You can solve the problem by enabling proxy ARP on Switch. After that, Switch can reply to the ARP request from Host A with the MAC address of VLAN-interface 1, and forward packets sent from Host A to Host B. In this case, Switch seems to be a proxy of Host B. A main advantage of proxy ARP is that it is added on a single router without disturbing routing tables of other routers in the network.

  • Page 255: Displaying And Maintaining Proxy Arp, Proxy Arp Configuration Examples, Proxy Arp Configuration Example

    To do… Use the command… Remarks Required Enable local proxy ARP local-proxy-arp enable Disabled by default. Displaying and Maintaining Proxy ARP To do… Use the command… Remarks Display whether proxy ARP is display proxy-arp [ interface Available in any view enabled vlan-interface vlan-id ] Display whether local proxy...

  • Page 256: Local Proxy Arp Configuration Example In Case Of Port Isolation

    [Switch-Vlan-interface1] quit [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0 [Switch-Vlan-interface2] proxy-arp enable [Switch-Vlan-interface2] quit Local Proxy ARP Configuration Example in Case of Port Isolation Network requirements Host A and Host B belong to the same VLAN, and connect to Switch B via GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3, respectively.

  • Page 257: Local Proxy Arp Configuration Example In Isolate-user-vlan

    # Configure an IP address of VLAN-interface 2. <SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] port gigabitethernet 1/0/2 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 192.168.10.100 255.255.0.0 The ping operation from Host A to Host B is unsuccessful because they are isolated at Layer 2. # Configure local proxy ARP to let Host A and Host B communicate at Layer 3.

  • Page 258

    [SwitchB-vlan2] port gigabitethernet 1/0/2 [SwitchB-vlan2] quit [SwitchB] vlan 3 [SwitchB-vlan3] port gigabitethernet 1/0/3 [SwitchB-vlan3] quit [SwitchB] vlan 5 [SwitchB-vlan5] port gigabitethernet 1/0/1 [SwitchB-vlan5] isolate-user-vlan enable [SwitchB-vlan5] quit [SwitchB] isolate-user-vlan 5 secondary 2 3 Configure Switch A # Create VLAN 5 and add GigabitEthernet 1/0/1 to it. <SwitchA>...

  • Page 259: Table Of Contents

    Table of Contents 1 DHCP Overview··········································································································································1-1 Introduction to DHCP ······························································································································1-1 DHCP Address Allocation ·······················································································································1-2 Allocation Mechanisms····················································································································1-2 Dynamic IP Address Allocation Process ·························································································1-2 IP Address Lease Extension ···········································································································1-3 DHCP Message Format ··························································································································1-3 DHCP Options·········································································································································1-4 DHCP Options Overview ·················································································································1-4 Introduction to DHCP Options ·········································································································1-4 Self-Defined Options ·······················································································································1-5 Protocols and Standards·························································································································1-8 2 DHCP Server Configuration······················································································································2-1...

  • Page 260: Table Of Contents

    Self-Defined Option Configuration Example··················································································2-19 Troubleshooting DHCP Server Configuration ·······················································································2-20 3 DHCP Relay Agent Configuration ············································································································3-1 Introduction to DHCP Relay Agent ·········································································································3-1 Application Environment··················································································································3-1 Fundamentals··································································································································3-1 DHCP Relay Agent Support for Option 82 ······················································································3-2 DHCP Relay Agent Configuration Task List ···························································································3-3 Configuring the DHCP Relay Agent········································································································3-3 Enabling DHCP ·······························································································································3-3 Enabling the DHCP Relay Agent on an Interface ···········································································3-4 Correlating a DHCP Server Group with a Relay Agent Interface····················································3-4...

  • Page 261: Dhcp Overview, Introduction To Dhcp

    This document is organized as follows: DHCP Overview DHCP Server Configuration DHCP Relay Agent Configuration DHCP Client Configuration DHCP Snooping Configuration BOOTP Client Configuration DHCP Overview Introduction to DHCP The fast expansion and growing complexity of networks result in scarce IP addresses assignable to hosts.

  • Page 262: Dhcp Address Allocation, Allocation Mechanisms, Dynamic Ip Address Allocation Process

    DHCP Address Allocation Allocation Mechanisms DHCP supports three mechanisms for IP address allocation. Manual allocation: The network administrator assigns an IP address to a client like a WWW server, and DHCP conveys the assigned address to the client. Automatic allocation: DHCP assigns a permanent IP address to a client. Dynamic allocation: DHCP assigns an IP address to a client for a limited period of time, which is called a lease.

  • Page 263: Dhcp Message Format, Ip Address Lease Extension

    After receiving the DHCP-ACK message, the client probes whether the IP address assigned by the server is in use by broadcasting a gratuitous ARP packet. If the client receives no response within a specified time, the client can use this IP address. Otherwise, the client sends a DHCP-DECLINE message to the server and requests an IP address again.

  • Page 264: Dhcp Options, Dhcp Options Overview, Introduction To Dhcp Options

    secs: Filled in by the client, the number of seconds elapsed since the client began address acquisition or renewal process. Currently this field is reserved and set to 0. flags: The leftmost bit is defined as the BROADCAST (B) flag. If this flag is set to 0, the DHCP server sent a reply back by unicast;...

  • Page 265: Self-defined Options

    Option 121: Classless route option. It specifies a list of classless static routes (the destination addresses in these static routes are classless) that the requesting client should add to its routing table. Option 33: Static route option. It specifies a list of classful static routes (the destination addresses in these static routes are classful) that a client should add to its routing table.

  • Page 266

    Figure 1-6 Format of the value field of the ACS parameter sub-option The value field of the service provider identifier sub-option contains the service provider identifier. Figure 1-7 shows the format of the value field of the PXE server address sub-option. Currently, the value of the PXE server type can only be 0.

  • Page 267

    Figure 1-8 Sub-option 1 in normal padding format Sub-option type (0x01) Length (0x06) Circuit ID type (0x00) Length (0x04) VLAN ID Interface number Sub-option 2: Padded with the MAC address of the DHCP relay agent interface or the MAC address of the DHCP snooping device that received the client’s request. The following figure gives its format.

  • Page 268: Protocols And Standards

    Sub-option 1: IP address of the primary network calling processor, which is a server serving as the network calling control source and providing program downloads. Sub-option 2: IP address of the backup network calling processor that DHCP clients will contact when the primary one is unreachable.

  • Page 269: Dhcp Server Configuration, Introduction To Dhcp Server

    DHCP Server Configuration When configuring the DHCP server, go to these sections for information you are interested in: Introduction to DHCP Server DHCP Server Configuration Task List Configuring an Address Pool for the DHCP Server Enabling DHCP Enabling the DHCP Server on an Interface Applying an Extended Address Pool on an Interface Configuring the DHCP Server Security Functions Configuring the Handling Mode for Option 82...

  • Page 270

    Common address pool structure In response to a client’s request, the DHCP server selects an idle IP address from an address pool and sends it together with other parameters such as lease and DNS server address to the client. The common address pool database is organized as a tree. The root of the tree is the address pool for natural networks, branches are address pools for subnets, and leaves are addresses statically bound to clients.

  • Page 271: Dhcp Server Configuration Task List, Ip Address Allocation Sequence

    DHCP requests is 1.1.1.130/25, the DHCP server will select IP addresses for clients from the 1.1.1.0/24 address pool. Keep the IP addresses for dynamic allocation within the subnet where the interface of the DHCP server or DHCP relay agent resides to avoid wrong IP address allocation. IP Address Allocation Sequence A DHCP server assigns an IP address to a client according to the following sequence: The first assignable IP address found in the extended address pool referenced on the receiving...

  • Page 272: Configuring An Address Pool For The Dhcp Server

    Configuring an Address Pool for the DHCP Server Configuration Task List Complete the following tasks to configure an address pool: Task Remarks Creating a DHCP Address Pool Required Configuring manual address allocation Required to configure Configuring an Address either of the two for the Allocation Mode for a common address pool Configuring dynamic address allocation...

  • Page 273: Configuring An Address Allocation Mode For A Common Address Pool

    Configuring an Address Allocation Mode for a Common Address Pool You can configure either the static binding or dynamic address allocation for a common address pool as needed. It is required to specify an address range for the dynamic address allocation. A static binding is a special address pool containing only one IP address.

  • Page 274

    Use the static-bind ip-address command together with static-bind mac-address or static-bind client-identifier to accomplish a static binding configuration. In a DHCP address pool, if you execute the static-bind mac-address command before the static-bind client-identifier command, the latter will overwrite the former and vice versa. If you use the static-bind ip-address, static-bind mac-address, or static-bind client-identifier command repeatedly in the DHCP address pool, the new configuration will overwrite the previous one.

  • Page 275: Configuring Dynamic Address Allocation For An Extended Address Pool

    In common address pool view, using the network command repeatedly overwrites the previous configuration. After you exclude IP addresses from automatic allocation using the dhcp server forbidden-ip command, neither a common address pool nor an extended address pool can assign these IP addresses through dynamic address allocation.

  • Page 276: Configuring A Domain Name Suffix For The Client, Configuring Dns Servers For The Client

    Configuring a Domain Name Suffix for the Client You can specify a domain name suffix in each DHCP address pool on the DHCP server to provide the clients with the domain name suffix. With this suffix assigned, the client only needs to input part of a domain name, and the system will add the domain name suffix for name resolution.

  • Page 277: Configuring The Bims Server Information For The Client, Configuring Gateways For The Client

    h (hybrid)-node: A combination of peer-to-peer first and broadcast second. The h-node client unicasts the destination name to the WINS server, if no response is received, then broadcasts it to get the destination IP address. Follow these steps to configure WINS servers and NetBIOS node type in the DHCP address pool: To do…...

  • Page 278: Configuring Option 184 Parameters For The Client With Voice Service

    Follow these steps to configure the gateways in the DHCP address pool: To do… Use the command… Remarks Enter system view — system-view Enter DHCP address dhcp server ip-pool pool-name — pool view [ extended ] Required Specify gateways gateway-list ip-address&<1-8> No gateway is specified by default.

  • Page 279: Configuring Self-defined Dhcp Options

    When a router starts up without loading any configuration file, the system sets an active interface (such as the interface of the default VLAN) as the DHCP client to request from the DHCP server for parameters, such as an IP address and name of a TFTP server, and the bootfile name. After getting related parameters, the DHCP client will send a TFTP request to obtain the configuration file from the specified TFTP server for system initialization.

  • Page 280: Enabling Dhcp, Enabling The Dhcp Server On An Interface

    To do… Use the command… Remarks Required option code { ascii ascii-string Configure a self-defined DHCP | hex hex-string&<1-16> | No DHCP option is configured option ip-address ip-address&<1-8> } by default. Table 2-1 Description of common options Option Option name Corresponding command Command parameter Router Option...

  • Page 281: Applying An Extended Address Pool On An Interface

    To do… Use the command… Remarks Enter system view — system-view Enter interface view — interface interface-type interface-number Optional Enable the DHCP server on an dhcp select server global-pool interface [ subaddress ] Enabled by default. If a DHCP relay agent exists between the DHCP server and client, the DHCP server, regardless of whether the subaddress keyword is used, will select an IP address from the address pool containing the primary IP address of the DHCP relay agent’s interface (connected to the client) for a requesting client.

  • Page 282: Configuring The Dhcp Server Security Functions, Enabling Unauthorized Dhcp Server Detection

    Only an extended address pool can be applied on the interface. The address pool to be referenced must already exist. Configuring the DHCP Server Security Functions This configuration is necessary to secure DHCP services on the DHCP server. Configuration Prerequisites Before performing this configuration, complete the following configurations on the DHCP server: Enable DHCP Configure the DHCP address pool...

  • Page 283: Configuring The Handling Mode For Option 82, Configuring The Handling Mode For Option

    Follow these steps to configure IP address conflict detection: To do… Use the command… Remarks Enter system view — system-view Optional Specify the number of ping One ping packet by default. dhcp server ping packets packets number The value 0 indicates that no ping operation is performed.

  • Page 284: Displaying And Maintaining The Dhcp Server, Dhcp Server Configuration Examples

    Displaying and Maintaining the DHCP Server To do… Use the command… Remarks Display information about IP address display dhcp server conflict { all | ip conflicts ip-address } Display information about lease display dhcp server expired { all | ip expiration ip-address | pool [ pool-name ] } Display information about assignable...

  • Page 285: Static Ip Address Assignment Configuration Example, Dynamic Ip Address Assignment Configuration Example

    Static IP Address Assignment Configuration Example Network requirements As shown in Figure 2-1, Switch B (DHCP client) obtains a static IP address, DNS server address, and gateway address from Switch A (DHCP server). Figure 2-1 Network diagram for static IP address assignment Configuration procedure Configure the IP address of VLAN-interface 2 on Switch A.

  • Page 286

    The domain name and DNS server address on subnets 10.1.1.0/25 and 10.1.1.128/25 are the same. Therefore, the domain name suffix and DNS server address can be configured only for subnet 10.1.1.0/24. Subnet 10.1.1.128/25 can inherit the configuration of subnet 10.1.1.0/24. In this example, the number of requesting clients connected to VLAN-interface 1 should be less than 122, and that of clients connected to VLAN-interface 2 less than 124.

  • Page 287: Self-defined Option Configuration Example

    [SwitchA-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.128 [SwitchA-dhcp-pool-1] gateway-list 10.1.1.126 [SwitchA-dhcp-pool-1] expired day 10 hour 12 [SwitchA-dhcp-pool-1] nbns-list 10.1.1.4 [SwitchA-dhcp-pool-1] quit # Configure DHCP address pool 2 (address range, gateway, and lease duration). [SwitchA] dhcp server ip-pool 2 [SwitchA-dhcp-pool-2] network 10.1.1.128 mask 255.255.255.128 [SwitchA-dhcp-pool-2] expired day 5 [SwitchA-dhcp-pool-2] gateway-list 10.1.1.254 Self-Defined Option Configuration Example...

  • Page 288: Troubleshooting Dhcp Server Configuration

    Troubleshooting DHCP Server Configuration Symptom A client’s IP address obtained from the DHCP server conflicts with another IP address. Analysis A host on the subnet may have the same IP address. Solution Disconnect the client’s network cable and ping the client’s IP address on another host with a long timeout time to check whether there is a host using the same IP address.

  • Page 289: Dhcp Relay Agent Configuration, Introduction To Dhcp Relay Agent

    DHCP Relay Agent Configuration When configuring the DHCP relay agent, go to these sections for information you are interested in: Introduction to DHCP Relay Agent DHCP Relay Agent Configuration Task List Configuring the DHCP Relay Agent Displaying and Maintaining DHCP Relay Agent Configuration DHCP Relay Agent Configuration Examples Troubleshooting DHCP Relay Agent Configuration The DHCP relay agent configuration is supported only on VLAN interfaces.

  • Page 290: Dhcp Relay Agent Support For Option

    Figure 3-1 DHCP relay agent application DHCP client DHCP client IP network DHCP relay agent DHCP client DHCP client DHCP server No matter whether a relay agent exists or not, the DHCP server and client interact with each other in a similar way (see section Dynamic IP Address Allocation Process).

  • Page 291: Dhcp Relay Agent Configuration Task List, Configuring The Dhcp Relay Agent

    If a client’s Handling requesting Padding format The DHCP relay agent will… strategy message has… Drop Random Drop the message. Forward the message without changing Keep Random Option 82. Forward the message after replacing normal the original Option 82 with the Option 82 padded in normal format.

  • Page 292: Enabling The Dhcp Relay Agent On An Interface

    Follow these steps to enable DHCP: To do… Use the command… Remarks Enter system view — system-view Required Enable DHCP dhcp enable Disabled by default. Enabling the DHCP Relay Agent on an Interface With this task completed, upon receiving a DHCP request from the enabled interface, the relay agent will forward the request to a DHCP server for address allocation.

  • Page 293: Configuring The Dhcp Relay Agent Security Functions

    To do… Use the command… Remarks Required Correlate the DHCP server By default, no interface is dhcp relay server-select group with the current interface correlated with any DHCP group-id server group. You can specify up to twenty DHCP server groups on the relay agent and eight DHCP server addresses for each DHCP server group.

  • Page 294

    The dhcp relay address-check enable command is independent of other commands of the DHCP relay agent. That is, the invalid address check takes effect when this command is executed, regardless of whether other commands are used. The dhcp relay address-check enable command only checks IP and MAC addresses of clients. You are recommended to configure IP address check on the interface enabled with the DHCP relay agent;...

  • Page 295: Configuring The Dhcp Relay Agent To Send A Dhcp-release Request

    Follow these steps to enable unauthorized DHCP server detection: To do… Use the command… Remarks Enter system view — system-view Required Enable unauthorized DHCP dhcp relay server-detect server detection Disabled by default. With the unauthorized DHCP server detection enabled, the device puts a record once for each DHCP server.

  • Page 296

    Configuring the DHCP relay agent to support Option 82 Follow these steps to configure the DHCP relay agent to support Option 82: To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Required Enable the relay agent to support Option dhcp relay information...

  • Page 297: Displaying And Maintaining Dhcp Relay Agent Configuration, Dhcp Relay Agent Configuration Examples

    To support Option 82, it is required to perform related configuration on both the DHCP server and relay agent. Refer to Configuring the Handling Mode for Option 82 for DHCP server configuration of this kind. If the handling strategy of the DHCP relay agent is configured as replace, you need to configure a padding format for Option 82.

  • Page 298: Dhcp Relay Agent Option 82 Support Configuration Example

    Figure 3-3 Network diagram for DHCP relay agent DHCP client DHCP client Vlan-int1 Vlan-int2 10.10.1.1/24 10.1.1.2/24 Vlan-int2 10.1.1.1/24 Switch A Switch B DHCP relay agent DHCP server DHCP client DHCP client Configuration procedure # Specify IP addresses for the interfaces (omitted). # Enable DHCP.

  • Page 299: Troubleshooting Dhcp Relay Agent Configuration

    Switch A forwards DHCP requests to the DHCP server (Switch B) after replacing Option 82 in the requests, so that the DHCP clients can obtain IP addresses. Configuration procedure # Specify IP addresses for the interfaces (omitted). # Enable DHCP. <SwitchA>...

  • Page 300

    The relay agent interface connected to DHCP clients is correlated with correct DHCP server group and IP addresses for the group members are correct. 3-12...

  • Page 301: Dhcp Client Configuration, Introduction To Dhcp Client, Enabling The Dhcp Client On An Interface

    DHCP Client Configuration When configuring the DHCP client, go to these sections for information you are interested in: Introduction to DHCP Client Enabling the DHCP Client on an Interface Displaying and Maintaining the DHCP Client DHCP Client Configuration Example The DHCP client configuration is supported only on VLAN interfaces. When multiple VLAN interfaces with the same MAC address use DHCP for IP address acquisition via a relay agent, the DHCP server cannot be a Windows 2000 Server or Windows 2003 Server.

  • Page 302: Displaying And Maintaining The Dhcp Client, Dhcp Client Configuration Example

    An interface can be configured to acquire an IP address in multiple ways, but these ways are mutually exclusive. The latest configuration will overwrite the previous one. After the DHCP client is enabled on an interface, no secondary IP address is configurable for the interface.

  • Page 303: Dhcp Snooping Configuration, Dhcp Snooping Overview

    DHCP Snooping Configuration When configuring DHCP snooping, go to these sections for information you are interested in: DHCP Snooping Overview Configuring DHCP Snooping Basic Functions Configuring DHCP Snooping to Support Option 82 Displaying and Maintaining DHCP Snooping DHCP Snooping Configuration Examples The DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP server, and it can work when it is between the DHCP client and relay agent or between the DHCP client and server.

  • Page 304: Application Environment Of Trusted Ports

    Recording IP-to-MAC mappings of DHCP clients DHCP snooping reads DHCP-REQUEST messages and DHCP-ACK messages from trusted ports to record DHCP snooping entries, including MAC addresses of clients, IP addresses obtained by the clients, ports that connect to DHCP clients, and VLANs to which the ports belong. With DHCP snooping entries, DHCP snooping can implement the following: ARP detection: Whether ARP packets are sent from an authorized client is determined based on DHCP snooping entries.

  • Page 305: Dhcp Snooping Support For Option 82, Dhcp Snooping Support For Option

    Figure 5-2 Configure trusted ports in a cascaded network DHCP client Host A DHCP snooping DHCP server Switch A GE1/0/1 GE1/0/2 Eth1/1 GE1/0/1 GE1/0/2 GE1/0/4 DHCP snooping GE1/0/3 GE1/0/3 DHCP client Switch C Host B GE1/0/1 GE1/0/4 GE1/0/2 DHCP snooping DHCP client GE1/0/3 Switch B...

  • Page 306: Configuring Dhcp Snooping Basic Functions

    If a client’s Handling Padding requesting The DHCP snooping device will… strategy format message has… Drop Random Drop the message. Forward the message without changing Keep Random Option 82. Forward the message after replacing the normal original Option 82 with the Option 82 padded in normal format.

  • Page 307: Configuring Dhcp Snooping To Support Option 82

    You need to specify the ports connected to the valid DHCP servers as trusted to ensure that DHCP clients can obtain valid IP addresses. The trusted port and the port connected to the DHCP client must be in the same VLAN. You can specify Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces as trusted ports.

  • Page 308

    To do… Use the command… Remarks dhcp-snooping information format Configure the Optional { normal | verbose padding format for [ node-identifier { mac | normal by default. Option 82 sysname | user-defined node-identifier } ] } Optional By default, the code type depends on the padding format of Option 82.

  • Page 309: Displaying And Maintaining Dhcp Snooping, Dhcp Snooping Configuration Examples, Dhcp Snooping Configuration Example

    Displaying and Maintaining DHCP Snooping To do… Use the command… Remarks display dhcp-snooping [ ip Display DHCP snooping entries ip-address ] display dhcp-snooping Display Option 82 configuration information information { all | interface Available in any on the DHCP snooping device interface-type interface-number } view Display DHCP packet statistics on the...

  • Page 310: Dhcp Snooping Option 82 Support Configuration Example

    [SwitchB-GigabitEthernet1/0/1] dhcp-snooping trust [SwitchB-GigabitEthernet1/0/1] quit DHCP Snooping Option 82 Support Configuration Example Network requirements As shown in Figure 5-3, enable DHCP snooping and Option 82 support on Switch B. Configure the handling strategy for DHCP requests containing Option 82 as replace. On GigabitEthernet 1/0/2, configure the padding content for the circuit ID sub-option as company001 and for the remote ID sub-option as device001.

  • Page 311: Bootp Client Configuration, Introduction To Bootp Client, Bootp Application

    BOOTP Client Configuration While configuring a BOOTP client, go to these sections for information you are interested in: Introduction to BOOTP Client Configuring an Interface to Dynamically Obtain an IP Address Through BOOTP Displaying and Maintaining BOOTP Client Configuration BOOTP client configuration only applies to VLAN interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows 2000 Server or Windows 2003 Server.

  • Page 312: Configuring An Interface To Dynamically Obtain An Ip Address Through Bootp

    Because a DHCP server can interact with a BOOTP client, you can use the DHCP server to configure an IP address for the BOOTP client, without any BOOTP server. Obtaining an IP Address Dynamically A DHCP server can take the place of the BOOTP server in the following dynamic IP address acquisition.

  • Page 313: Displaying And Maintaining Bootp Client Configuration, Bootp Client Configuration Example

    Displaying and Maintaining BOOTP Client Configuration To do… Use the command… Remarks Display related information on a display bootp client [ interface Available in any BOOTP client interface-type interface-number ] view BOOTP Client Configuration Example Network requirement As shown in Figure 2-2, Switch B’s port belonging to VLAN 1 is connected to the LAN.

  • Page 314: Table Of Contents

    Table of Contents 1 DNS Configuration·····································································································································1-1 DNS Overview·········································································································································1-1 Static Domain Name Resolution ·····································································································1-1 Dynamic Domain Name Resolution ································································································1-1 DNS Proxy·······································································································································1-3 Configuring the DNS Client·····················································································································1-4 Configuring Static Domain Name Resolution ··················································································1-4 Configuring Dynamic Domain Name Resolution·············································································1-4 Configuring the DNS Proxy·····················································································································1-5 Displaying and Maintaining DNS ············································································································1-5 DNS Configuration Examples ·················································································································1-5 Static Domain Name Resolution Configuration Example································································1-5 Dynamic Domain Name Resolution Configuration Example···························································1-6...

  • Page 315: Dns Configuration, Dns Overview, Static Domain Name Resolution, Dynamic Domain Name Resolution

    DNS Configuration When configuring DNS, go to these sections for information you are interested in: DNS Overview Configuring the DNS Client Configuring the DNS Proxy Displaying and Maintaining DNS DNS Configuration Examples Troubleshooting DNS Configuration This document only covers IPv4 DNS configuration. For information about IPv6 DNS configuration, refer to IPv6 Basics Configuration in the IP Services Volume.

  • Page 316

    The DNS server looks up the corresponding IP address of the domain name in its DNS database. If no match is found, it sends a query to a higher level DNS server. This process continues until a result, whether successful or not, is returned. The DNS client returns the resolution result to the application after receiving a response from the DNS server.

  • Page 317: Dns Proxy

    If an alias is configured for a domain name on the DNS server, the device can resolve the alias into the IP address of the host. DNS Proxy Introduction to DNS proxy A DNS proxy forwards DNS requests and replies between DNS clients and a DNS server. As shown in Figure 1-2, a DNS client sends a DNS request to the DNS proxy, which forwards the...

  • Page 318: Configuring The Dns Client, Configuring Static Domain Name Resolution, Configuring Dynamic Domain Name Resolution

    Configuring the DNS Client Configuring Static Domain Name Resolution Follow these steps to configure static domain name resolution: To do… Use the command… Remarks Enter system view –– system-view Configure a mapping between a host Required name and IP address in the static ip host hostname ip-address Not configured by default.

  • Page 319: Configuring The Dns Proxy, Displaying And Maintaining Dns, Dns Configuration Examples

    Configuring the DNS Proxy Follow these steps to configure the DNS proxy: To do… Use the command… Remarks Enter system view — system-view Required Enable DNS proxy dns proxy enable Disabled by default. Displaying and Maintaining DNS To do… Use the command… Remarks Display the static domain name display ip host...

  • Page 320: Dynamic Domain Name Resolution Configuration Example

    data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=128 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=128 time=4 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=128 time=3 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=128 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=128 time=3 ms --- host.com ping statistics --- 5 packet(s) transmitted 5 packet(s) received...

  • Page 321

    Figure 1-5, right click Forward Lookup Zones, select New zone, and then follow the instructions to create a new zone named com. Figure 1-5 Create a zone # Create a mapping between the host name and IP address. Figure 1-6 Add a host Figure 1-6, right click zone com, and then select New Host to bring up a dialog box as shown in Figure...

  • Page 322

    Figure 1-7 Add a mapping between domain name and IP address Configure the DNS client # Enable dynamic domain name resolution. <Sysname> system-view [Sysname] dns resolve # Specify the DNS server 2.1.1.2. [Sysname] dns server 2.1.1.2 # Configure com as the name suffix. [Sysname] dns domain com Configuration verification # Execute the ping host command on the Switch to verify that the communication between the Switch...

  • Page 323: Dns Proxy Configuration Example

    DNS Proxy Configuration Example Network requirements Specify Switch A as the DNS server of Switch B (the DNS client). Switch A acts as a DNS proxy. The IP address of the real DNS server is 4.1.1.1. Switch B implements domain name resolution through Switch A. Figure 1-8 Network diagram for DNS proxy Configuration procedure Before performing the following configuration, assume that Switch A, the DNS server, and the host are...

  • Page 324: Troubleshooting Dns Configuration

    # Specify the DNS server 2.1.1.2. [SwitchB] dns server 2.1.1.2 Configuration verification # Execute the ping host.com command on Switch B to verify that the communication between the Switch and the host is normal and that the corresponding destination IP address is 3.1.1.1. [SwitchB] ping host.com Trying DNS resolve, press CTRL_C to break Trying DNS server (2.1.1.2)

  • Page 325: Table Of Contents

    Table of Contents 1 IP Performance Optimization Configuration···························································································1-1 IP Performance Overview ·······················································································································1-1 Enabling Reception and Forwarding of Directed Broadcasts to a Directly Connected Network ············1-1 Enabling Reception of Directed Broadcasts to a Directly Connected Network·······························1-1 Enabling Forwarding of Directed Broadcasts to a Directly Connected Network ·····························1-2 Configuration Example ····················································································································1-2 Configuring TCP Optional Parameters ···································································································1-3 Configuring ICMP to Send Error Packets ·······························································································1-4...

  • Page 326: Ip Performance Overview, Enabling Reception And Forwarding Of Directed Broadcasts To A Directly Connected Network

    IP Performance Optimization Configuration When optimizing IP performance, go to these sections for information you are interested in: IP Performance Overview Enabling Reception and Forwarding of Directed Broadcasts to a Directly Connected Network Configuring TCP Optional Parameters Configuring ICMP to Send Error Packets Displaying and Maintaining IP Performance Optimization IP Performance Overview In some network environments, you can adjust the IP parameters to achieve best network performance.

  • Page 327: Enabling Forwarding Of Directed Broadcasts To A Directly Connected Network

    Enabling Forwarding of Directed Broadcasts to a Directly Connected Network Follow these steps to enable the device to forward directed broadcasts: To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Required Enable the interface to forward ip forward-broadcast [ acl By default, the device is...

  • Page 328: Configuring Tcp Optional Parameters

    [SwitchA-Vlan-interface3] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 2.2.2.2 24 # Enable VLAN-interface 2 to forward directed broadcasts. [SwitchA-Vlan-interface2] ip forward-broadcast Configure Switch B # Enable Switch B to receive directed broadcasts. <SwitchB> system-view [SwitchB] ip forward-broadcast # Configure a static route to the host. [SwitchB] ip route-static 1.1.1.1 24 2.2.2.2 # Configure an IP address for VLAN-interface 2.

  • Page 329: Configuring Icmp To Send Error Packets

    The actual length of the finwait timer is determined by the following formula: Actual length of the finwait timer = (Configured length of the finwait timer – 75) + configured length of the synwait timer Configuring ICMP to Send Error Packets Sending error packets is a major function of ICMP.

  • Page 330

    When receiving a packet with the destination being local and transport layer protocol being UDP, if the packet’s port number does not match the running process, the device will send the source a “port unreachable” ICMP error packet. If the source uses “strict source routing" to send packets, but the intermediate device finds that the next hop specified by the source is not directly connected, the device will send the source a “source routing failure”...

  • Page 331: Displaying And Maintaining Ip Performance Optimization

    Displaying and Maintaining IP Performance Optimization To do… Use the command… Remarks Display current TCP connection state display tcp status Display TCP connection statistics display tcp statistics Display UDP statistics display udp statistics display ip statistics [ slot Display statistics of IP packets slot-number ] display icmp statistics [ slot Display statistics of ICMP flows...

  • Page 332: Table Of Contents

    Table of Contents 1 UDP Helper Configuration ························································································································1-1 Introduction to UDP Helper ·····················································································································1-1 Configuring UDP Helper ·························································································································1-1 Displaying and Maintaining UDP Helper·································································································1-2 UDP Helper Configuration Examples······································································································1-2 UDP Helper Configuration Example································································································1-2...

  • Page 333: Udp Helper Configuration, Introduction To Udp Helper, Configuring Udp Helper

    UDP Helper Configuration When configuring UDP Helper, go to these sections for information you are interested in: Introduction to UDP Helper Configuring UDP Helper Displaying and Maintaining UDP Helper UDP Helper Configuration Examples UDP Helper can be currently configured on VLAN interfaces only. Introduction to UDP Helper Sometimes, a host needs to forward broadcasts to obtain network configuration information or request the names of other devices on the network.

  • Page 334: Displaying And Maintaining Udp Helper, Udp Helper Configuration Examples, Udp Helper Configuration Example

    To do… Use the command… Remarks interface interface-type Enter interface view — interface-number Required Specify the destination server to which UDP packets No destination server is specified udp-helper server ip-address are to be forwarded by default. The UDP Helper enabled device cannot forward DHCP broadcast packets. That is to say, the UDP port number cannot be set to 67 or 68.

  • Page 335

    Figure 1-1 Network diagram for UDP Helper configuration Configuration procedure The following configuration assumes that a route from Switch A to the network segment 10.2.0.0/16 is available. # Enable UDP Helper. <SwitchA> system-view [SwitchA] udp-helper enable # Enable the forwarding broadcast packets with the UDP destination port 55. [SwitchA] udp-helper port 55 # Specify the destination server 10.2.1.1 on VLAN-interface 1.

  • Page 336: Table Of Contents

    Table of Contents 1 IPv6 Basics Configuration ························································································································1-1 IPv6 Overview ·········································································································································1-1 IPv6 Features ··································································································································1-1 Introduction to IPv6 Address ···········································································································1-3 Introduction to IPv6 Neighbor Discovery Protocol···········································································1-5 IPv6 PMTU Discovery ·····················································································································1-8 Introduction to IPv6 DNS ·················································································································1-9 Protocols and Standards ·················································································································1-9 IPv6 Basics Configuration Task List ·······································································································1-9 Configuring Basic IPv6 Functions ·········································································································1-10 Enabling IPv6 ································································································································1-10 Configuring an IPv6 Unicast Address····························································································1-10...

  • Page 337: Ipv6 Overview, Ipv6 Basics Configuration, Ipv6 Features

    IPv6 Basics Configuration When configuring IPv6 basics, go to these sections for information you are interested in: IPv6 Overview IPv6 Basics Configuration Task List Configuring Basic IPv6 Functions Configuring IPv6 NDP Configuring PMTU Discovery Configuring IPv6 TCP Properties Configuring ICMPv6 Packet Sending Configuring IPv6 DNS Client Displaying and Maintaining IPv6 Basics Configuration IPv6 Configuration Example...

  • Page 338

    the IPv4 address size, the basic IPv6 header size is 40 bytes and is only twice the IPv4 header size (excluding the Options field). Figure 1-1 Comparison between IPv4 packet header format and basic IPv6 packet header format Adequate address space The source and destination IPv6 addresses are both 128 bits (16 bytes) long.

  • Page 339: Introduction To Ipv6 Address

    Enhanced neighbor discovery mechanism The IPv6 neighbor discovery protocol is implemented through a group of Internet Control Message Protocol Version 6 (ICMPv6) messages that manage the information exchange between neighbor nodes on the same link. The group of ICMPv6 messages takes the place of Address Resolution Protocol (ARP) messages, Internet Control Message Protocol version 4 (ICMPv4) router discovery messages, and ICMPv4 redirection messages and provides a series of other functions.

  • Page 340

    Anycast address: An identifier for a set of interfaces (typically belonging to different nodes). A packet sent to an anycast address is delivered to one of the interfaces identified by that address (the target interface is nearest to the source, according to a routing protocol’s measure of distance).

  • Page 341: Introduction To Ipv6 Neighbor Discovery Protocol

    Multicast address IPv6 multicast addresses listed in Table 1-2 are reserved for special purpose. Table 1-2 Reserved IPv6 multicast addresses Address Application FF01::1 Node-local scope all nodes multicast address FF02::1 Link-local scope all nodes multicast address FF01::2 Node-local scope all routers multicast address FF02::2 Link-local scope all routers multicast address FF05::2...

  • Page 342

    Duplicate address detection Router/prefix discovery and address autoconfiguration Redirection Table 1-3 lists the types and functions of ICMPv6 messages used by the NDP. Table 1-3 Types and functions of ICMPv6 messages ICMPv6 message Number Function Used to acquire the link-layer address of a neighbor Neighbor solicitation (NS) Used to verify whether the neighbor is reachable message...

  • Page 343

    After receiving the NS message, node B judges whether the destination address of the packet is its solicited-node multicast address. If yes, node B learns the link-layer address of node A, and then unicasts an NA message containing its link-layer address. Node A acquires the link-layer address of node B from the NA message.

  • Page 344: Ipv6 Pmtu Discovery

    The router returns an RA message containing information such as prefix information option. (The router also regularly sends an RA message.) The node automatically generates an IPv6 address and other information for its interface according to the address prefix and other configuration parameters in the RA message. In addition to an address prefix, the prefix information option also contains the preferred lifetime and valid lifetime of the address prefix.

  • Page 345: Ipv6 Basics Configuration Task List, Introduction To Ipv6 Dns

    The source host uses its MTU to send packets to the destination host. If the MTU supported by a forwarding interface is smaller than the packet size, the forwarding device will discard the packet and return an ICMPv6 error packet containing the interface MTU to the source host.

  • Page 346: Configuring Basic Ipv6 Functions, Enabling Ipv, Configuring An Ipv6 Unicast Address

    Task Remarks Configuring ICMPv6 Packet Sending Optional Configuring IPv6 DNS Client Optional Configuring Basic IPv6 Functions Enabling IPv6 Before performing IPv6-related configurations, you need to Enable IPv6. Otherwise, an interface cannot forward IPv6 packets even if it has an IPv6 address configured. Follow these steps to Enable IPv6: To do...

  • Page 347: Configuring Ipv6 Ndp, Configuring A Static Neighbor Entry

    To do... Use the command... Remarks Automatically Optional generate a link-local ipv6 address auto By default, after an IPv6 address for the Configure link-local site-local address or interface an IPv6 aggregatable global unicast link-local address is configured for an Manually assign a address interface, a link-local address ipv6 address...

  • Page 348: Configuring The Maximum Number Of Neighbors Dynamically Learned, Configuring Parameters Related To Ra Messages

    Follow these steps to configure a static neighbor entry: To do... Use the command... Remarks Enter system view — system-view ipv6 neighbor ipv6-address mac-address { vlan-id Configure a static port-type port-number | interface interface-type Required neighbor entry interface-number } You can adopt either of the two methods above to configure a static neighbor entry. After a static neighbor entry is configured by using the first method, the device needs to resolve the corresponding Layer 2 port information of the VLAN interface.

  • Page 349

    Table 1-4 Parameters in an RA message and their descriptions Parameters Description When sending an IPv6 packet, a host uses the value to fill the Cur Hop Limit Cur hop limit field in IPv6 headers. The value is also filled into the Cur Hop Limit field in response messages of a device.

  • Page 350

    To do… Use the command… Remarks Required Disable the RA message By default, RA messages are undo ipv6 nd ra halt suppression suppressed. Optional By default, the maximum interval for sending RA messages is 600 seconds, and the minimum interval is 200 seconds. Configure the maximum and ipv6 nd ra interval The device sends RA messages...

  • Page 351: Configuring Pmtu Discovery

    The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA messages. Configuring the Maximum Number of Attempts to Send an NS Message for DAD An interface sends a neighbor solicitation (NS) message for duplicate address detection after acquiring an IPv6 address.

  • Page 352: Configuring Ipv6 Tcp Properties, Configuring Icmpv6 Packet Sending

    MTU. After the aging time expires, the dynamic PMTU is removed and the source host re-determines a dynamic path MTU through the PMTU mechanism. The aging time is invalid for a static PMTU. Follow these steps to configure the aging time for dynamic PMTUs: To do…...

  • Page 353: Enable Sending Of Multicast Echo Replies, Enabling Sending Of Icmpv6 Time Exceeded Packets

    successively sent exceeds the capacity of the token bucket, the additional ICMPv6 error packets cannot be sent out until the capacity of the token bucket is restored. Follow these steps to configure the capacity and update interval of the token bucket: To do…...

  • Page 354: Configuring Ipv6 Dns Client, Configuring Static Ipv6 Domain Name Resolution

    Configuring IPv6 DNS Client Configuring Static IPv6 Domain Name Resolution Configuring static IPv6 domain name resolution is to establish the mapping between a host name and an IPv6 address. When using such applications as Telnet, you can directly input a host name and the system will resolve the host name into an IPv6 address.

  • Page 355: Displaying And Maintaining Ipv6 Basics Configuration

    Displaying and Maintaining IPv6 Basics Configuration To do… Use the command… Remarks Display DNS suffix information display dns domain [ dynamic ] Display IPv6 dynamic domain name display dns ipv6 dynamic-host cache information Display IPv6 DNS server information display dns ipv6 server [ dynamic ] display ipv6 fib [ slot-number ] Display the IPv6 FIB entries [ ipv6-address ]...

  • Page 356: Ipv6 Configuration Example

    The display dns domain command is the same as the one of IPv4 DNS. For details about the commands, refer to DNS Commands in the IP Services Volume. IPv6 Configuration Example Network requirements Host, Switch A and Switch B are directly connected through Ethernet ports. Add the Ethernet ports into corresponding VLANs, configure IPv6 addresses for the VLAN interfaces and verify the connectivity between them.

  • Page 357

    Configure Switch B # Enable IPv6. <SwitchB> system-view [SwitchB] ipv6 # Configure an aggregatable global unicast address for VLAN-interface 2. [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] ipv6 address 3001::2/64 # Configure an IPv6 static route with destination IP address 2001::/64 and next hop address 3001::1. [SwitchB-Vlan-interface2] ipv6 route-static 2001:: 64 3001::1 Configure Host Enable IPv6 for Host to automatically get an IPv6 address through IPv6 NDP.

  • Page 358

    ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: 25747 OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: [SwitchA-Vlan-interface1] display ipv6 interface vlan-interface 1 verbose Vlan-interface1 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1C0 Global unicast address(es): 2001::1, subnet is 2001::/64 Joined group address(es):...

  • Page 359

    ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: 1012 OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Display the IPv6 interface settings on Switch B. [SwitchB-Vlan-interface2] display ipv6 interface vlan-interface 2 verbose Vlan-interface2 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1234 Global unicast address(es): 3001::2, subnet is 3001::/64...

  • Page 360

    OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Ping Switch A and Switch B on Host, and ping Switch A and Host on Switch B to verify the connectivity between them. When you ping a link-local address, you should use the “–i” parameter to specify an interface for the link-local address.

  • Page 361: Troubleshooting Ipv6 Basics Configuration

    Troubleshooting IPv6 Basics Configuration Symptom The peer IPv6 address cannot be pinged. Solution Use the display current-configuration command in any view or the display this command in system view to verify that IPv6 is enabled. Use the display ipv6 interface command in any view to verify that the IPv6 address of the interface is correct and the interface is up.

  • Page 362: Table Of Contents

    Table of Contents 1 Dual Stack Configuration··························································································································1-1 Dual Stack Overview·······························································································································1-1 Configuring Dual Stack ···························································································································1-1...

  • Page 363: Dual Stack Overview, Configuring Dual Stack, Dual Stack Configuration

    Dual Stack Configuration When configuring dual stack, go to these sections for information you are interested in: Dual Stack Overview Configuring Dual Stack Dual Stack Overview Dual stack is the most direct approach to making IPv6 nodes compatible with IPv4 nodes. The best way for an IPv6 node to be compatible with an IPv4 node is to maintain a complete IPv4 stack.

  • Page 364

    To do… Use the command… Remarks Required ip address ip-address By default, no IP Configure an IPv4 address for the interface { mask | mask-length } address is [ sub ] configured. Use either ipv6 address Manually specify { ipv6-address prefix-length command.

  • Page 365: Table Of Contents

    Table of Contents 1 Tunneling Configuration···························································································································1-1 Introduction to Tunneling ························································································································1-1 IPv6 over IPv4 Tunnel ·····················································································································1-2 Protocols and Standards ·················································································································1-4 Tunneling Configuration Task List ··········································································································1-5 Configuring IPv6 Manual Tunnel·············································································································1-5 Configuration Prerequisites ·············································································································1-5 Configuration Procedure··················································································································1-5 Configuration Example ····················································································································1-6 Configuring 6to4 Tunnel························································································································1-10 Configuration Prerequisites ···········································································································1-10 Configuration Procedure················································································································1-10 6to4 Tunnel Configuration Example ······························································································1-11 Configuring ISATAP Tunnel··················································································································1-14...

  • Page 366: Introduction To Tunneling, Tunneling Configuration

    Tunneling Configuration When configuring tunneling, go to these sections for information you are interested in: Introduction to Tunneling Tunneling Configuration Task List Configuring IPv6 Manual Tunnel Configuring 6to4 Tunnel Configuring ISATAP Tunnel Displaying and Maintaining Tunneling Configuration Troubleshooting Tunneling Configuration The tunnel interface number is in the A/B/C format, where A, B, and C represent the IRF member device ID, the sub-slot number, and the tunnel interface number respectively.

  • Page 367: Ipv6 Over Ipv4 Tunnel

    For related configuration about the dual protocol stack, refer to Dual Stack Configuration in the IP Services Volume. The 3Com Switches 4800G do not support NAT-PT. IPv6 over IPv4 Tunnel Implementation The IPv6 over IPv4 tunneling mechanism encapsulates an IPv4 header in IPv6 data packets so that...

  • Page 368

    The encapsulated packet goes through the tunnel to reach the device at the destination end of the tunnel. The device at the destination end decapsulates the packet if the destination address of the encapsulated packet is the device itself. The destination device forwards the packet according to the destination address in the decapsulated IPv6 packet.

  • Page 369

    A manually configured tunnel is a point-to-point link. Each link is a separate tunnel. IPv6 manually configured tunnels are mainly used to provide stable connections for regular secure communication between border routers or between border routers and hosts for access to remote IPv6 networks. 6to4 tunnel An automatic 6to4 tunnel is a point-to-multipoint tunnel and is used to connect multiple isolated IPv6 networks over an IPv4 network to remote IPv6 networks.

  • Page 370: Tunneling Configuration Task List, Configuring Ipv6 Manual Tunnel

    Tunneling Configuration Task List Complete the following tasks to configure the tunneling feature: Task Remarks Configuring IPv6 Manual Tunnel Optional Configuring IPv6 Configuring 6to4 Tunnel Optional over IPv4 tunnel Configuring ISATAP Tunnel Optional Configuring IPv6 Manual Tunnel Configuration Prerequisites Configure IP addresses for interfaces (such as the VLAN interface and loopback interface) on the device to ensure normal communication.

  • Page 371

    To do… Use the command… Remarks Required source { ip-address | Configure a source address or By default, no source address interface-type interface for the tunnel or interface is configured for the interface-number } tunnel. Required Configure a destination By default, no destination destination ip-address address for the tunnel address is configured for the...

  • Page 372

    Figure 1-3 Network diagram for an IPv6 manual tunnel Configuration procedure Make sure that Switch A and Switch B have the corresponding VLAN interfaces created and are reachable to each other. Configuration on Switch A # Enable IPv6. <SwitchA> system-view [SwitchA] ipv6 # Configure an IPv4 address for VLAN-interface 100.

  • Page 373

    # Reference service loopback group 1 in tunnel interface view. [SwitchA-Tunnel1/0/0] service-loopback-group 1 [SwitchA-Tunnel1/0/0] quit # Configure a static route to IPv6 Group 2 through tunnel 1/0/0 on Switch A. [SwitchA] ipv6 route-static 3003:: 64 tunnel 1/0/0 Configuration on Switch B # Enable IPv6.

  • Page 374

    Global unicast address(es): 3001::1, subnet is 3001::/64 Joined group address(es): FF02::1:FFA8:6401 FF02::1:FF00:1 FF02::1:FF00:0 FF02::2 FF02::1 MTU is 1480 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: [SwitchB] display ipv6 interface tunnel 1/0/0 verbose Tunnel1/0/0 current state :UP...

  • Page 375: Configuring 6to4 Tunnel

    bytes=56 Sequence=5 hop limit=64 time = 1 ms --- 3003::1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms Configuring 6to4 Tunnel Configuration Prerequisites Configure IP addresses for interfaces (such as the VLAN interface and loopback interface) on the device to ensure normal communication.

  • Page 376: To4 Tunnel Configuration Example

    To do… Use the command… Remarks Required source { ip-address | Configure a source address or By default, no source address interface-type interface for the tunnel or interface is configured for interface-number } the tunnel. Required Reference a service loopback service-loopback-group By default, no service loopback group...

  • Page 377

    Figure 1-4 Network diagram for a 6to4 tunnel Configuration procedure Make sure that Switch A and Switch B have the corresponding VLAN interfaces created and are reachable to each other. Configuration on Switch A # Enable IPv6. <SwitchA> system-view [SwitchA] ipv6 # Configure an IPv4 address for VLAN-interface 100.

  • Page 378

    [SwitchA-Tunnel1/0/0] tunnel-protocol ipv6-ipv4 6to4 # Reference service loopback group 1 in tunnel interface view. [SwitchA-Tunnel1/0/0] service-loopback-group 1 [SwitchA-Tunnel1/0/0] quit # Configure a static route whose destination address is 2002::/16 and next-hop is the tunnel interface. [SwitchA] ipv6 route-static 2002:: 16 tunnel 1/0/0 Configuration on Switch B # Enable IPv6.

  • Page 379: Configuring Isatap Tunnel

    from 2002:201:101:1::2 with 32 bytes of data: Reply from 2002:501:101:1::2: bytes=32 time=13ms Reply from 2002:501:101:1::2: bytes=32 time=1ms Reply from 2002:501:101:1::2: bytes=32 time=1ms Reply from 2002:501:101:1::2: bytes=32 time<1ms Ping statistics for 2002:501:101:1::2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 13ms, Average = 3ms Configuring ISATAP Tunnel...

  • Page 380

    To do… Use the command… Remarks Required By default, the tunnel is an IPv6 manual tunnel. The tunnel-protocol ipv6-ipv4 Set an ISATAP tunnel same tunnel mode should isatap be configured at both ends of the tunnel. Otherwise, packet delivery will fail. Required source { ip-address | Configure a source address or...

  • Page 381

    Figure 1-5 Network diagram for an ISATAP tunnel Configuration procedure Make sure that the corresponding VLAN interfaces have been created on the switch. Make sure that VLAN-interface 101 on the ISATAP switch and the ISATAP host are reachable to each other. Configuration on the switch # Enable IPv6.

  • Page 382

    # Disable the RA suppression so that hosts can acquire information such as the address prefix from the RA message released by the ISATAP switch. [Switch-Tunnel1/0/0] undo ipv6 nd ra halt [Switch-Tunnel1/0/0] quit # Configure a static route to the ISATAP host. [Switch] ipv6 route-static 2001:: 16 tunnel 1/0/0 Configuration on the ISATAP host The specific configuration on the ISATAP host is related to its operating system.

  • Page 383: Displaying And Maintaining Tunneling Configuration, Troubleshooting Tunneling Configuration

    DAD transmits 0 default site prefix length 48 # By comparison, it is found that the host acquires the address prefix 2001::/64 and automatically generates the address 2001::5efe:2.1.1.2. Meanwhile, “uses Router Discovery” is displayed, indicating that the router discovery function is enabled on the host. At this time, ping the IPv6 address of the tunnel interface of the switch.

  • Page 384: Table Of Contents

    Table of Contents 1 sFlow Configuration ··································································································································1-1 sFlow Overview·······································································································································1-1 Introduction to sFlow ·······················································································································1-1 Operation of sFlow ··························································································································1-1 Configuring sFlow ···································································································································1-2 Displaying and Maintaining sFlow···········································································································1-2 sFlow Configuration Example ·················································································································1-3 Troubleshooting sFlow Configuration ·····································································································1-4 The Remote sFlow Collector Cannot Receive sFlow Packets ························································1-4...

  • Page 385: Sflow Configuration, Sflow Overview

    sFlow Configuration When configuring sFlow, go to these sections for information you are interested in: sFlow Overview Configuring sFlow Displaying and Maintaining sFlow sFlow Configuration Example Troubleshooting sFlow Configuration sFlow Overview Introduction to sFlow Sampled Flow (sFlow) is a traffic monitoring technology mainly used to collect and analyze traffic statistics.

  • Page 386: Configuring Sflow, Displaying And Maintaining Sflow

    Specify the sFlow sampling sflow sampling-mode Currently, the determine mode mode { determine | random } is not supported on 3Com Switch 4800G. Specify the number of packets Optional out of which the interface will sflow sampling-rate rate 200000 by default.

  • Page 387: Sflow Configuration Example

    sFlow Configuration Example Network requirements Host A and Server are connected to Switch through GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 respectively. Host B works as an sFlow collector with IP address 3.3.3.2 and port number 6343, and is connected to Switch through GigabitEthernet 1/0/3. GigabitEthernet 1/0/3 belongs to VLAN 1, having an IP address of 3.3.3.1.

  • Page 388: Troubleshooting Sflow Configuration, The Remote Sflow Collector Cannot Receive Sflow Packets

    Collector IP:3.3.3.2 Port:6343 Interval(s): 30 sFlow Port Information: Interface Direction Rate Mode Status Eth1/1 In/Out 100000 Random Active Troubleshooting sFlow Configuration The Remote sFlow Collector Cannot Receive sFlow Packets Symptom The remote sFlow collector cannot receive sFlow packets. Analysis sFlow is not enabled globally because the sFlow agent or/and the sFlow collector is/are not specified.

  • Page 389

    IP Routing Volume Organization Manual Version 6W101-20091012 Product Version Release 2202 Organization The IP Routing Volume is organized as follows: Features Description This document describes: IP Routing Overview Introduction to IP routing and routing table Routing protocol overview A static route is manually configured by the administrator. The proper configuration and usage of static routes can improve network performance and ensure bandwidth for important network applications.

  • Page 390

    Features Description Intermediate System-to-Intermediate System (IS-IS) is a link state protocol, which uses the shortest path first (SPF) algorithm. This document describes: Configuring IS-IS Basic Functions Configuring IS-IS Routing Information Control Tuning and Optimizing IS-IS Networks IS-IS Configuring IS-IS Authentication Configuring System ID to Host Name Mappings Configuring IS-IS GR Enabling the Logging of Neighbor State Changes...

  • Page 391

    IP address. Policy Routing The Switch 4800G implements policy routing through QoS policies. For details about traffic classification, traffic behavior and QoS policy configuration commands, refer to QoS Commands in the QoS Volume.

  • Page 392: Table Of Contents

    Table of Contents 1 IP Routing Overview··································································································································1-1 IP Routing and Routing Table·················································································································1-1 Routing ············································································································································1-1 Routing Table ··································································································································1-1 Routing Protocol Overview ·····················································································································1-3 Static Routing and Dynamic Routing·······························································································1-3 Classification of Dynamic Routing Protocols···················································································1-3 Routing Protocols and Routing Priority ···························································································1-4 Load Balancing and Route Backup ·································································································1-4 Route Recursion······························································································································1-5 Sharing of Routing Information········································································································1-5 Configuring a Router ID ··························································································································1-5...

  • Page 393: Ip Routing Overview, Ip Routing And Routing Table, Routing Table

    IP Routing Overview Go to these sections for information you are interested in: IP Routing and Routing Table Routing Protocol Overview Configuring a Router ID Displaying and Maintaining a Routing Table The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. IP Routing and Routing Table Routing Routing in the Internet is achieved through routers.

  • Page 394

    Outbound interface: Specifies the interface through which the IP packets are to be forwarded. IP address of the next hop: Specifies the address of the next router on the path. If only the outbound interface is configured, its address will be the IP address of the next hop. Priority for the route.

  • Page 395: Routing Protocol Overview, Static Routing And Dynamic Routing, Classification Of Dynamic Routing Protocols

    Routing Protocol Overview Static Routing and Dynamic Routing Static routing is easy to configure and requires less system resources. It works well in small, stable networks with simple topologies. Its major drawback is that you must perform routing configuration again whenever the network topology changes; it cannot adjust to network changes by itself. Dynamic routing is based on dynamic routing protocols, which can detect network topology changes and recalculate the routes accordingly.

  • Page 396: Routing Protocols And Routing Priority, Load Balancing And Route Backup

    Routing Protocols and Routing Priority Different routing protocols may find different routes to the same destination. However, not all of those routes are optimal. In fact, at a particular moment, only one protocol can uniquely determine the current optimal route to the destination. For the purpose of route selection, each routing protocol (including static routes) is assigned a priority.

  • Page 397: Route Recursion, Sharing Of Routing Information, Configuring A Router Id

    The number of routes for load balancing varies by device. In current implementations, routing protocols supporting load balancing are static routing, RIP, OSPF, BGP, and IS-IS. Route backup Route backup can help improve network reliability. With route backup, you can configure multiple routes to the same destination, expecting the one with the highest priority to be the main route and all the rest backup routes.

  • Page 398: Displaying And Maintaining A Routing Table

    Displaying and Maintaining a Routing Table To do… Use the command… Remarks Display brief information about display ip routing-table [ vpn-instance Available in any the active routes in the routing vpn-instance-name ] [ verbose | | { begin | view table exclude | include } regular-expression ] Display information about...

  • Page 399: Table Of Contents

    Table of Contents 1 Static Routing Configuration····················································································································1-1 Introduction ·············································································································································1-1 Static Route ·····································································································································1-1 Default Route···································································································································1-1 Application Environment of Static Routing ······················································································1-2 Configuring a Static Route ······················································································································1-2 Configuration Prerequisites ·············································································································1-2 Configuration Procedure··················································································································1-3 Detecting Reachability of the Static Route’s Nexthop ············································································1-3 Detecting Nexthop Reachability Through BFD ···············································································1-3 Detecting Nexthop Reachability Through Track··············································································1-4 Displaying and Maintaining Static Routes·······························································································1-5 Static Route Configuration Example ·······································································································1-6...

  • Page 400: Static Routing Configuration, Static Route, Default Route

    Static Routing Configuration When configuring a static route, go to these sections for information you are interested in: Introduction Configuring a Static Route Detecting Reachability of the Static Route’s Nexthop Displaying and Maintaining Static Routes Static Route Configuration Example The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. Introduction Static Route A static route is a manually configured.

  • Page 401: Configuring A Static Route, Application Environment Of Static Routing

    The network administrator can configure a default route with both destination and mask being 0.0.0.0. The router forwards any packet whose destination address fails to match any entry in the routing table to the next hop of the default static route. Some dynamic routing protocols, such as OSPF, RIP and IS-IS, can also generate a default route.

  • Page 402: Detecting Reachability Of The Static Route's Nexthop, Detecting Nexthop Reachability Through Bfd

    Configuration Procedure Follow these steps to configure a static route: To do… Use the command… Remarks Enter system view — system-view ip route-static dest-address { mask | mask-length } { next-hop-address | interface-type interface-number next-hop-address | vpn-instance Required d-vpn-instance-name next-hop-address } [ preference preference-value ] [ tag tag-value ] By default, [ description description-text ]...

  • Page 403: Detecting Nexthop Reachability Through Track

    protocols and Multiprotocol Label Switching (MPLS). For details about BFD, refer to BFD Configuration in the High Availability Volume. After a static route is configured, you can enable BFD to detect the reachability of the static route's nexthop. Network requirements To detect the reachability of the static route's nexthop through BFD, you need to enable BFD first.

  • Page 404: Displaying And Maintaining Static Routes

    Configuration procedure Follow these steps to detect the reachability of a static route's nexthop through Track: To do… Use the command… Remarks Enter system view — system-view ip route-static dest-address { mask | mask-length } { next-hop-address | vpn-instance d-vpn-instance-name next-hop-address } track track-entry-number [ preference preference-value ] [ tag tag-value ] [ description description-text ]...

  • Page 405: Static Route Configuration Example, Basic Static Route Configuration Example

    Static Route Configuration Example Basic Static Route Configuration Example Network requirements The IP addresses and masks of the switches and hosts are shown in the following figure. Static routes are required for interconnection between any two hosts. Figure 1-1 Network diagram for static route configuration Configuration procedure Configuring IP addresses for interfaces (omitted) Configuring static routes...

  • Page 406

    Destination/Mask Proto Cost NextHop Interface 0.0.0.0/0 Static 60 1.1.4.2 Vlan500 1.1.2.0/24 Direct 0 1.1.2.3 Vlan300 1.1.2.3/32 Direct 0 127.0.0.1 InLoop0 1.1.4.0/30 Direct 0 1.1.4.1 Vlan500 1.1.4.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Display the IP routing table of Switch B.

  • Page 407

    <1 ms <1 ms <1 ms 1.1.6.1 <1 ms <1 ms <1 ms 1.1.4.1 1 ms <1 ms <1 ms 1.1.2.2 Trace complete.

  • Page 408: Table Of Contents

    Table of Contents 1 RIP Configuration ······································································································································1-1 RIP Overview ··········································································································································1-1 Operation of RIP······························································································································1-1 Operation of RIP······························································································································1-2 RIP Version ·····································································································································1-2 RIP Message Format·······················································································································1-3 Supported RIP Features··················································································································1-5 Protocols and Standards ·················································································································1-5 Configuring RIP Basic Functions ············································································································1-5 Configuration Prerequisites ·············································································································1-5 Configuration Procedure··················································································································1-5 Configuring RIP Route Control ···············································································································1-7 Configuring an Additional Routing Metric ························································································1-7 Configuring RIPv2 Route Summarization························································································1-8 Disabling Host Route Reception ·····································································································1-9...

  • Page 409: Rip Configuration, Rip Overview, Operation Of Rip

    RIP Configuration The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. When configuring RIP, go to these sections for information you are interested in: RIP Overview Configuring RIP Basic Functions Configuring RIP Route Control Configuring RIP Network Optimization Displaying and Maintaining RIP...

  • Page 410: Rip Version

    Egress interface: Packet outgoing interface. Metric: Cost from the local router to the destination. Route time: Time elapsed since the routing entry was last updated. The time is reset to 0 every time the routing entry is updated. Route tag: Identifies a route, used in a routing policy to flexibly control routes. For information about routing policy, refer to Routing Policy Configuration in the IP Routing Volume.

  • Page 411: Rip Message Format

    RIPv1, a classful routing protocol, supports message advertisement via broadcast only. RIPv1 protocol messages do not carry mask information, which means it can only recognize routing information of natural networks such as Class A, B, C. That is why RIPv1 does not support discontiguous subnets. RIPv2 is a classless routing protocol.

  • Page 412

    RIPv2 message format The format of RIPv2 message is similar to RIPv1. Figure 1-2 shows it. Figure 1-2 RIPv2 Message Format The differences from RIPv1 are stated as following. Version: Version of RIP. For RIPv2 the value is 0x02. Route Tag: Route Tag. IP Address: Destination IP address.

  • Page 413: Configuring Rip Basic Functions

    RFC 1723 only defines plain text authentication. For information about MD5 authentication, refer to RFC 2453 “RIP Version 2”. With RIPv1, you can configure the authentication mode in interface view. However, the configuration will not take effect because RIPv1 does not support authentication. Supported RIP Features The current implementation supports the following RIP features.

  • Page 414

    If you make some RIP configurations in interface view before enabling RIP, those configurations will take effect after RIP is enabled. RIP runs only on the interfaces residing on the specified networks. Therefore, you need to specify the network after enabling RIP to validate RIP on a specific interface. You can enable RIP on all interfaces using the command network 0.0.0.0.

  • Page 415: Configuring Rip Route Control

    To do… Use the command… Remarks Enter system view –– system-view rip [ process-id ] [ vpn-instance Enter RIP view –– vpn-instance-name ] Optional By default, if an interface has a RIP version specified, the version takes precedence over the global one. If no RIP Specify a global RIP version { 1 | 2 } version is specified for an...

  • Page 416: Configuring Ripv2 Route Summarization

    To do… Use the command… Remarks Enter system view –– system-view interface interface-type Enter interface view –– interface-number Optional Define an inbound rip metricin [ route-policy additional routing metric route-policy-name ] value 0 by default Optional Define an outbound rip metricout [ route-policy additional routing metric route-policy-name ] value 1 by default...

  • Page 417: Disabling Host Route Reception

    You need to disable RIPv2 route automatic summarization before advertising a summary route on an interface. Disabling Host Route Reception Sometimes a router may receive from the same network many host routes, which are not helpful for routing and consume a large amount of network resources. In this case, you can disable RIP from receiving host routes to save network resources.

  • Page 418: Configuring Inbound/outbound Route Filtering

    To do… Use the command… Remarks interface interface-type Enter interface view –– interface-number Optional rip default-route { { only | By default, a RIP interface can Configure the RIP interface originate } [ cost cost ] | advertise a default route if the to advertise a default route no-originate } RIP process is configured with...

  • Page 419: Configuring Rip Network Optimization, Configuring A Priority For Rip

    Configuring a Priority for RIP Multiple IGP protocols may run in a router. If you want RIP routes to have a higher priority than those learned by other routing protocols, you can assign RIP a smaller priority value to influence optimal route selection.

  • Page 420: Configuring Rip Timers

    Configuring RIP Timers You can change the RIP network convergence speed by adjusting RIP timers. Follow these steps to configure RIP timers: To do… Use the command… Remarks Enter system view –– system-view rip [ process-id ] [ vpn-instance Enter RIP view ––...

  • Page 421: Configuring The Maximum Number Of Load Balanced Routes

    Enabling poison reverse The poison reverse function allows an interface to advertise the routes received from it, but the metric of these routes is set to 16, making them unreachable. Follow these steps to enable poison reverse: To do… Use the command… Remarks Enter system view —...

  • Page 422: Configuring Ripv2 Message Authentication, Specifying A Rip Neighbor

    For a message received, RIP compares the source IP address of the message with the IP address of the interface. If they are not in the same network segment, RIP discards the message. Follow these steps to enable source IP address check on incoming RIP updates: To do…...

  • Page 423: Configuring Rip-to-mib Binding, Configuring The Rip Packet Sending Rate

    Follow these steps to specify a RIP neighbor: To do… Use the command… Remarks Enter system view –– system-view rip [ process-id ] [ vpn-instance Enter RIP view –– vpn-instance-name ] Specify a RIP neighbor Required peer ip-address Required Disable source address check undo validate-source-address on incoming RIP updates Not disabled by default...

  • Page 424: Displaying And Maintaining Rip, Rip Configuration Examples, Configuring Rip Version

    To do… Use the command… Remarks Optional Configure the maximum number of RIP packets that By default, an interface sends output-delay time count count can be sent at the specified up to three RIP packets every interval 20 milliseconds. Displaying and Maintaining RIP To do…...

  • Page 425

    [SwitchA-Vlan-interface101] ip address 172.17.1.1 24 [SwitchA-Vlan-interface101] quit [SwitchA] interface vlan-interface 102 [SwitchA-Vlan-interface102] ip address 172.16.1.1 24 # Configure Switch B. <SwitchB> system-view [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ip address 192.168.1.2 24 [SwitchB-Vlan-interface100] quit [SwitchB] interface vlan-interface 101 [SwitchB-Vlan-interface101] ip address 10.2.1.1 24 [SwitchB-Vlan-interface101] quit Configure basic RIP functions # Configure Switch A.

  • Page 426

    P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect -------------------------------------------------------------------------- Peer 192.168.1.2 on Vlan-interface100 Destination/Mask Nexthop Cost Flags 10.0.0.0/8 192.168.1.2 10.2.1.0/24 192.168.1.2 10.1.1.0/24 192.168.1.2 From the routing table, you can see RIPv2 uses classless subnet mask. Since the routing information advertised by RIPv1 has a long aging time, it will still exist until it ages out after RIPv2 is configured.

  • Page 427

    [SwitchA-rip-100] undo summary [SwitchA-rip-100] quit # Enable RIP 100 and RIP 200 and specify RIP version 2 on Switch B. <SwitchB> system-view [SwitchB] rip 100 [SwitchB-rip-100] network 11.0.0.0 [SwitchB-rip-100] version 2 [SwitchB-rip-100] undo summary [SwitchB-rip-100] quit [SwitchB] rip 200 [SwitchB-rip-200] network 12.0.0.0 [SwitchB-rip-200] version 2 [SwitchB-rip-200] undo summary [SwitchB-rip-200] quit...

  • Page 428: Configuring An Additional Metric For A Rip Interface

    12.3.1.0/24 Direct 0 12.3.1.2 Vlan200 12.3.1.2/32 Direct 0 127.0.0.1 InLoop0 16.4.1.0/24 Direct 0 16.4.1.1 Vlan400 16.4.1.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configure an filtering policy to filter redistributed routes # Configure ACL 2000 to filter routes redistributed from RIP 100 on Switch B, making the route 10.2.1.0/24 not advertised to Switch C.

  • Page 429

    Figure 1-6 Network diagram for RIP interface additional metric configuration Configuration procedure Configure IP addresses for the interfaces (omitted). Configure RIP basic functions. # Configure Switch A. <SwitchA> system-view [SwitchA] rip 1 [SwitchA-rip-1] network 1.0.0.0 [SwitchA-rip-1] version 2 [SwitchA-rip-1] undo summary [SwitchA-rip-1] quit # Configure Switch B.

  • Page 430: Configuring Rip To Advertise A Summary Route

    # Display the IP routing table of Switch A. [SwitchA] display rip 1 database 1.0.0.0/8, cost 0, ClassfulSumm 1.1.1.0/24, cost 0, nexthop 1.1.1.1, Rip-interface 1.1.2.0/24, cost 0, nexthop 1.1.2.1, Rip-interface 1.1.3.0/24, cost 1, nexthop 1.1.1.2 1.1.4.0/24, cost 1, nexthop 1.1.2.2 1.1.5.0/24, cost 2, nexthop 1.1.1.2 1.1.5.0/24, cost 2, nexthop 1.1.2.2 The display shows that there are two RIP routes to network 1.1.5.0/24.

  • Page 431

    Figure 1-7 Network diagram for RIP summary route advertisement Configuration procedure Configure IP addresses for interfaces (omitted) Configure OSPF basic functions # Configure Switch A. <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.5.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit # Configure Switch B.

  • Page 432

    <SwitchD> system-view [SwitchD] rip 1 [SwitchD-rip-1] network 11.0.0.0 [SwitchD-rip-1] version 2 [SwitchD-rip-1] undo summary [SwitchD-rip-1] quit # Configure RIP to redistribute the routes from OSPF process 1 and direct routes on Switch C. [SwitchC-rip-1] import-route direct [SwitchC-rip-1] import-route ospf 1 # Display the routing table information of Switch D.

  • Page 433: Troubleshooting Rip, No Rip Updates Received, Route Oscillation Occurred

    Troubleshooting RIP No RIP Updates Received Symptom: No RIP updates are received when the links work well. Analysis: After enabling RIP, you must use the network command to enable corresponding interfaces. Make sure no interfaces are disabled from handling RIP messages. If the peer is configured to send multicast messages, the same should be configured on the local end.

  • Page 434: Table Of Contents

    Table of Contents 1 OSPF Configuration ··································································································································1-1 Introduction to OSPF·······························································································································1-1 Basic Concepts································································································································1-2 OSPF Area Partition ························································································································1-3 Classification of Routers··················································································································1-6 Classification of OSPF Networks ····································································································1-8 DR and BDR····································································································································1-8 OSPF Packet Formats·····················································································································1-9 Supported OSPF Features············································································································1-18 Protocols and Standards ···············································································································1-19 OSPF Configuration Task List ··············································································································1-19 Enabling OSPF ·····································································································································1-21 Prerequisites··································································································································1-21 Configuration Procedure················································································································1-21...

  • Page 435: Table Of Contents

    Disabling Interfaces from Sending OSPF Packets········································································1-36 Configuring Stub Routers ··············································································································1-36 Configuring OSPF Authentication ·································································································1-37 Adding the Interface MTU into DD Packets···················································································1-38 Configuring the Maximum Number of External LSAs in LSDB ·····················································1-38 Making External Route Selection Rules Defined in RFC1583 Compatible···································1-38 Logging Neighbor State Changes ·································································································1-39 Configuring OSPF Network Management ·····················································································1-39 Enabling Message Logging ···········································································································1-40...

  • Page 436: Ospf Configuration, Introduction To Ospf

    OSPF Configuration Open Shortest Path First (OSPF) is a link state interior gateway protocol developed by the OSPF working group of the Internet Engineering Task Force (IETF). At present, OSPF version 2 (RFC2328) is used. When configuring OSPF, go to these sections for information you are interested in: Introduction to OSPF OSPF Configuration Task List Enabling OSPF...

  • Page 437

    Area partition: Allows an AS to be split into different areas for ease of management and routing information transmitted between areas is summarized to reduce network bandwidth consumption. Equal-cost multi-route: Supports multiple equal-cost routes to a destination. Routing hierarchy: Supports a four-level routing hierarchy that prioritizes routes into intra-area, inter-area, external Type-1, and external Type-2 routes.

  • Page 438: Ospf Area Partition

    Router LSA: Type-1 LSA, originated by all routers, flooded throughout a single area only. This LSA describes the collected states of the router's interfaces to an area. Network LSA: Type-2 LSA, originated for broadcast and NBMA networks by the designated router, flooded throughout a single area only.

  • Page 439

    Figure 1-1 OSPF area partition After area partition, area border routers perform route summarization to reduce the number of LSAs advertised to other areas and minimize the effect of topology changes. Backbone area and virtual links Each AS has a backbone area, which is responsible for distributing routing information between none-backbone areas.

  • Page 440

    Figure 1-3 Virtual link application 2 The virtual link between the two ABRs acts as a point-to-point connection. Therefore, you can configure interface parameters such as hello packet interval on the virtual link as they are configured on physical interfaces. The two ABRs on the virtual link exchange OSPF packets with each other directly, and the OSPF routers in between simply convey these OSPF packets as normal IP packets.

  • Page 441: Classification Of Routers

    On the left of the figure, RIP routes are translated into Type-5 LSAs by the ASBR of Area 2 and distributed into the OSPF AS. However, Area 1 is an NSSA area, so these Type-5 LSAs cannot travel to Area 1. Like stub areas, virtual links cannot transit NSSA areas.

  • Page 442

    Backbone Router At least one interface of a backbone router must be attached to the backbone area. Therefore, all ABRs and internal routers in area 0 are backbone routers. Autonomous System Border Router (ASBR) The router exchanging routing information with another AS is an ASBR, which may not reside on the boundary of the AS.

  • Page 443: Classification Of Ospf Networks, Dr And Bdr

    the same destination have the same cost, then take the cost from the router to the ASBR into consideration. Classification of OSPF Networks OSPF network types OSPF classifies networks into four types upon the link layer protocol: Broadcast: When the link layer protocol is Ethernet or FDDI, OSPF considers the network type broadcast by default.

  • Page 444: Ospf Packet Formats

    If the DR fails to work, routers on the network have to elect another DR and synchronize information with the new DR. It is time-consuming and prone to routing calculation errors. The Backup Designated Router (BDR) is introduced to reduce the synchronization period. The BDR is elected along with the DR and establishes adjacencies for routing information exchange with all other routers.

  • Page 445

    Figure 1-8 OSPF packet format OSPF packet header OSPF packets are classified into five types that have the same packet header, as shown below. Figure 1-9 OSPF packet header Version: OSPF version number, which is 2 for OSPFv2. Type: OSPF packet type from 1 to 5, corresponding with hello, DD, LSR, LSU and LSAck respectively.

  • Page 446

    Figure 1-10 Hello packet format Version Packet length Router ID Area ID Checksum AuType Authentication Authentication Network mask HelloInterval Options Rtr Pri RouterDeadInterval Designated router Backup designated router Neighbor Neighbor Major fields: Network mask: Network mask associated with the router’s sending interface. If two routers have different network masks, they cannot become neighbors.

  • Page 447

    Figure 1-11 DD packet format Version Packet length Router ID Area ID Checksum AuType Authentication Authentication Interface MTU Options 0 0 0 0 0 I DD sequence number LSA header LSA header Major fields: Interface MTU: Size in bytes of the largest IP datagram that can be sent out the associated interface, without fragmentation.

  • Page 448

    Figure 1-12 LSR packet format Major fields: LS type: Type number of the LSA to be requested. Type 1 for example indicates the Router LSA. Link State ID: Determined by LSA type. Advertising Router: ID of the router that sent the LSA. LSU packet LSU (Link State Update) packets are used to send the requested LSAs to peers, and each packet carries a collection of LSAs.

  • Page 449

    Figure 1-14 LSAck packet format LSA header format All LSAs have the same header, as shown in the following figure. Figure 1-15 LSA header format Major fields: LS age: Time in seconds elapsed since the LSA was originated. A LSA ages in the LSDB (added by 1 per second), but does not in transmission.

  • Page 450

    Figure 1-16 Router LSA format LS age Options Linke state ID Advertising router LS sequence number LS checksum Length # Links Link ID Link data Type #TOS Metric TOS metric Link ID Link data Major fields: Link State ID: ID of the router that originated the LSA. V (Virtual Link): Set to 1 if the router that originated the LSA is a virtual link endpoint.

  • Page 451

    Figure 1-17 Network LSA format Major fields: Link State ID: The interface address of the DR Network mask: The mask of the network (a broadcast or NBMA network) Attached router: The IDs of the routers, which are adjacent to the DR, including the DR itself Summary LSA Network summary LSAs (Type-3 LSAs) and ASBR summary LSAs (Type-4 LSAs) are originated by ABRs.

  • Page 452

    A Type-3 LSA can be used to advertise a default route, having the Link State ID and Network Mask set to 0.0.0.0. AS external LSA An AS external LSA originates from an ASBR, describing routing information to a destination outside the AS.

  • Page 453: Supported Ospf Features

    Figure 1-20 NSSA external LSA format Supported OSPF Features Multi-process With multi-process support, multiple OSPF processes can run on a router simultaneously and independently. Routing information interactions between different processes seem like interactions between different routing protocols. Multiple OSPF processes can use the same RID. An interface of a router can only belong to a single OSPF process.

  • Page 454: Ospf Configuration Task List

    forwarding table based on the new routing information received from neighbors and removes the stale routes. OSPF supports multi-instance, which can run in VPN networks. In BGP MPLS VPN networks, multiple sites in the same VPN can use OSPF as the internal routing protocol, but they are treated as different ASs.

  • Page 455

    Complete the following tasks to configure OSPF: Task Remarks Enabling OSPF Required Configuring a Stub Area Configuring OSPF Optional Configuring an NSSA Area Areas Configuring a Virtual Link Configuring the OSPF Network Type for an Interface as Optional Broadcast Configuring OSPF Configuring the OSPF Network Type for an Interface as NBMA Optional Network Types...

  • Page 456: Enabling Ospf

    Task Remarks Configuration Prerequisites Optional Configuring a Loopback Interface Optional Configuring OSPF Sham Link Advertising Routes of a Loopback Interface Optional Creating a Sham Link Optional Configuring the OSPF GR Restarter Optional Configuring OSPF Configuring the OSPF GR Helper Optional Graceful Restart Triggering OSPF Graceful Restart Optional...

  • Page 457: Configuring Ospf Areas, Configuring A Stub Area

    To do… Use the command… Remarks Required Configure an OSPF area and area area-id enter OSPF area view Not configured by default. Optional Configure a description for description description the area Not configured by default. Specify a network to enable Required network ip-address OSPF on the interface...

  • Page 458: Configuring An Nssa Area

    To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | router-id Enter OSPF view router-id | vpn-instance — instance-name ] * Enter area view — area area-id Required Configure the area as a stub stub [ no-summary ] area Not configured by default.

  • Page 459: Configuring Ospf Network Types, Configuring A Virtual Link

    It is required to use the nssa command on all the routers attached to an NSSA area. Using the default-cost command only takes effect on the ABR/ASBR of an NSSA area. Configuring a Virtual Link Non-backbone areas exchange routing information via the backbone area. Therefore, connectivity between the backbone and non-backbone areas and within the backbone itself must be maintained.

  • Page 460: Configuring The Ospf Network Type For An Interface As Broadcast

    Prerequisites Before configuring OSPF network types, you have configured: IP addresses for interfaces, making neighboring nodes accessible with each other at network layer. OSPF basic functions. Configuring the OSPF Network Type for an Interface as Broadcast Follow these steps to configure the OSPF network type for an interface as broadcast: To do…...

  • Page 461: Configuring Ospf Route Control, Configuring The Ospf Network Type For An Interface As P2mp

    The DR priority configured with the ospf dr-priority command and the one configured with the peer command have the following differences: The former is for actual DR election. The latter is to indicate whether a neighbor has the election right or not. If you configure the DR priority for a neighbor as 0, the local router will consider the neighbor has no election right, and thus no hello packet is sent to this neighbor, reducing the number of hello packets for DR/BDR election on networks.

  • Page 462: Configuring Ospf Route Summarization

    OSPF basic functions Corresponding filters if routing information filtering is needed. Configuring OSPF Route Summarization Route summarization: An ABR or ASBR summarizes routes with the same prefix into a single route and distribute it to other areas. Through route summarization, routing information across areas and the size of routing tables on routers will be reduced, improving calculation speed of routers.

  • Page 463: Configuring Ospf Inbound Route Filtering, Configuring Abr Type-3 Lsa Filtering

    To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | router-id Enter OSPF view router-id | vpn-instance — instance-name ]* Required asbr-summary ip-address { mask Configure ASBR route The command is available on an | mask-length } [ tag tag | summarization ASBR only.

  • Page 464: Configuring An Ospf Cost For An Interface, Configuring The Maximum Number Of Ospf Routes

    To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Enter area view — area area-id Required Configure ABR Type-3 LSA filter { acl-number | ip-prefix Not configured by filtering ip-prefix-name } { import | export }...

  • Page 465: Configuring The Maximum Number Of Load-balanced Routes, Configuring A Priority For Ospf

    To do… Use the command… Remarks Enter system view system-view — ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Optional By default, the maximum number Configure the maximum-routes { external | inter | of AS external routes, inter-area maximum number of intra } number...

  • Page 466

    Configuring OSPF Route Redistribution Configure route redistribution into OSPF If the router runs OSPF and other routing protocols, you can configure OSPF to redistribute RIP, IS-IS, BGP, static, or direct routes and advertise these routes in Type-5 LSAs or Type-7 LSAs. By filtering redistributed routes, OSPF translates only routes not filtered out into Type-5 LSAs or Type-7 LSAs for advertisement.

  • Page 467: Configuring Ospf Network Optimization, Advertising A Host Route

    The default-route-advertise summary cost command is applicable only to VPN, and the default route is redistributed in a Type-3 LSA. The PE router will advertise the default route to the CE router. Configure the default parameters for redistributed routes You can configure default parameters such as the cost, upper limit, tag and type for redistributed routes. Tags are used to indicate information related to protocols.

  • Page 468: Configuring Ospf Packet Timers

    Configure OSPF authentication to meet high security requirements of some mission-critical networks. Configure OSPF network management functions, such as binding OSPF MIB with a process, sending trap information and collecting log information. Prerequisites Before configuring OSPF network optimization, you have configured: IP addresses for interfaces;...

  • Page 469: Specifying An Lsa Transmission Delay, Specifying Spf Calculation Interval

    The hello and dead intervals restore to default values after you change the network type for an interface. The dead interval should be at least four times the hello interval on an interface. The poll interval is at least four times the hello interval. The retransmission interval should not be so small for avoidance of unnecessary LSA retransmissions.

  • Page 470: Specifying The Lsa Minimum Repeat Arrival Interval, Specifying The Lsa Generation Interval

    With this task configured, when network changes are not frequent, SPF calculation applies at the minimum-interval. If network changes become frequent, SPF calculation interval is incremented by incremental-interval × 2 (n is the number of calculation times) each time a calculation occurs, up to the maximum-interval.

  • Page 471: Disabling Interfaces From Sending Ospf Packets, Configuring Stub Routers

    With this command configured, when network changes are not frequent, LSAs are generated at the minimum-interval. If network changes become frequent, LSA generation interval is incremented by incremental-interval•2n-2 (n is the number of generation times) each time a generation occurs, up to the maximum-interval.

  • Page 472: Configuring Ospf Authentication

    Follow these steps to configure a router as a stub router: To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | router-id router-id | vpn-instance Enter OSPF view — instance-name ] * Required Configure the router as a stub-router stub router Not configured by default.

  • Page 473: Adding The Interface Mtu Into Dd Packets

    Adding the Interface MTU into DD Packets Generally, when an interface sends a DD packet, it adds 0 into the Interface MTU field of the DD packet rather than the interface MTU. Follow these steps to add the interface MTU into DD packets: To do…...

  • Page 474

    To avoid routing loops, it is recommended to configure all the routers to be either compatible or incompatible with the external route selection rules defined in RFC 1583. Logging Neighbor State Changes Follow these steps to enable the logging of neighbor state changes: To do…...

  • Page 475

    Enabling Message Logging Follow these steps to enable message logging: To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Required Enable message enable log [ config | error | state ] logging Not enabled by default.

  • Page 476: Configuring Ospf Sham Link

    Follow these steps to configure the LSU transmit rate: To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Optional By default, an OSPF Configure the LSU transmit-pacing interval interval count interface sends up to three...

  • Page 477: Creating A Sham Link

    To do… Use the command… Remarks ipv4-family vpn-instance Enter BGP VPN instance view Required vpn-instance-name Inject direct routes, that is, Required import-route direct loopback host routes For BGP VPN information, refer to MCE Configuration in the IP Routing Volume. Creating a Sham Link Follow these steps to create a sham link: To do…...

  • Page 478: Configuring Ospf Graceful Restart

    Configuring OSPF Graceful Restart One device can act as both a GR Restarter and GR Helper at the same time. OSPF GR can be implemented through: IETF standard GR capable routers. The GR restarter communicates with GR helpers by exchanging Type-9 Opaque LSAs called Grace LSAs. Non IETF standard GR capable routers.

  • Page 479: Configuring The Ospf Gr Helper

    To do… Use the command… Remarks enable Required Enable the out-of-band out-of-band-resynchronizati re-synchronization capability Disabled by default Enable non IETF standard Required graceful-restart Graceful Restart capability for [ nonstandard ] Disabled by default OSPF Optional Configure Graceful Restart graceful-restart interval timer interval for OSPF 120 seconds by default Configuring the OSPF GR Helper...

  • Page 480: Displaying And Maintaining Ospf, Triggering Ospf Graceful Restart

    Triggering OSPF Graceful Restart Performing the following configuration on an OSPF router will trigger an OSPF Graceful Restart process. Follow these steps to trigger OSPF Graceful Restart: To do… Use the command… Remarks Required reset ospf [ process-id ] Trigger OSPF Graceful Restart Available in user view process graceful-restart Displaying and Maintaining OSPF...

  • Page 481: Ospf Configuration Examples, Configuring Ospf Basic Functions

    To do… Use the command… Remarks reset ospf [ process-id ] process Reset an OSPF process [ graceful-restart ] Re-enable OSPF route reset ospf [ process-id ] redistribution redistribution OSPF Configuration Examples These examples only cover commands for OSPF configuration. Configuring OSPF Basic Functions Network requirements As shown in the following figure, all switches run OSPF.

  • Page 482

    [SwitchA-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.1] quit [SwitchA-ospf-1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] area 2 [SwitchB-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.2] quit [SwitchB-ospf-1] quit # Configure Switch C <SwitchC>...

  • Page 483

    Neighbor state change count: 5 Neighbors Area 0.0.0.1 interface 10.2.1.1(Vlan-interface200)'s neighbors Router ID: 10.4.1.1 Address: 10.2.1.2 GR State: Normal State: Full Mode: Nbr is Master Priority: 1 DR: 10.2.1.1 BDR: 10.2.1.2 MTU: 0 Dead timer due in 32 Neighbor is up for 06:03:12 Authentication Sequence: [ 0 ] Neighbor state change count: 5 # Display OSPF routing information on Switch A.

  • Page 484: Configuring Ospf Route Redistribution, Network Requirements

    Network 10.2.1.1 10.2.1.1 80000010 Sum-Net 10.5.1.0 10.2.1.1 80000003 Sum-Net 10.3.1.0 10.2.1.1 1069 8000000F Sum-Net 10.1.1.0 10.2.1.1 1069 8000000F Sum-Asbr 10.3.1.1 10.2.1.1 1069 8000000F # Display OSPF routing information on Switch D. [SwitchD] display ospf routing OSPF Process 1 with Router ID 10.5.1.1 Routing Tables Routing for Network Destination...

  • Page 485

    Figure 1-22 Network diagram for OSPF redistributing routes from outside of an AS Configuration procedure Configure IP addresses for interfaces (omitted). Configure OSPF basic functions (Refer to Configuring OSPF Basic Functions). Configure OSPF to redistribute routes. # On Switch C, configure a static route destined for network 3.1.2.0/24. <SwitchC>...

  • Page 486: Configuring Ospf To Advertise A Summary Route

    10.1.1.0/24 Inter 10.3.1.1 10.3.1.1 0.0.0.2 Routing for ASEs Destination Cost Type NextHop AdvRouter 3.1.2.0/24 Type2 10.3.1.1 10.4.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 Configuring OSPF to Advertise a Summary Route Network requirements As shown in the following figure: Switch A and Switch B are in AS 200, which runs OSPF.

  • Page 487

    [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ospf [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit # Configure Switch D.

  • Page 488: Configuring An Ospf Stub Area

    [SwitchB] ospf [SwitchB-ospf-1] import-route bgp # Display the OSPF routing table of Switch A. [SwitchA] display ip routing-table Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Cost NextHop Interface 10.1.1.0/24 O_ASE 11.2.1.1 Vlan100 10.2.1.0/24 O_ASE 11.2.1.1 Vlan100 10.3.1.0/24 O_ASE 11.2.1.1...

  • Page 489

    Figure 1-24 Network diagram for OSPF Stub area configuration Switch A Switch B Area 0 Vlan-int100 10.1.1.1/24 Vlan-int100 10.1.1.2/24 Vlan-int200 Vlan-int200 10.2.1.1/24 10.3.1.1/24 Vlan-int200 Vlan-int200 Area 1 Area 2 10.3.1.2/24 10.2.1.2/24 Stub ASBR Vlan-int300 Vlan-int300 10.4.1.1/24 10.5.1.1/24 Switch C Switch D Configuration procedure Configure IP addresses for interfaces (omitted).

  • Page 490

    Destination Cost Type NextHop AdvRouter 3.1.2.0/24 Type2 10.2.1.1 10.5.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 In the above output, since Switch C resides in a normal OSPF area, its routing table contains an external route.

  • Page 491: Configuring An Ospf Nssa Area

    When Switch C resides in the Stub area, a default route takes the place of the external route. # Filter Type-3 LSAs out the stub area [SwitchA] ospf [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] stub no-summary [SwitchA-ospf-1-area-0.0.0.1] quit # Display OSPF routing information on Switch C. [SwitchC] display ospf routing OSPF Process 1 with Router ID 10.4.1.1 Routing Tables...

  • Page 492

    Figure 1-25 Network diagram for OSPF NSSA area configuration Configuration procedure Configure IP addresses for interfaces. Configure OSPF basic functions (refer to Configuring OSPF Basic Functions). Configure Area 1 as an NSSA area. # Configure Switch A. [SwitchA] ospf [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] nssa default-route-advertise no-summary [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit...

  • Page 493: Configuring Ospf Dr Election

    0.0.0.0/0 65536 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.2.1.0/24 65535 Transit 10.2.1.2 10.4.1.1 0.0.0.1 10.4.1.0/24 Stub 10.4.1.1 10.4.1.1 0.0.0.1 Total Nets: 3 Intra Area: 2 Inter Area: 1 ASE: 0 NSSA: 0 Configure Switch C to redistribute static routes. [SwitchC] ip route-static 3.1.3.1 24 11.1.1.1 [SwitchC] ospf [SwitchC-ospf-1] import-route static [SwitchC-ospf-1] quit...

  • Page 494

    Figure 1-26 Network diagram for OSPF DR election configuration Configuration procedure Configure IP addresses for interfaces (omitted) Configure OSPF basic functions # Configure Switch A. <SwitchA> system-view [SwitchA] router id 1.1.1.1 [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B.

  • Page 495

    [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit # Display OSPF neighbor information on Switch A. [SwitchA] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.1 Neighbors Area 0.0.0.0 interface 192.168.1.1(Vlan-interface1)'s neighbors Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: 2-Way Mode: None Priority: 1 DR: 192.168.1.4...

  • Page 496

    # Display neighbor information on Switch D. [SwitchD] display ospf peer verbose OSPF Process 1 with Router ID 4.4.4.4 Neighbors Area 0.0.0.0 interface 192.168.1.4(Vlan-interface1)'s neighbors Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal State: Full Mode:Nbr is Slave Priority: 100 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0...

  • Page 497

    Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal State: Full Mode: Nbr is Slave Priority: 100 DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0 Dead timer due in 39 Neighbor is up for 00:01:40 Authentication Sequence: [ 0 ] Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: 2-Way...

  • Page 498: Configuring Ospf Virtual Links

    192.168.1.2 Broadcast DROther 192.168.1.1 192.168.1.3 The interface state DROther means the interface is not the DR/BDR. Configuring OSPF Virtual Links Network requirements In the following figure, Area 2 has no direct connection to Area 0, and Area 1 acts as the Transit Area to connect Area 2 to Area 0 via a configured virtual link between Switch B and Switch C.

  • Page 499

    <SwitchC> system-view [SwitchC] ospf 1 router-id 3.3.3.3 [SwitchC-ospf-1] area 1 [SwitchC-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.1] quit [SwitchC-ospf-1] area 2 [SwitchC–ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [SwitchC–ospf-1-area-0.0.0.2] quit # Configure Switch D. <SwitchD> system-view [SwitchD] ospf 1 router-id 4.4.4.4 [SwitchD-ospf-1] area 2 [SwitchD-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.2] quit # Display the OSPF routing table of Switch B.

  • Page 500: Ospf Graceful Restart Configuration Example

    [SwitchB] display ospf routing OSPF Process 1 with Router ID 2.2.2.2 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 Transit 10.2.1.1 3.3.3.3 0.0.0.1 10.3.1.0/24 Inter 10.2.1.2 3.3.3.3 0.0.0.0 10.1.1.0/24 Transit 10.1.1.2 2.2.2.2 0.0.0.0 Total Nets: 3 Intra Area: 2 Inter Area: 1 ASE: 0...

  • Page 501

    [SwitchA-ospf-100-area-0.0.0.0] return Configure Switch B <SwitchB> system-view [SwitchB] acl number 2000 [SwitchB-acl-basic-2000] rule 10 permit source 192.1.1.1 0.0.0.0 [SwitchB-acl-basic-2000] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ip address 192.1.1.2 255.255.255.0 [SwitchB-Vlan-interface100] quit [SwitchB] router id 2.2.2.2 [SwitchB] ospf 100 [SwitchB-ospf-100] graceful-restart help 2000 [SwitchB-ospf-100] area 0 [SwitchB-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 Configure Switch C...

  • Page 502: Configuring Route Filtering

    OSPF 1 restarted OOB Progress timer for neighbor 192.1.1.2. %Oct 22 09:36:12:566 2008 RouterA RM/3/RMLOG:OSPF-NBRCHANGE: Process 1, Neighbour 192.1.1.2(Ethernet1/1) from Loading to Full OSPF 1 restarted OOB Progress timer for neighbor 192.1.1.2. OSPF 1 deleted OOB Progress timer for neighbor 192.1.1.2. OSPF 1 Gr Wait Timeout timer fired.

  • Page 503

    # On Switch C, configure a static route destined for network 3.1.2.0/24. [SwitchC] ip route-static 3.1.2.0 24 10.4.1.2 # On Switch C, configure a static route destined for network 3.1.3.0/24. [SwitchC] ip route-static 3.1.3.0 24 10.4.1.2 # On Switch C, configure OSPF to redistribute static routes. [SwitchC] ospf 1 [SwitchC-ospf-1] import-route static [SwitchC-ospf-1] quit...

  • Page 504: Troubleshooting Ospf Configuration

    10.1.1.1/32 Direct 0 127.0.0.1 InLoop0 10.2.1.0/24 Direct 0 10.2.1.1 Vlan200 10.2.1.1/32 Direct 0 127.0.0.1 InLoop0 10.3.1.0/24 OSPF 10.1.1.2 Vlan100 10.4.1.0/24 OSPF 10.2.1.2 Vlan200 10.5.1.0/24 OSPF 10.1.1.2 Vlan100 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 The route destined for network 3.1.3.0/24 is filtered out. On Switch A, filter out the route 10.5.1.1/24.

  • Page 505

    Analysis If the physical link and lower layer protocols work well, check OSPF parameters configured on interfaces. Two neighbors must have the same parameters, such as the area ID, network segment and mask (a P2P or virtual link may have different network segments and masks). Processing steps Display OSPF neighbor information using the display ospf peer command.

  • Page 506: Table Of Contents

    Table of Contents 1 IS-IS Configuration ····································································································································1-1 IS-IS Overview ········································································································································1-1 Basic Concepts································································································································1-1 IS-IS Area ········································································································································1-3 IS-IS Network Type ·························································································································1-5 IS-IS PDU Format····························································································································1-6 Supported IS-IS Features··············································································································1-12 Protocols and Standards ···············································································································1-14 IS-IS Configuration Task List ················································································································1-15 Configuring IS-IS Basic Functions ········································································································1-16 Configuration Prerequisites ···········································································································1-16 Enabling IS-IS································································································································1-16 Configuring the IS Level and Circuit Level ····················································································1-16 Configuring the Network Type of an Interface as P2P ··································································1-17...

  • Page 507: Table Of Contents

    Enabling the Logging of Neighbor State Changes················································································1-33 Enabling IS-IS SNMP Trap ···················································································································1-33 Binding an IS-IS Process with MIBs ·····································································································1-33 Displaying and Maintaining IS-IS ··········································································································1-34 IS-IS Configuration Example·················································································································1-35 IS-IS Basic Configuration ··············································································································1-35 DIS Election Configuration ············································································································1-39 Configuring IS-IS Route Redistribution ·························································································1-44 IS-IS-based Graceful Restart Configuration Example···································································1-47 IS-IS Authentication Configuration Example ·················································································1-49...

  • Page 508: Is-is Configuration, Is-is Overview

    IS-IS Configuration When configuring IS-IS, go to these sections for information you are interested in: IS-IS Overview IS-IS Configuration Task List Configuring IS-IS Basic Functions Configuring IS-IS Routing Information Control Tuning and Optimizing IS-IS Networks Configuring IS-IS Authentication Configuring System ID to Host Name Mappings Configuring IS-IS GR Enabling the Logging of Neighbor State Changes Enabling IS-IS SNMP Trap...

  • Page 509

    Routing domain (RD). A group of ISs exchanges routing information with each other using the same routing protocol in a routing domain. Area. An area is a unit in a routing domain. The IS-IS protocol allows a routing domain to be divided into multiple areas.

  • Page 510: Is-is Area

    Divide the extended IP address into 3 sections with 4 digits in each section to get the system ID 1680.1000.1001. There are other methods to define a system ID. The principle is to make sure it can uniquely identify a host or router.

  • Page 511

    The Level-1 routers in different areas can not establish neighbor relationships. The neighbor relationship establishment of Level-2 routers has nothing to do with area. Figure 1-2 shows an IS-IS network topology. Area 1 comprises a set of Level-2 routers and is the backbone.

  • Page 512: Is-is Network Type

    The IS-IS backbone does not need to be a specific Area. Both the IS-IS Level-1 and Level-2 routers use the SPF algorithm to generate the shortest path tree (SPT). Routing method A Level-1 router makes routing decisions based on the system ID. If the destination is not in the area, the packet is forwarded to the nearest Level-1-2 router.

  • Page 513: Is-is Pdu Format

    The Level-1 and Level-2 DISs are elected respectively. You can assign different priorities for different level DIS elections. The higher a router’s priority is, the more likelihood the router becomes the DIS. If there are multiple routers with the same highest DIS priority, the one with the highest SNPA (Subnetwork Point of Attachment) address (MAC address on a broadcast network) will be elected.

  • Page 514

    Figure 1-5 PDU format Common header format Figure 1-6 shows the PDU common header format. Figure 1-6 PDU common header format No. of Octets Intradomain routing protocol discriminator Length indicator Version/Protocol ID extension ID length PDU type Version Reserved Maximum area address Intradomain Routing Protocol Discriminator: Set to 0x83.

  • Page 515

    Hello Hello packets are used by routers to establish and maintain neighbor relationships. A hello packet is also called an IS-to-IS hello PDU (IIH). For broadcast networks, the Level-1 routers use the Level-1 LAN IIHs; and the Level-2 routers use the Level-2 LAN IIHs. The P2P IIHs are used on point-to-point networks.

  • Page 516

    Figure 1-8 P2P IIH format Instead of the priority and LAN ID fields in the LAN IIH, the P2P IIH has a Local Circuit ID field. LSP packet format The Link State PDUs (LSP) carry link state information. LSP involves two types: Level-1 LSP and Level-2 LSP.

  • Page 517

    PDU Length: Total length of the PDU in bytes. Remaining Lifetime: LSP remaining lifetime in seconds. LSP ID: Consists of the system ID, the pseudonode ID (one byte) and the LSP fragment number (one byte). Sequence Number: LSP sequence number. Checksum: LSP checksum.

  • Page 518

    Figure 1-11 L1/L2 CSNP format PSNP only contains the sequence numbers of one or multiple latest received LSPs. It can acknowledge multiple LSPs at one time. When LSDBs are not synchronized, a PSNP is used to request new LSPs from neighbors. Figure 1-12 shows the PSNP packet format.

  • Page 519: Supported Is-is Features

    Figure 1-13 CLV format Table 1-2 shows that different PDUs contain different CLVs. Table 1-2 CLV name and the corresponding PDU type CLV Code Name PDU Type Area Addresses IIH, LSP IS Neighbors (LSP) Partition Designated Level2 IS L2 LSP IS Neighbors (MAC Address) LAN IIH IS Neighbors (SNPA Address)

  • Page 520

    IS-IS Graceful Restart For detailed GR information, refer to GR Overview in the High Availability Volume. After an IS-IS GR Restarter restarts IS-IS, it needs to complete the following two tasks to synchronize the LSDB with its neighbors. To obtain effective IS-IS neighbor information without changing adjacencies. To obtain the LSDB contents.

  • Page 521

    A virtual system is identified by an additional system ID and generates extended LSP fragments. Original LSP It is the LSP generated by the originating system. The system ID in its LSP ID field is the system ID of the originating system. Extended LSP Extended LSPs are generated by virtual systems.

  • Page 522: Is-is Configuration Task List

    RFC 2763 - Dynamic Hostname Exchange Mechanism for IS-IS RFC 2966 - Domain-wide Prefix Distribution with Two-Level IS-IS RFC 2973 - IS-IS Mesh Groups RFC 3277 - IS-IS Transient Blackhole Avoidance RFC 3358 - Optional Checksums in ISIS RFC 3373 - Three-Way Handshake for IS-IS Point-to-Point Adjacencies RFC 3567 - Intermediate System to Intermediate System (IS-IS) Cryptographic Authentication RFC 3719 - Recommendations for Interoperable Networks using IS-IS RFC 3786 - Extending the Number of IS-IS LSP Fragments Beyond the 256 Limit...

  • Page 523: Configuring Is-is Basic Functions, Enabling Is-is, Configuring The Is Level And Circuit Level

    Task Remarks Configuring IS-IS GR Optional Enabling the Logging of Neighbor State Changes Optional Enabling IS-IS SNMP Trap Optional Binding an IS-IS Process with MIBs Optional Configuring IS-IS Basic Functions Configuration Prerequisites Before the configuration, accomplish the following tasks: Configure the link layer protocol. Configure an IP address for each interface, and make sure all neighboring nodes are reachable to each other at the network layer.

  • Page 524: Configuring The Network Type Of An Interface As P2p, Configuring Is-is Routing Information Control

    To do… Use the command… Remarks Enter system view –– system-view isis [ process-id ] Enter IS-IS view [ vpn-instance –– vpn-instance-name ] Optional is-level { level-1 | level-1-2 | Specify the IS level level-2 } The default is Level-1-2. Return to system view ––...

  • Page 525: Configuring Is-is Link Cost

    Configuring IS-IS Link Cost The IS-IS cost of an interface is determined in the following order: ISIS cost specified in interface view. ISIS cost specified in system view. The cost is applied to the interfaces associated to the IS-IS process. Automatically calculated cost: When the cost style is wide or wide-compatible, IS-IS automatically calculates the cost using the formula: interface cost= (bandwidth reference value/interface bandwidth) ×10.

  • Page 526: Specifying A Priority For Is-is, Configuring The Maximum Number Of Equal Cost Routes

    Enable automatic IS-IS cost calculation Follow these steps to enable automatic IS-IS cost calculation: To do… Use the command… Remarks Enter system view — system-view isis [ process-id ] [ vpn-instance Enter IS-IS view — vpn-instance-name ] Required Specify an IS-IS cost style cost-style { wide | wide-compatible } narrow by default Required...

  • Page 527: Configuring Is-is Route Summarization

    Configuring IS-IS Route Summarization This task is to configure a summary route, so routes falling into the network range of the summary route are summarized into one route for advertisement. Doing so can reduce the size of routing tables, as well as the scale of LSP and LSDB.

  • Page 528

    Configuring IS-IS Route Redistribution Redistribution of large numbers of routes on a device may affect the performance of other devices in the network. In that case, you can configure a limit on the number of redistributed routes to limit the number of routes to be advertised.

  • Page 529: Configuring Is-is Route Leaking

    To do… Use the command… Remarks Required filter-policy { acl-number | ip-prefix Filter routes calculated No filtering is configured ip-prefix-name | route-policy from received LSPs route-policy-name } import by default. Filtering redistributed routes IS-IS can redistribute routes from other routing protocols or other IS-IS processes, add them into the IS-IS routing table and advertise them in LSPs.

  • Page 530: Tuning And Optimizing Is-is Networks, Specifying Intervals For Sending Is-is Hello And Csnp Packets

    Tuning and Optimizing IS-IS Networks Configuration Prerequisites Before the configuration, accomplish the following tasks: Configure IP addresses for interfaces, and make adjacent nodes reachable to each other at the network layer. Enable IS-IS. Specifying Intervals for Sending IS-IS Hello and CSNP Packets Follow these steps to configure intervals for sending IS-IS hello and CSNP packets: To do…...

  • Page 531: Configuring A Dis Priority For An Interface, Disabling An Interface From Sending/receiving Is-is Packets

    On a broadcast link, Level-1 and Level-2 hello packets are advertised separately and therefore you need to set a hello multiplier for each level. On a P2P link, Level-1 and Level-2 hello packets are advertised in P2P hello packets, and you need not specify Level-1 or Level-2. Configuring a DIS Priority for an Interface On an IS-IS broadcast network, a router should be elected as the DIS at a routing level.

  • Page 532: Configuring Lsp Parameters

    To do… Use the command… Remarks Enter system view –– system-view interface interface-type Enter interface view –– interface-number Required Enable the interface to send small hello packets without Standard hello packets are sent isis small-hello CLVs by default. Configuring LSP Parameters Configuring LSP timers Specify the maximum age of LSPs Each LSP has an age that decreases in the LSDB.

  • Page 533

    Specify LSP sending intervals If a change occurs in the LSDB, IS-IS advertises the changed LSP to neighbors. You can specify the minimum interval for sending such LSPs. On a P2P link, IS-IS requires an advertised LSP be acknowledged. If no acknowledgement is received within a configurable interval, IS-IS will retransmit the LSP.

  • Page 534

    Enabling LSP flash flooding Since changed LSPs may trigger SPF recalculation, you can enable LSP flash flooding to advertise the changed LSPs before the router recalculates routes. Doing so can speed up network convergence. Follow these steps to enable LSP flash flooding: To do…...

  • Page 535: Configuring Spf Parameters

    Figure 1-14 Network diagram of a fully meshed network To avoid this, you can configure some interfaces as a mesh group or/and configure the blocked interfaces. After receiving an LSP, a member interface in a mesh group floods it out the interfaces that does not belong to the mesh group.

  • Page 536: Setting The Lsdb Overload Bit, Configuring Is-is Authentication, Configuring Neighbor Relationship Authentication

    To do… Use the command... Remarks Enter system view –– system-view isis [ process-id ] [ vpn-instance Enter IS-IS view –– vpn-instance-name ] Optional Configure the SPF timer spf maximum-interval The default SPF calculation calculation interval [ initial-interval [ second-wait-interval ] ] interval is 10 seconds.

  • Page 537: Configuring Area Authentication, Configuring Routing Domain Authentication

    Follow these steps to configure neighbor relationship authentication: To do… Use the command… Remarks Enter system view –– system-view interface interface-type Enter interface view –– interface-number Required isis authentication-mode { simple | Specify the authentication md5 } password [ level-1 | level-2 ] Not authentication is mode and password [ ip | osi ]...

  • Page 538: Configuring System Id To Host Name Mappings

    To do… Use the command… Remarks Required Specify the routing domain domain-authentication-mode No routing domain authentication mode and { simple | md5 } password [ ip | authentication is configured by password osi ] default. Configuring System ID to Host Name Mappings In IS-IS, a system ID identifies a router or host uniquely.

  • Page 539: Configuring Is-is Gr

    Follow these steps to configure dynamic system ID to host name mapping: To do… Use the command... Remarks Enter system view –– system-view isis [ process-id ] [ vpn-instance Enter IS-IS view –– vpn-instance-name ] Required Specify a host name for is-name sys-name the router No specified by default.

  • Page 540: Enabling The Logging Of Neighbor State Changes, Enabling Is-is Snmp Trap

    Enabling the Logging of Neighbor State Changes Follow these steps to enable the logging of neighbor state changes: To do… Use the command… Remarks Enter system view –– system-view isis [ process-id ] [ vpn-instance Enter IS-IS view –– vpn-instance-name ] Required Enable the logging of neighbor log-peer-change...

  • Page 541: Displaying And Maintaining Is-is

    Displaying and Maintaining IS-IS To do… Use the command… Remarks Display brief IS-IS configuration display isis brief [ process-id | vpn-instance Available in any information vpn-instance-name ] view Display the status of IS-IS display isis debug-switches { process-id | Available in any debug switches vpn-instance vpn-instance-name } view...

  • Page 542: Is-is Configuration Example, Is-is Basic Configuration

    IS-IS Configuration Example IS-IS Basic Configuration Network requirements As shown in Figure 1-15, Switch A, B, C and Switch D reside in an IS-IS AS. Switch A and B are Level-1 switches, Switch D is a Level-2 switch and Switch C is a Level-1-2 switch. Switch A, B and C are in Area 10, while Switch D is in Area 20.

  • Page 543

    [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] isis enable 1 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis enable 1 [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis enable 1 [SwitchC-Vlan-interface300] quit # Configure Switch D. <SwitchD>...

  • Page 544

    -------------------------------- Level-1 Link State Database LSPID Seq Num Checksum Holdtime Length ATT/P/OL -------------------------------------------------------------------------- 0000.0000.0001.00-00 0x00000006 0xdb60 0/0/0 0000.0000.0002.00-00* 0x00000008 0xe651 1189 0/0/0 0000.0000.0002.01-00* 0x00000005 0xd2b3 1188 0/0/0 0000.0000.0003.00-00 0x00000014 0x194a 1190 1/0/0 0000.0000.0003.01-00 0x00000002 0xabdb 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload [SwitchC] display isis lsdb Database information for ISIS(1) --------------------------------...

  • Page 545

    Level-2 Link State Database LSPID Seq Num Checksum Holdtime Length ATT/P/OL ------------------------------------------------------------------------------- 0000.0000.0003.00-00 0x00000013 0xc73d 1003 0/0/0 0000.0000.0004.00-00* 0x0000003c 0xd647 1194 0/0/0 0000.0000.0004.01-00* 0x00000002 0xec96 1007 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached