H3C S5100-SI Series Operation Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. H3C S5100-SI
  6. Operation manual

H3C S5100-SI Series Operation Manual

Hide thumbs Also See for S5100-SI Series:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
Table of Contents

Advertisement

Quick Links

See also: Installation Manual
H3C S5100-SI/EI Series Ethernet Switches
Operation Manual
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Manual Version: 20081128-C-1.04
Product Version: Release 2201

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S5100-SI Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C S5100-SI Series

Summary of Contents for H3C S5100-SI Series

  • Page 1 H3C S5100-SI/EI Series Ethernet Switches Operation Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: 20081128-C-1.04 Product Version: Release 2201...
  • Page 2 Copyright © 2007-2008, Hangzhou H3C Technologies Co., Ltd. and its licensors All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.

  • Page 3: Table Of Contents

    About This Manual Organization H3C S5100-SI/EI Series Ethernet Switches Operation Manual is organized as follows: Part Contents Introduces the characteristics and 0 Product Overview implementations of the Ethernet switch. Introduces the ways to log into an Ethernet switch 1 Login and CLI related configuration.
  • Page 4 Part Contents Introduces DHCP-Snooping, DHCP Client and the 18 DHCP related configuration. 19 ACL Introduces ACL and the related configuration. 20 QoS-QoS Profile Introduces QoS and the related configuration. 21 Mirroring Introduces mirroring and the related configuration. 22 ARP Introduces ARP and the related configuration. Introduces the related configuration for cluster 23 Stack-Cluster management by using HGMP V2.
  • Page 5 Conventions The manual uses the following conventions: I. Command conventions Convention Description Boldface The keywords of a command line are in Boldface. italic Command arguments are in italic. Items (keywords or arguments) in square brackets [ ] are optional. Alternative items are grouped in braces and separated by { x | y | ...
  • Page 6 Switches Command Manual various commands. Obtaining Documentation You can access the most up-to-date H3C product documentation on the World Wide Web at this URL: http://www.h3c.com. The following are the columns from which you can obtain different categories of product documentation: [Products &...

  • Page 7: Product Overview

    Chapter 3 Product Overview ......................3-1 3.1 Preface..........................3-1 3.2 System Features of the S5100 Series ................3-3 3.2.1 System Features of the S5100-SI Series..............3-3 3.2.2 System Features of the S5100-EI Series..............3-4 Chapter 4 Networking Applications..................... 4-1 4.1 Convergence Layer Devices....................4-1 4.2 Access Layer Devices .......................

  • Page 8: Chapter 1 Obtaining The Documentation

    Software release notes 1.1 CD-ROM H3C delivers a CD-ROM together with each device. The CD-ROM contains a complete product document set, including the operation manual, command manual. After installing the reader program provided by the CD-ROM, you can search for the desired contents in a convenient way through the reader interface.

  • Page 9: Software Release Notes

    Operation Manual – Product Overview H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Obtaining the Documentation 1.3 Software Release Notes With software upgrade, new software features may be added. You can acquire the information about the newly added software features through software release notes.

  • Page 10: Software Version

    Chapter 2 Correspondence Between Documentation and Software 2.1 Software Version H3C S5100-SI/EI Series Ethernet Switches Operation Manual-Release 2201 and H3C S5100-SI/EI Series Ethernet Switches Command Manual-Release 2201 are for the software version of Release2201 of the S5100-SI/EI series products. Compared with Release 2200, a new feature is added in Release 2201. For details,...

  • Page 11: Chapter 3 Product Overview

    H3C S5100-SI/EI Series Ethernet Switches (hereinafter referred to as S5100-SI/EI series) are Gigabit Ethernet switching products developed by H3C Technologies Co., Ltd. H3C S5100-SI/EI series provide a variety of service features and powerful QACL functions. S5100-SI/EI series are designed as convergence and access devices for intranets and metropolitan area networks (MANs), and can also be used for connecting data center server clusters.
  • Page 12 Operation Manual – Product Overview H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Product Overview Table 3-1 H3C S5100-SI/EI series 10/100/1000Base-T 1000Base- Console Series Model autosensing X SFP port port Ethernet port S5100-8P-SI S5100-16P-SI S5100-SI S5100-24P-SI S5100-48P-SI S5100-8P-EI S5100-16P-EI S5100-24P-EI S5100-48P-EI...

  • Page 13: System Features Of The S5100 Series

    Ethernet port S5100-48P-SI S5100-48P-EI S5100-50C-EI S5100-50C-PWR-EI 3.2 System Features of the S5100 Series 3.2.1 System Features of the S5100-SI Series Table 3-3 System features of the S5100-SI series Item S5100-8P-SI S5100-16P-SI S5100-24P-SI S5100-48P-SI 43.6 × 230 × 43.6 × 300 ×...

  • Page 14: System Features Of The S5100-Ei Series

    Operation Manual – Product Overview H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Product Overview 3.2.2 System Features of the S5100-EI Series Table 3-4 System features of the S5100-EI series (1) Item S5100-8P-EI S5100-16P-EI S5100-24P-EI S5100-48P-EI 43.6 × 230 × 43.6 × 300 ×...
  • Page 15 Operation Manual – Product Overview H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Product Overview Item S5100-26C-EI S5100-50C-EI 24 × 10/100/1000MBase-T 48 × 10/100/1000MBase-T autosensing Ethernet ports autosensing Ethernet ports Service ports 4 Gigabit SFP Combo ports 4 Gigabit SFP Combo ports...
  • Page 16 Operation Manual – Product Overview H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Product Overview S5100-8P S5100-16P S5100-26C-PW S5100-50C-PWR Item -PWR-EI -PWR-EI R-EI 8 × 16 × 10/100/10 10/100/100 00Base-T 24 × 0 Base-T 48 × 10/100/1000 autosensi 10/100/1000Ba autosensin Base-T...

  • Page 17: Chapter 4 Networking Applications

    Operation Manual – Product Overview H3C S5100-SI/EI Series Ethernet Switches Chapter 4 Networking Applications Chapter 4 Networking Applications S5100-SI/EI series Gigabit Ethernet switches are designed as convergence layer switches or access layer switches for enterprise networks and metropolitan area networks (MANs).

  • Page 18: Access Layer Devices

    Operation Manual – Product Overview H3C S5100-SI/EI Series Ethernet Switches Chapter 4 Networking Applications 4.2 Access Layer Devices S5100-EI series Gigabit Ethernet switches can serve as access layer switches that provide large access bandwidth and high port density. In addition, S5100-EI series also provide powerful QACL features to allow users to better design and plan their networks.

  • Page 19: Login

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Logging In to an Ethernet Switch ................1-1 1.1 Logging In to an Ethernet Switch..................1-1 1.2 Introduction to the User Interface ..................1-1 1.2.1 Supported User Interfaces ..................
  • Page 20 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Table of Contents 3.5.2 Telnetting to another Switch from the Current Switch........... 3-13 Chapter 4 Logging In Using a Modem..................4-1 4.1 Introduction ........................4-1 4.2 Configuration on the Switch Side..................4-1 4.2.1 Modem Configuration....................
  • Page 21 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Table of Contents 9.3.1 Prerequisites ......................9-4 9.3.2 Controlling Network Management Users by Source IP Addresses ......9-4 9.3.3 Configuration Example.................... 9-5 9.4 Controlling Web Users by Source IP Address..............9-6 9.4.1 Prerequisites ......................

  • Page 22: Logging In To An Ethernet Switch

    1.2.1 Supported User Interfaces Note: The auxiliary (AUX) port and the console port of an H3C low-end and mid-range Ethernet switch are the same port (referred to as console port in the following part). You will be in the AUX user interface if you log in through this port.

  • Page 23: Relationship Between A User And A User Interface

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Logging In to an Ethernet Switch AUX user interface: A view when you log in through the AUX port. AUX port is a line device port. Virtual type terminal (VTY) user interface: A view when you log in through VTY.

  • Page 24: Common User Interface Configuration

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Logging In to an Ethernet Switch A relative user interface index can be obtained by appending a number to the identifier of a user interface type. It is generated by user interface type. The relative user interface indexes are as follows: AUX user interfaces is numbered AUX0.
  • Page 25 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Logging In to an Ethernet Switch To do… Use the command… Remarks Display the information about the current user display users [ all ] interface/all user interfaces Display the physical...

  • Page 26: Chapter 2 Logging In Through The Console Port

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Logging In Through the Console Port Chapter 2 Logging In Through the Console Port Go to these sections for information you are interested in: Introduction Setting Up a Login Environment for Login Through the Console Port...
  • Page 27 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Logging In Through the Console Port Figure 2-1 Diagram for connecting to the console port of a switch If you use a PC to connect to the console port, launch a terminal emulation utility (such as Terminal in Windows 3.X or HyperTerminal in Windows 9X/Windows...
  • Page 28 Figure 2-4 Set port parameters Turn on the switch. You will be prompted to press the Enter key if the switch successfully completes POST (power-on self test). The prompt (such as <H3C>) appears after you press the Enter key, as shown in Figure 2-5.

  • Page 29: Console Port Login Configuration

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Logging In Through the Console Port 2.3 Console Port Login Configuration 2.3.1 Common Configuration Table 2-2 Common configuration of console port login Configuration Remarks Optional Baud rate The default baud rate is 9,600 bps.
  • Page 30 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Logging In Through the Console Port Caution: The change to console port configuration takes effect immediately, so the connection may be disconnected when you log in through a console port and then configure this console port.

  • Page 31: Console Port Login Configurations For Different Authentication Modes

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Logging In Through the Console Port To do… Use the command… Remarks Optional By default, the screen can Set the maximum contain up to 24 lines. screen-length number of lines the...

  • Page 32: Console Port Login Configuration With Authentication Mode Being None

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Logging In Through the Console Port Authentication Authentication related Remarks mode configuration Set the authentication mode to scheme Refer to Console Port Specify to perform local authentication Login Configuration...
  • Page 33 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Logging In Through the Console Port Commands of level 2 are available to the users logging in to the AUX user interface. The baud rate of the console port is 19,200 bps.

  • Page 34: Console Port Login Configuration With Authentication Mode Being Password

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Logging In Through the Console Port # Set the timeout time of the AUX user interface to 6 minutes. [Sysname-ui-aux0] idle-timeout 6 After the above configuration, you need to modify the configuration of the terminal...
  • Page 35 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Logging In Through the Console Port II. Network diagram GE1/0/1 Ethernet Configuration PC running Telnet Figure 2-7 Network diagram for AUX user interface configuration (with the authentication mode being password) III.

  • Page 36: Console Port Login Configuration With Authentication Mode Being Scheme

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Logging In Through the Console Port After the above configuration, you need to modify the configuration of the terminal emulation utility running on the PC accordingly in the dialog box shown in Figure 2-4 log in to the switch successfully.
  • Page 37 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Logging In Through the Console Port To do… Use the command… Remarks Enter the Optional default ISP domain domain-name By default, the local AAA domain view scheme is applied.

  • Page 38: Configuration Example

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Logging In Through the Console Port Note: For the introduction to AAA, RADIUS, and HWTACACS, refer to the AAA part of this manual. 2.7.2 Configuration Example I. Network requirements Assume the switch is configured to allow users to log in through Telnet, and the user level is set to the administrator level (level 3).
  • Page 39 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Logging In Through the Console Port [Sysname] local-user guest # Set the authentication password to 123456 (in plain text). [Sysname-luser-guest] password simple 123456 # Set the service type to Terminal, Specify commands of level 2 are available to users logging in to the AUX user interface.

  • Page 40: Chapter 3 Logging In Through Telnet

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Logging In Through Telnet Chapter 3 Logging In Through Telnet Go to these sections for information you are interested in: Introduction Telnet Configuration with Authentication Mode Being None Telnet Configuration with Authentication Mode Being Password 3.1 Introduction...

  • Page 41: Common Configuration To Control Telnet Access

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Logging In Through Telnet 3.1.1 Common Configuration to Control Telnet Access Table 3-2 Common Telnet configuration Configuration Description Optional Configure the command level available to users By default, commands of level 0 are...
  • Page 42 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Logging In Through Telnet To do… Use the command… Remarks Optional Configure the protocols to protocol inbound { all By default, both Telnet be supported by the VTY | ssh | telnet }...

  • Page 43: Telnet Configuration With Authentication Mode Being None

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Logging In Through Telnet 3.1.2 Telnet Configurations for Different Authentication Modes Table 3-3 Telnet configurations for different authentication modes Authentication Authentication related Description mode configuration Refer to Console Port...
  • Page 44 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Logging In Through Telnet To do… Use the command… Remarks Enter system view system-view — user-interface vty Enter one or more VTY first-number — user interface views [ last-number ]...

  • Page 45: Telnet Configuration With Authentication Mode Being Password

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Logging In Through Telnet [Sysname-ui-vty0] authentication-mode none # Specify commands of level 2 are available to users logging in to VTY 0. [Sysname-ui-vty0] user privilege level 2 # Configure Telnet protocol is supported.
  • Page 46 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Logging In Through Telnet 3.3.2 Configuration Example I. Network requirements Assume current user logins through the console port and the current user level is set to the administrator level (level 3). Perform the following configurations for users logging in to VTY 0 using Telnet.

  • Page 47: Telnet Configuration With Authentication Mode Being Scheme

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Logging In Through Telnet [Sysname-ui-vty0] history-command max-size 20 # Set the timeout time to 6 minutes. [Sysname-ui-vty0] idle-timeout 6 3.4 Telnet Configuration with Authentication Mode Being Scheme 3.4.1 Configuration Procedure Follow these steps to configure Telnet with the authentication mode being scheme: To do…...
  • Page 48 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Logging In Through Telnet To do… Use the command… Remarks Set the authentication password { simple | password for the local Required cipher } password user Specify the service type...

  • Page 49: Telnetting To A Switch

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Logging In Through Telnet II. Network diagram Figure 3-3 Network diagram for Telnet configuration (with the authentication mode being scheme) III. Configuration procedure # Enter system view. <Sysname> system-view # Create a local user named guest and enter local user view.
  • Page 50 XP) on the PC terminal, with the baud rate set to 9,600 bps, data bits set to 8, parity check set to none, and flow control set to none. Turn on the switch and press Enter as prompted. The prompt (such as <H3C>) appears, as shown in the following figure.
  • Page 51 VTY user interfaces of the switch are in use, you will fail to establish the connection and receive the message that says “All user interfaces are used, please try later!”. A H3C series Ethernet switch can accommodate up to five Telnet connections at same time.

  • Page 52: Telnetting To Another Switch From The Current Switch

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Logging In Through Telnet Note: A Telnet connection is terminated if you delete or modify the IP address of the VLAN interface in the Telnet session. By default, commands of level 0 are available to Telnet users authenticated by password.

  • Page 53: Configuration On The Switch Side

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 4 Logging In Using a Modem Chapter 4 Logging In Using a Modem Go to these sections for information you are interested in: Introduction Configuration on the Switch Side Modem Connection Establishment 4.1 Introduction...

  • Page 54: Switch Configuration

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 4 Logging In Using a Modem AT&K0 ----------------------- Disable flow control AT&R1 ----------------------- Ignore RTS signal AT&S0 ----------------------- Set DSR to high level by force ATEQ1&W ----------------------- Disable the Modem from returning command response and the result, save the changes You can verify your configuration by executing the AT&V command.

  • Page 55: Modem Connection Establishment

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 4 Logging In Using a Modem 4.3 Modem Connection Establishment Before using Modem to log in the switch, perform corresponding configuration for different authentication modes on the switch. Refer to...
  • Page 56 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 4 Logging In Using a Modem Figure 4-2 Create a connection Figure 4-3 Set the telephone number Figure 4-4 Call the modem...
  • Page 57 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 4 Logging In Using a Modem If the password authentication mode is specified, enter the password when prompted. If the password is correct, the prompt (such as <Sysname>) appears. You can then configure or manage the switch. You can also enter the character ? at anytime for help.

  • Page 58: Introduction To The Cli

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 5 CLI Configuration Chapter 5 CLI Configuration When configuring CLI, go to these sections for information you are interested in: Introduction to the CLI Command Hierarchy CLI Views CLI Features 5.1 Introduction to the CLI...

  • Page 59: Configuration File

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 5 CLI Configuration Based on user privilege, commands are classified into four levels, which default to: Visit level (level 0): Commands at this level are mainly used to diagnose network, and they cannot be saved in configuration file.

  • Page 60: Switching User Level

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 5 CLI Configuration Follow these steps to set the level of a command in a specific view: To do… Use the command… Remarks Enter system view system-view — Configure the level of a...
  • Page 61 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 5 CLI Configuration If no switching password is set for a specific user level, the Console user can directly switch to the level, while the Telnet users at lower levels will fail to switch to the level (they will remain at their original levels) and the information like the following will be displayed: % Password is not set.

  • Page 62: Cli Views

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 5 CLI Configuration <Sysname> super 3 Password: User privilege level is 3, and only those commands can be used whose level is equal or less than this. Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE # After configuring the switch, the general user switches back to user level 0.

  • Page 63: Management Vlan

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 5 CLI Configuration Available Prompt Quit View Enter method operation example method 1000 Mbps Execute the Ethernet port Configure interface view: Ethernet Ethernet port gigabitetherne port view [Sysname-Gig parameters t command in abitEthernet1/ system view.
  • Page 64 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 5 CLI Configuration Available Prompt Quit View Enter method operation example method Execute the SFTP Configure SFTP sftp-client> sftp command client view client parameters Execute the in system view. quit...
  • Page 65 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 5 CLI Configuration Available Prompt Quit View Enter method operation example method Define QoS profile Execute the QoS profile [Sysname-qos qos-profile Only S5100-EI view -profile-a123] command in series Ethernet system view.

  • Page 66: Cli Features

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 5 CLI Configuration Available Prompt Quit View Enter method operation example method Execute the Execute the quit vlan-vpn vid command to Configure QinQ command in return to parameters GigabitEthernet GigabitEther [Sysname-Gig port view.

  • Page 67: Terminal Display

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 5 CLI Configuration Enter a command, a space, and a question mark (?). If the question mark “?” is at a keyword position in the command, all available keywords at the position and their descriptions will be displayed on your terminal.

  • Page 68: Command History

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 5 CLI Configuration Table 5-4 Display-related operations Operation Function Stop the display output and execution of Press <Ctrl+C> the command. Press any character except <Space>, <Enter>, /, +, and - when the display Stop the display output.

  • Page 69: Command Edit

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 5 CLI Configuration 5.4.4 Error Prompts If a command passes the syntax check, it will be successfully executed; otherwise, an error message will be displayed. Table 5-5 lists the common error messages.
  • Page 70 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 5 CLI Configuration Press… To… Use the partial online help. That is, when you input an incomplete keyword and press <Tab>, if the input parameter uniquely identifies a complete keyword, the system substitutes the complete keyword for the input parameter;...

  • Page 71: Establishing An Http Connection

    Operation Manual – Login Chapter 6 Logging In Through the Web-based H3C S5100-SI/EI Series Ethernet Switches Network Management Interface Chapter 6 Logging In Through the Web-based Network Management Interface Go to these sections for information you are interested in: Introduction...

  • Page 72: Configuring The Login Banner

    Operation Manual – Login Chapter 6 Logging In Through the Web-based H3C S5100-SI/EI Series Ethernet Switches Network Management Interface # Create a Web user account, setting both the user name and the password to admin and the user level to 3.
  • Page 73 Operation Manual – Login Chapter 6 Logging In Through the Web-based H3C S5100-SI/EI Series Ethernet Switches Network Management Interface configured by the header command, a user logging in through Web directly enters the user login authentication page. Follow these steps to configure the login banner: To do…...

  • Page 74: Enabling/Disabling The Web Server

    Operation Manual – Login Chapter 6 Logging In Through the Web-based H3C S5100-SI/EI Series Ethernet Switches Network Management Interface Figure 6-4 Banner page displayed when a user logs in to the switch through Web Click <Continue> to enter user login authentication page. You will enter the main page of the Web-based network management system if the authentication succeeds.

  • Page 75: Connection Establishment Using Nms

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 7 Logging In Through NMS Chapter 7 Logging In Through NMS Go to these sections for information you are interested in: Introduction Connection Establishment Using NMS 7.1 Introduction You can also log in to a switch through a Network Management Station (NMS), and then configure and manage the switch through the agent software on the switch.

  • Page 76: Configuring Source Ip Address For Telnet Service Packets

    Operation Manual – Login Chapter 8 Configuring Source IP Address for H3C S5100-SI/EI Series Ethernet Switches Telnet Service Packets Chapter 8 Configuring Source IP Address for Telnet Service Packets Go to these sections for information you are interested in: Overview...

  • Page 77: Displaying Source Ip Address Configuration

    Operation Manual – Login Chapter 8 Configuring Source IP Address for H3C S5100-SI/EI Series Ethernet Switches Telnet Service Packets II. Configuration in system view Table 8-2 Configure a source IP address for service packets in system view Operation Command Description...

  • Page 78: Chapter 9 User Control

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 9 User Control Chapter 9 User Control Go to these sections for information you are interested in: Introduction Controlling Telnet Users Controlling Network Management Users by Source IP Addresses Controlling Web Users by Source IP Address Note: Refer to the ACL part for information about ACL.

  • Page 79: Controlling Telnet Users

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 9 User Control 9.2 Controlling Telnet Users 9.2.1 Introduction The controlling policy against Telnet users’ access to VTY user interfaces is determined by referencing ACL. For the introduction to ACL, refer to the ACL part of this manual.
  • Page 80 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 9 User Control To do… Use the command… Remarks Enter system view system-view — acl number acl-number As for the acl number Create a basic ACL or [ match-order { auto |...

  • Page 81: Controlling Network Management Users By Source Ip Addresses

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 9 User Control III. Configuration procedure # Define a basic ACL. <Sysname> system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] quit # Apply the ACL.
  • Page 82 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 9 User Control To do… Use the command… Remarks Apply the ACL while snmp-agent community { read | configuring the write } community-name [ acl SNMP community acl-number | mib-view view-name ]*...

  • Page 83: Controlling Web Users By Source Ip Address

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 9 User Control III. Configuration procedure # Define a basic ACL. <Sysname> system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] quit # Apply the ACL to only permit SNMP users sourced from the IP addresses of 10.110.100.52 to access the switch.

  • Page 84: Logging Out A Web User

    Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 9 User Control To do… Use the command… Remarks Optional Apply the ACL to ip http acl acl-number By default, no ACL is control Web users applied for Web users.
  • Page 85 Operation Manual – Login H3C S5100-SI/EI Series Ethernet Switches Chapter 9 User Control # Apply ACL 2030 to only permit the Web users sourced from the IP address of 10.110.100.52 to access the switch. [Sysname] ip http acl 2030...
  • Page 86 Operation Manual – Configuration File Management H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Configuration File Management ................. 1-1 1.1 Introduction to Configuration File..................1-1 1.2 Configuration Task List ...................... 1-2 1.2.1 Saving the Current Configuration................1-2 1.2.2 Erasing the Startup Configuration File ..............

  • Page 87: Introduction To Configuration File

    Operation Manual – Configuration File Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Configuration File Management Chapter 1 Configuration File Management When configuring configuration file management, go to these sections for information you are interested in: Introduction to Configuration File Configuration Task List 1.1 Introduction to Configuration File...

  • Page 88: Configuration Task List

    Operation Manual – Configuration File Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Configuration File Management can be used instead. This increases the safety and reliability of the file system compared with the switch that only support one configuration file. You can configure a file to have both main and backup attribute, but only one file of either main or backup attribute is allowed on a switch.
  • Page 89 Operation Manual – Configuration File Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Configuration File Management To do… Use the command… Remarks Required Save current save [ cfgfile | [ safely ] configuration [ backup | main ] ] Available in any view I.

  • Page 90: Erasing The Startup Configuration File

    Operation Manual – Configuration File Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Configuration File Management Normal attribute. When you use the save cfgfile command to save the current configuration, the configuration file you get has normal attribute if it is not an existing file.

  • Page 91: Specifying A Configuration File For Next Startup

    Operation Manual – Configuration File Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Configuration File Management 1.2.3 Specifying a Configuration File for Next Startup Use the following command to specify a configuration file for next startup: To do… Use the command…...

  • Page 92: Displaying Switch Configuration

    Operation Manual – Configuration File Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Configuration File Management 1.2.4 Displaying Switch Configuration To do… Use the command… Remarks Display the initial display saved-configuration [ unit configuration file saved in unit-id ] [ by-linenum ]...
  • Page 93 Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 VLAN Overview ......................1-1 1.1 VLAN Overview........................1-1 1.1.1 Introduction to VLAN ....................1-1 1.1.2 Advantages of VLANs ..................... 1-2 1.1.3 VLAN Fundamentals ....................1-2 1.1.4 VLAN Interface ......................

  • Page 94: Vlan Overview

    Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 VLAN Overview Chapter 1 VLAN Overview This chapter covers these topics: VLAN Overview Port-Based VLAN Protocol-Based VLAN 1.1 VLAN Overview 1.1.1 Introduction to VLAN The traditional Ethernet is a broadcast network, where all hosts are in the same broadcast domain and connected with each other through hubs or switches.

  • Page 95: Vlan Fundamentals

    Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 VLAN Overview communicate with each other directly but need the help of network layer devices, such as routers and Layer 3 switches. Figure 1-1 illustrates a VLAN implementation. Figure 1-1 A VLAN implementation 1.1.2 Advantages of VLANs...
  • Page 96 The 16-bit TPID field with a value of 0x8100 indicates that the frame is VLAN tagged. On the H3C series Ethernet switches, the default TPID is 0x8100. The 3-bit priority field indicates the 802.1p priority of the frame. Refer to the “QoS-QoS profile”...

  • Page 97: Vlan Interface

    VLAN only, and packets received in a VLAN are forwarded according to the MAC address forwarding table for the VLAN. Currently, the H3C S5100-SI/EI series Ethernet switches adopt the IVL mode only. For more information about the MAC address forwarding table, refer to the “MAC Address Forwarding Table Management”...

  • Page 98: Vlan Classification

    Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 VLAN Overview Note: An S5100-SI/EI series switch can be configured with a single VLAN interface only, and the VLAN must be the management VLAN. For details about the management VLAN, refer to the “Management VLAN Configuration”...

  • Page 99: Assigning An Ethernet Port To Specified Vlans

    Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 VLAN Overview Note: A hybrid port allows the packets of multiple VLANs to be sent untagged, but a trunk port only allows the packets of the default VLAN to be sent untagged.

  • Page 100: Protocol-Based Vlan

    Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 VLAN Overview Table 1-2 Packet processing of a trunk port Processing of an incoming packet Processing of an outgoing packet For an untagged packet For a tagged packet If the port has already...

  • Page 101: Encapsulation Format Of Ethernet Data

    Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 VLAN Overview 1.3.2 Encapsulation Format of Ethernet Data This section introduces the common encapsulation formats of Ethernet data for you to understand the procedure for the switch to identify the packet protocols.
  • Page 102 Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 VLAN Overview Currently, only IPX supports 802.3 raw encapsulation, featuring with the value of the two bytes after the length field being 0xFFFF. 802.2 Logical Link Control (LLC) encapsulation: the length field, the destination...

  • Page 103: Procedure For The Switch To Judge Packet Protocol

    Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 VLAN Overview 1.3.3 Procedure for the Switch to Judge Packet Protocol Receive Receive packets packets Invalid packets Invalid packets Ethernet II Ethernet II Type(Length) Type(Length) that cannot be that cannot be...

  • Page 104: Implementation Of Protocol-Based Vlan

    Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 VLAN Overview Table 1-4 Encapsulation formats Encapsulatio n (left) Ethernet II 802.3 raw 802.2 LLC 802.2 SNAP Protocol (down) IP (0x0800) Supported Not supported Not supported Supported IPX (0x8137)

  • Page 105: Vlan Configuration

    Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 2 VLAN Configuration Chapter 2 VLAN Configuration When configuring a VLAN, go to these sections for information you are interested in: VLAN Configuration Configuring a Port-Based VLAN Configuring a Protocol-Based VLAN 2.1 VLAN Configuration...

  • Page 106: Basic Vlan Interface Configuration

    Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 2 VLAN Configuration Caution: VLAN 1 is the system default VLAN, which needs not to be created and cannot be removed, either. The VLAN you created in the way described above is a static VLAN. On the switch, there are dynamic VLANs which are registered through GVRP.

  • Page 107: Displaying Vlan Configuration

    Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 2 VLAN Configuration To do... Use the command... Remarks Optional By default, the VLAN interface is Disable the VLAN shutdown enabled. In this case, the VLAN interface interface’s status is determined by...

  • Page 108: Configuring The Link Type Of An Ethernet Port

    Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 2 VLAN Configuration 2.2.2 Configuring the Link Type of an Ethernet Port Follow these steps to configure the link type of an Ethernet port: To do… Use the command… Remarks...

  • Page 109: Configuring The Default Vlan For A Port

    Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 2 VLAN Configuration Use the To do… Remarks command… Enter system view — system-view Required Enter VLAN view vlan vlan-id If the specified VLAN does not exist, this command creates the VLAN first.

  • Page 110: Displaying And Maintaining Port-Based Vlan

    Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 2 VLAN Configuration 2.2.5 Displaying and Maintaining Port-Based VLAN To do… Use the command… Remarks Display the hybrid or trunk display port { hybrid | Available in any view. ports trunk } 2.2.6 Port-Based VLAN Configuration Example...
  • Page 111 Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 2 VLAN Configuration [SwitchA] vlan 201 [SwitchA-vlan201] port GigabitEthernet 1/0/2 [SwitchA-vlan201] quit Configure Switch B. # Create VLAN 101, specify its descriptive string as “DMZ”, and add GigabitEthernet1/0/11 to VLAN 101.

  • Page 112: Configuring A Protocol-Based Vlan

    Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 2 VLAN Configuration 2.3 Configuring a Protocol-Based VLAN 2.3.1 Protocol-Based VLAN Configuration Task List Complete these tasks to configure protocol-based VLAN: Task Remarks Configuring a Protocol Template for a Protocol-Based VLAN...

  • Page 113: Associating A Port With A Protocol-Based Vlan

    Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 2 VLAN Configuration Caution: Because the IP protocol is closely associated with the ARP protocol, you are recommended to configure the ARP protocol type when configuring the IP protocol type and associate the two protocol types with the same port to avoid that ARP packets and IP packets are not assigned to the same VLAN, which will cause IP address resolution failure.

  • Page 114: Displaying Protocol-Based Vlan Configuration

    Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 2 VLAN Configuration To do... Use the command... Remarks Required Associate the port with port hybrid protocol-vlan By default, a port is not the specified vlan vlan-id { protocol-index associated with any...
  • Page 115 Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 2 VLAN Configuration II. Network diagram IP Server AppleTalk Server GE1/0/11 GE1/0/12 GE1/0/10 IP Host AppleTalk Host Workroom Figure 2-2 Network diagram for protocol-based VLAN configuration III. Configuration procedure # Create VLAN 100 and VLAN 200, and add GigabitEthernet1/0/11 and GigabitEthernet1/0/12 to VLAN 100 and VLAN 200 respectively.
  • Page 116 Operation Manual – VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 2 VLAN Configuration ethernetii etype 0x0806 VLAN ID: 200 VLAN Type: Protocol-based VLAN Protocol Index Protocol Type # Configure GigabitEthernet1/0/10 as a hybrid port, which removes the VLAN tag of the packets of VLAN 100 and VLAN 200 before forwarding the packets.
  • Page 117 Operation Manual – Management VLAN H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Management VLAN Configuration ................1-1 1.1 Introduction to Management VLAN..................1-1 1.1.1 Management VLAN....................1-1 1.1.2 Static Route......................1-1 1.1.3 Default Route ......................1-2 1.2 Management VLAN Configuration ..................

  • Page 118: Management Vlan

    IP address, and make sure that a route exists between the user and the switch. As for an H3C series Layer 2 Ethernet switch, only the management VLAN interface can be assigned an IP address.

  • Page 119: Default Route

    Operation Manual – Management VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Management VLAN Configuration 1.1.3 Default Route The switch uses the default route when it fails to find a matching entry in the routing table: If the destination address of a packet fails to match any entry in the routing table, the switch uses the default route;...
  • Page 120 Operation Manual – Management VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Management VLAN Configuration Operation Command Remarks ip route-static ip-address { mask | mask-length } { interface-type Configure a static interface-number | next-hop } Optional route [ preference preference-value ]...
  • Page 121 Operation Manual – Management VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Management VLAN Configuration II. Network diagram Figure 1-1 Network diagram for management VLAN configuration III. Configuration procedure Note: Perform the following configurations after the current user logs in to Switch A through the Console port.

  • Page 122: Displaying And Maintaining Management Vlan Configuration

    Operation Manual – Management VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Management VLAN Configuration 1.3 Displaying and Maintaining management VLAN configuration Table 1-2 Displaying and Maintaining management VLAN configuration Operation Command Remarks Display the IP-related information about a display ip interface [ brief ]...

  • Page 123: Voice Vlan

    Operation Manual – Voice VLAN H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Voice VLAN Configuration..................1-1 1.1 Voice VLAN Overview ....................... 1-1 1.1.1 How an IP Phone Works ..................1-1 1.1.2 How S5100-EI Series Switches Identify Voice Traffic..........1-3 1.1.3 Setting the Voice Traffic Transmission Priority ............

  • Page 124: Voice Vlan Overview

    Operation Manual – Voice VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Voice VLAN Configuration Chapter 1 Voice VLAN Configuration Note: The contents of this chapter are only applicable to the S5100-EI series among S5100-SI/EI series switches. When configuring voice VLAN, go to these sections for information you are interested...
  • Page 125 Operation Manual – Voice VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Voice VLAN Configuration When an IP phone applies for an IP address from a DHCP server, the IP phone can also apply for the following extensive information from the DHCP server through the...

  • Page 126: How S5100-Ei Series Switches Identify Voice Traffic

    Operation Manual – Voice VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Voice VLAN Configuration Note: In cases where an IP phone obtains an IP address from a DHCP server that does not support Option 184, the IP phone directly communicates through the gateway after it obtains an IP address.

  • Page 127: Setting The Voice Traffic Transmission Priority

    Operation Manual – Voice VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Voice VLAN Configuration Note: An OUI address is a globally unique identifier assigned to a vendor by IEEE. You can determine which vendor a device belongs to according to the OUI address which forms the first 24 bits of a MAC address.

  • Page 128: Support For Voice Vlan On Various Ports

    Operation Manual – Voice VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Voice VLAN Configuration be removed from the voice VLAN. In voice VLAN assignment automatic mode, ports can not be added to or removed from a voice VLAN manually.
  • Page 129 Operation Manual – Voice VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Voice VLAN Configuration Table 1-2 Matching relationship between port types and voice devices capable of acquiring IP address and voice VLAN automatically Voice VLAN Voice Port assignment traffic...

  • Page 130: Voice Vlan Configuration

    Operation Manual – Voice VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Voice VLAN Configuration IP phones acquiring IP address and voice VLAN through manual configuration can forward only tagged traffic, so the matching relationship is relatively simple, as shown in...

  • Page 131: Configuring The Voice Vlan To Operate In Automatic Voice Vlan Assignment Mode

    Operation Manual – Voice VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Voice VLAN Configuration 1.2.2 Configuring the Voice VLAN to Operate in Automatic Voice VLAN Assignment Mode Follow these steps to configure a voice VLAN to operate in automatic voice VLAN assignment mode: To do…...

  • Page 132: Configuring The Voice Vlan To Operate In Manual Voice Vlan Assignment Mode

    Operation Manual – Voice VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Voice VLAN Configuration Caution: A port working in automatic voice VLAN assignment mode cannot be assigned to the voice VLAN manually. Therefore, if a VLAN is configured as the voice VLAN and a protocol-based VLAN at the same time, the protocol-based VLAN function cannot be bound with the port.
  • Page 133 Operation Manual – Voice VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Voice VLAN Configuration To do… Use the command… Remarks Enable the voice VLAN function voice vlan vlan-id Required globally enable interface interface-type Enter port view Required interface-number Required...

  • Page 134: Displaying And Maintaining Voice Vlan

    VLAN does not operate in security mode. The voice VLAN legacy feature realizes the communication between H3C device and other vendor's voice device by automatically adding the voice VLAN tag to the voice data coming from other vendors’...

  • Page 135: Voice Vlan Configuration Example (Automatic Mode)

    Operation Manual – Voice VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Voice VLAN Configuration 1.4 Voice VLAN Configuration Example 1.4.1 Voice VLAN Configuration Example (Automatic Mode) I. Network requirements Create a voice VLAN and configure it to operate in automatic mode to enable the port to which an IP phone is connected to join or exit the voice VLAN automatically and voice traffic to be transmitted within the voice VLAN.

  • Page 136: Voice Vlan Configuration Example (Manual Mode)

    Operation Manual – Voice VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Voice VLAN Configuration [DeviceA] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000 description test # Enable the voice VLAN function globally. [DeviceA] voice vlan 2 enable # Configure the vocie VLAN to operate in automatic mode on GigabitEthernet 1/0/1.
  • Page 137 Operation Manual – Voice VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Voice VLAN Configuration II. Network diagram Device A Device B Internet VLAN 2 GE1/0/1 VLAN 2 010-1001 OUI:0011-2200-0000 Mask:ffff-ff00-0000 Figure 1-3 Network diagram for voice VLAN configuration (manual mode) III.
  • Page 138 Operation Manual – Voice VLAN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Voice VLAN Configuration IV. Verification # Display the OUI addresses, the corresponding OUI address masks and the corresponding description strings that the system supports. <DeviceA> display voice vlan oui...

  • Page 139: Gvrp

    Operation Manual – GVRP H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 GVRP Configuration ....................1-1 1.1 Introduction to GVRP......................1-1 1.1.1 GARP ........................1-1 1.1.2 GVRP ........................1-4 1.1.3 Protocol Specifications.................... 1-5 1.2 GVRP Configuration ......................1-5 1.2.1 GVRP Configuration Tasks ..................

  • Page 140: Chapter 1 Gvrp Configuration

    Operation Manual – GVRP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 GVRP Configuration Chapter 1 GVRP Configuration When configuring GVRP, go to these sections for information you are interested in: Introduction to GVRP GVRP Configuration Displaying and Maintaining GVRP GVRP Configuration Example 1.1 Introduction to GVRP...
  • Page 141 Operation Manual – GVRP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 GVRP Configuration Once a GARP entity is launched, the LeaveAll timer is triggered at the same time. The GARP entity sends out LeaveAll messages after the timer times out. LeaveAll messages deregister all the attributes, through which the attribute information of the entity can be registered again on the other GARP entities.
  • Page 142 Operation Manual – GVRP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 GVRP Configuration II. Operating mechanism of GARP Through the mechanism of GARP, the configuration information on a GARP member will be propagated within the whole LAN. A GARP member can be a terminal workstation or a bridge;...
  • Page 143 Operation Manual – GVRP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 GVRP Configuration Field Description Value It contains multiple Attribute List — attributes. Each general attribute consists of three parts: Attribute Length, Attribute Event, and Attribute Value. Attribute — Each LeaveAll attribute...

  • Page 144: Protocol Specifications

    Operation Manual – GVRP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 GVRP Configuration Normal. A port in this mode can dynamically register/deregister VLANs and propagate dynamic/static VLAN information. Fixed. A port in this mode cannot register/deregister VLANs dynamically. It only propagates static VLAN information.

  • Page 145: Configuring Gvrp Timers

    Operation Manual – GVRP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 GVRP Configuration To do ... Use the command ... Remarks Required Enable GVRP on the port gvrp By default, GVRP is disabled on the port. Note: After you enable GVRP on a trunk port, you cannot change the port to a different type.

  • Page 146: Configuring Gvrp Port Registration Mode

    Operation Manual – GVRP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 GVRP Configuration Table 1-2 Relations between the timers Timer Lower threshold Upper threshold This upper threshold is less than or equal to one-half of the timeout Hold 10 centiseconds time of the Join timer.

  • Page 147: Displaying And Maintaining Gvrp

    Operation Manual – GVRP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 GVRP Configuration 1.3 Displaying and Maintaining GVRP To do … Use the command … Remarks display garp statistics Display GARP statistics [ interface interface-list ] Display the settings of the...
  • Page 148 Operation Manual – GVRP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 GVRP Configuration <SwitchA> system-view [SwitchA] gvrp # Configure GigabitEthernet1/0/1 to be a trunk port and to permit the packets of all the VLANs. [SwitchA] interface GigabitEthernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] port link-type trunk [SwitchA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet1/0/1.
  • Page 149 Operation Manual – GVRP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 GVRP Configuration [SwitchD] vlan 8 [SwitchD-vlan8] quit Configure Switch E # Enable GVRP on Switch E, which is similar to that of Switch A and is thus omitted. # Create VLAN 5 and VLAN 7.
  • Page 150 Operation Manual – GVRP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 GVRP Configuration [SwitchB] display vlan dynamic Total 3 dynamic VLAN exist(s). The following dynamic VLANs exist: 5, 7, 8, # Display the VLAN information dynamically registered on Switch E.

  • Page 151: Port Basic Configuration

    Operation Manual – Port Basic Configuration H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Port Basic Configuration .................... 1-1 1.1 Ethernet Port Configuration ....................1-1 1.1.1 Combo Port Configuration..................1-1 1.1.2 Initially Configuring a Port ..................1-2 1.1.3 Configuring Port Auto-Negotiation Speed...............

  • Page 152: Ethernet Port Configuration

    Operation Manual – Port Basic Configuration H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Basic Configuration Chapter 1 Port Basic Configuration 1.1 Ethernet Port Configuration 1.1.1 Combo Port Configuration A Combo port can operate as either an optical port or an electrical port. Inside the device there is only one forwarding interface.

  • Page 153: Initially Configuring A Port

    Operation Manual – Port Basic Configuration H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Basic Configuration To do… Use the command… Remarks Optional By default, of the two Enable a specified double ports in a Combo undo shutdown Combo port...

  • Page 154: Configuring Port Auto-Negotiation Speed

    Operation Manual – Port Basic Configuration H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Basic Configuration To do... Use the command... Remarks Optional By default, the maximum frame size allowed on an Ethernet is Set the maximum 9,216 bytes. To set the...

  • Page 155: Limiting Traffic On Individual Ports

    Operation Manual – Port Basic Configuration H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Basic Configuration Note: Only ports on the front panel of the device support the auto-negotiation speed configuration feature. And ports on the extended interface card do not support this feature currently.

  • Page 156: Duplicating The Configuration Of A Port To Other Ports

    Operation Manual – Port Basic Configuration H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Basic Configuration The peer switch will stop sending packets to the local switch or reduce the sending rate temporarily when it receives the message; and vice versa. By this way, packet loss is avoided and the network service operates normally.

  • Page 157: Configuring Loopback Detection For An Ethernet Port

    Operation Manual – Port Basic Configuration H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Basic Configuration 1.1.7 Configuring Loopback Detection for an Ethernet Port Loopback detection is used to monitor if loopback occurs on a switch port. After you enable loopback detection on Ethernet ports, the switch can monitor if external loopback occurs on them.

  • Page 158: Link Aggregation

    Operation Manual – Port Basic Configuration H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Basic Configuration Caution: To enable loopback detection on a specific port, you must use the loopback-detection enable command in both system view and the specific port view.

  • Page 159: Configuring The Interval To Perform Statistical Analysis On Port Traffic

    Operation Manual – Port Basic Configuration H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Basic Configuration Some ports do not support loopback test, and corresponding prompts will be given when you perform loopback test on them. 1.1.9 Enabling the System to Test Connected Cable You can enable the system to test the cable connected to a specific port.

  • Page 160: Disabling Up/Down Log Output On A Port

    Operation Manual – Port Basic Configuration H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Basic Configuration To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter Ethernet port view — interface-number Optional Set the interval to perform...

  • Page 161: Configuring A Port Group

    Operation Manual – Port Basic Configuration H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Basic Configuration <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] shutdown %Apr 5 07:25:37:634 2000 Sysname L2INF/5/PORT LINK STATUS CHANGE:- 1 -...

  • Page 162: Displaying And Maintaining Basic Port Configuration

    Operation Manual – Port Basic Configuration H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Basic Configuration 1.1.13 Displaying and Maintaining Basic Port Configuration To do... Use the command... Remarks display interface [ interface-type Display port configuration | interface-type information interface-number ]...
  • Page 163 Operation Manual – Link Aggregation H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Link Aggregation Configuration ................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to Link Aggregation ................1-1 1.1.2 Introduction to LACP ....................1-1 1.1.3 Consistency Considerations for the Ports in Aggregation ........

  • Page 164: Introduction To Link Aggregation

    Operation Manual – Link Aggregation H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Link Aggregation Configuration Chapter 1 Link Aggregation Configuration When configuring link aggregation, go to these sections for information you are interested in: Overview Link Aggregation Classification Aggregation Group Categories...

  • Page 165: Link Aggregation Classification

    Operation Manual – Link Aggregation H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Link Aggregation Configuration 1.1.3 Consistency Considerations for the Ports in Aggregation To participate in traffic sharing, member ports in an aggregation group must use the same configurations with respect to STP, QoS, GVRP, QinQ, BPDU tunnel, VLAN, port attributes, MAC address learning, and so on as shown in the following table.

  • Page 166: Manual Aggregation Group

    Operation Manual – Link Aggregation H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Link Aggregation Configuration 1.2.1 Manual Aggregation Group I. Introduction to manual aggregation group A manual aggregation group is manually created. All its member ports are manually added and can be manually removed (it inhibits the system from automatically adding/removing ports to/from it).

  • Page 167: Dynamic Lacp Aggregation Group

    Operation Manual – Link Aggregation H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Link Aggregation Configuration contain at least one port. When a static aggregation group contains only one port, you cannot remove the port unless you remove the whole aggregation group.
  • Page 168 Operation Manual – Link Aggregation H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Link Aggregation Configuration Besides multiple-port aggregation groups, the system is also able to create single-port aggregation groups, each of which contains only one port. LACP is enabled on the member ports of dynamic aggregation groups.

  • Page 169: Aggregation Group Categories

    Operation Manual – Link Aggregation H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Link Aggregation Configuration 1.3 Aggregation Group Categories Depending on whether or not load sharing is implemented, aggregation groups can be load-sharing or non-load-sharing aggregation groups. When load sharing is...

  • Page 170: Link Aggregation Configuration

    Operation Manual – Link Aggregation H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Link Aggregation Configuration 1.4 Link Aggregation Configuration Caution: The commands of link aggregation cannot be configured with the commands of port loopback detection feature at the same time.

  • Page 171: Configuring A Static Lacp Aggregation Group

    Operation Manual – Link Aggregation H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Link Aggregation Configuration Follow these steps to configure a manual aggregation group: To do… Use the command… Remarks Enter system view system-view — Create a manual link-aggregation group agg-id...

  • Page 172: Configuring A Dynamic Lacp Aggregation Group

    Operation Manual – Link Aggregation H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Link Aggregation Configuration To do… Use the command… Remarks Enter system view system-view — Create a static link-aggregation group Required aggregation group agg-id mode static interface interface-type Enter Ethernet port view —...

  • Page 173: Configuring A Description For An Aggregation Group

    Operation Manual – Link Aggregation H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Link Aggregation Configuration To do… Use the command… Remarks interface interface-type Enter Ethernet port view — interface-number Required Enable LACP on the port lacp enable By default, LACP is disabled on a port.

  • Page 174: Displaying And Maintaining Link Aggregation Configuration

    Operation Manual – Link Aggregation H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Link Aggregation Configuration 1.5 Displaying and Maintaining Link Aggregation Configuration To do… Use the command… Remarks Display summary display link-aggregation information of all summary aggregation groups Display detailed...
  • Page 175 Operation Manual – Link Aggregation H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Link Aggregation Configuration III. Configuration procedure Note: The following only lists the configuration on Switch A; you must perform the similar configuration on Switch B to implement link aggregation.
  • Page 176 Operation Manual – Link Aggregation H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Link Aggregation Configuration [Sysname-GigabitEthernet1/0/1] quit [Sysname] interface GigabitEthernet 1/0/2 [Sysname-GigabitEthernet1/0/2] lacp enable [Sysname-GigabitEthernet1/0/2] quit [Sysname] interface GigabitEthernet1/0/3 [Sysname-GigabitEthernet1/0/3] lacp enable Caution: The three LACP-enabled ports can be aggregated into one dynamic aggregation group to implement load sharing only when they have the same basic configuration (such as rate, duplex mode, and so on).

  • Page 177: Port Isolation

    Operation Manual – Port Isolation H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Port Isolation Configuration ..................1-1 1.1 Port Isolation Overview...................... 1-1 1.2 Port Isolation Configuration ....................1-1 1.3 Displaying and Maintaining Port Isolation Configuration ........... 1-2...

  • Page 178: Port Isolation Overview

    Operation Manual – Port Isolation H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Isolation Configuration Chapter 1 Port Isolation Configuration When configuring port isolation, go to these sections for information you are interested Port Isolation Overview Port Isolation Configuration Displaying and Maintaining Port Isolation Configuration Port Isolation Configuration Example 1.1 Port Isolation Overview...

  • Page 179: Port Isolation Configuration Example

    Operation Manual – Port Isolation H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Isolation Configuration Note: When a member port of an aggregation group joins/leaves an isolation group, the other ports in the same aggregation group will join/leave the isolation group at the same time.
  • Page 180 Operation Manual – Port Isolation H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Isolation Configuration II. Network diagram Figure 1-1 Network diagram for port isolation configuration III. Configuration procedure # Add GigabitEthernet1/0/2, GigabitEthernet1/0/3, and GigabitEthernet1/0/4 to the isolation group. <Sysname> system-view System View: return to User View with Ctrl+Z.

  • Page 181: Port Security-Port Binding

    Operation Manual – Port Security-Port Binding H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Port Security Configuration..................1-1 1.1 Port Security Overview ...................... 1-1 1.1.1 Introduction......................1-1 1.1.2 Port Security Features .................... 1-1 1.1.3 Port Security Modes....................1-2 1.2 Port Security Configuration Task List ................

  • Page 182: Port Security Overview

    Operation Manual – Port Security-Port Binding H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Security Configuration Chapter 1 Port Security Configuration When configuring port security, go to these sections for information you are interested Port Security Overview Port Security Configuration Task List...

  • Page 183: Port Security Modes

    Operation Manual – Port Security-Port Binding H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Security Configuration Trap feature: When special data packets (generated from illegal intrusion, abnormal login/logout or other special activities) are passing through the switch port, Trap feature enables the switch to send Trap messages to help the network administrator monitor special activities.
  • Page 184 Operation Manual – Port Security-Port Binding H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Security Configuration Security mode Description Feature MAC-based 802.1x authentication is performed on the access user. The port is enabled only after the authentication succeeds. When the...
  • Page 185 Operation Manual – Port Security-Port Binding H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Security Configuration Security mode Description Feature This mode is similar to the macAddressOrU macAddressOrUserLoginSecure serLoginSecure mode, except that there can be more than one 802.1x-authenticated user on the port.

  • Page 186: Port Security Configuration Task List

    Operation Manual – Port Security-Port Binding H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Security Configuration 1.2 Port Security Configuration Task List Complete the following tasks to configure port security: Task Remarks Enabling Port Security Required Setting the Maximum Number of MAC Addresses...

  • Page 187: Setting The Maximum Number Of Mac Addresses Allowed On A Port

    Operation Manual – Port Security-Port Binding H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Security Configuration Caution: Enabling port security resets the following configurations on the ports to the defaults (shown in parentheses below): 802.1x (disabled), port access control method (macbased), and port access control...

  • Page 188: Setting The Port Security Mode

    Operation Manual – Port Security-Port Binding H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Security Configuration 1.2.3 Setting the Port Security Mode Follow these steps to set the port security mode: To do... Use the command... Remarks Enter system view system-view —...

  • Page 189: Configuring Port Security Features

    Operation Manual – Port Security-Port Binding H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Security Configuration Note: Before setting the port security mode to autolearn, you need to set the maximum number of MAC addresses allowed on the port with the port-security max-mac-count command.
  • Page 190 Operation Manual – Port Security-Port Binding H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Security Configuration II. Configuring intrusion protection Follow these steps to configure the intrusion protection feature: To do... Use the command... Remarks Enter system view system-view —...

  • Page 191: Ignoring The Authorization Information From The Radius Server

    Operation Manual – Port Security-Port Binding H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Security Configuration III. Configuring the Trap feature Follow these steps to configure port security trapping: To do... Use the command... Remarks Enter system view system-view —...

  • Page 192: Displaying And Maintaining Port Security Configuration

    Operation Manual – Port Security-Port Binding H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Security Configuration If the amount of security MAC addresses has not yet reach the maximum number, the port will learn new MAC addresses and turn them to security MAC addresses;...

  • Page 193: Port Security Configuration Example

    Operation Manual – Port Security-Port Binding H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Security Configuration 1.4 Port Security Configuration Example 1.4.1 Port Security Configuration Example I. Network requirements Implement access user restrictions through the following configuration on GigabitEthernet 1/0/1 of the switch.
  • Page 194 Operation Manual – Port Security-Port Binding H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Security Configuration [Switch-GigabitEthernet1/0/1] port-security intrusion-mode disableport-temporarily [Switch-GigabitEthernet1/0/1] quit [Switch] port-security timer disableport 30 1-13...

  • Page 195: Port Binding Overview

    Operation Manual – Port Security-Port Binding H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Security Configuration Chapter 2 Port Binding Configuration When configuring port binding, go to these sections for information you are interested Port Binding Overview Displaying and Maintaining Port Binding Configuration Port Binding Configuration Example 2.1 Port Binding Overview...

  • Page 196: Displaying And Maintaining Port Binding Configuration

    Operation Manual – Port Security-Port Binding H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Security Configuration 2.2 Displaying and Maintaining Port Binding Configuration To do... Use the command... Remarks Display port display am user-bind [ interface Available in any binding...
  • Page 197 Operation Manual – Port Security-Port Binding H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Port Security Configuration [SwitchA-GigabitEthernet1/0/1] am user-bind mac-addr 0001-0002-0003 ip-addr 10.12.1.1...

  • Page 198: Dldp

    Operation Manual – DLDP H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 DLDP Configuration ....................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction......................1-1 1.1.2 DLDP Fundamentals....................1-2 1.2 DLDP Configuration......................1-7 1.2.1 Performing Basic DLDP Configuration..............1-7 1.2.2 Resetting DLDP State .....................

  • Page 199: Chapter 1 Dldp Configuration

    Operation Manual – DLDP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DLDP Configuration Chapter 1 DLDP Configuration When configuring DLDP, go to these sections for information you are interested in: Overview DLDP Configuration DLDP Configuration Example 1.1 Overview 1.1.1 Introduction A special kind of links, namely, unidirectional links, may occur in a network.

  • Page 200: Dldp Fundamentals

    Operation Manual – DLDP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DLDP Configuration SwitchA GE1/0/50 GE1/0/51 GE1/0/50 GE1/0/51 SwitchB Host Figure 1-2 Fiber broken or not connected DLDP provides the following features: As a link layer protocol, it works together with the physical layer protocols to monitor the link status of a device.
  • Page 201 Operation Manual – DLDP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DLDP Configuration Table 1-1 DLDP status Status Description Initial Initial status before DLDP is enabled. Inactive DLDP is enabled but the corresponding link is down This state indicates that: Active DLDP is enabled and the link is up.
  • Page 202 Operation Manual – DLDP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DLDP Configuration Timer Description When a new neighbor joins, a neighbor entry is created and the corresponding entry aging timer is enabled When an advertisement packet is received from a...
  • Page 203 Operation Manual – DLDP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DLDP Configuration Table 1-3 DLDP operating mode and neighbor entry aging DLDP detects The entry aging The enhanced whether timer is enabled timer is enabled DLDP operating neighbors exist...
  • Page 204 Operation Manual – DLDP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DLDP Configuration Table 1-5 Process received DLDP packets Packet type Processing procedure If this neighbor entry does not exist on the local device, DLDP creates the neighbor entry, Extracts...

  • Page 205: Dldp Configuration

    Operation Manual – DLDP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DLDP Configuration V. DLDP neighbor state A DLDP neighbor can be in one of these two states: two way and unknown. You can check the state of a DLDP neighbor by using the display dldp command.

  • Page 206: Resetting Dldp State

    Operation Manual – DLDP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DLDP Configuration To do … Use the command … Remarks Optional. dldp work-mode By default, Set the DLDP operating mode { enhance | normal } DLDP works in normal mode.

  • Page 207: Displaying And Maintaining Dldp

    Operation Manual – DLDP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DLDP Configuration Note: This function is only applicable to ports that are in DLDP down state. Follow these steps to reset DLDP state: To do … Use the command …...
  • Page 208 Operation Manual – DLDP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DLDP Configuration II. Network diagram Figure 1-3 Network diagram for DLDP configuration III. Configuration procedure Configure Switch A # Configure the ports to work in mandatory full duplex mode at a rate of 1,000 Mbps.
  • Page 209 Operation Manual – DLDP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DLDP Configuration Note: When two switches are connected through fibers in a crossed way, two or three ports may be in the disable state, and the rest in the inactive state.

  • Page 210: Mac Address Table

    Operation Manual – MAC Address Table Management H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 MAC Address Table Management................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to MAC Address Table ................ 1-1 1.1.2 Introduction to MAC Address Learning ..............1-1 1.1.3 Managing MAC Address Table ................

  • Page 211: Introduction To Mac Address Table

    Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table H3C S5100-SI/EI Series Ethernet Switches Management Chapter 1 MAC Address Table Management Note: This chapter describes the management of static, dynamic, and blackhole MAC address entries. For information about the management of multicast MAC address entries, refer to the part related to multicast protocol.
  • Page 212 Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table H3C S5100-SI/EI Series Ethernet Switches Management Generally, the majority of MAC address entries are created and maintained through MAC address learning. The following describes the MAC address learning process of a...
  • Page 213 Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table H3C S5100-SI/EI Series Ethernet Switches Management Because the switch broadcasts the packet, both User B and User C can receive the packet. However, User C is not the destination device of the packet, and therefore does not process the packet.

  • Page 214: Managing Mac Address Table

    Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table H3C S5100-SI/EI Series Ethernet Switches Management Note: Under some special circumstances, for example, User B is unreachable or User B receives the packet but does not respond to it, the switch cannot learn the MAC address of User B.

  • Page 215: Configuring Mac Address Table Management

    Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table H3C S5100-SI/EI Series Ethernet Switches Management Table 1-1 Characteristics of different types of MAC address entries Reserved or not MAC address Configuration at reboot (if the Aging time...
  • Page 216 Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table H3C S5100-SI/EI Series Ethernet Switches Management I. Adding a MAC address entry in system view Table 1-3 Add a MAC address entry in system view Operation Command Description...

  • Page 217: Setting The Aging Time Of Mac Address Entries

    Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table H3C S5100-SI/EI Series Ethernet Switches Management 1.2.3 Setting the Aging Time of MAC Address Entries Setting aging time properly helps effective utilization of MAC address aging. The aging time that is too long or too short affects the performance of the switch.

  • Page 218: Disabling Mac Address Learning For A Vlan

    Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table H3C S5100-SI/EI Series Ethernet Switches Management Table 1-6 Set the maximum number of MAC addresses a port can learn Operation Command Description Enter system view system-view — interface interface-type Enter Ethernet port view —...

  • Page 219: Displaying Mac Address Table Information

    Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table H3C S5100-SI/EI Series Ethernet Switches Management 1.3 Displaying MAC Address Table Information To verify your configuration, you can display information about the MAC address table by executing the display command in any view.

  • Page 220: Mstp

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 MSTP Configuration ....................1-1 1.1 STP Overview ........................1-1 1.2 MSTP Overview ....................... 1-11 1.2.1 Background of MSTP .................... 1-11 1.2.2 Basic MSTP Terminologies................... 1-12 1.2.3 Principle of MSTP....................
  • Page 221 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Table of Contents 1.6 Configuring Guard Functions................... 1-42 1.6.1 Introduction......................1-42 1.6.2 Configuration Prerequisites................... 1-44 1.6.3 Configuring BPDU Guard..................1-44 1.6.4 Configuring Root Guard ..................1-45 1.6.5 Configuring Loop Guard..................1-46 1.6.6 Configuring TC-BPDU Attack Guard..............

  • Page 222: Stp Overview

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Chapter 1 MSTP Configuration Go to these sections for information you are interested in: MSTP Overview Configuring Root Bridge Configuring Leaf Nodes Performing mCheck Operation Configuring Guard Functions...
  • Page 223 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Topology change notification (TCN) BPDUs, used to notify concerned devices of network topology changes, if any. III. Basic concepts in STP Root bridge A tree network must have a root; hence the concept of root bridge has been introduced in STP.
  • Page 224 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Figure 1-1 A schematic diagram of designated bridges and designated ports Note: All the ports on the root bridge are designated ports. Path cost Path cost is a value used for measuring link capacity. By comparing the path costs of different links, STP selects the most robust links and blocks the other links to prune the network into a tree.
  • Page 225 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Forward delay, forward delay of the port. Note: For the convenience of description, the description and examples below involve only four parts of a configuration BPDU: Root bridge ID (in the form of device priority)
  • Page 226 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Note: Principle for configuration BPDU comparison: The configuration BPDU that has the lowest root bridge ID has the highest priority. If all configuration BPDUs have the same root bridge ID, they will be compared for their root path costs.
  • Page 227 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Step Description The device compares the calculated configuration BPDU with the configuration BPDU on the port whose role is to be determined, and acts as follows based on the comparison result:...
  • Page 228 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Table 1-4 Initial state of each device Device Port name BPDU of port {0, 0, 0, AP1} Device A {0, 0, 0, AP2} {1, 0, 1, BP1}...
  • Page 229 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration BPDU of port after Device Comparison process comparison Port BP1 receives the configuration BPDU of Device A {0, 0, 0, AP1}. Device B finds that the received configuration BPDU is superior to the...
  • Page 230 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration BPDU of port after Device Comparison process comparison Next, port CP2 receives the updated configuration BPDU of Device B {0, 5, 1, BP2}. Because the CP1: {0, 0, 0,...
  • Page 231 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Note: To facilitate description, the spanning tree calculation process in this example is simplified, while the actual process is more complicated. The BPDU forwarding mechanism in STP...

  • Page 232: Mstp Overview

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Hello time, the interval for sending hello packets. Hello packets are used to check link state. A switch sends hello packets to its neighboring devices at a regular interval (the hello time) to check whether the links are faulty.

  • Page 233: Basic Mstp Terminologies

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration II. Features of MSTP The multiple spanning tree protocol (MSTP) overcomes the shortcomings of STP and RSTP. In addition to support for rapid network convergence, it also allows data flows of different VLANs to be forwarded along their own paths, thus providing a better load sharing mechanism for redundant links.
  • Page 234 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration I. MST region multiple spanning tree region (MST region) comprises multiple physically-interconnected MSTP-enabled switches and the corresponding network segments connected to these switches. These switches have the same region name, the same VLAN-to-MSTI mapping configuration and the same MSTP revision level.
  • Page 235 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration VI. CIST A CIST is the spanning tree in a switched network that connects all switches in the network. It comprises the ISTs and the CST. Figure 1-4, the ISTs in the MST regions and the CST connecting the MST regions form the CIST.
  • Page 236 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration switch C form a loop. Port 3 and port 4 on switch D connect downstream to other MST regions. This figure shows the roles these ports play.

  • Page 237: Principle Of Mstp

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Table 1-6 Combinations of port states and port roles Port role Region Root/master Designated Alternate Backup Boundary port port port port port Port state √ √ √...
  • Page 238 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Configuration BPDUs are compared as follows: For MSTP, CIST configuration information is generally expressed as follows: (Root bridge ID, External path cost,Master bridge ID, Internal path cost, Designated...

  • Page 239: Mstp Implementation On Switches

    MSTP is compatible with both STP and RSTP. That is, MSTP-enabled switches can recognize the protocol packets of STP and RSTP and use them for spanning tree calculation. In addition to the basic MSTP functions, H3C series switches also provide the following functions for users to manage their switches.

  • Page 240: Configuring An Mst Region

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Task Remarks Configuring the MSTP Operation Mode Optional Configuring the Maximum Hop Count Optional of an MST Region Optional Configuring the Network Diameter of the Switched Network The default value is recommended.
  • Page 241 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration To do... Use the command... Remarks Required Configure the name of the The default MST region region-name name MST region name of a switch is its MAC address.

  • Page 242: Specifying The Current Switch As A Root Bridge/Secondary Root Bridge

    (a 802.1s-defined protocol selector, which is 0 by default and cannot be configured), MST region name, VLAN-to-MSTI mapping table, and revision level. The H3C series support only the MST region name, VLAN-to-MSTI mapping table, and revision level. Switches with the settings of these parameters being the same are assigned to the same MST region.
  • Page 243 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration To do... Use the command... Remarks Enter system view system-view — stp [ instance instance-id ] root Specify the current switch primary [ bridge-diameter as the root bridge of a...

  • Page 244: Configuring The Bridge Priority Of The Current Switch

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Note: You can configure a switch as the root bridges of multiple MSTIs. But you cannot configure two or more root bridges for one MSTI. So, do not configure root bridges for the same MSTI on two or more switches using the stp root primary command.
  • Page 245 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Caution: Once you specify a switch as the root bridge or a secondary root bridge by using the stp root primary or stp root secondary command, the bridge priority of the switch cannot be configured any more.
  • Page 246 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration If packets in legacy format are received, the port turns to discarding state to prevent network storm. I. Configuration procedure Follow these steps to configure how a port recognizes and sends MSTP packets (in system view): To do...

  • Page 247: Configuring The Maximum Hop Count Of An Mst Region

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration 1.3.6 Configuring the MSTP Operation Mode To make an MSTP-enabled switch compatible with STP/RSTP, MSTP provides the following three operation modes: STP-compatible mode, where the ports of a switch send STP BPDUs to neighboring devices.

  • Page 248: Configuring The Network Diameter Of The Switched Network

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration participating in spanning tree calculation, and thus limits the size of an MST region. With such a mechanism, the maximum hop count configured on the switch operating as the root bridge of the CIST or an MSTI in an MST region becomes the network diameter of the spanning tree, which limits the size of the spanning tree in the current MST region.

  • Page 249: Configuring The Mstp Time-Related Parameters

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration The network diameter parameter indicates the size of a network. The bigger the network diameter is, the larger the network size is. After you configure the network diameter of a switched network, an MSTP-enabled switch adjusts its hello time, forward delay, and max age settings accordingly to better values.

  • Page 250: Configuring The Timeout Time Factor

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Caution: The forward delay parameter and the network diameter are correlated. Normally, a large network diameter corresponds to a large forward delay. A too small forward delay parameter may result in temporary redundant paths. And a too large forward delay parameter may cause a network unable to resume the normal state in time after changes occurred to the network.
  • Page 251 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration by the hello time parameter to check for link failures. Normally, a switch regards its upstream switch faulty if the former does not receive any BPDU from the latter in a period three times of the hello time and then initiates the spanning tree recalculation process.

  • Page 252: Configuring The Current Port As An Edge Port

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration To do... Use the command... Remarks Enter system view system-view — Required Configure the stp interface maximum interface-list The maximum transmitting rate of transmitting rate for transmit-limit...
  • Page 253 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration port changes from the blocking state to the forwarding state, it does not have to wait for a delay. You can configure a port as an edge port in one of the following two ways.

  • Page 254: Specifying Whether The Link Connected To A Port Is Point-To-Point Link

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration <Sysname> system-view [Sysname] stp interface GigabitEthernet 1/0/1 edged-port enable Configure GigabitEthernet 1/0/1 as an edge port in Ethernet port view <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] stp edged-port enable 1.3.13 Specifying Whether the Link Connected to a Port Is Point-to-point...

  • Page 255: Enabling Mstp

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Note: If you configure the link connected to a port in an aggregation group as a point-to-point link, the configuration will be synchronized to the rest ports in the same aggregation group.

  • Page 256: Configuring Leaf Nodes

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Follow these steps to enable MSTP in Ethernet port view: To do... Use the command... Remarks Enter system view system-view — Required Enable MSTP stp enable MSTP is disabled by default.

  • Page 257: Configuring The Mst Region

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Task Remarks Configuring an MST Region Required Configuring How a Port Recognizes and Optional Sends MSTP Packets Configuring the Timeout Time Factor Optional Optional Configuring the Maximum Transmitting Rate on the Current Port The default value is recommended.

  • Page 258: Configuring A Port As An Edge Port

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration 1.4.6 Configuring a Port as an Edge Port Refer to Configuring the Current Port as an Edge Port. 1.4.7 Configuring the Path Cost for a Port The path cost parameter reflects the rate of the link connected to the port. For a port on an MSTP-enabled switch, the path cost may be different in different MSTIs.
  • Page 259 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Operation mode Latency Rate 802.1D-1998 IEEE 802.1t (half-/full-duplex) standard Half-duplex/Full-duplex 200,000 Aggregated link 2 ports 100,000 100 Mbps Aggregated link 3 ports 66,666 Aggregated link 4 ports...
  • Page 260 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Follow these steps to configure the path cost for a port in Ethernet port view: To do... Use the command... Remarks Enter system view System-view — interface interface-type Enter Ethernet port view —...

  • Page 261: Configuring Port Priority

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration 1.4.8 Configuring Port Priority Port priority is an important criterion on determining the root port. In the same condition, the port with the smallest port priority value becomes the root port.

  • Page 262: Performing Mcheck Operation

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration <Sysname> system-view [Sysname] stp interface GigabitEthernet 1/0/1 instance 1 port priority 16 Perform this configuration in Ethernet port view <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] stp instance 1 port priority 16 1.4.9 Specifying Whether the Link Connected to a Port Is a Point-to-point...

  • Page 263: Configuring Guard Functions

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration To do... Use the command... Remarks Enter system view system-view — Perform the mCheck stp [ interface Required operation interface-list ] mcheck II. Perform the mCheck operation in Ethernet port view Follow these steps to perform the mCheck operation in Ethernet port view: To do...
  • Page 264 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Normally, no configuration BPDU will reach edge ports. But malicious users can attack a network by sending configuration BPDUs deliberately to edge ports to cause network jitter. You can prevent this type of attacks by utilizing the BPDU guard function. With this function enabled on a switch, the switch shuts down the edge ports that receive configuration BPDUs and then reports these cases to the administrator.

  • Page 265: Configuration Prerequisites

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration IV. TC-BPDU attack guard Normally, a switch removes its MAC address table and ARP entries upon receiving TC-BPDUs. If a malicious user sends a large amount of TC-BPDUs to a switch in a...

  • Page 266: Configuring Root Guard

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration To do... Use the command... Remarks Enter system view system-view — Required Enable the BPDU guard stp bpdu-protection The BPDU guard function function is disabled by default.

  • Page 267: Configuring Loop Guard

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] stp root-protection 1.6.5 Configuring Loop Guard I. Configuration procedure Follow these steps to configure loop guard: To do... Use the command... Remarks...

  • Page 268: Configuring Bpdu Dropping

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration III. Configuration example # Enable the TC-BPDU attack guard function <Sysname> system-view [Sysname] stp tc-protection enable # Set the maximum times for the switch to remove the MAC address table and ARP entries within 10 seconds to 5.

  • Page 269: Configuring Digest Snooping

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration the same MST region-related configuration as its own but adopts a proprietary spanning tree protocol, you can enable digest snooping on the port. Then the S5100 Ethernet switch regards another manufacturer's switch as in the same region; it records the configuration digests carried in the BPDUs received from another manufacturer's switch, and put them in the BPDUs to be sent to the another manufacturer's switch.

  • Page 270: Configuring Rapid Transition

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration To do... Use the command... Remarks Display the current display Available in any view configuration current-configuration Note: When the digest snooping feature is enabled on a port, the port state turns to the discarding state.
  • Page 271 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration For RSTP, the upstream switch does not send agreement packets to the downstream switch. Figure 1-6 Figure 1-7 illustrate the rapid transition mechanisms on designated ports in RSTP and MSTP.

  • Page 272: Configuring Rapid Transition

    H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration switch of this kind operating as the upstream switch connects with a H3C series switch running MSTP, the upstream designated port fails to change its state rapidly. The rapid transition feature is developed to resolve this problem. When a H3C series...

  • Page 273: Configuring Vlan-Vpn Tunnel

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration To do... Use the command... Remarks Enter system view system-view — Required stp interface Enable the rapid transition interface-type By default, the rapid feature interface-number transition feature is no-agreement-check disabled on a port.

  • Page 274: Configuring Vlan-Vpn Tunnel

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration Service provider network Packet input/output Packet input/output device device Network Customer networks Network A Network B Figure 1-9 VLAN-VPN tunnel network hierarchy 1.9.2 Configuring VLAN-VPN tunnel Follow these steps to configure VLAN-VPN tunnel: To do...

  • Page 275: Stp Maintenance Configuration

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration 1.10 STP Maintenance Configuration 1.10.1 Introduction In a large-scale network with MSTP enabled, there may be many MSTP instances, and so the status of a port may change frequently. In this case, maintenance personnel may expect that log/trap information is output to the log host when particular ports fail, so that they can check the status changes of those ports through alarm information.

  • Page 276: Displaying And Maintaining Mstp

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration The stp instance instance-id dot1d-trap enable command enables both newroot and topology-change trap functions for the specified spanning tree instance at the same time. I. Configuration procedure Follow these steps to enable trap messages conforming to 802.1d standard:...

  • Page 277: Mstp Configuration Example

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration 1.13 MSTP Configuration Example I. Network requirements Implement MSTP in the network shown in Figure 1-10 to enable packets of different VLANs to be forwarded along different MSTIs. The detailed configurations are as follows: All switches in the network belong to the same MST region.
  • Page 278 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration [Sysname-mst-region] region-name example [Sysname-mst-region] instance 1 vlan 10 [Sysname-mst-region] instance 3 vlan 30 [Sysname-mst-region] instance 4 vlan 40 [Sysname-mst-region] revision-level 0 # Activate the settings of the MST region manually.

  • Page 279: Vlan-Vpn Tunnel Configuration Example

    Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration [Sysname] stp instance 4 root primary Configure Switch D # Enter MST region view. <Sysname> system-view [Sysname] stp region-configuration # Configure the MST region. [Sysname-mst-region] region-name example...
  • Page 280 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration # Enable MSTP. <Sysname> system-view [Sysname] stp enable # Add Ethernet 1/0/1 to VLAN 10. [Sysname] vlan 10 [Sysname-Vlan10] port Ethernet 1/0/1 Configure Switch B # Enable MSTP.
  • Page 281 Operation Manual – MSTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 MSTP Configuration # Enable the VLAN-VPN tunnel function. [Sysname] vlan-vpn tunnel # Add GigabitEthernet 1/0/2 to VLAN 10. [Sysname] vlan 10 [Sysname-Vlan10] port GigabitEthernet 1/0/2 # Disable STP on GigabitEthernet 1/0/2 and then enable the VLAN VPN function on it.
  • Page 282 Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 802.1x Configuration ....................1-1 1.1 Introduction to 802.1x ......................1-1 1.1.1 Architecture of 802.1x Authentication ..............1-1 1.1.2 The Mechanism of an 802.1x Authentication System..........1-3 1.1.3 Encapsulation of EAPoL Messages ................
  • Page 283 Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Table of Contents 3.4 Displaying and Maintaining HABP Configuration .............. 3-2 Chapter 4 System-Guard Configuration ..................4-1 4.1 System-Guard Overview....................4-1 4.2 Configuring the System-Guard Feature................4-1 4.2.1 Configuring the System-Guard Feature ..............4-1...

  • Page 284: Chapter 1 802.1X Configuration

    Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration Chapter 1 802.1x Configuration When configuring 802.1x, go to these sections for information you are interested in: Introduction to 802.1x Introduction to 802.1x Configuration Basic 802.1x Configuration...
  • Page 285 The authenticator system is another entity residing at one end of a LAN segment. It authenticates the connected supplicant systems. The authenticator system is usually an 802.1x-supported network device (such as a H3C series switch). It provides the port (physical or logical) for the supplicant system to access the LAN.

  • Page 286: The Mechanism Of An 802.1X Authentication System

    By default, a controlled port is a unidirectional port. IV. The way a port is controlled A port of a H3C series switch can be controlled in the following two ways. Port-based authentication. When a port is controlled in this way, all the supplicant systems connected to the port can access the network without being authenticated after one supplicant system among them passes the authentication.

  • Page 287: Encapsulation Of Eapol Messages

    Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration EAP protocol packets transmitted between the authenticator system PAE and the RADIUS server can either be encapsulated as EAP over RADIUS (EAPoR) packets or be terminated at system PAEs. The system PAEs then communicate with RADIUS servers through Password Authentication Protocol (PAP) or Challenge-Handshake Authentication Protocol (CHAP) packets.
  • Page 288 Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration 04: Indicates that the packet is an EAPoL-encapsulated-ASF-Alert packet, which is used to support the alerting messages of Alerting Standards Forum (ASF). The Length field indicates the size of the Packet body field. A value of 0 indicates that the Packet Body field does not exist.

  • Page 289: Authentication Procedure

    Figure 1-7 The format of an Message-authenticator field 1.1.4 802.1x Authentication Procedure A H3C S5100-SI/EI series Ethernet switch can authenticate supplicant systems in EAP terminating mode or EAP relay mode. I. EAP relay mode This mode is defined in 802.1x. In this mode, EAP packets are encapsulated in higher level protocol (such as EAPoR) packets to enable them to successfully reach the authentication server.
  • Page 290 Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration two newly-added fields: the EAP-message field (with a value of 79) and the Message-authenticator field (with a value of 80). Four authentication ways, namely EAP-MD5, EAP-TLS (transport layer security), EAP-TTLS (tunneled transport layer security), and Protected Extensible Authentication Protocol (PEAP), are available in the EAP relay mode.
  • Page 291 Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration EAPOL EAPOR Authenticator system RADUIS Supplicant system server EAPOL - Start EAP- Request / Identity RADIUS Access - Request EAP- Response / Identity (EAP- Response / Identity)
  • Page 292 Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration Upon receiving the key (encapsulated in an EAP-request/MD5 challenge packet) from the switch, the client program encrypts the password of the supplicant system with the key and sends the encrypted password (contained in an EAP-response/MD5 challenge packet) to the RADIUS server through the switch.

  • Page 293: Timers Used In 802.1X

    Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration Supplicant RADIUS EAPOL Authenticator system RADIUS server system PAE EAPOL- Start EAP- Request /Identity EAP- Response/Identity EAP- Request/ MD5 Challenge EAP- Response/MD5 Challenge RADIUS Access-Request...

  • Page 294: Implementation On An S5100-Si/Ei Series Switch

    Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration attempts is reached. Quiet-period timer (quiet-period). This timer sets the quiet-period. When a supplicant system fails to pass the authentication, the switch quiets for the set period (set by the quiet-period timer) before it processes another authentication request re-initiated by the supplicant system.
  • Page 295 Chapter 1 802.1x Configuration Note: H3C's CAMS Server is a service management system used to manage networks and to secure networks and user information. With the cooperation of other networking devices (such as switches) in the network, a CAMS server can implement the AAA functions and rights management.
  • Page 296 Note: The 802.1x client version-checking function needs the support of H3C’s 802.1x client program. III. The guest VLAN function The guest VLAN function enables supplicant systems that are not authenticated to access network resources in a restrained way.
  • Page 297 Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration to the user. To connect to the switch again, the user needs to initiate 802.1x authentication with the client software again. Note: When re-authenticating a user, a switch goes through the complete authentication process.

  • Page 298: Introduction To 802.1X Configuration

    Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration Note: 802.1x re-authentication will fail if a CAMS server is used and configured to perform authentication but not accounting. This is because a CAMS server establishes a user session after it begins to perform accounting.

  • Page 299: Basic 802.1X Configuration

    Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration 1.3 Basic 802.1x Configuration 1.3.1 Configuration Prerequisites Configure ISP domain and the AAA scheme to be adopted. You can specify a RADIUS scheme or a local scheme.
  • Page 300 Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration To do… Use the command… Remarks dot1x port-method In system { macbased | view portbased } [ interface Optional interface-list ] Set port The default port access...

  • Page 301: Mac Address

    With the support of the H3C proprietary client, handshake packets are used to test whether or not a user is online. As clients that are not of H3C do not support the online user handshaking function, switches cannot receive handshake acknowledgement packets from them in handshaking periods.

  • Page 302: Advanced 802.1X Configuration

    Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration To do… Use the command... Remarks Optional By default, the maximum retry times to send a Set the maximum retry request packet is 2. That...

  • Page 303: Configuring Proxy Checking

    { logoff | trap } quit Note: The proxy checking function needs the cooperation of H3C's 802.1x client (iNode) program. The proxy checking function depends on the online user handshaking function. To enable the proxy detecting function, you need to enable the online user handshaking function first.

  • Page 304: Configuring Client Version Checking

    Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration 1.4.2 Configuring Client Version Checking Follow these steps to configure client version checking: To do... Use the command... Remarks Enter system view system-view —...

  • Page 305: Configuring Guest Vlan

    Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration Follow these steps to enable DHCP-triggered authentication: To do... Use the command... Remarks Enter system view system-view — Required Enable DHCP-triggered By default, dot1x dhcp-launch...

  • Page 306: Configuring 802.1X Re-Authentication

    Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration 1.4.5 Configuring 802.1x Re-Authentication Follow these steps to enable 802.1x re-authentication: To do... Use the command... Remarks Enter system view system-view — In system...

  • Page 307: Displaying And Maintaining 802.1X Configuration

    Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration The following introduces how to configure the 802.1x re-authentication timer on the switch. Follow these steps to configure the re-authentication interval: To do... Use the command...
  • Page 308 Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration switch and the accounting RADIUS servers to exchange message is “money”. The switch sends another packet to the RADIUS servers again if it sends a packet to the RADIUS server and does not receive response for 5 seconds, with the maximum number of retries of 5.
  • Page 309 Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration # Create a RADIUS scheme named “radius1” and enter RADIUS scheme view. [Sysname] radius scheme radius1 # Assign IP addresses to the primary authentication and accounting RADIUS servers.
  • Page 310 Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 1 802.1x Configuration [Sysname] domain default enable aabbcc.net # Create a local access user account. [Sysname] local-user localuser [Sysname-luser-localuser] service-type lan-access [Sysname-luser-localuser] password simple localpass 1-27...

  • Page 311: Chapter 2 Quick Ead Deployment Configuration

    In real applications, however, deploying EAD clients proves to be time consuming and inconvenient. To address the issue, the H3C S5100-SI/EI series provides the forcible deployment of EAD clients with 802.1x authentication, easing the work of EAD client deployment.

  • Page 312: Configuring Quick Ead Deployment

    Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Quick EAD Deployment Configuration II. HTTP redirection In the HTTP redirection approach, when the terminal users that have not passed 802.1x authentication access the Internet through Internet Explorer, they are redirected to a predefined URL for EAD client download.
  • Page 313 Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Quick EAD Deployment Configuration Caution: You must configure the URL for HTTP redirection before configuring a free IP range. A URL must start with http:// and the segment where the URL resides must be in the free IP range.

  • Page 314: Displaying And Maintaining Quick Ead Deployment

    Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Quick EAD Deployment Configuration 2.2.3 Displaying and Maintaining Quick EAD Deployment To do... Use the command... Remarks Display configuration display dot1x [ sessions information about quick...

  • Page 315: Troubleshooting

    Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Quick EAD Deployment Configuration III. Configuration procedure Note: Before enabling quick EAD deployment, be sure that: The Web server is configured properly. The default gateway of the user’s PC is configured as the IP address of the connected VLAN interface on the switch.
  • Page 316 Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Quick EAD Deployment Configuration Check that you have configured an IP address in the free IP range for the Web server and a correct URL for redirection, and that the server provides Web...

  • Page 317: Chapter 3 Habp Configuration

    Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 3 HABP Configuration Chapter 3 HABP Configuration When configuring HABP, go to these sections for information you are interested in: Introduction to HABP HABP Server Configuration HABP Client Configuration Displaying and Maintaining HABP Configuration 3.1 Introduction to HABP...

  • Page 318: Habp Client Configuration

    Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 3 HABP Configuration To do... Use the command... Remarks Required By default, a switch operates as Configure the an HABP client after you enable current switch to HABP on the switch.

  • Page 319: Chapter 4 System-Guard Configuration

    Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 4 System-Guard Configuration Chapter 4 System-Guard Configuration 4.1 System-Guard Overview At first, you must determine whether the CPU is under attack to implement system guard for the CPU.

  • Page 320: Displaying And Maintaining System-Guard

    Operation Manual – 802.1x and System Guard H3C S5100-SI/EI Series Ethernet Switches Chapter 4 System-Guard Configuration 4.3 Displaying and Maintaining System-Guard After the above configuration, execute the display command in any view to display the running status of the system-guard feature, and to verify the configuration.
  • Page 321 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 AAA Overview ......................1-1 1.1 Introduction to AAA ......................1-1 1.1.1 Authentication......................1-1 1.1.2 Authorization ......................1-1 1.1.3 Accounting....................... 1-2 1.1.4 Introduction to ISP Domain ..................1-2 1.2 Introduction to AAA Services .....................
  • Page 322 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Table of Contents 2.3.7 Configuring the Timers Regarding TACACS Servers ........... 2-30 2.4 Displaying and Maintaining AAA Configuration ............... 2-32 2.4.1 Displaying and Maintaining AAA Configuration ............ 2-32 2.4.2 Displaying and Maintaining RADIUS Protocol Configuration........ 2-32 2.4.3 Displaying and Maintaining HWTACACS Protocol Configuration......

  • Page 323: Chapter 1 Aaa Overview

    Remote authentication: Users are authenticated remotely through RADIUS or HWTACACS protocol. This device (for example, a H3C series switch) acts as the client to communicate with the RADIUS or TACACS server. You can use standard or extended RADIUS protocols in conjunction with such systems as iTELLIN/CAMS for user authentication.

  • Page 324: Accounting

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 1 AAA Overview RADIUS authorization: Users are authorized after they pass RADIUS authentication. In RADIUS protocol, authentication and authorization are combined together, and authorization cannot be performed alone without authentication.
  • Page 325 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 1 AAA Overview Server: RADIUS Server runs on a computer or workstation at the center. It stores and maintains user authentication information and network service access information. Client: RADIUS Client runs on network access servers throughout the network.
  • Page 326 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 1 AAA Overview Figure 1-2 Basic message exchange procedure of RADIUS The basic message exchange procedure of RADIUS is as follows: The user enters the username and password. The RADIUS client receives the username and password, and then sends an authentication request (Access-Request) to the RADIUS server.
  • Page 327 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 1 AAA Overview adopts the following mechanisms: timer management, retransmission, and backup server. Figure 1-3 depicts the format of RADIUS messages. Figure 1-3 RADIUS message format The Code field (one byte) decides the type of RADIUS message, as shown in Table 1-1.
  • Page 328 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 1 AAA Overview Code Message type Message description Direction: client->server. The client transmits this message to the server to request the server to start or end the accounting (whether to start or to end the...
  • Page 329 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 1 AAA Overview Type field Type field Attribute type Attribute type value value CHAP-Password Class NAS-IP-Address Vendor-Specific NAS-Port Session-Timeout Service-Type Idle-Timeout Framed-Protocol Termination-Action Framed-IP-Address Called-Station-Id Framed-IP-Netmask Calling-Station-Id Framed-Routing NAS-Identifier Filter-ID...

  • Page 330: Introduction To Hwtacacs

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 1 AAA Overview Type Length Vendor-ID Vendor-ID Type (specified) Length (specified) Specified attribute value…… …… Figure 1-4 Vendor-specific attribute format 1.2.2 Introduction to HWTACACS I. What is HWTACACS Huawei Terminal Access Controller Access Control System (HWTACACS) is an enhanced security protocol based on TACACS (RFC 1492).
  • Page 331 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 1 AAA Overview HWTACACS server HWTACACS client Host HWTACACS server Figure 1-5 Network diagram for a typical HWTACACS application II. Basic message exchange procedure in HWTACACS The following text takes telnet user as an example to describe how HWTACACS implements authentication, authorization, and accounting for a user.
  • Page 332 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 1 AAA Overview Figure 1-6 AAA implementation procedure for a telnet user The basic message exchange procedure is as follows: A user sends a login request to the switch acting as a TACACS client, which then sends an authentication start request to the TACACS server.
  • Page 333 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 1 AAA Overview After receiving the password, the TACACS client sends an authentication continuance message carrying the password to the TACACS server. The TACACS server returns an authentication response, indicating that the user has passed the authentication.

  • Page 334: Chapter 2 Aaa Configuration

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration Chapter 2 AAA Configuration 2.1 AAA Configuration Task List You need to configure AAA to provide network access services for legal users while protecting network devices and preventing unauthorized access and repudiation behavior.

  • Page 335: Creating An Isp Domain And Configuring Its Attributes

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration Task Remarks Creating an ISP Domain and Required Configuring Its Attributes Configuring separate AAA schemes Required Required With separate AAA schemes, you can specify authentication, authorization and accounting schemes Configuring an AAA Scheme for an respectively.
  • Page 336 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration To do… Use the command… Remarks Optional By default, an ISP domain Set the status of the ISP is in the active state, that state { active | block }...

  • Page 337: Configuring An Aaa Scheme For An Isp Domain

    Note: H3C's CAMS Server is a service management system used to manage networks and ensure network and user information security. With the cooperation of other networking devices (such as switches) in a network, a CAMS server can implement the AAA functions and right management.
  • Page 338 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration Caution: You can execute the scheme radius-scheme radius-scheme-name command to adopt an already configured RADIUS scheme to implement all the three AAA functions. If you adopt the local scheme, only the authentication and authorization functions are implemented, the accounting function cannot be implemented.
  • Page 339 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration To do… Use the command… Remarks Enter system view system-view — Create an ISP domain and enter its view, or enter domain isp-name Required the view of an existing ISP...

  • Page 340: Configuring Dynamic Vlan Assignment

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration If you configure no separate scheme, the combined scheme is used for authentication, authorization, and accounting. In this case, if the system uses the secondary local scheme for authentication, it also does so for authorization and accounting;...

  • Page 341: Configuring The Attributes Of A Local User

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration To do… Use the command… Remarks This operation is required if Set a VLAN name for the VLAN assignment mode name string VLAN assignment is set to string.
  • Page 342 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration To do… Use the command… Remarks Optional By default, the user is in Set the status of the local state { active | block } active state, that is, the...

  • Page 343: Cutting Down User Connections Forcibly

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration Caution: The following characters are not allowed in the user-name string: /:*?<>. And you cannot input more than one “@” in the string. After the local-user password-display-mode cipher-force command is executed, any password will be displayed in cipher mode even though you specify to display a user password in plain text by using the password command.

  • Page 344: Radius Configuration Task List

    2.2 RADIUS Configuration Task List H3C’s Ethernet switches can function not only as RADIUS clients but also as local RADIUS servers. Complete the following tasks to configure RADIUS (the switch functions as a RADIUS...

  • Page 345: Ip Address And

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration Complete the following tasks to configure RADIUS (the switch functions as a local RADIUS server): Task Remarks Creating a RADIUS Scheme Required Configuring RADIUS Required Authentication/Authorization Servers...

  • Page 346: Creating A Radius Scheme

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration Note: Actually, the RADIUS service configuration only defines the parameters for information exchange between switch and RADIUS server. To make these parameters take effect, you must reference the RADIUS scheme configured with these parameters in an ISP domain view (refer to Configuration).

  • Page 347: Configuring Radius Accounting Servers

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration To do… Use the command… Remarks Required Set the IP address and By default, the IP address port number of the and UDP port number of primary authentication...
  • Page 348 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration To do… Use the command… Remarks Optional Set the IP address By default, the IP address and and port number of secondary UDP port number of the...

  • Page 349: Configuring Shared Keys For Radius Messages

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration Note: In an actual network environment, you can specify one server as both the primary and secondary accounting servers, as well as specifying two RADIUS servers as the primary and secondary accounting servers respectively.

  • Page 350: Configuring The Maximum Number Of Radius Request Transmission Attempts

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration To do… Use the command… Remarks Required Set a shared key for RADIUS accounting key accounting string By default, no shared key messages is created. Caution: The authentication/authorization shared key and the accounting shared key you set on the switch must be respectively consistent with the shared key on the authentication/authorization server and the shared key on the accounting server.

  • Page 351: Configuring The Status Of Radius Servers

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration To do… Use the command… Remarks Enter system view system-view — Required By default, a RADIUS Create a RADIUS scheme radius scheme scheme named "system" and enter its view...

  • Page 352: Configuring The Attributes Of Data To Be Sent To Radius Servers

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration Follow these steps to set the status of RADIUS servers: To do… Use the command… Remarks Enter system view system-view — Required By default, a RADIUS Create a RADIUS scheme radius scheme scheme named "system"...
  • Page 353 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration To do… Use the command… Remarks Optional data-flow-format data By default, in a RADIUS { byte | giga-byte | scheme, the data unit and Set the units of data flows...

  • Page 354: Configuring The Local Radius Server

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration Note: Generally, the access users are named in the userid@isp-name or userid.isp-name format. Here, isp-name after the “@” or “.” character represents the ISP domain name, by which the device determines which ISP domain a user belongs to.

  • Page 355: Configuring Timers For Radius Servers

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration To do… Use the command… Remarks Required Configure the parameters By default, a local local-server nas-ip of the local RADIUS RADIUS server is ip-address key password server configured with an NAS IP address of 127.0.0.1.
  • Page 356 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration After the primary server remains in the block state for a specific time (set by the timer quiet command), the switch will try to communicate with the primary server again when it has a RADIUS request.

  • Page 357: Enabling Sending Trap Message When A Radius Server Goes Down

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration 2.2.11 Enabling Sending Trap Message when a RADIUS Server Goes Down Follow these steps to specify to send trap message when a RADIUS server goes down: To do…...
  • Page 358 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration Once the CAMS receives the Accounting-On message, it sends a response to the switch. At the same time it finds and deletes the original online information of the...

  • Page 359: Hwtacacs Configuration Task List

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration 2.3 HWTACACS Configuration Task List Complete the following tasks to configure HWTACACS: Task Remarks Creating a HWTACACS Scheme Required Configuring TACACS Authentication Servers Required Configuring TACACS Authorization Servers...

  • Page 360: Configuring Tacacs Authentication Servers

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration 2.3.2 Configuring TACACS Authentication Servers Follow these steps to configure TACACS authentication servers: To do… Use the command… Remarks Enter system view system-view — Required Create a HWTACACS...

  • Page 361: Configuring Tacacs Accounting Servers

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration To do… Use the command… Remarks Required Set the IP address and By default, the IP address port number of the primary authorization of the primary primary TACACS...

  • Page 362: Configuring Shared Keys For Hwtacacs Messages

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration To do… Use the command… Remarks Optional Enable the By default, the stop-accounting message stop-accounting retransmission function retry stop-accounting messages retransmission and set the maximum retry-times function is enabled and...

  • Page 363: Configuring The Attributes Of Data To Be Sent To Tacacs Servers

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration 2.3.6 Configuring the Attributes of Data to be Sent to TACACS Servers Follow these steps to configure the attributes for data to be sent to TACACS servers: To do…...
  • Page 364 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration To do… Use the command… Remarks Enter system view system-view — Required Create a HWTACACS hwtacacs scheme By default, no scheme and enter its view hwtacacs-scheme-name HWTACACS scheme exists.

  • Page 365: Displaying And Maintaining Aaa Configuration

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration 2.4 Displaying and Maintaining AAA Configuration 2.4.1 Displaying and Maintaining AAA Configuration To do… Use the command… Remarks Display configuration information about one display domain [ isp-name ]...

  • Page 366: Displaying And Maintaining Hwtacacs Protocol Configuration

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration To do… Use the command… Remarks reset stop-accounting-buffer Delete buffered { radius-scheme non-response radius-scheme-name | session-id Available in stop-accounting requests session-id | time-range start-time user view stop-time | user-name user-name }...
  • Page 367 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration I. Network requirements In the network environment shown in Figure 2-1, you are required to configure the switch so that the Telnet users logging into the switch are authenticated by the RADIUS server.

  • Page 368: Local Authentication Of Ftp/Telnet Users

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration [Sysname-isp-cams] quit # Configure a RADIUS scheme. [Sysname] radius scheme cams [Sysname-radius-cams] accounting optional [Sysname-radius-cams] primary authentication 10.110.91.164 1812 [Sysname-radius-cams] key authentication aabbcc [Sysname-radius-cams] server-type Extended [Sysname-radius-cams] user-name-format with-domain [Sysname-radius-cams] quit # Associate the ISP domain with the RADIUS scheme.

  • Page 369: Hwtacacs Authentication And Authorization Of Telnet Users

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration <Sysname> system-view # Adopt AAA authentication for Telnet users. [Sysname] user-interface vty 0 4 [Sysname-ui-vty0-4] authentication-mode scheme [Sysname-ui-vty0-4] quit # Create and configure a local user named telnet.

  • Page 370: Troubleshooting Aaa

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration II. Network diagram Authentication server 10.110.91.164/16 Internet Telnet user Figure 2-3 Remote HWTACACS authentication and authorization of Telnet users III. Configuration procedure # Add a Telnet user.

  • Page 371: Troubleshooting Hwtacacs Configuration

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 2 AAA Configuration The user is not configured in the database of the RADIUS server — Check the database of the RADIUS server, make sure that the configuration information about the user exists.

  • Page 372: Chapter 3 Ead Configuration

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 3 EAD Configuration Chapter 3 EAD Configuration Note: Only the S5100-EI series switches support the EAD configuration. 3.1 Introduction to EAD Endpoint Admission Defense (EAD) is an attack defense solution. Using this solution,...

  • Page 373: Ead Configuration

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 3 EAD Configuration Figure 3-1 Typical network application of EAD After a client passes the authentication, the security Client (software installed on the client PC) interacts with the security policy server to check the security status of the client.

  • Page 374: Ead Configuration Example

    Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 3 EAD Configuration Follow these steps to configure EAD: To do… Use the command… Remarks Enter system view system-view — Enter RADIUS radius scheme — scheme view radius-scheme-name Configure the RADIUS...
  • Page 375 Operation Manual – AAA H3C S5100-SI/EI Series Ethernet Switches Chapter 3 EAD Configuration II. Network diagram Figure 3-2 EAD configuration III. Configuration procedure # Configure 802.1x on the switch. Refer to “Configuring 802.1x” in 802.1x and System Guard Configuration. # Configure a domain.
  • Page 376 Operation Manual – MAC Address Authentication H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 MAC Address Authentication Configuration ............1-1 1.1 MAC Address Authentication Overview................1-1 1.1.1 Performing MAC Address Authentication on a RADIUS Server ......1-1 1.1.2 Performing MAC Address Authentication Locally ...........

  • Page 377: Chapter 1 Mac Address Authentication Configuration

    Operation Manual – MAC Address Authentication Chapter 1 MAC Address Authentication H3C S5100-SI/EI Series Ethernet Switches Configuration Chapter 1 MAC Address Authentication Configuration When configuring MAC address authentication, go to these sections for information you are interested: MAC Address Authentication Overview...

  • Page 378: Performing Mac Address Authentication Locally

    Operation Manual – MAC Address Authentication Chapter 1 MAC Address Authentication H3C S5100-SI/EI Series Ethernet Switches Configuration In fixed mode, the switch sends the user name and password previously configured for the user to the RADIUS server for authentication. A user can access a network upon passing the authentication performed by the RADIUS server.

  • Page 379: Configuring Basic Mac Address Authentication Functions

    Operation Manual – MAC Address Authentication Chapter 1 MAC Address Authentication H3C S5100-SI/EI Series Ethernet Switches Configuration Caution: If the quiet MAC is the same as the static MAC configured or an authentication-passed MAC, then the quiet function is not effective.
  • Page 380 Operation Manual – MAC Address Authentication Chapter 1 MAC Address Authentication H3C S5100-SI/EI Series Ethernet Switches Configuration To do... Use the command... Remarks Required Specify an ISP The default ISP domain for MAC mac-authentication domain isp-name domain (default address domain) is used authentication by default.

  • Page 381: Mac Address Authentication Enhanced Function Configuration

    Operation Manual – MAC Address Authentication Chapter 1 MAC Address Authentication H3C S5100-SI/EI Series Ethernet Switches Configuration 1.4 MAC Address Authentication Enhanced Function Configuration 1.4.1 MAC Address Authentication Enhanced Function Configuration Task List Complete the following tasks to configure MAC address authentication enhanced...
  • Page 382 Operation Manual – MAC Address Authentication Chapter 1 MAC Address Authentication H3C S5100-SI/EI Series Ethernet Switches Configuration After a port is added to a Guest VLAN, the switch will re-authenticate the first access user of this port (namely, the first user whose unicast MAC address is learned by the switch) periodically.

  • Page 383: Configuring The Maximum Number Of Mac Address Authentication Users Allowed To Access A Port

    Operation Manual – MAC Address Authentication Chapter 1 MAC Address Authentication H3C S5100-SI/EI Series Ethernet Switches Configuration Caution: If more than one client are connected to a port, you cannot configure a Guest VLAN for this port. When a Guest VLAN is configured for a port, only one MAC address authentication user can access the port.

  • Page 384: Displaying And Maintaining Mac Address Authentication Configuration

    Operation Manual – MAC Address Authentication Chapter 1 MAC Address Authentication H3C S5100-SI/EI Series Ethernet Switches Configuration Caution: If both the limit on the number of MAC address authentication users and the limit on the number of users configured in the port security function are configured for a port, the smaller value of the two configured limits is adopted as the maximum number of MAC address authentication users allowed to access this port.
  • Page 385 Operation Manual – MAC Address Authentication Chapter 1 MAC Address Authentication H3C S5100-SI/EI Series Ethernet Switches Configuration III. Configuration Procedure # Enable MAC address authentication on port GigabitEthernet 1/0/2. <Sysname> system-view [Sysname] mac-authentication interface GigabitEthernet 1/0/2 # Set the user name in MAC address mode for MAC address authentication, requiring hyphened lowercase MAC addresses as the usernames and passwords.
  • Page 386 Operation Manual – IP Address and Performance Optimization H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IP Addressing Configuration ..................1-1 1.1 IP Addressing Overview ....................1-1 1.1.1 IP Address Classes....................1-1 1.1.2 Special IP Addresses ....................1-2 1.1.3 Subnetting and Masking..................

  • Page 387: Chapter 1 Ip Addressing Configuration

    Operation Manual – IP Address and Performance Optimization H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IP Addressing Configuration Chapter 1 IP Addressing Configuration Note: The term IP address used throughout this chapter refers to IPv4 address. For details about IPv6 address, refer to IPv6 Management.

  • Page 388: Special Ip Addresses

    Operation Manual – IP Address and Performance Optimization H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IP Addressing Configuration Figure 1-1 IP address classes Table 1-1 describes the address ranges of these five classes. Table 1-1 IP address classes and ranges...

  • Page 389: Subnetting And Masking

    Operation Manual – IP Address and Performance Optimization H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IP Addressing Configuration IP address with an all-one host ID: Identifies a directed broadcast address. For example, a packet with the destination address of 192.168.1.255 will be broadcasted to all the hosts on the network 192.168.1.0.

  • Page 390: Dhcp

    Operation Manual – IP Address and Performance Optimization H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IP Addressing Configuration 1.2 Configuring IP Addresses S5100-SI/EI Series Ethernet Switches support assigning IP addresses to loopback interfaces and VLAN interfaces. A loopback interface is a virtual interface. The physical layer state and link layer protocols of a loopback interface are always up unless the loopback interface is manually shut down.

  • Page 391: Displaying Ip Addressing Configuration

    Operation Manual – IP Address and Performance Optimization H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IP Addressing Configuration Note: You can assign at most two IP addresses to an interface, one of which is the primary IP address and the other is the secondary IP address. A newly specified primary IP address overwrites the previous one if there is any.

  • Page 392: Ip Address Configuration Example Ii

    Operation Manual – IP Address and Performance Optimization H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IP Addressing Configuration III. Configuration procedure # Configure an IP address for VLAN-interface 1. <Switch> system-view [Switch] interface vlan-interface 1 [Switch-Vlan-interface1] ip address 129.2.2.1 255.255.255.0 1.4.2 IP Address Configuration Example II...
  • Page 393 Operation Manual – IP Address and Performance Optimization H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IP Addressing Configuration # Set the gateway address to 172.16.1.1 on the PCs attached to the subnet 172.16.1.0/24, and to 172.16.2.1 on the PCs attached to the subnet 172.16.2.0/24.

  • Page 394: Chapter 2 Ip Performance Optimization Configuration

    Operation Manual – IP Address and Performance Optimization Chapter 2 IP Performance Optimization H3C S5100-SI/EI Series Ethernet Switches Configuration Chapter 2 IP Performance Optimization Configuration When optimizing IP performance, go to these sections for information you are interested in: IP Performance Overview...

  • Page 395: Configuring Tcp Attributes

    Operation Manual – IP Address and Performance Optimization Chapter 2 IP Performance Optimization H3C S5100-SI/EI Series Ethernet Switches Configuration Task Remarks Configuring TCP Attributes Optional Disabling Sending of ICMP Error Packets Optional 2.2.2 Configuring TCP Attributes TCP optional parameters that can be configured include: synwait timer: When sending a SYN packet, TCP starts the synwait timer.
  • Page 396 Operation Manual – IP Address and Performance Optimization Chapter 2 IP Performance Optimization H3C S5100-SI/EI Series Ethernet Switches Configuration A host may have only a default route to the default gateway in its routing table after startup. The default gateway will send an ICMP redirect packet to the source host,...

  • Page 397: Displaying And Maintaining Ip Performance Optimization Configuration

    Operation Manual – IP Address and Performance Optimization Chapter 2 IP Performance Optimization H3C S5100-SI/EI Series Ethernet Switches Configuration To prevent the above mentioned problems, you can disable the device from sending such ICMP error packets. Follow these steps to disable sending ICMP error packets: To do…...
  • Page 398 Operation Manual – IP Address and Performance Optimization Chapter 2 IP Performance Optimization H3C S5100-SI/EI Series Ethernet Switches Configuration To do… Use the command… Remarks Clear IP traffic statistics reset ip statistics Available in user Clear TCP traffic statistics reset tcp statistics...
  • Page 399 Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 DHCP Overview......................1-1 1.1 Introduction to DHCP......................1-1 1.2 DHCP IP Address Assignment ..................1-2 1.2.1 IP Address Assignment Policy ................1-2 1.2.2 Obtaining IP Addresses Dynamically ..............1-2 1.2.3 Updating IP Address Lease ..................

  • Page 400: Chapter 1 Dhcp Overview

    Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DHCP Overview Chapter 1 DHCP Overview When configuring DHCP, go to these sections for information you are interested in: Introduction to DHCP DHCP IP Address Assignment DHCP Packet Format Protocol Specification 1.1 Introduction to DHCP...

  • Page 401: Dhcp Ip Address Assignment

    Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DHCP Overview 1.2 DHCP IP Address Assignment 1.2.1 IP Address Assignment Policy Currently, DHCP provides the following three IP address assignment policies to meet the requirements of different clients: Manual assignment.

  • Page 402: Updating Ip Address Lease

    Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DHCP Overview Note: After the client receives the DHCP-ACK message, it will probe whether the IP address assigned by the server is in use by broadcasting a gratuitous ARP packet. If the client receives no response within specified time, the client can use this IP address.
  • Page 403 Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DHCP Overview Figure 1-2 DHCP packet format The fields are described as follows: op: Operation types of DHCP packets, 1 for request packets and 2 for response packets. htype, hlen: Hardware address type and length of the DHCP client.

  • Page 404: Protocol Specification

    Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DHCP Overview 1.4 Protocol Specification Protocol specifications related to DHCP include: RFC2131: Dynamic Host Configuration Protocol RFC2132: DHCP Options and BOOTP Vendor Extensions RFC1542: Clarifications and Extensions for the Bootstrap Protocol...

  • Page 405: Chapter 2 Dhcp Snooping Configuration

    Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 DHCP Snooping Configuration Chapter 2 DHCP Snooping Configuration When configuring DHCP snooping, go to these sections for information you are interested in: DHCP Snooping Overview Configuring DHCP Snooping Displaying DHCP Snooping Configuration DHCP Snooping Configuration Examples 2.1 DHCP Snooping Overview...

  • Page 406: Introduction To Dhcp-Snooping Option 82

    Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 DHCP Snooping Configuration DHCP Server DHCP Client DHCP Client Internet GE1/0/1 GE1/0/2 Switch A Switch B (DHCP Snooping) (DHCP Relay) DHCP Client DHCP Client Figure 2-1 Typical network diagram for DHCP snooping application...
  • Page 407 Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 DHCP Snooping Configuration sub-option 1 (circuit ID sub-option): Padded with the port index (smaller than the physical port number by 1) and VLAN ID of the port that received the client’s request.
  • Page 408 Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 DHCP Snooping Configuration Figure 2-5 Standard format of the remote ID sub-option III. Mechanism of DHCP-snooping Option 82 With DHCP snooping and DHCP-snooping Option 82 support enabled, when the DHCP snooping device receives a DHCP client’s request containing Option 82, it will...

  • Page 409: Introduction To Ip Filtering

    Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 DHCP Snooping Configuration Table 2-2 Ways of handling a DHCP packet without Option 82 Sub-option configuration The DHCP-Snooping device will … Forward the packet after adding Option 82 with the default contents.

  • Page 410: Configuring Dhcp Snooping

    Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 DHCP Snooping Configuration number of the port through which a client is connected to the DHCP-snooping-enabled device, and the number of the VLAN to which the port belongs to. These records are saved as entries in the DHCP-snooping table.

  • Page 411: Configuring Dhcp Snooping To Support Option

    Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 DHCP Snooping Configuration To do… Use the command… Remarks Required By default, after DHCP Specify the current port as dhcp-snooping trust snooping is enabled, all a trusted port ports of a switch are untrusted ports.
  • Page 412 Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 DHCP Snooping Configuration I. Enabling DHCP-snooping Option 82 support Follow these steps to enable DHCP-snooping Option 82 support: To do… Use the command… Remarks Enter system view system-view —...
  • Page 413 Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 DHCP Snooping Configuration To do… Use the command… Remarks Enter system view system-view — Optional Configure a storage dhcp-snooping format for the Option 82 information format { hex By default, the format is...
  • Page 414 Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 DHCP Snooping Configuration Note: If you have configured a circuit ID with the vlan vlan-id argument specified, and the other one without the argument in Ethernet port view, the former circuit ID applies to the DHCP messages from the specified VLAN;...

  • Page 415: Configuring Ip Filtering

    Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 DHCP Snooping Configuration Note: If you configure a remote ID sub-option in both system view and on a port, the remote ID sub-option configured on the port applies when the port receives a packet, and the global remote ID applies to other interfaces that have no remote ID sub-option configured.

  • Page 416: Displaying Dhcp Snooping Configuration

    Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 DHCP Snooping Configuration Note: Enable DHCP snooping and specify trusted ports on the switch before configuring IP filtering. You are not recommended to configure IP filtering on the ports of an aggregation group.
  • Page 417 Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 DHCP Snooping Configuration Specify GigabitEthernet 1/0/5 on the switch as a trusted port for DHCP snooping. Enable DHCP-snooping Option 82 support on the switch and set the remote ID field in Option 82 to the system name of the switch.

  • Page 418: Ip Filtering Configuration Example

    Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 DHCP Snooping Configuration 2.4.2 IP Filtering Configuration Example I. Network requirements As shown in Figure 2-7, GigabitEthernet 1/0/1 of the S5100-SI/EI switch is connected to the DHCP server and GigabitEthernet 1/0/2 is connected to Host A. The IP address and MAC address of Host A are 1.1.1.1 and 0001-0001-0001 respectively.
  • Page 419 Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 DHCP Snooping Configuration [Switch-GigabitEthernet1/0/1] quit # Enable IP filtering on GigabitEthernet 1/0/2, GigabitEthernet 1/0/3, and GigabitEthernet 1/0/4 to filter packets based on the source IP addresses/MAC addresses. [Switch] interface GigabitEthernet1/0/2...

  • Page 420: Chapter 3 Dhcp/Bootp Client Configuration

    Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 3 DHCP/BOOTP Client Configuration Chapter 3 DHCP/BOOTP Client Configuration When configuring the DHCP/BOOTP client, go to these sections for information you are interested in: Introduction to DHCP Client Introduction to BOOTP Client...

  • Page 421: Configuring A Dhcp/Bootp Client

    Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 3 DHCP/BOOTP Client Configuration Note: Because a DHCP server can interact with a BOOTP client, you can use the DHCP server to assign an IP address to the BOOTP client, without needing to configure any BOOTP server.

  • Page 422: Displaying Dhcp/Bootp Client Configuration

    Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 3 DHCP/BOOTP Client Configuration Note: To improve security and avoid malicious attack to the unused SOCKETs, S5100-SI/EI Ethernet switches provide the following functions: UDP 67 and UDP 68 ports used by DHCP are enabled only when DHCP is enabled.

  • Page 423: Bootp Client Configuration Example

    Operation Manual – DHCP H3C S5100-SI/EI Series Ethernet Switches Chapter 3 DHCP/BOOTP Client Configuration II. Network diagram Client WINS server DHCP server Vlan-int1 DNS server Switch A Client Figure 3-1 A DHCP network III. Configuration procedure The following describes only the configuration on Switch A serving as a DHCP client.
  • Page 424 Operation Manual – ACL H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ACL Configuration....................... 1-1 1.1 ACL Overview ........................1-1 1.1.1 ACL Matching Order ....................1-1 1.1.2 Ways to Apply an ACL on a Switch................. 1-2 1.1.3 Types of ACLs Supported by S5100 Series Ethernet Switches ......

  • Page 425: Chapter 1 Acl Configuration

    Operation Manual – ACL H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ACL Configuration Chapter 1 ACL Configuration 1.1 ACL Overview As the network scale and network traffic are increasingly growing, security control and bandwidth assignment play a more and more important role in network management.

  • Page 426: Ways To Apply An Acl On A Switch

    In this case, the rules in an ACL are matched in the order determined by the hardware instead of that defined in the ACL. For H3C S5100 series Ethernet switches, the earlier the rule applies, the higher the match priority.

  • Page 427: Types Of Acls Supported By S5100 Series Ethernet Switches

    S5100-SI Series Ethernet switches support the following types of ACLs. Basic ACLs Advanced ACLs Note that ACLs defined on S5100-SI series Ethernet switches can only be referenced by upper-layer software for packet filtering. They cannot be applied to hardware S5100-EI Series Ethernet switches support the following types of ACLs.

  • Page 428: Acl Configuration

    Absolute time range, which takes effect only in a period of time and does not recur. Note: An absolute time range on an H3C S5100 Series Ethernet Switches can be within the range 1970/1/1 00:00 to 2100/12/31 24:00. I. Configuration Procedure...

  • Page 429: Configuring Basic Acl

    Operation Manual – ACL H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ACL Configuration section ranging from 00:00 January 1, 2004 to 23:59 December 31, 2004, and a periodic time section ranging from 12:00 to 14:00 on every Wednesday. This time range is active only when the system time is within the range from 12:00 to 14:00 on every Wednesday in 2004.
  • Page 430 Operation Manual – ACL H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ACL Configuration II. Configuration Procedure Table 1-2 Define a basic ACL rule Operation Command Description Enter system view system-view — Create an ACL and Required acl number acl-number enter basic ACL...

  • Page 431: Configuring Advanced Acl

    Operation Manual – ACL H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ACL Configuration Acl's step is 1 rule 0 deny source 192.168.0.1 0 1.2.3 Configuring Advanced ACL An advanced ACL can filter packets by their source and destination IP addresses, the protocols carried by IP, and protocol-specific features such as TCP/UDP source and destination ports, ICMP message type and message code.

  • Page 432: Configuring Layer 2 Acl

    Operation Manual – ACL H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ACL Configuration Note that: With the config match order specified for the advanced ACL, you can modify any existent rule. The unmodified part of the rule remains. With the auto match order specified for the ACL, you cannot modify any existent rule;...
  • Page 433 Operation Manual – ACL H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ACL Configuration The settings to be specified in the rule, such as source and destination MAC addresses, VLAN priorities, and Layer 2 protocol types, are determined. II. Configuration Procedure...

  • Page 434: Acl Assignment

    Operation Manual – ACL H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ACL Configuration [Sysname-acl-ethernetframe-4000] display acl 4000 Ethernet frame ACL 4000, 1 rule Acl's step is 1 rule 0 deny cos excellent-effort source 000d-88f5-97ed ffff-ffff-ffff dest 0011-4301-991e ffff-ffff-ffff 1.3 ACL Assignment On an S5100-EI Ethernet switch, you can assign ACLs to the hardware for packet filtering.

  • Page 435: Assigning An Acl To A Vlan

    Operation Manual – ACL H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ACL Configuration II. Configure procedure Table 1-5 Assign an ACL globally Operation Command Description — Enter system view system-view Required Assign an ACL packet-filter inbound For description on the acl-rule...

  • Page 436: Assigning An Acl To A Port Group

    Operation Manual – ACL H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ACL Configuration <Sysname> system-view [Sysname] packet-filter vlan 10 inbound ip-group 2000 1.3.3 Assigning an ACL to a Port Group I. Configuration prerequisites Before applying ACL rules to a VLAN, you need to define the related ACLs. For information about defining an ACL, refer to section 1.2.2 Configuring Basic...

  • Page 437: Displaying Acl Configuration

    Operation Manual – ACL H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ACL Configuration II. Configuration procedure Table 1-8 Apply an ACL to a port Operation Command Description — Enter system view system-view Enter Ethernet port interface interface-type — view interface-number...

  • Page 438: Example For Upper-Layer Software Referencing Acls

    Operation Manual – ACL H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ACL Configuration 1.5 Example for Upper-layer Software Referencing ACLs 1.5.1 Example for Controlling Telnet Login Users by Source IP I. Network requirements Apply an ACL to permit users with the source IP address of 10.110.100.52 to telnet to the switch.

  • Page 439: Example For Applying Acls To Hardware

    Operation Manual – ACL H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ACL Configuration II. Network diagram Internet Switch 10.110.100.46 Figure 1-2 Network diagram for controlling Web login users by source IP III. Configuration procedure # Define ACL 2001. <Sysname> system-view [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule 1 permit source 10.110.100.46 0...

  • Page 440: Advanced Acl Configuration Example

    Operation Manual – ACL H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ACL Configuration III. Configuration procedure # Define a periodic time range that is active from 8:00 to 18:00 everyday. <Sysname> system-view [Sysname] time-range test 8:00 to 18:00 daily # Define ACL 2000 to filter packets with the source IP address of 10.1.1.1.

  • Page 441: Layer 2 Acl Configuration Example

    Operation Manual – ACL H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ACL Configuration [Sysname-acl-adv-3000] rule 1 deny ip destination 192.168.1.2 0 time-range test [Sysname-acl-adv-3000] quit # Apply ACL 3000 on GigabitEthernet 1/0/1. [Sysname] interface Ethernet1/0/1 [Sysname-GigabitEthernet1/0/1] packet-filter inbound ip-group 3000 1.6.3 Layer 2 ACL Configuration Example...

  • Page 442: Example For Applying An Acl To A Vlan

    Operation Manual – ACL H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ACL Configuration 1.6.4 Example for Applying an ACL to a VLAN I. Network requirements PC1, PC2 and PC3 belong to VLAN 10 and connect to the switch through GigabitEthernet 1/0/1, GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 respectively.
  • Page 443 Table of Contents Chapter 1 QoS Configuration....................... 1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to QoS ....................1-1 1.1.2 Traditional Packet Forwarding Services ..............1-1 1.1.3 New Requirements from Emerging Applications ............ 1-1 1.1.4 Major Traffic Control Technologies ................. 1-2 1.2 QoS Features Supported by the S5100 Series Ethernet Switches ........
  • Page 444 1.5.2 Priority Marking and Queue Scheduling Configuration Example......1-47 1.5.3 VLAN Mapping Configuration Example ..............1-49 1.5.4 Traffic Mirroring and Traffic Redirecting Configuration Example ......1-52 Chapter 2 QoS Profile Configuration................... 2-1 2.1 Overview ..........................2-1 2.1.1 Introduction to QoS Profile ..................2-1 2.1.2 QoS Profile Application Mode .................

  • Page 445: Chapter 1 Qos Configuration

    Chapter 1 QoS Configuration When configuring QoS, go to these sections for information you are interested in: Overview QoS Features Supported by the S5100 Series Ethernet Switches Introduction to QoS Features QoS Configuration QoS Configuration Examples 1.1 Overview 1.1.1 Introduction to QoS Quality of Service (QoS) is a concept concerning service demand and supply.

  • Page 446: Major Traffic Control Technologies

    their regional branches together with VPN technologies to carry out operational applications, for instance, to access the database of the company or to monitor remote devices through Telnet. These new applications have one thing in common, that is, they all have special requirements for bandwidth, delay, and jitter.

  • Page 447: Qos Features Supported By The S5100 Series Ethernet Switches

    Congestion management handles resource competition during network congestion. Generally, it assigns packets to queues first, and then forwards the packets by using a scheduling algorithm. Congestion management is usually applied in the outbound direction of a port. Congestion avoidance monitors the use of network resources and drops packets actively when congestion reaches a certain degree.

  • Page 448: Introduction To Qos Features

    QoS Feature Description Reference information about priority marking, refer to Priority Marking. The S5100 series support information about performing the following QoS traffic policing, refer to actions on traffic matching the Traffic Policing specified ACL: Traffic Shaping. Priority marking (available only information about on the S5100-EI)

  • Page 449: Priority Trust Mode

    Traffic classification identifies packets conforming to certain characteristics according to certain criteria. It is the foundation for providing differentiated services. In traffic classification, the priority bits in the type of service (ToS) field in the IP header can be used to identify packets of different priorities. You can also define traffic match criteria to classify packets by the combination of source address, destination address, MAC address, IP protocol or the port number of an application.
  • Page 450 IP precedence value IP precedence value Description (decimal) (binary) critical internet network In a Diff-Serv network, traffic is grouped into the following four classes, and packets are processed according to their DSCP values. Expedited Forwarding (EF) class: In this class, packets are forwarded regardless of link share of other traffic.
  • Page 451 DSCP value (decimal) DSCP value (binary) Description 010000 011000 100000 101000 110000 111000 000000 be (default) 802.1p precedence 802.1p precedence lies in Layer 2 packet headers and is applicable to occasions where Layer 3 packet analysis is not needed and QoS must be assured at Layer 2. Figure 1-3 An Ethernet frame with an 802.1q tag header As shown in Figure...
  • Page 452 802.1p precedence, DSCP values, local precedence, and drop precedence. Note: The S5100-SI series switches do not support marking drop precedence for packets. For an 802.1q-untagged packet When a packet carrying no 802.1q tag reaches a port, the switch uses the port priority as the 802.1p precedence value of the received packet, searches for the set of...
  • Page 453 802.1p-precedence-to-other-precedence mapping table, and assigns the set of matching precedence values to the packet. For an 802.1q-tagged packet For incoming 802.1q tagged packets, you can configure the switch to trust packet priority with the priority-trust command or to trust port priority (the default). The priority mapping process is as shown in Figure 1-5.
  • Page 454 Table 1-5 Actions performed when packet priority is trusted Trusted priority type Description The switch looks up the 802.1p-precedence-to-other- precedence mapping table for the set of precedence v alues corresponding to the 802.1p precedence of the packet. When configuring the switch to trust the 802.1p precedence of packets, you can further configure the switch to process each received packet in one of the 802.1p precedence...
  • Page 455 Target DSCP precedence precedence value precedence value value value Table 1-7 The default CoS-precedence-to-other-precedence mapping table of S5100-SI series switches 802.1p precedence Target local precedence Target DSCP value value value Table 1-8 The default DSCP -to-other-precedence mapping table of S5100-EI series...
  • Page 456 DSCP values precedence value precedence value value 48 to 55 56 to 63 Table 1-9 The default DSCP-precedence-to-other-precedence mapping table of S5100-SI series switches Target local precedence Target 802.1p DSCP values value precedence value 0 to 7 8 to 15...

  • Page 457: Protocol Priority

    1.3.3 Protocol Priority Protocol packets generated by your switch carry their own priority. You can set a new IP precedence or DSCP value for the locally generated traffic of a particular protocol to implement QoS. 1.3.4 Priority Marking The priority marking function is to reassign priority for the traffic matching an ACL referenced for traffic classification.
  • Page 458 Put tokens in the bucket at the set rate Packets to be sent through this port Continue to send Packet classification Token bucket Drop Figure 1-6 Evaluate the traffic with the token bucket II. Evaluating the traffic with the token bucket The evaluation of traffic specification is based on whether the number of tokens in the bucket can meet the need of packet forwarding.
  • Page 459 protected. For example, you can limit the bandwidth for HTTP packets to less than 50% of the total. If the traffic of a certain session exceeds the limit, traffic policing can drop the packets or to re-mark the priority of the packets. Traffic policing is widely used for policing traffic entering the network of internet service providers (ISPs).

  • Page 460: Line Rate

    To avoid unnecessary packet loss, you can perform traffic shaping for the packets destined for Device B on the outgoing interface of Device A. Thus, packets exceeding the limit are cached in Device A and sent when enough resources are available. This ensures that all traffic sent to Device B conforms to the traffic specification defined on Device B.
  • Page 461 SP queuing Figure 1-8 Diagram for SP queuing SP queuing is specially designed for mission-critical applications. The key feature of mission-critical applications is that they require preferential service to reduce the response delay when congestion occurs. Assume that there are eight output queues on the port and SP queuing classifies the eight output queues on the port into eight classes, which are queue 7, queue 6, queue 5, queue 4, queue 3, queue 2, queue 1, and queue 0 in the descending order of priority.
  • Page 462 Figure 1-9 Diagram for WRR queuing WRR queuing schedules all the queues in turn and ensure that all of them can be served for a certain time by assigning each queue a weight representing a certain amount of resources. Assume there are eight output queues on the port. WRR assigns queues 7 through 0 the weights w7, w6, w5, w4, w3, w2, w1, and w0.

  • Page 463: Flow-Based Traffic Accounting

    SDWRR: schedules the two queues in turn in such a way that packets identical to one weight are dequeued from queue 0 first and then from queue 1. The procedure is repeated until the scheduling for one queue is over. Then, SDWRR schedules the queue with remaining weights to dequeue the number of packets identical to the remaining weights.

  • Page 464: Qos Configuration

    1.4 QoS Configuration 1.4.1 QoS Configuration Task List Complete the following tasks to configure QoS: Task Remarks Configuring Priority Trust Mode Optional Configuring Priority Mapping Optional Setting the Priority of Protocol Packets Optional Configuring Priority Marking Optional Configuring Traffic Policing Optional Configuring Traffic Shaping Optional...
  • Page 465 To do… Use the command… Remarks Optional Configure to trust port By default, the switch priority and configure the priority priority-level trusts port priority and port priority the priority of a port is 0. Configuring a port to trust 802.1p precedence of traffic Follow these steps to configure a port to trust 802.1p precedence: To do…...

  • Page 466: Configuring Priority Mapping

    CoS-precedence-to-lo cos3-map-local-prec Required cal-precedence cos4-map-local-prec mapping table cos5-map-local-prec cos6-map-local-prec cos7-map-local-prec qos cos-drop-precedence-map cos0-map-drop-prec Required cos1-map-drop-prec Configure the Only the H3C cos2-map-drop-prec CoS-precedence-to-dr S5100-EI series cos3-map-drop-prec op-precedence switches support cos4-map-drop-prec mapping table this cos5-map-drop-prec configuration. cos6-map-drop-prec cos7-map-drop-prec qos cos-dscp-map cos0-map-dscp...
  • Page 467 Enter system view system-view — Configure DSCP-precedence-to- qos dscp-local-precedence-map Required local-precedence dscp-list : local-precedence mapping table Required Configure Only the H3C DSCP-precedence-to- qos dscp-drop-precedence-map S5100-EI series drop-precedence dscp-list : drop-precedence switches support mapping table this configuration. Configure DSCP-precedence-to- qos dscp-cos-map dscp-list :...
  • Page 468 through 31 to 1, 32 through 39 to 7, 40 through 47 to 0, 48 through 55 to 5, and 56 through 63 to 6. Then display the DSCP-precedence-to-local-precedence mapping table. <Sysname> system-view [Sysname] qos dscp-local-precedence-map 0 1 2 3 4 5 6 7 : 2 [Sysname] qos dscp-local-precedence-map 8 9 10 11 12 13 14 15 : 3 [Sysname] qos dscp-local-precedence-map 16 17 18 19 20 21 22 23 : 4 [Sysname] qos dscp-local-precedence-map 24 25 26 27 28 29 30 31 : 1...

  • Page 469: Setting The Priority Of Protocol Packets

    26 : 27 : 28 : 29 : 30 : 31 : 32 : 33 : 34 : 35 : 36 : 37 : 38 : 39 : 40 : 41 : 42 : 43 : 44 : 45 : 46 : 47 : 48 :...

  • Page 470: Configuring Priority Marking

    Priority Marking for information about marking packet priorities. Note: This feature is available only on the H3C S5100-EI series switches. You can mark packet priorities in one of the following two ways: Through traffic policing When configuring traffic policing, you can define the action of marking the 802.1p precedence and DSCP values for packets exceeding the traffic specification.
  • Page 471 Through the traffic-priority command You can use the traffic-priority command to mark the 802.1p precedence and DSCP values for the specific packets. I. Configuration prerequisites The ACL rules used for traffic classification have been specified. Refer to the ACL module of this manual for related information. The type and value of the precedence to be marked for the packets matching the ACL rules have been determined.
  • Page 472 To do… Use the command… Remarks Mark a priority for the traffic-priority inbound acl-rule incoming packets matching Required { dscp dscp-value | cos cos-value } the specific ACL rules Configuring priority marking for a port Follow these steps to configure marking a priority for the incoming packets matching the specific ACL rules on a port: To do…...

  • Page 473: Configuring Traffic Policing

    Traffic Policing and Traffic Shaping for information about traffic policing. Note: This feature is available only for the H3C S5100-EI series switches. I. Configuration prerequisites The ACL rules used for traffic classification have been defined. Refer to the ACL module of this manual for information about defining ACL rules.
  • Page 474 To do… Use the command… Remarks Enter system system-view — view traffic-limit vlan vlan-id inbound Required Configure acl-rule target-rate [ conform traffic policing con-action ] [ exceed exceed-action ] Disabled by default. [ meter-statistic ] Clear traffic reset traffic-limit vlan vlan-id policing Optional inbound acl-rule...

  • Page 475: Configuring Traffic Shaping

    Refer to Traffic Policing and Traffic Shaping for information about traffic shaping. Note: This feature is available only on the H3C S5100-EI series switches. I. Configuration prerequisites The queue for which traffic shaping is to be performed has been determined. 1-31...

  • Page 476: Configuring Line Rate

    1.4.8 Configuring Line Rate Refer to Line Rate for information about line rate. Note: This feature is applicable to only the H3C S5100-SI series switches. I. Configuration prerequisites The port where line rate is to be configured has been determined. 1-32...

  • Page 477: Configuring Traffic Redirecting

    Traffic Redirecting for information about traffic redirecting. Note: This feature is available only on the H3C S5100-EI series switches. I. Configuration prerequisites The ACL rules used for traffic classification have been defined. Refer to the ACL module of this manual for information about defining ACL rules.
  • Page 478 Follow these steps to configure traffic redirecting for incoming packets globally: To do… Use the command… Remarks Enter system view system-view — traffic-redirect inbound acl-rule Configure traffic interface interface-type Required redirecting interface-number Configuring traffic redirecting for a VLAN Follow these steps to configure traffic redirecting for incoming packets in a VLAN: To do…...

  • Page 479: Configuring Vlan Mapping

    Note: If traffic is redirected to a Combo port in down state, the system automatically redirects the traffic to the common port in up state corresponding to this Combo port. Refer to the Basic Port Configuration module of this manual for information about Combo ports. Caution: User-defined traffic classification rules for traffic redirecting in the global scope or for a VLAN take precedence over the default rules used for processing protocol packets.

  • Page 480: Configuring Queue Scheduling

    Note: This feature is available only on the H3C S5100-EI series switches. I. Configuration prerequisites The ACL rules used for traffic classification have been defined. Refer to the ACL module of this manual for information about defining ACL rules. The VLAN ID to be marked has been determined.
  • Page 481 { queue-id queue-weight } &<1-4> }* The port of an S5100-SI series switch provides up to four output queues, while the port of an S5100-EI series switch provides up to eight. You can configure SP queuing, SDWRR queuing, or SP queuing in combination with SDWRR queuing on a port as required.

  • Page 482: Configuring Traffic Accounting

    queues in group 1 are scheduled using WRR only when all the queues in group 2 are empty. With both SP queuing and SDWRR queuing adopted, groups are scheduled using the SP algorithm. Assume that queue 0 and queue 1 are scheduled using SP queuing;...
  • Page 483 Note: This feature is available only on the H3C S5100-EI series switches. I. Configuration prerequisites The ACL rules for traffic classification have been defined. Refer to the ACL module of this manual for information about defining ACL rules. II. Configuration procedures You can collect/clear traffic statistics about incoming ACL matching packets globally, in a VLAN, in a port group, or on a port.
  • Page 484 To do… Use the command… Remarks Enter system view system-view — Enter port group view port-group group-id — Required Collect statistics about ACL traffic-statistic inbound By default, traffic matching packets acl-rule accounting is disabled. Clear statistics about ACL reset traffic-statistic Optional matching packets inbound acl-rule...

  • Page 485: Enabling The Burst Function

    # Enable the burst function on an S5100-EI series switch. <Sysname> system-view [Sysname] burst-mode enable 1.4.14 Configuring Traffic Mirroring Refer to Traffic Mirroring for information about traffic mirroring. Note: This feature is available only on the H3C S5100-EI series switches. 1-41...
  • Page 486 I. Configuration prerequisites The ACL rules for traffic classification have been defined. Refer to the ACL module of this manual for information about defining ACL rules. The mirroring ports and mirroring direction have been determined. The monitor port has been determined. II.
  • Page 487 To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet port view — interface-number Configure the port as the monitor-port Required monitor port Return to system view quit — Enter port group view port-group group-id —...

  • Page 488: Displaying And Maintaining Qos

    III. Configuration examples # Duplicate the incoming packets from network segment 10.1.1.0/24 to monitor port GigabitEthernet 1/0/4 (assume that GigabitEthernet 1/0/1 is connected to network segment 10.1.1.0/24 and carries VLAN 2). Method I <Sysname> system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 10.1.1.0 0.0.0.255 [Sysname-acl-basic-2000] quit [Sysname] interface GigabitEthernet 1/0/4 [Sysname-GigabitEthernet1/0/4] monitor-port...
  • Page 489 To do… Use the command… Remarks Display the display qos DSCP-precedence-to-Dro dscp-drop-precedence- Available in any view p-precedence mapping Display the display qos DSCP-precedence-to-DS Available in any view dscp-dscp-map CP-precedence mapping Display the display qos DSCP-precedence-to-loc dscp-local-precedence- Available in any view al-precedence mapping Display queue scheduling display...

  • Page 490: Qos Configuration Examples

    To do… Use the command… Remarks display qos-interface Display VLAN mapping { interface-type configuration of a port or interface-number | Available in any view all the ports unit-id } traffic-remark-vlanid display qos-interface Display traffic mirroring { interface-type configuration of a port or Available in any view interface-number | all the ports...

  • Page 491: Priority Marking And Queue Scheduling Configuration Example

    To the router The R&D marketing department department GEth 1/0/1 GEth 1/0/2 VLAN 1 VLAN 2 192 .168.1.0/24 192 . 168 .2.0/24 Switch Figure 1-10 Network diagram for traffic policing configuration II. Configuration procedure Define an ACL for traffic classification # Create ACL 2000 and enter basic ACL view to match packets sourced from network segment 192.168.1.0/24.
  • Page 492 Configure priority marking and queue scheduling on the switch to mark traffic flows accessing Server 1, Server 2, and Server 3 with different priorities respectively and assign the three traffic flows to different queues for scheduling. Server 1 Server 2 Server 3 192.168.0.1 192.168.0.2...

  • Page 493: Vlan Mapping Configuration Example

    [Sysname-GigabitEthernet1/0/2] traffic-priority inbound ip-group 3000 rule 2 cos 2 [Sysname-GigabitEthernet1/0/2] quit Configure queue scheduling # Apply SP queuing. [Sysname] undo queue-scheduler 1.5.3 VLAN Mapping Configuration Example I. Network requirements As shown in Figure 1-12, two customer networks are connected to the public network through Switch A and Switch B.
  • Page 494 VLAN100 VLAN200 SwitchB GE1/0/15 GE1/0/16 GE1/0/17 Public Network VLAN500/600 GE1/0/10 GE1/0/11 GE1/0/12 SwitchA VLAN100 VLAN200 Figure 1-12 Network diagram for VLAN mapping configuration II. Configuration procedure # Create CVLANs VLAN 100 and VLAN 200 and SVLANs VLAN 500 and VLAN 600 on Switch A.

  • Page 495: Vlan Tag

    [SwitchA-GigabitEthernet1/0/11] quit [SwitchA] interface GigabitEthernet 1/0/12 [SwitchA-GigabitEthernet1/0/12] port link-type trunk [SwitchA-GigabitEthernet1/0/12] port trunk pvid vlan 200 [SwitchA-GigabitEthernet1/0/12] port trunk permit vlan 200 600 [SwitchA-GigabitEthernet1/0/12] quit # Configure GigabitEthernet 1/0/10 of Switch A as a trunk port, and assign it to VLAN 100, VLAN 200, VLAN 500, and VLAN 600.

  • Page 496: Traffic Mirroring And Traffic Redirecting Configuration Example

    # Configure VLAN mapping on GigabitEthernet 1/0/10 to replace VLAN tag 500 with VLAN tag 100 and replace VLAN tag 600 with VLAN tag 200. [SwitchA] interface GigabitEthernet 1/0/10 [SwitchA-GigabitEthernet1/0/10] traffic-remark-vlanid inbound link-group 4002 remark-vlan 100 [SwitchA-GigabitEthernet1/0/10] traffic-remark-vlanid inbound link-group 4003 remark-vlan 200 [SwitchA-GigabitEthernet1/0/10] quit Perform the same VLAN mapping configuration on Switch B.
  • Page 497 Internet Host Host 192.168.1.0/25 192.168.2.0/25 GE1/0/1 GE1/0/2 Switch GE1/0/3 Server Server Marketing department R&D department Data monitoring device Figure 1-13 Network diagram for traffic redirecting and traffic mirroring configuration II. Configuration procedure # Create a time range trname covering the period from 8:00 to 18:00 during working days.
  • Page 498 [Switch-acl-basic-2001] quit # Configure to redirect traffic matching ACL 2001 to GigabitEthernet 1/0/3. [Switch] interface GigabitEthernet 1/0/2 [Switch-GigabitEthernet1/0/2] traffic-redirect inbound ip-group 2001 interface GigabitEthernet 1/0/3 1-54...

  • Page 499: Chapter 2 Qos Profile Configuration

    QoS Profile Configuration Configuration Example Note: This feature is available only on the H3C S5100-EI series switches. 2.1 Overview 2.1.1 Introduction to QoS Profile A QoS profile is a set of QoS configurations. It provides an easy way for performing and managing QoS configurations.

  • Page 500: Qos Profile Configuration

    The switch generates a new QoS profile by adding user source MAC address information to the traffic classification rule defined in the existing QoS profile and then applies the new QoS profile to the port the user is connected to. Port-based QoS profile application The switch directly applies the QoS profile to the port the user is connected to.

  • Page 501: Applying A Qos Profile

    II. Configuration procedure Follow these steps to configure a QoS profile: To do… Use the command… Remarks Enter system view system-view — Required Create a QoS profile If the specified QoS and enter QoS profile qos-profile profile-name profile already exists, view you enter the QoS profile view directly.

  • Page 502: Displaying And Maintaining Qos Profile Configuration

    To do… Use the command… Remarks Specify the Optional port-based qos-profile port-based User-based by default mode 802.1x authentication mode is MAC-based, the Configure dynamic QoS profile application mode dynamic must be configured Specify the as user-based. profile undo qos-profile user-based application 802.1x port-based...

  • Page 503: Configuration Example

    2.3 Configuration Example 2.3.1 QoS Profile Configuration Example I. Network requirements All departments of a company are interconnected through a switch. The 802.1x protocol is used to authenticate users and control their access to network resources. As shown in Figure 2-1, a user name is someone, and the authentication password is hello.
  • Page 504 [Sysname-radius-radius1] key authentication money [Sysname-radius-radius1] key accounting money # Configure the switch to delete the user domain name from the user name and then send the user name to the RADIUS sever. [Sysname-radius-radius1] user-name-format without-domain [Sysname-radius-radius1] quit # Create the user domain test.net and specify radius1 as its RADIUS server group. [Sysname] domain test.net [Sysname-isp-test.net] radius-scheme radius1 [Sysname-isp-test.net] quit...
  • Page 505 Operation Manual – Mirroring H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Mirroring Configuration ....................1-1 1.1 Mirroring Overview......................1-1 1.1.1 Local Port Mirroring....................1-2 1.1.2 Remote Port Mirroring..................... 1-2 1.1.3 MAC-Based Mirroring....................1-4 1.1.4 VLAN-Based Mirroring .................... 1-4 1.1.5 Traffic Mirroring .......................

  • Page 506: Chapter 1 Mirroring Configuration

    Operation Manual – Mirroring H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Mirroring Configuration Chapter 1 Mirroring Configuration When configuring mirroring, go to these sections for information you are interested in: Mirroring Overview Mirroring Configuration Displaying Port Mirroring Mirroring Configuration Examples 1.1 Mirroring Overview...

  • Page 507: Local Port Mirroring

    Operation Manual – Mirroring H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Mirroring Configuration 1.1.1 Local Port Mirroring In local port mirroring, packets passing through one or more source ports of a device are copied to the destination port on the same device for packet analysis and monitoring.
  • Page 508 Operation Manual – Mirroring H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Mirroring Configuration The destination switch is where the monitor port is located. The destination switch forwards the mirrored traffic flows it received from the remote-probe VLAN to the monitoring device through the destination port.

  • Page 509: Qos-Qos Profile

    Operation Manual – Mirroring H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Mirroring Configuration 1.1.3 MAC-Based Mirroring With MAC-based mirroring configured, a device mirrors packets matching the specified MAC address to the destination port, including: Packets with the source MAC address matching the specified MAC address.

  • Page 510: Configuring Local Port Mirroring

    Operation Manual – Mirroring H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Mirroring Configuration 1.2.1 Configuring Local Port Mirroring I. Configuration prerequisites The source port is determined and the direction in which the packets are to be mirrored is determined. The destination port is determined.

  • Page 511: Configuring Remote Port Mirroring

    Operation Manual – Mirroring H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Mirroring Configuration 1.2.2 Configuring Remote Port Mirroring Note: An S5100-SI/EI series Ethernet switch can serve as a source switch, an intermediate switch, or a destination switch in a remote port mirroring networking environment.
  • Page 512 Operation Manual – Mirroring H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Mirroring Configuration To do… Use the command… Remarks mirroring-group group-id Configure source port(s) mirroring-port for the remote source Required mirroring-port-list { both | mirroring group inbound | outbound }...
  • Page 513 Operation Manual – Mirroring H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Mirroring Configuration To do… Use the command… Remarks Configure the current remote-probe vlan VLAN as the Required enable remote-probe VLAN Return to system view quit — Enter the view of the...

  • Page 514: Configuring Mac-Based Mirroring

    Operation Manual – Mirroring H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Mirroring Configuration To do… Use the command… Remarks Configure trunk port to port trunk permit vlan permit packets from the Required remote-probe-vlan-id remote-probe VLAN Return to system view quit —...

  • Page 515: Configuring Vlan-Based Mirroring

    Operation Manual – Mirroring H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Mirroring Configuration II. Configuration procedure Table 1-6 Follow these steps to configure MAC-Based mirroring: To do… Use the command… Remarks Enter system view system-view — Create a local or...

  • Page 516: Displaying Port Mirroring

    Operation Manual – Mirroring H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Mirroring Configuration The destination port is determined. II. Configuration procedure Table 1-7 Follow these steps to configure VLAN-Based mirroring: To do… Use the command… Remarks Enter system view system-view —...

  • Page 517: Mirroring Configuration Examples

    Operation Manual – Mirroring H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Mirroring Configuration 1.4 Mirroring Configuration Examples 1.4.1 Local Port Mirroring Configuration Example I. Network requirements The departments of a company connect to each other through S5100 Ethernet switches: Research and Development (R&D) department is connected to Switch C through GigabitEthernet 1/0/1.

  • Page 518: Remote Port Mirroring Configuration Example

    Operation Manual – Mirroring H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Mirroring Configuration [Sysname] mirroring-group mirroring-port GigabitEthernet 1/0/1 GigabitEthernet 1/0/2 both [Sysname] mirroring-group 1 monitor-port GigabitEthernet 1/0/3 # Display configuration information about local mirroring group 1. [Sysname] display mirroring-group 1...
  • Page 519 Operation Manual – Mirroring H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Mirroring Configuration On Switch C, create a remote destination mirroring group, configure VLAN 10 as the remote-probe VLAN, and configure GigabitEthernet 1/0/2 connected with the data detection device as the destination port.
  • Page 520 Operation Manual – Mirroring H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Mirroring Configuration mirroring-group 1: type: remote-source status: active mirroring port: GigabitEthernet1/0/1 inbound GigabitEthernet1/0/2 inbound mirroring mac: mirroring vlan: reflector port: GigabitEthernet1/0/4 remote-probe vlan: 10 Configure the intermediate switch (Switch B) # Configure VLAN 10 as the remote-probe VLAN.
  • Page 521 Operation Manual – Mirroring H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Mirroring Configuration # Configure GigabitEthernet 1/0/1 as the trunk port, allowing packets of VLAN 10 to pass. [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port link-type trunk [Sysname-GigabitEthernet1/0/1] port trunk permit vlan 10 [Sysname-GigabitEthernet1/0/1] quit # Display configuration information about remote destination mirroring group 1.
  • Page 522 Operation Manual – ARP H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ARP Configuration....................... 1-1 1.1 Introduction to ARP......................1-1 1.1.1 ARP Function ......................1-1 1.1.2 ARP Message Format..................... 1-1 1.1.3 ARP Table ....................... 1-3 1.1.4 ARP Process ......................

  • Page 523: Chapter 1 Arp Configuration

    Operation Manual – ARP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ARP Configuration Chapter 1 ARP Configuration When configuring ARP, go to these sections for information you are interested in: Introduction to ARP Configuring ARP Configuring Gratuitous ARP Displaying and Debugging ARP ARP Configuration Examples 1.1 Introduction to ARP...
  • Page 524 Operation Manual – ARP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ARP Configuration Hardware type (16 bits) Hardware type (16 bits) Hardware type (16 bits) Protocol type (16 bits) Protocol type (16 bits) Length of hardware address Length of protocol address...

  • Page 525: Arp Table

    Operation Manual – ARP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ARP Configuration Table 1-2 Description on the values of the hardware type field Value Description Ethernet Experimental Ethernet X.25 Proteon ProNET (Token Ring) Chaos IEEE802.X ARC network 1.1.3 ARP Table In an Ethernet, the MAC addresses of two hosts must be available for the two hosts to communicate with each other.

  • Page 526: Arp Process

    Operation Manual – ARP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ARP Configuration 1.1.4 ARP Process Figure 1-2 ARP process Suppose that Host A and Host B are on the same subnet and that Host A sends a message to Host B. The resolution process is as follows: Host A looks in its ARP mapping table to see whether there is an ARP entry for Host B.
  • Page 527 Operation Manual – ARP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ARP Configuration is not the real one. This can reduce the ARP traffic in the network, but it also makes ARP spoofing possible. Figure 1-3, Host A communicates with Host C through a switch. To intercept the...

  • Page 528: Introduction To Gratuitous Arp

    Operation Manual – ARP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ARP Configuration With trusted ports configured, ARP packets coming from the trusted ports will not be checked, while those from other ports will be checked through the DHCP snooping table or the manually configured IP binding table.

  • Page 529: Configuring Arp Attack Detection

    Operation Manual – ARP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ARP Configuration To do… Use the command… Remarks Enable the ARP entry checking function (that is, Optional disable the switch from arp check enable learning ARP entries with Enabled by default.

  • Page 530: Configuring Gratuitous Arp

    Operation Manual – ARP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ARP Configuration To do… Use the command… Remarks Optional By default, a port is an ARP Configure the port as untrusted port. arp detection trust an ARP trusted port...

  • Page 531: Displaying And Debugging Arp

    Operation Manual – ARP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ARP Configuration To do… Use the command… Remarks Enter system view system-view — Enable the gratuitous Optional gratuitous-arp-learning ARP packet learning enable Enabled by default. function Note: The sending of gratuitous ARP packets is enabled as long as an S5100-SI/EI switch operates.

  • Page 532: Arp Configuration Examples

    Operation Manual – ARP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ARP Configuration 1.5 ARP Configuration Examples 1.5.1 ARP Basic Configuration Example I. Network requirements Disable ARP entry check on the switch. Set the aging time for dynamic ARP entries to 10 minutes.
  • Page 533 Operation Manual – ARP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 ARP Configuration II. Network diagram Figure 1-4 ARP attack detection and packet rate limit configuration III. Configuration procedure # Enable DHCP snooping on Switch A. <SwitchA> system-view [SwitchA] dhcp-snooping # Specify GigabitEthernet 1/0/1 as the DHCP snooping trusted port and the ARP trusted port.

  • Page 534: Stack-Cluster

    Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Stack ..........................1-1 1.1 Stack Function Overview ....................1-1 1.1.1 The Main Switch of a Stack..................1-1 1.1.2 The Slave Switches of a Stack................1-1 1.1.3 Creating a Stack......................

  • Page 535: Chapter 1 Stack

    Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Stack Chapter 1 Stack Note: Among S5100-EI series switches, S5100-26C-EI, S5100-26C-PWR-EI, S5100-50C-EI, and S5100-50C-PWR-EI switches support stacks formed by 10GE stack boards. 1.1 Stack Function Overview A stack is a management domain formed by a group of Ethernet switches interconnected through their stack ports.

  • Page 536: Creating A Stack

    The following are the phases undergone when a stack is created. Connect the intended main switch and slave switches through stack modules and dedicated stack cables. (Refer to H3C S5100 Series Ethernet Switches Installation Manual for the information about stack modules and stack cables.) Configure the IP address pool for the stack and enable the stack function.

  • Page 537: Switching To Slave Switch View

    Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Stack As for the stack-related configurations performed on a main switch, note that: After a stack is created, the main switch automatically adds the switches connected to its stack ports to the stack.

  • Page 538: Slave Switch Configuration

    Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Stack Table 1-3 Quit slave switch view Operation Command Description You can quit slave switch view Quit slave switch quit only by executing this command view in user view of a slave switch.

  • Page 539: Stack Configuration Example

    Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Stack 1.5 Stack Configuration Example I. Network requirements Connect Switch A, Switch B and Switch C with each other through their stack ports to form a stack, in which Switch A acts as the main switch, while Switches B and C act as slave switches.
  • Page 540 Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Stack <stack_0.Sysname> display stacking members Member number: 0 Name:stack_0.Sysname Device: S5100EI MAC Address:000f-e20f-c43a Member status:Admin IP: 129.10.1.15 /16 Member number: 1 Name:stack_1.Sysname Device: S5100EI MAC Address: 000f-e200-3130 Member status:Up IP: 129.10.1.16/16...

  • Page 541: Chapter 2 Cluster

    Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster Chapter 2 Cluster 2.1 Cluster Overview 2.1.1 Introduction to HGMP A cluster contains a group of switches. Through cluster management, you can manage multiple geographically dispersed in a centralized way.

  • Page 542: Roles In A Cluster

    Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster It eases the configuration and management of multiple switches: You just need to configure a public IP address for the management device instead of for all the devices in the cluster; and then you can configure and manage all the member devices through the management device without the need to log onto them one by one.

  • Page 543: How A Cluster Works

    Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster Figure 2-2 illustrates the state machine of cluster role. Figure 2-2 State machine of cluster role A candidate device becomes a management device when you create a cluster on it.
  • Page 544 Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster Cluster management involves topology information collection establishment/maintenance of a cluster. Topology information collection and cluster establishment/maintenance are independent from each other. The former, as described below, starts before a cluster is established.
  • Page 545 Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster management device or the network management software to implement required functions. When a member device detects a change on its neighbors through its NDP table, it informs the management device through handshake packets, and the management device triggers its NTDP to perform specific topology collection, so that its NTDP can discover topology changes timely.
  • Page 546 Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster III. Introduction to Cluster A cluster must have one and only one management device. Note the following when creating a cluster: You need to designate a management device for the cluster. The management device of a cluster is the portal of the cluster.
  • Page 547 Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster Active Receives the Fails to receive handshake or Disconnect state handshake management is recovered packets in three packets consecutive intervals State holdtime exceeds the specified value Connect Disconnect...
  • Page 548 Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster transmits data to the management device, which then forwards the data to the external server. The management device is the default shared FTP/TFTP server for the cluster; it serves as the shared FTP/TFTP server when no shared FTP/TFTP server is configured for the cluster.
  • Page 549 Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster Locate which port on which switch initiates a network attack Determine the port and switch that a MAC address corresponds to Locate which switch in the cluster has a fault...

  • Page 550: Cluster Configuration Tasks

    Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster Note: If the queried IP address has a corresponding ARP entry, but the MAC address entry corresponding to the IP address does not exist, the trace of the device fails.
  • Page 551 Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster Operation Description Related section Configure cluster Required Section 2.2.1 VII. parameters Configure interaction for Optional Section 2.2.1 VIII. the cluster Note: To reduce the risk of being attacked by malicious users against opened socket and...
  • Page 552 Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster III. Configuring NDP-related parameters Table 2-5 Configure NDP-related parameters Operation Command Description Enter system view system-view — Optional Configure the holdtime of ndp timer aging By default, the holdtime of...
  • Page 553 Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster Operation Command Description Optional Configure the port forward ntdp timer port-delay delay of topology By default, the port time collection requests forward delay is 20 ms. Optional Configure the interval to...
  • Page 554 Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster Operation Command Description Required Build a cluster build name name: cluster name. Required Configure a multicast By default, the cluster MAC address for the cluster-mac H-H-H multicast MAC address is cluster 0180-C200-000A.

  • Page 555: Configuring Member Devices

    Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster VIII. Configuring inside-outside interaction for a cluster Table 2-11 Configure inside-outside interaction for a cluster Operation Command Description Enter system view system-view — Enter cluster view cluster Required...
  • Page 556 Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster Note: To reduce the risk of being attacked by malicious users against opened socket and enhance switch security, the S5100 series Ethernet switches provide the following functions, so that a cluster socket is opened only when it is needed:...

  • Page 557: Managing A Cluster Through The Management Device

    Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster III. Enabling NTDP globally and on a specific port Table 2-14 Enable NTDP globally and a specific port Operation Command Description Enter system view system-view — Enable NTDP globally...

  • Page 558: Configuring The Enhanced Cluster Features

    Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster Table 2-17 Manage a cluster through management device Operation Command Description Enter system view system-view — Enter cluster view cluster — Configuring MAC address administrator-address Optional of Management device...
  • Page 559 Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster With the display cluster current-topology command, the switch can display the topology of the current cluster in a tree structure. The output formats include: Display the tree structure three layers above or below the specified node.
  • Page 560 Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster Table 2-19 Configure cluster topology management function Operation Command Description Enter system view system-view — Enter cluster view cluster — topology accept { all [ save-to Check the current topology...

  • Page 561: Displaying And Maintaining Cluster Configuration

    Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster Operation Command Description Delete the specified MAC black-list delete-mac address from the cluster Optional mac-address blacklist Delete a device from the delete-member cluster add this device to member-id...

  • Page 562: Cluster Configuration Example

    Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster Operation Command Description You can execute reset ndp statistics the reset Clear the statistics on NDP ports [ interface port-list ] command in user view. 2.4 Cluster Configuration Example 2.4.1 Basic Cluster Configuration Example...
  • Page 563 Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster III. Configuration procedure Configure the member devices (taking one member as an example) # Enable NDP globally and on Ethernet1/0/1. <Sysname> system-view [Sysname] ndp enable [Sysname] interface Ethernet 1/0/1...
  • Page 564 Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster [Sysname] ntdp hop 2 # Set the member device forward delay for topology collection requests to 150 ms. [Sysname] ntdp timer hop-delay 150 # Set the member port forward delay for topology collection requests to 15 ms.

  • Page 565: Enhanced Cluster Feature Configuration Example

    Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster <aaa_1.Sysname> ftp cluster # Download the file named aaa.txt from the shared TFTP server of the cluster to the member device. <aaa_1.Sysname> tftp cluster get aaa.txt # Upload the file named bbb.txt from the member device to the shared TFTP server of the cluster.
  • Page 566 Operation Manual – Stack-Cluster H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Cluster II. Network diagram Figure 2-5 Network diagram for the enhanced cluster feature configuration III. Configuration procedure # Enter cluster view. <aaa_0.Sysname> system-view [aaa_0.Sysname] cluster # Add the MAC address 0001-2034-a0e5 to the cluster blacklist.

  • Page 567: Snmp-Rmon

    Operation Manual – SNMP-RMON H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 SNMP Configuration....................1-1 1.1 SNMP Overview......................... 1-1 1.1.1 SNMP Operation Mechanism.................. 1-1 1.1.2 SNMP Versions ....................... 1-2 1.1.3 Supported MIBs....................... 1-2 1.2 Configuring Basic SNMP Functions................... 1-3 1.3 Configuring Trap-Related Functions..................

  • Page 568: Chapter 1 Snmp Configuration

    Operation Manual – SNMP-RMON H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SNMP Configuration Chapter 1 SNMP Configuration When configuring SNMP, go to these sections for information you are interested in: SNMP Overview Configuring Basic SNMP Functions Configuring Trap-Related Functions Enabling Logging for Network Management...

  • Page 569: Snmp Versions

    Operation Manual – SNMP-RMON H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SNMP Configuration 1.1.2 SNMP Versions Currently, SNMP agent on a switch supports SNMPv3, and is compatible with SNMPv1 and SNMPv2c. SNMPv3 adopts user name and password authentication. SNMPv1 and SNMPv2c adopt community name authentication. The SNMP packets containing invalid community names are discarded.

  • Page 570: Configuring Basic Snmp Functions

    Operation Manual – SNMP-RMON H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SNMP Configuration 1.2 Configuring Basic SNMP Functions SNMPv3 configuration is quite different from that of SNMPv1 and SNMPv2c. Therefore, the configuration of basic SNMP functions is described by SNMP versions, as listed in the following two tables.
  • Page 571 Operation Manual – SNMP-RMON H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SNMP Configuration To do… Use the command… Remarks Optional Set the maximum size of an snmp-agent packet SNMP packet for SNMP agent 1,500 bytes by max-size byte-count to receive or send default.
  • Page 572 Operation Manual – SNMP-RMON H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SNMP Configuration To do… Use the command… Remarks snmp-agent Optional calculate-password Encrypt a plain-text plain-password mode This command is used if password to generate a { md5 | sha }...

  • Page 573: Configuring Trap-Related Functions

    Operation Manual – SNMP-RMON H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SNMP Configuration 1.3 Configuring Trap-Related Functions 1.3.1 Configuring Basic Trap Functions traps refer to those sent by managed devices to the NMS without request. They are used to report some urgent and important events (for example, the rebooting of managed devices).

  • Page 574: Configuring Extended Trap Function

    Operation Manual – SNMP-RMON H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SNMP Configuration 1.3.2 Configuring Extended Trap Function The extended trap function refers to adding “interface description” and “interface type” into the linkUp/linkDown trap. When receiving this extended trap, NMS can immediately determine which interface on the device fails according to the interface description and type.

  • Page 575: Displaying Snmp

    Operation Manual – SNMP-RMON H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SNMP Configuration 1.5 Displaying SNMP To do… Use the command… Remarks Display the SNMP display snmp-agent sys-info information about the [ contact | location | version ]* current device...
  • Page 576 Operation Manual – SNMP-RMON H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SNMP Configuration II. Network diagram Figure 1-2 Network diagram for SNMP configuration III. Network procedure # Enable SNMP agent, and set the SNMPv1 and SNMPv2c community names. <Sysname> system-view...
  • Page 577 IV. Configuring the NMS The S5100-SI/EI series Ethernet switches support H3C’s QuidView NMS. SNMPv3 adopts user name and password authentication. When you use H3C’s QuidView NMS, you need to set user names and choose the security level in [Quidview Authentication Parameter].

  • Page 578: Chapter 2 Rmon Configuration

    Operation Manual – SNMP-RMON H3C S5100-SI/EI Series Ethernet Switches Chapter 2 RMON Configuration Chapter 2 RMON Configuration When configuring RMON, go to these sections for information you are interested in: Introduction to RMON RMON Configuration Displaying RMON RMON Configuration Example 2.1 Introduction to RMON...

  • Page 579: Commonly Used Rmon Groups

    (instead of all the information in the RMON MIB): alarm group, event group, history group, and statistics group. An H3C S5100-SI/EI Ethernet switch implements RMON in the second way. With an RMON agent embedded in, an S5100-SI/EI Ethernet switch can serve as a network device with the RMON probe function.

  • Page 580: Multicast

    Operation Manual – SNMP-RMON H3C S5100-SI/EI Series Ethernet Switches Chapter 2 RMON Configuration Sampling the alarm variables referenced in the defined extended alarm expressions periodically Performing operations on the samples according to the defined expressions Comparing the operation results with the thresholds and triggering corresponding events if the operation result exceeds the thresholds.
  • Page 581 Operation Manual – SNMP-RMON H3C S5100-SI/EI Series Ethernet Switches Chapter 2 RMON Configuration To do… Use the command… Remarks Optional rmon alarm entry-number Before adding an alarm alarm-variable sampling-time { delta entry, you need to use the Add an alarm...

  • Page 582: Displaying Rmon

    Operation Manual – SNMP-RMON H3C S5100-SI/EI Series Ethernet Switches Chapter 2 RMON Configuration 2.3 Displaying RMON To do… Use the command… Remarks display rmon statistics [ interface-type Display RMON statistics interface-number | unit unit-number ] Display RMON history display rmon history [ interface-type...
  • Page 583 Operation Manual – SNMP-RMON H3C S5100-SI/EI Series Ethernet Switches Chapter 2 RMON Configuration [Sysname] rmon event 1 log [Sysname] rmon event 2 trap 10.21.30.55 # Add an entry numbered 2 to the extended alarm table to allow the system to calculate the alarm variables with the (.1.3.6.1.2.1.16.1.1.1.9.1+.1.3.6.1.2.1.16.1.1.1.10.1)
  • Page 584 Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Multicast Overview ...................... 1-1 1.1 Multicast Overview......................1-1 1.1.1 Information Transmission in the Unicast Mode............1-1 1.1.2 Information Transmission in the Broadcast Mode........... 1-2 1.1.3 Information Transmission in the Multicast Mode.............
  • Page 585 Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Table of Contents Chapter 3 Common Multicast Configuration................3-1 3.1 Common Multicast Configuration..................3-1 3.1.1 Configuring a Multicast MAC Address Entry............3-1 3.1.2 Configuring Dropping Unknown Multicast Packets ..........3-2 3.2 Displaying Common Multicast Configuration..............3-2...

  • Page 586: Chapter 1 Multicast Overview

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Multicast Overview Chapter 1 Multicast Overview 1.1 Multicast Overview With development of networks on the Internet, more and more interaction services such as data, voice, and video services are running on the networks. In addition, highly bandwidth- and time-critical services, such as e-commerce, Web conference, online auction, video on demand (VoD), and tele-education have come into being.

  • Page 587: Information Transmission In The Broadcast Mode

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Multicast Overview information, when a large number of users need this information, the server must send many pieces of information with the same content to the users. Therefore, the limited bandwidth becomes the bottleneck in information transmission.
  • Page 588 Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Multicast Overview users. When the number of users requiring information is not certain, unicast and broadcast deliver a low efficiency. Multicast solves this problem. When some users on a network require specified information, the multicast information sender (namely, the multicast source) sends the information only once.

  • Page 589: Roles In Multicast

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Multicast Overview 1.1.4 Roles in Multicast The following roles are involved in multicast transmission: An information sender is referred to as a multicast source (“Source” in Figure 1-3). Each receiver is a multicast group member (“Receiver” in Figure 1-3).

  • Page 590: Multicast Models

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Multicast Overview Optimal performance: Multicast reduces redundant traffic. Distributive application: Multicast makes multiple-point application possible. II. Application of multicast The multicast technology effectively addresses the issue of point-to-multipoint data transmission.

  • Page 591: Multicast Architecture

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Multicast Overview The radical difference between the SSM model and the ASM model is that in the SSM model, receivers already know the locations of the multicast sources by some means.
  • Page 592 Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Multicast Overview I. IP multicast address Internet Assigned Numbers Authority (IANA) categorizes IP addresses into five classes: A, B, C, D, and E. Unicast packets use IP addresses of Class A, B, and C based on network scales.
  • Page 593 Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Multicast Overview Class D address range Description Available source-specific multicast (SSM) 232.0.0.0 to 232.255.255.255 multicast group addresses. Administratively scoped multicast addresses, 239.0.0.0 to 239.255.255.255 which are for specific local use only.
  • Page 594 Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Multicast Overview Note: Like having reserved the private network segment 10.0.0.0/8 for unicast, IANA has also reserved the network segment 239.0.0.0/8 for multicast. These are administratively scoped addresses. With the administratively scoped addresses, you can define the...

  • Page 595: Multicast Protocols

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Multicast Overview 1.3.1 Multicast Protocols Note: Generally, we refer to IP multicast working at the network layer as Layer 3 multicast and the corresponding multicast protocols as Layer 3 multicast protocols, which include IGMP, PIM, and MSDP;...
  • Page 596 Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Multicast Overview Multicast routing protocols A multicast routing protocol runs on Layer 3 multicast devices to establish and maintain multicast routes and forward multicast packets correctly and efficiently. Multicast routes constitute a loop-free data transmission path from a data source to multiple receivers, namely a multicast distribution tree.

  • Page 597: Multicast Packet Forwarding Mechanism

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Multicast Overview groups by listening to and analyzing IGMP messages exchanged between the hosts and Layer 3 multicast devices, thus effectively controlling the flooding of multicast data in a Layer 2 network.

  • Page 598: Rpf Check

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Multicast Overview If no corresponding (S, G) entry exists in the multicast forwarding table, the packet is also subject to an RPF check. The router creates an (S, G) entry based on the relevant routing information and using the RPF interface as the incoming interface, and installs the entry into the multicast forwarding table.
  • Page 599 Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Multicast Overview A multicast packet from Source arrives to VLAN-interface 1 of Switch C, and the corresponding forwarding entry does not exist in the multicast forwarding table of Switch C. Switch C performs an RPF check, and finds in its unicast routing table that the outgoing interface to 192.168.0.0/24 is VLAN-interface 2.

  • Page 600: Chapter 2 Igmp Snooping Configuration

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Chapter 2 IGMP Snooping Configuration 2.1 IGMP Snooping Overview Internet Group Management Protocol Snooping (IGMP Snooping) is a multicast constraining mechanism that runs on Layer 2 devices to manage and control multicast groups.

  • Page 601: Basic Concepts In Igmp Snooping

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration 2.1.2 Basic Concepts in IGMP Snooping I. IGMP Snooping related ports As shown in Figure 2-2, Router A connects to the multicast source, IGMP Snooping runs on Switch A and Switch B, Host A and Host C are receiver hosts (namely, multicast group members).

  • Page 602: Work Mechanism Of Igmp Snooping

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Message before Action after Timer Description expiry expiry When a port joins a multicast group, The switch the switch sets a removes this port Member port aging...
  • Page 603 Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Note: A switch will not forward an IGMP report through a non-router port for the following reason: Due to the IGMP report suppression mechanism, if member hosts of that...

  • Page 604: Igmp Snooping Configuration

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Caution: After an Ethernet switch enables IGMP Snooping, when it receives the IGMP leave message sent by a host in a multicast group, it judges whether the multicast group exists automatically.

  • Page 605: Enabling Igmp Snooping

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration 2.2.1 Enabling IGMP Snooping Table 2-3 Enable IGMP Snooping Operation Command Remarks Enter system view system-view — Required Enable IGMP Snooping By default, IGMP igmp-snooping enable...

  • Page 606: Configuring Timers

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Operation Command Remarks Optional Configure the version of igmp-snooping version The default IGMP IGMP Snooping version-number Snooping version is version 2. Caution: Before configuring related IGMP Snooping functions, you must enable IGMP Snooping in the specified VLAN.
  • Page 607 Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration specific group. If only one host is attached to the port, enable fast leave processing to improve bandwidth management. I. Enabling fast leave processing in system view...

  • Page 608: Configuring A Multicast Group Filter

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration 2.2.5 Configuring a Multicast Group Filter On an IGMP Snooping-enabled switch, the configuration of a multicast group allows the service provider to define restrictions on multicast programs available to different users.

  • Page 609: Configuring The Maximum Number Of Multicast Groups On A Port

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Note: A port can belong to multiple VLANs, you can configure only one ACL rule per VLAN on a port. If no ACL rule is configured, all the multicast groups will be filtered.

  • Page 610: Configuring Igmp Querier

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Note: To prevent bursting traffic in the network or performance deterioration of the device caused by excessive multicast groups, you can set the maximum number of multicast groups that the switch should process.

  • Page 611: Suppressing Flooding Of Unknown Multicast Traffic In A Vlan

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Operation Command Remarks Optional Configure the interval of igmp-snooping By default, the interval of sending general queries query-interval seconds sending general queries is 60 seconds. Optional...

  • Page 612: Configuring A Static Router Port

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration I. In Ethernet port view Table 2-13 Configure a static multicast group member port in Ethernet port view Operation Command Remarks Enter system view system-view —...

  • Page 613: Configuring A Port As A Simulated Group Member

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Operation Command Remarks Required multicast Configure the current port static-router-port vlan By default, no static router as a static router port vlan-id port is configured. II. In VLAN view...

  • Page 614: Configuring A Vlan Tag For Query Messages

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Table 2-17 Configure a port as a simulated group member Operation Command Remarks Enter system view system-view — interface interface-type Enter Ethernet port view — interface-number...

  • Page 615: Configuring Multicast Vlan

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Note: It is not recommended to configure this function while the multicast VLAN function is in effect. 2.2.13 Configuring Multicast VLAN In traditional multicast implementations, when users in different VLANs listen to the same multicast group, the multicast data is copied on the multicast router for each VLAN that contains receivers.
  • Page 616 Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Operation Command Remarks port hybrid vlan Required vlan-id-list { tagged | The multicast VLAN untagged } defined on the Layer 2 Specify the VLANs to be...

  • Page 617: Displaying And Maintaining Igmp Snooping

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Note: One port can belong to only one multicast VLAN. The port connected to a user terminal must be a hybrid port. The multicast member ports must be in the same VLAN with the router port.

  • Page 618: Igmp Snooping Configuration Examples

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration 2.4 IGMP Snooping Configuration Examples 2.4.1 Configuring IGMP Snooping I. Network requirements To prevent multicast traffic from being flooded at Layer 2, enable IGMP snooping on Layer 2 switches.
  • Page 619 Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration [RouterA-GigabitEthernet1/0/1] igmp enable [RouterA-GigabitEthernet1/0/1] quit [RouterA] interface GigabitEthernet 1/0/2 [RouterA-GigabitEthernet1/0/2] pim dm [RouterA-GigabitEthernet1/0/2] quit Configure Switch A # Enable IGMP Snooping globally. <SwitchA> system-view [SwitchA] igmp-snooping enable Enable IGMP-Snooping ok.

  • Page 620: Configuring Multicast Vlan

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration 2.4.2 Configuring Multicast VLAN I. Network requirements As shown in Figure 2-4, Workstation is a multicast source. Switch A forwards multicast data from the multicast source. A Layer 2 switch, Switch B forwards the multicast data to the end users Host A and Host B.
  • Page 621 Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration II. Network diagram Figure 2-4 Network diagram for multicast VLAN configuration III. Configuration procedure The following configuration is based on the prerequisite that the devices are properly connected and all the required IP addresses are already configured.

  • Page 622: Troubleshooting Igmp Snooping

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Configure Switch B: # Enable the IGMP Snooping feature on Switch B. <SwitchB> system-view [SwitchB] igmp-snooping enable # Configure VLAN 10 as the multicast VLAN and enable IGMP Snooping on it.
  • Page 623 Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Use the display current-configuration command to check the status of IGMP Snooping. If IGMP Snooping is disabled, check whether it is disabled globally or in the specific VLAN.

  • Page 624: Chapter 3 Common Multicast Configuration

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Common Multicast Configuration Chapter 3 Common Multicast Configuration 3.1 Common Multicast Configuration 3.1.1 Configuring a Multicast MAC Address Entry In Layer 2 multicast, the system can add multicast forwarding entries dynamically through a Layer 2 multicast protocol.

  • Page 625: Configuring Dropping Unknown Multicast Packets

    Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Common Multicast Configuration Note: If the multicast MAC address entry to be created already exists, the system gives you a prompt. If you want to add a port to a multicast MAC address entry created through the mac-address multicast command, you need to remove the entry first, create this entry again, and then add the specified port to the forwarding ports of this entry.
  • Page 626 Operation Manual – Multicast H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Common Multicast Configuration Table 3-4 Display common multicast configuration Operation Command Remarks display mac-address Display the created multicast [ static You can execute the multicast MAC table { { { mac-address vlan vlan-id |...
  • Page 627 Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 NTP Configuration ....................... 1-1 1.1 Introduction to NTP......................1-1 1.1.1 Applications of NTP....................1-1 1.1.2 Implementation Principle of NTP................1-2 1.1.3 NTP Implementation Modes..................1-4 1.2 NTP Configuration Task List....................

  • Page 628: Chapter 1 Ntp Configuration

    Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration Chapter 1 NTP Configuration When configuring NTP, go to these sections for information you are interested in: Introduction to NTP NTP Configuration Task List Configuring NTP Implementation Modes...

  • Page 629: Implementation Principle Of Ntp

    Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration To perform incremental backup operations between a backup server and a host, you must make sure they adopt the same time. NTP has the following advantages: Defining the accuracy of clocks by stratum to synchronize the clocks of all devices...
  • Page 630 Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration NTP message 10:00:00 am IP network Device A Device B NTP message 10:00:00 am 11:00:01 am IP network Device B Device A NTP message 10:00:00 am 11:00:01 am...

  • Page 631: Ntp Implementation Modes

    Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration 1.1.3 NTP Implementation Modes According to the network structure and the position of the local Ethernet switch in the network, the local Ethernet switch can work in multiple NTP modes to synchronize the clock.
  • Page 632 Figure 1-4 Broadcast mode IV. Multicast mode Figure 1-5 Multicast mode Table 1-1 describes how the above mentioned NTP modes are implemented on H3C S5100-SI/EI series Ethernet switches. Table 1-1 NTP implementation modes on H3C S5100-SI/EI series Ethernet switches NTP implementation mode...

  • Page 633: Ntp Configuration Task List

    The NTP server mode, NTP broadcast mode, or NTP multicast mode takes effect only after the local clock of the H3C S5100-SI/EI Ethernet switch has been synchronized. When symmetric peer mode is configured on two Ethernet switches, to synchronize the clock of the two switches, make sure at least one switch’s clock has been...

  • Page 634: Configuring Ntp Implementation Modes

    Note: To protect unused sockets against attacks by malicious users and improve security, H3C S5100-SI/EI series Ethernet switches provide the following functions: UDP port 123 is opened only when the NTP feature is enabled. UDP port 123 is closed as the NTP feature is disabled.

  • Page 635: Configuring The Ntp Symmetric Peer Mode

    Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration Follow these steps to configure an NTP client: To do… Use the command… Remarks Enter system view system-view — ntp-service unicast-server Required { remote-ip | server-name }...

  • Page 636: Configuring Ntp Broadcast Mode

    255.255.255.255. The switches working in the NTP broadcast client mode will respond to the NTP messages, so as to start the clock synchronization. An H3C S5100-SI/EI series Ethernet switch can work as a broadcast server or a broadcast client.

  • Page 637: Configuring Ntp Multicast Mode

    The switches working in the NTP multicast client mode will respond to the NTP messages, so as to start the clock synchronization. An H3C S5100-SI/EI series Ethernet switch can work as a multicast server or a multicast client. Refer to for configuring a switch to work in the NTP multicast server mode.

  • Page 638: Configuring Access Control Right

    Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration Note: A multicast server can synchronize multicast clients only after its clock has been synchronized. An S5100-SI/EI series switch working in the multicast server mode supports up to 1,024 multicast clients.

  • Page 639: Configuration Prerequisites

    Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration synchronization: Synchronization right. This level of right permits the peer device to synchronize its clock to the local switch but does not permit the peer device to perform control query.

  • Page 640: Configuration Prerequisites

    Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration authentication. This improves network security. Table 1-2 shows the roles of devices in the NTP authentication function. Table 1-2 Description on the roles of devices in NTP authentication function...

  • Page 641: Configuration Procedure

    Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration 1.5.2 Configuration Procedure I. Configuring NTP authentication on the client Follow these steps to configure NTP authentication on the client: To do… Use the command… Remarks Enter system view system-view —...
  • Page 642 Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration To do… Use the command… Remarks ntp-service Required authentication-keyid Configure an NTP By default, no NTP key-id authentication key authentication key is authentication-mode md5 configured. value Required...

  • Page 643: Configuring Optional Ntp Parameters

    Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration 1.6 Configuring Optional NTP Parameters Complete the following tasks to configure optional NTP parameters: Task Remarks Configuring an Interface on the Local Switch to Send NTP Optional...

  • Page 644: Disabling An Interface From Receiving Ntp Messages

    Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration symmetric-passive peer side; In the broadcast or multicast mode, static associations will be created at the server side, and dynamic associations will be created at the client side.

  • Page 645: Configuration Examples

    Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration 1.8 Configuration Examples 1.8.1 Configuring NTP Server/Client Mode I. Network requirements The local clock of Device A (a switch) is to be used as a master clock, with the stratum level of 2.

  • Page 646: Configuring Ntp Symmetric Peer Mode

    Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration Reference clock ID: 1.0.1.11 Nominal frequency: 60.0002 Hz Actual frequency: 60.0002 Hz Clock precision: 2^18 Clock offset: 0.66 ms Root delay: 27.47 ms Root dispersion: 208.39 ms Peer dispersion: 9.63 ms...
  • Page 647 Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration II. Network diagram Device A 3.0.1.31/24 3.0.1.32/24 3.0.1.33/24 Device B Device C Figure 1-7 Network diagram for NTP peer mode configuration III. Configuration procedure Configure Device C.

  • Page 648: Configuring Ntp Broadcast Mode

    Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration Peer dispersion: 9.63 ms Reference time: 17:03:32.022 UTC Apr 2 2007 (BF422AE4.05AEA86C) The output information indicates that the clock of Device C is synchronized to that of Device B and the stratum level of its local clock is 2, one level lower than Device B.
  • Page 649 Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration III. Configuration procedure Configure Device C. # Enter system view. <DeviceC> system-view # Set Device C as the broadcast server, which sends broadcast messages through VLAN-interface 2.

  • Page 650: Configuring Ntp Multicast Mode

    Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration source reference stra reach poll now offset delay disper ************************************************************************** [1234]3.0.1.31 127.127.1.0 26.1 199.53 note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured Total associations : 1.8.4 Configuring NTP Multicast Mode I.
  • Page 651 Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration Configure Device A (perform the same configuration on Device D). # Enter system view. <DeviceA> system-view # Set Device A as a multicast client to listen to multicast messages through VLAN-interface 2.

  • Page 652: Configuring Ntp Server/Client Mode With Authentication

    Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration 1.8.5 Configuring NTP Server/Client Mode with Authentication I. Network requirements The local clock of Device A is set as the NTP master clock, with a clock stratum level of 2.
  • Page 653 Operation Manual – NTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 NTP Configuration # Enable the NTP authentication function. <DeviceA> system-view [DeviceA] ntp-service authentication enable # Configure an MD5 authentication key, with the key ID being 42 and the key being aNiceKey.
  • Page 654 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 SSH Configuration....................... 1-1 1.1 SSH Overview........................1-1 1.1.1 Introduction to SSH ....................1-1 1.1.2 Algorithm and Key....................1-1 1.1.3 SSH Operating Process ..................1-2 1.2 SSH Server and Client.......................

  • Page 655: Chapter 1 Ssh Configuration

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Chapter 1 SSH Configuration When configuring SSH, go to these sections for information you are interested: SSH Overview SSH Server and Client Displaying and Maintaining SSH Configuration...

  • Page 656: Ssh Operating Process

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration There are two types of key algorithms: Symmetric key algorithm The same key is used for both encryption and decryption. Supported symmetric key algorithms include DES, 3DES, and AES, which can effectively prevent data eavesdropping.
  • Page 657 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Table 1-1 Stages in establishing a session between the SSH client and server Stages Description SSH1 and SSH2 are supported. The two parties Version negotiation negotiate a version to use.
  • Page 658 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Note: All the packets above are transferred in plain text. II. Key negotiation The server and the client send algorithm negotiation packets to each other, which contain public key algorithm lists supported by the server and the client, encrypted algorithm list, message authentication code (MAC) algorithm list, and compressed algorithm list.

  • Page 659: Ssh Server And Client

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration server verifies the public key. If the public key is invalid, the authentication fails; otherwise, the server generates a digital signature to authenticate the client, and then sends back a message to inform the success or failure of the authentication. ...
  • Page 660 The H3C switch acts as the SSH server to cooperate with software that supports the SSH client functions. The H3C switch acts as the SSH server to cooperate with another H3C switch that acts as an SSH client. Complete the following tasks to configure the SSH server and clients:...

  • Page 661: Configuring The Ssh Server

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration 1.3 Configuring the SSH Server The session establishment between an SSH client and the SSH server involves five stages. Similarly, SSH server configuration involves five aspects, as shown in the following table.

  • Page 662: Configuring The User Interfaces For Ssh Clients

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Note: The SSH server needs to cooperate with an SSH client to complete the interactions between them. For SSH client configuration, refer to Configuring the SSH Client.

  • Page 663: Configuring The Ssh Management Functions

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration 1.3.2 Configuring the SSH Management Functions The SSH server provides a number of management functions to prevent illegal operations such as malicious password guess, guaranteeing the security of SSH connections.

  • Page 664: Configuring The Ssh Server To Be Compatible With Ssh1 Clients

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Caution: You can configure a login header only when the service type is stelnet. For configuration of service types, refer to Specifying a Service Type for an SSH User on the Server.

  • Page 665: Creating An Ssh User And Specifying An Authentication Type

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Table 1-5 Follow these steps to create key pairs: To do... Use the command... Remarks Enter system view system-view — Generate an Required public-key local create rsa...
  • Page 666 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration matching the username. If a match is found, it authenticates the user using the authentication mode specified in the attribute set. If not, it tears down the connection.

  • Page 667: Specifying A Service Type For An Ssh User On The Server

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration To do... Use the command... Remarks Note that: If both commands are used and different authentication ssh user username types are specified, the Create an SSH user, and...

  • Page 668: Configuring The Public Key Of A Client On The Server

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration The SFTP service is an extended application of SSH protocol. It uses the secure channel of SSH to perform remote FTP operations. Table 1-6 Follow these steps to specify the service type for an SSH user: To do...

  • Page 669: Assigning A Public Key To An Ssh User

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration To do... Use the command... Remarks — Enter public key edit view public-key-code begin When you input the key, spaces are allowed between the characters you input (because the system can remove the spaces automatically);...

  • Page 670: Exporting The Host Public Key To A File

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Table 1-9 Follow these steps to assign a public key for an SSH user: To do... Use the command... Remarks — Enter system view system-view Required ssh user username...

  • Page 671: Configuring The Ssh Client

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Note: With the filename argument specified, you can export the RSA or DSA host public key to a file so that you can configure the key at a remote end by importing the file. If the filename argument is not specified, this command displays the host public key information on the screen in a specified format.
  • Page 672 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Task Remarks Required for publickey authentication; Generating a client key unnecessary for password authentication Specifying the IP address of the Server Required Selecting a protocol for remote...
  • Page 673 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-3 Generate a client key (1) Note that while generating the key pair, you must move the mouse continuously and keep the mouse off the green process bar in the blue box of shown in Figure 1-4.
  • Page 674 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-4 Generate the client keys (2) After the key pair is generated, click Save public key and enter the name of the file for saving the public key (public in this case) to save the public key.
  • Page 675 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-5 Generate the client keys (3) Likewise, to save the private key, click Save private key. A warning window pops up to prompt you whether to save the private key without any precaution. Click Yes and enter the name of the file for saving the private key (“private”...
  • Page 676 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-7 Generate the client keys (5) II. Specifying the IP address of the Server Launch PuTTY.exe. The following window appears. 1-22...
  • Page 677 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-8 SSH client configuration interface 1 In the Host Name (or IP address) text box, enter the IP address of the server. Note that there must be a route available between the IP address of the server and the client.
  • Page 678 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-9 SSH client configuration interface 2 Under Protocol options, select 2 from Preferred SSH protocol version. Note: Some SSH client software, for example, Tectia client software, supports the DES algorithm only when the ssh1 version is selected.

  • Page 679: Configuring An Ssh Client Assumed By An Ssh2-Capable Switch

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration From the category on the left of the window, select Connection/SSH/Auth. The following window appears. Figure 1-10 SSH client configuration interface 3 Click Browse… to bring up the file selection window, navigate to the private key file and click Open.
  • Page 680 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration I. Configuring the SSH client for publickey authentication When the authentication mode is publickey, you need to configure the RSA or DSA public key of the client on the server:...
  • Page 681 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration To do... Use the command... Remarks Required The method of configuring Refer to Configuring the Configure server public server public key on the Public Key of a Client on...
  • Page 682 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Table 1-17 Follow these steps to establish an SSH connection: To do... Use the command... Remarks — Enter system view system-view Required In this command, you can...

  • Page 683: Displaying And Maintaining Ssh Configuration

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration 1.5 Displaying and Maintaining SSH Configuration To do... Use the command... Remarks Display the public key display public-key local { dsa | information of the current rsa } public switch’s key pairs...
  • Page 684 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Operation Original commands Current commands Generate RSA key public-key local create rsa local-key-pair create pairs public-key local destroy Destroy RSA key pairs rsa local-key-pair destroy rsa peer-public-key...

  • Page 685: Ssh Configuration Examples

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration 1.7 SSH Configuration Examples 1.7.1 When Switch Acts as Server for Local Password Authentication I. Network requirements As shown in Figure 1-11, establish an SSH connection between the host (SSH Client) and the switch (SSH Server) for secure data exchange.
  • Page 686 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration [Switch-ui-vty0-4] quit # Create local client client001, and set the authentication password to abc, protocol type to SSH, and command privilege level to 3 for the client.

  • Page 687: When Switch Acts As Server For Password And Radius Authentication

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-13 SSH client configuration interface (2) Under Protocol options, select 2 from Preferred SSH protocol version. As shown in Figure 1-13, click Open. If the connection is normal, you will be prompted to enter the user name client001 and password abc.
  • Page 688 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration II. Network diagram Figure 1-14 Switch acts as server for password and RADIUS authentication III. Configuration procedure Configure the RADIUS server Note: This document takes CAMS Version 2.10 as an example to show the basic RADIUS server configurations required.
  • Page 689 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-15 Add an access device # Add a user account for device management. From the navigation tree, select User Management > User for Device Management, and then in the right pane, click Add to enter the Add Account page and perform the following configurations: Add a user named hello, and specify the password.
  • Page 690 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit Caution: Generating the RSA and DSA key pairs on the server is prerequisite to SSH login.
  • Page 691 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Run PuTTY.exe to enter the following configuration interface. Figure 1-17 SSH client configuration interface (1) In the Host Name (or IP address) text box, enter the IP address of the SSH server.

  • Page 692: When Switch Acts As Server For Password And Hwtacacs Authentication

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-18 SSH client configuration interface (2) Under Protocol options, select 2 from Preferred SSH protocol version. Then, click Open. If the connection is normal, you will be prompted to enter the user name hello and the password.
  • Page 693 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration II. Network diagram HWTACACS server 10.1.1.1/24 Vlan-int2 192.168.1.70/24 Internet SSH user Switch Figure 1-19 Switch acts as server for password and HWTACACS authentication III. Configuration procedure Configure the SSH server # Create a VLAN interface on the switch and assign it an IP address.
  • Page 694 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration [Switch-hwtacacs-hwtac] primary authorization 10.1.1.1 49 [Switch-hwtacacs-hwtac] key authentication expert [Switch-hwtacacs-hwtac] key authorization expert [Switch-hwtacacs-hwtac] user-name-format without-domain [Switch-hwtacacs-hwtac] quit # Apply the scheme to the ISP domain. [Switch] domain bbb...

  • Page 695: When Switch Acts As Server For Publickey Authentication

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-21 SSH client configuration interface (2) Under Protocol options, select 2 from Preferred SSH protocol version. Then, click Open. If the connection is normal, you will be prompted to enter the user name client001 and the password.
  • Page 696 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration III. Configuration procedure Note: Under the publickey authentication mode, either the RSA or DSA public key can be generated for the server to authenticate the client. Here takes the RSA public key as an example.
  • Page 697 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Note: Before performing the following steps, you must generate an RSA public key pair (using the client software) on the client, save the key pair in a file named public, and then upload the file to the SSH server through FTP or TFTP.
  • Page 698 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Note: While generating the key pair, you must move the mouse continuously and keep the mouse off the green process bar shown in Figure 1-24. Otherwise, the process bar stops moving and the key pair generating process is stopped.
  • Page 699 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-25 Generate a client key pair (3) Likewise, to save the private key, click Save private key. A warning window pops up to prompt you whether to save the private key without any protection. Click Yes and enter the name of the file for saving the private key (private.ppk in this case).
  • Page 700 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration # Establish a connection with the SSH server Launch PuTTY.exe to enter the following interface. Figure 1-27 SSH client configuration interface (1) In the Host Name (or IP address) text box, enter the IP address of the server.
  • Page 701 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-28 SSH client configuration interface (2) Under Protocol options, select 2 from Preferred SSH protocol version. Select Connection/SSH/Auth. The following window appears. 1-47...

  • Page 702: When Switch Acts As Client For Password Authentication

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Figure 1-29 SSH client configuration interface (3) Click Browse to bring up the file selection window, navigate to the private key file and click OK. From the window shown in Figure 1-29, click Open.
  • Page 703 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration III. Configuration procedure Configure Switch B # Create a VLAN interface on the switch and assign an IP address, which the SSH client will use as the destination for SSH connection.

  • Page 704: When Switch Acts As Client For Publickey Authentication

    The Server is not authenticated. Do you continue to access it?(Y/N):y Do you want to save the server's public key?(Y/N):n Enter password: ************************************************************************** * Copyright(c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ************************************************************************** <SwitchB>...
  • Page 705 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration Configure Switch B # Create a VLAN interface on the switch and assign an IP address, which the SSH client will use as the destination for SSH connection.
  • Page 706 The Server is not authenticated. Do you continue to access it?(Y/N):y Do you want to save the server's public key?(Y/N):n ************************************************************************** * Copyright(c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.

  • Page 707: When Switch Acts As Client And First-Time Authentication Is Not Supported

    Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration 1.7.7 When Switch Acts as Client and First-Time Authentication is not Supported I. Network requirements As shown in Figure 1-32, establish an SSH connection between Switch A (SSH Client) and Switch B (SSH Server) for secure data exchange.
  • Page 708 Operation Manual – SSH H3C S5100-SI/EI Series Ethernet Switches Chapter 1 SSH Configuration [SwitchB-ui-vty0-4] user privilege level 3 [SwitchB-ui-vty0-4] quit # Specify the authentication type for user client001 as publickey. [SwitchB] ssh user client001 authentication-type publickey Note: Before doing the following steps, you must first generate a DSA key pair on the client and save the key pair in a file named Switch001, and then upload the file to the SSH server through FTP or TFTP.
  • Page 709 Trying 10.165.87.136 ... Press CTRL+K to abort Connected to 10.165.87.136 ... ************************************************************************** * Copyright(c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ************************************************************************** <SwitchB>...

  • Page 710: File System Management

    Operation Manual – File System Management H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 File System Management Configuration ..............1-1 1.1 File System Configuration....................1-1 1.1.1 Introduction to File System..................1-1 1.1.2 File System Configuration Tasks ................1-1 1.1.3 Directory Operations ....................

  • Page 711: Chapter 1 File System Management Configuration

    Operation Manual – File System Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 File System Management Configuration Chapter 1 File System Management Configuration 1.1 File System Configuration 1.1.1 Introduction to File System To facilitate management on the switch memory, S5100-SI/EI series Ethernet switches provide the file system function, allowing you to access and manage the files and directories.

  • Page 712: File Operations

    Operation Manual – File System Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 File System Management Configuration Table 1-2 describes the directory-related operations. Perform the following configuration in user view. Table 1-2 Directory operations To do… Use the command… Remarks...

  • Page 713: Flash Memory Operations

    Operation Manual – File System Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 File System Management Configuration To do… Use the command… Remarks copy fileurl-source Copy a file Optional fileurl-dest move fileurl-source Move a file Optional fileurl-dest Optional Display the content of a...

  • Page 714: Prompt Mode Configuration

    Operation Manual – File System Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 File System Management Configuration Caution: The format operation leads to the loss of all files, including the configuration files, on the Flash memory and is irretrievable. 1.1.6 Prompt Mode Configuration You can set the prompt mode of the current file system to alert or quiet.

  • Page 715: File Attribute Configuration

    Operation Manual – File System Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 File System Management Configuration <Sysname> copy flash:/config.cfg flash:/test/1.cfg Copy unit1>flash:/config.cfg to unit1>flash:/test/1.cfg?[Y/N]:y %Copy file unit1>flash:/config.cfg to unit1>flash:/test/1.cfg...Done. # Display the file information after the copy operation. <Sysname> dir /all Directory of unit1>flash:/...

  • Page 716: Configuring File Attributes

    Operation Manual – File System Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 File System Management Configuration The app files, configuration files, and Web files support three kinds of attributes: main, backup and none, as described in Table 1-6. Table 1-6 Descriptions on file attributes...
  • Page 717 Operation Manual – File System Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 File System Management Configuration Perform the configuration listed in Table 1-7 in user view. The display commands can be executed in any view. Table 1-7 Configure file attributes To do…...

  • Page 718: Ftp-Sftp-Tftp

    Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 FTP and SFTP Configuration..................1-1 1.1 Introduction to FTP and SFTP ................... 1-1 1.1.1 Introduction to FTP....................1-1 1.1.2 Introduction to SFTP ....................1-2 1.2 FTP Configuration......................

  • Page 719: Chapter 1 Ftp And Sftp Configuration

    FTP-based file transmission is performed in the following two modes: Binary mode for program file transfer ASCII mode for text file transfer An H3C S5100-SI/EI series Ethernet switch can act as an FTP client or the FTP server in FTP-employed data transmission:...

  • Page 720: Introduction To Sftp

    Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 FTP and SFTP Configuration Table 1-1 Roles that an H3C S5100-SI/EI series Ethernet switch acts as in FTP Item Description Remarks An Ethernet switch can operate as an FTP server to provide file transmission services for FTP clients.

  • Page 721: Ftp Configuration: A Switch Operating As An Ftp Server

    Disabled by default. Note: Only one user can access an H3C S5100-SI/EI series Ethernet switch at a given time when the latter operates as an FTP server. Operating as an FTP server, an H3C S5100-SI/EI series Ethernet switch cannot receive a file whose size exceeds its storage space.
  • Page 722 Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 FTP and SFTP Configuration Note: To protect unused sockets against attacks, the S5100-SI/EI Ethernet switch provides the following functions: TCP 21 is enabled only when you start the FTP server.
  • Page 723 Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 FTP and SFTP Configuration Follow these steps to specify the source interface and source IP address for an FTP server: To do… Use the command… Remarks Enter system view —...
  • Page 724 Chapter 1 FTP and SFTP Configuration Note: With an H3C S5100-SI/EI series Ethernet switch acting as the FTP server, if a network administrator attempts to disconnect a user that is uploading/downloading data to/from the FTP server the S5100-SI/EI Ethernet switch will disconnect the user after the data transmission is completed.

  • Page 725: Ftp Configuration: A Switch Operating As An Ftp Client

    Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 FTP and SFTP Configuration To do… Use the command… Remarks Enter system view system-view — Configure a login banner header login text Required Use either command or both. By default, no banner is...
  • Page 726 Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 FTP and SFTP Configuration To do… Use the command… Remarks Change the working directory on the remote cd pathname FTP server Change the working directory to be the parent...
  • Page 727 Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 FTP and SFTP Configuration To do… Use the command… Remarks Download a remote file get remotefile [ localfile ] from the FTP server Upload a local file to the...

  • Page 728: Configuration Example: A Switch Operating As An Ftp Server

    Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 FTP and SFTP Configuration To do… Use the command… Remarks Specify an interface as the source interface the ftp source-interface FTP client uses every interface-type time it connects to an FTP...
  • Page 729 Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 FTP and SFTP Configuration download the configuration file config.cfg from the switch, thus to back up the configuration file. Create a user account on the FTP server with the username switch and password hello.
  • Page 730 Boot ROM menu. H3C series switch is not shipped with FTP client application software. You need to purchase and install it by yourself.

  • Page 731: Ftp Banner Display Configuration Example

    Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 FTP and SFTP Configuration <Sysname> boot boot-loader switch.bin <Sysname> reboot Note: For information about the boot boot-loader command and how to specify the startup file for a switch, refer to the System Maintenance and Debugging part of this manual.

  • Page 732: Ftp Configuration: A Switch Operating As An Ftp Client

    Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 FTP and SFTP Configuration Configure the PC (FTP client) # Access the Ethernet switch through FTP. Enter the username switch and the password hello to log in to the switch, and then enter FTP view. Login banner appears after FTP connection is established.
  • Page 733 Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 FTP and SFTP Configuration III. Configuration procedure Configure the PC (FTP server) Perform FTP server–related configurations on the PC, that is, create a user account on the FTP server with username switch and password hello. (For detailed configuration, refer to the configuration instruction relevant to the FTP server software.)

  • Page 734: Sftp Configuration

    Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 FTP and SFTP Configuration # Execute the get command to download the file named switch.bin to the Flash memory of the switch. [ftp] get switch.bin # Execute the quit command to terminate the FTP connection and return to user view.

  • Page 735: Sftp Configuration: A Switch Operating As An Sftp Server

    10 minutes by default. server III. Supported SFTP client software An H3C S5100-SI/EI series Ethernet switch operating as an SFTP server can interoperate with SFTP client software, including SSH Tectia Client v4.2.0 (SFTP), v5.0, and WINSCP. SFTP client software supports the following operations: logging in to a device;...

  • Page 736: Sftp Configuration: A Switch Operating As An Sftp Client

    Chapter 1 FTP and SFTP Configuration Note: Currently an H3C S5100-SI/EI series Ethernet switch operating as an SFTP server supports the connection of only one SFTP user. When multiple users attempt to log in to the SFTP server or multiple connections are enabled on a client, only the first user can log in to the SFTP user.
  • Page 737 Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 FTP and SFTP Configuration To do… Use the command… Remarks Change the working directory on the remote cd pathname SFTP server Change the working directory to be the parent...

  • Page 738: Sftp Configuration Example

    Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 FTP and SFTP Configuration Note: If you specify to authenticate a client through public key on the server, the client needs to read the local private key when logging in to the SFTP server. Since both RSA and DSA are available for public key authentication, you need to use the identity-key key word to specify the algorithms to get correct local private key;...
  • Page 739 Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 FTP and SFTP Configuration III. Configuration procedure Configure the SFTP server (switch B) # Create key pairs. <Sysname> system-view [Sysname] public-key local create rsa [Sysname] public-key local create dsa # Create a VLAN interface on the switch and assign to it an IP address, which is used as the destination address for the client to connect to the SFTP server.
  • Page 740 Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 FTP and SFTP Configuration # Connect to the remote SFTP server. Enter the username client001 and the password abc, and then enter SFTP client view. [Sysname] sftp 192.168.0.1 Input Username: client001 Trying 192.168.0.1 ...
  • Page 741 Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 FTP and SFTP Configuration sftp-client> mkdir new1 Received status: Success New directory created sftp-client> dir -rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg -rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2...
  • Page 742 Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 1 FTP and SFTP Configuration -rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1 drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new drwxrwxrwx 1 noone nogroup 0 Sep 02 06:33 new2...

  • Page 743: Chapter 2 Tftp Configuration

    TFTP server, and receives acknowledgement packets from the TFTP server. An H3C S5100-SI/EI series Ethernet switch can act as a TFTP client only. When you download a file that is larger than the free space of the switch’s flash...

  • Page 744: Tftp Configuration

    Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 TFTP Configuration Note: Before performing TFTP-related configurations, you need to configure IP addresses for the TFTP client and the TFTP server, and make sure a route exists between the two.
  • Page 745 Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 TFTP Configuration II. Specifying the source interface or source IP address for an FTP client You can specify the source interface and source IP address for a switch operating as a TFTP client, so that it can connect with a remote TFTP server through the IP address of the specified interface or the specified IP address.

  • Page 746: Tftp Configuration Example

    Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 TFTP Configuration Note: The specified interface must be an existing one; otherwise a prompt appears to show that the configuration fails. The value of the ip-address argument must be an IP address on the device where the configuration is performed, and otherwise a prompt appears to show that the configuration fails.
  • Page 747 Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 TFTP Configuration III. Configuration procedure Configure the TFTP server (PC) Start the TFTP server and configure the working directory on the PC. Configure the TFTP client (switch). # Log in to the switch. (You can log in to a switch through the Console port or by telnetting the switch.
  • Page 748 Operation Manual – FTP-SFTP-TFTP H3C S5100-SI/EI Series Ethernet Switches Chapter 2 TFTP Configuration Note: For information about the boot boot-loader command and how to specify the startup file for a switch, refer to the System Maintenance and Debugging module of this...
  • Page 749 Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Information Center....................... 1-1 1.1 Information Center Overview ..................... 1-1 1.1.1 Introduction to Information Center................1-1 1.1.2 System Information Format..................1-4 1.2 Information Center Configuration..................1-8 1.2.1 Information Center Configuration Task List ............

  • Page 750: Chapter 1 Information Center

    Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center Chapter 1 Information Center When configuring information center, go to these sections for information you are interested in: Information Center Overview Information Center Configuration Displaying and Maintaining Information Center Information Center Configuration Examples 1.1 Information Center Overview...
  • Page 751 Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center Severity Severity value Description informational Informational information to be recorded debugging Information generated during debugging Information filtering by severity works this way: information with the severity value greater than the configured threshold is not output during the filtering.
  • Page 752 Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center Information Default channel Default output direction channel number name Not specified (Receives log, trap, and channel8 debugging information.) Not specified (Receives log, trap, and channel9 debugging information.)

  • Page 753: System Information Format

    Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center Module name Description Internet protocol module LAGG Link aggregation module LINE Terminal line module MSTP Multiple spanning tree protocol module Network address translation module Neighbor discovery protocol module...
  • Page 754 Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center timestamp sysname module/level/digest: - unitid –content Note: The space, the forward slash /, and the colon are all required in the above format. Before <timestamp> may have %, “#, or * followed with a space, indicating log, alarm, or debugging information respectively.
  • Page 755 Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center Note that the priority field appears only when the information has been sent to the log host. II. Timestamp Timestamp records the time when system information is generated to allow users to check and identify system events.

  • Page 756: System Maintenance And

    VTY(1.1.0.2) in unit1 login III. Sysname Sysname is the system name of the local switch and defaults to “H3C”. You can use the sysname command to modify the system name. Refer to the System Maintenance and Debugging part of this manual for details) Note that there is a space between the sysname and module fields.

  • Page 757: Information Center Configuration

    Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center X. Context This field provides the content of the system information. 1.2 Information Center Configuration 1.2.1 Information Center Configuration Task List Complete the following tasks to configure information center:...

  • Page 758: Configuring To Display The Time Stamp With The Utc Time Zone

    Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center Note: If the system information is output before you input any information following the current command line prompt, the system does not echo any command line prompt after the system information output.
  • Page 759 Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center To do… Use the command… Remarks Enter system view system-view — Optional Enable the information info-center enable center Enabled by default. Optional info-center console Enable system...
  • Page 760 Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center TRAP DEBUG Output Modules Enabl Enable Enable Severi Severit Severit direction allowed ed/dis d/disab d/disab abled default Enabl inform Enable debuggi Disable debuggi Log host (all...

  • Page 761: Setting To Output System Information To A Monitor Terminal

    Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center 1.2.5 Setting to Output System Information to a Monitor Terminal System information can also be output to a monitor terminal, which is a user terminal that has login connections through the AUX, VTY, or TTY user interface.

  • Page 762: Setting To Output System Information To A Log Host

    Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center II. Enabling system information display on a monitor terminal After setting to output system information to a monitor terminal, you need to enable the associated display function in order to display the output information on the monitor terminal.

  • Page 763: Setting To Output System Information To The Trap Buffer

    Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center To do… Use the command… Remarks Required By default, the switch does not info-center loghost output information to the log Enable system host-ip-addr [ channel host.

  • Page 764: Setting To Output System Information To The Log Buffer

    Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center To do… Use the command… Remarks Optional info-center trapbuffer By default, the switch uses Enable system [channel information channel 3 to information output to { channel-number |...

  • Page 765: Setting To Output System Information To The Snmp Nms

    Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center 1.2.9 Setting to Output System Information to the SNMP NMS Follow these steps to set to output system information to the SNMP NMS: To do… Use the command…...

  • Page 766: Displaying And Maintaining Information Center

    Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center 1.3 Displaying and Maintaining Information Center To do… Use the command… Remarks Display information on an display channel [ channel-number information channel | channel-name ] Display the operation...
  • Page 767 Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center III. Configuration procedure Configure the switch: # Enable the information center. <Switch> system-view [Switch] info-center enable # Disable the function of outputting information to log host channels.

  • Page 768: Log Output To A Linux Log Host

    Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center Step 3: After the log file “information” is created and the file “/etc/syslog.conf” is modified, execute the following command to send a HUP signal to the system daemon “syslogd”, so that it can reread its configuration file “/etc/syslog.conf”.
  • Page 769 Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center Configure the log host: Step 1: Execute the following commands as a super user (root user). # mkdir /var/log/Switch # touch /var/log/Switch/information Step 2: Edit the file “/etc/syslog.conf” as the super user (root user) to add the following selector/action pairs.

  • Page 770: Log Output To The Console

    Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center Note: Through combined configuration of the device name (facility), information severity level threshold (severity), module name (filter) and the file “syslog.conf”, you can sort information precisely for filtering.

  • Page 771: Configuration Example

    Operation Manual – Information Center H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Information Center 1.4.4 Configuration Example I. Network requirements The switch is in the time zone of GMT+ 08:00:00. The time stamp format of output log information is date.
  • Page 772 Operation Manual – System Maintenance and Debugging H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Boot ROM and Host Software Loading ..............1-1 1.1 Introduction to Loading Approaches .................. 1-1 1.2 Local Boot ROM and Software Loading ................1-1 1.2.1 BOOT Menu ......................

  • Page 773: Chapter 1 Boot Rom And Host Software Loading

    Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S5100-SI/EI Series Ethernet Switches Loading Chapter 1 Boot ROM and Host Software Loading Traditionally, switch software is loaded through a serial port. This approach is slow, time-consuming and cannot be used for remote loading.

  • Page 774: Boot Menu

    Boot ROM loading process. 1.2.1 BOOT Menu Starting..************************************************************ H3C S5100-16P-PWR-EI BOOTROM, Version 616 ************************************************************ Copyright(c) 2004-2007 Hangzhou H3C Technologies Co., Ltd. Creation date : Apr 16 2007, 11:29:53 CPU Clock Speed : 200MHz BUS Clock Speed : 33MHz Memory Size...

  • Page 775: Loading By Xmodem Through Console Port

    Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S5100-SI/EI Series Ethernet Switches Loading Enter the correct Boot ROM password (no password is set by default). The system enters the BOOT Menu: BOOT MENU 1.
  • Page 776 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S5100-SI/EI Series Ethernet Switches Loading 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3): Step 2: Press 3 in the above menu to download the Boot ROM using XModem. The...
  • Page 777 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S5100-SI/EI Series Ethernet Switches Loading Figure 1-1 Properties dialog box Figure 1-2 Console port configuration dialog box...
  • Page 778 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S5100-SI/EI Series Ethernet Switches Loading Step 5: Click the <Disconnect> button to disconnect the HyperTerminal from the switch and then click the <Connect> button to reconnect the HyperTerminal to the switch, as...
  • Page 779 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S5100-SI/EI Series Ethernet Switches Loading Figure 1-5 Sending file page Step 9: After the sending process completes, the system displays the following information: Loading ...CCCCCCCCCC done! Step 10: Reset HyperTerminal’s baudrate to 9600 bps (refer to Step 4 and 5).

  • Page 780: Loading By Tftp Through Ethernet Port

    Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S5100-SI/EI Series Ethernet Switches Loading 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3): Step 2: Enter 3 in the above menu to load the host software by using XModem.
  • Page 781 Step 2: Run the TFTP server program on the TFTP server, and specify the path of the program to be downloaded. Caution: TFTP server program is not provided with the H3C Series Ethernet Switches. Step 3: Run the HyperTerminal program on the configuration PC. Start the switch. Then enter the BOOT Menu.

  • Page 782: Loading By Ftp Through Ethernet Port

    Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S5100-SI/EI Series Ethernet Switches Loading Step 1: Select <1> in BOOT Menu and press <Enter>. The system displays the following information: 1. Set TFTP protocol parameter 2.
  • Page 783 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S5100-SI/EI Series Ethernet Switches Loading Note: You can use one computer as both configuration device and FTP server. Step 2: Run the FTP server program on the FTP server, configure an FTP user name and password, and copy the program file to the specified FTP directory.

  • Page 784: Remote Boot Rom And Software Loading

    Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S5100-SI/EI Series Ethernet Switches Loading 0. Return to boot menu Enter your choice(0-3): Enter 2 in the above menu to download the host software using FTP.
  • Page 785 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S5100-SI/EI Series Ethernet Switches Loading User(none):abc 331 Give me your password, please Password: 230 Logged in successfully [ftp] get switch.btm [ftp] bye Note: When using different FTP server software on PC, different information will be output to the switch.
  • Page 786 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S5100-SI/EI Series Ethernet Switches Loading II. Loading Procedure Using FTP Server As shown in Figure 1-9, the switch is used as the FTP server. You can telnet to the switch, and then execute the FTP commands to upload the Boot ROM switch.btm to the...
  • Page 787 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S5100-SI/EI Series Ethernet Switches Loading Figure 1-10 Command line interface Step 5: Use the cd command on the interface to enter the path that the Boot ROM upgrade file is to be stored.
  • Page 788 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S5100-SI/EI Series Ethernet Switches Loading Figure 1-12 Log on to the FTP server Step 7: Use the put command to upload the file switch.btm to the switch, as shown in Figure 1-13.

  • Page 789: Remote Loading Using Tftp

    Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S5100-SI/EI Series Ethernet Switches Loading <Sysname> boot bootrom switch.btm This will update Bootrom on unit 1. Continue? [Y/N] y Upgrading Bootrom, please wait... Upgrade Bootrom succeeded! <Sysname>...

  • Page 790: Chapter 2 Basic System Configuration And Debugging

    Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration H3C S5100-SI/EI Series Ethernet Switches and Debugging Chapter 2 Basic System Configuration and Debugging When configuring basic system configuration and debugging, go to these sections for information you are interested in:...

  • Page 791: Displaying The System Status

    Use the command… Remarks Optional Set the system sysname sysname name of the switch By default, the name is H3C. Optional Return from current If the current view is user view, view to lower level quit you will quit the current user view interface.
  • Page 792 Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration H3C S5100-SI/EI Series Ethernet Switches and Debugging Debugging Debugging information information Protocol Protocol debugging debugging switch switch Screen Screen output output switch switch Figure 2-1 The relationship between the protocol and screen debugging switch...

  • Page 793: Displaying Debugging Status

    Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration H3C S5100-SI/EI Series Ethernet Switches and Debugging 2.3.2 Displaying Debugging Status To do… Use the command… Remarks Display all enabled display debugging [ unit unit-id ] Available in any...

  • Page 794: Chapter 3 Network Connectivity Test

    Operation Manual – System Maintenance and Debugging H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Network Connectivity Test Chapter 3 Network Connectivity Test When configuring network connectivity test, go to these sections for information you are interested in: ping tracert 3.1 Network Connectivity Test 3.1.1 ping...
  • Page 795 Operation Manual – System Maintenance and Debugging H3C S5100-SI/EI Series Ethernet Switches Chapter 3 Network Connectivity Test each ICMP TTL timeout message in order to offer the path that the packet passed through to the destination. To do… Use the command…...

  • Page 796: Chapter 4 Device Management

    Operation Manual – System Maintenance and Debugging H3C S5100-SI/EI Series Ethernet Switches Chapter 4 Device Management Chapter 4 Device Management When configuring device management, go to these sections for information you are interested in: Introduction to Device Management Device Management Configuration...

  • Page 797: Scheduling A Reboot On The Switch

    Operation Manual – System Maintenance and Debugging H3C S5100-SI/EI Series Ethernet Switches Chapter 4 Device Management Note: Before rebooting, the system checks whether there is any configuration change. If yes, it prompts whether or not to proceed. This prevents the system from losing the...

  • Page 798: Specifying The App To Be Used At Reboot

    Operation Manual – System Maintenance and Debugging H3C S5100-SI/EI Series Ethernet Switches Chapter 4 Device Management Follow these steps to configure real-time monitoring of the running status of the system: To do… Use the command… Remarks Enter system view system-view —...

  • Page 799: Identifying And Diagnosing Pluggable Transceivers

    Package) Note: For pluggable transceivers supported by S5100-SI/EI series Ethernet switches, refer to H3C S5100-SI/EI Series Ethernet Switches Installation Manual. II. Identifying pluggable transceivers As pluggable transceivers are of various types and from different vendors, you can perform the following configurations to identify main parameters of the pluggable transceivers, including transceiver type, connector type, central wavelength of the laser sent, transfer distance and vendor name or vendor name specified.
  • Page 800 You can use the Vendor Name field in the prompt information of the display transceiver interface command to identify an anti-spoofing pluggable transceiver customized by H3C. If the field is H3C, it is considered an H3C-customized pluggable transceiver. Electrical label information is also called permanent configuration data or archive information, which is written to the storage device of a card during device debugging or test.

  • Page 801: Displaying The Device Management Configuration

    Operation Manual – System Maintenance and Debugging H3C S5100-SI/EI Series Ethernet Switches Chapter 4 Device Management 4.3 Displaying the Device Management Configuration To do… Use the command… Remarks Display the APP to be adopted display boot-loader [ unit at next startup...
  • Page 802 Operation Manual – System Maintenance and Debugging H3C S5100-SI/EI Series Ethernet Switches Chapter 4 Device Management The host software switch.bin and the Boot ROM file boot.btm of the switch are stored in the directory switch on the PC. Use FTP to download the switch.bin and boot.btm files from the FTP server to the switch.
  • Page 803 Operation Manual – System Maintenance and Debugging H3C S5100-SI/EI Series Ethernet Switches Chapter 4 Device Management Connected. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(none):switch 331 Give me your password, please Password: 230 Logged in successfully [ftp] Enter the authorized path on the FTP server.
  • Page 804 Operation Manual – VLAN-VPN H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 VLAN-VPN Configuration.................... 1-1 1.1 VLAN-VPN Overview......................1-1 1.1.1 Introduction to VLAN-VPN ..................1-1 1.1.2 Implementation of VLAN-VPN................. 1-2 1.1.3 Adjusting the TPID Values of VLAN-VPN Packets ..........1-2 1.2 VLAN-VPN Configuration ....................

  • Page 805: Chapter 1 Vlan-Vpn Configuration

    Operation Manual – VLAN-VPN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 VLAN-VPN Configuration Chapter 1 VLAN-VPN Configuration 1.1 VLAN-VPN Overview 1.1.1 Introduction to VLAN-VPN Virtual private network (VPN) is a new technology that emerges with the expansion of the Internet. It can be used for establishing private networks over the public network.

  • Page 806: Implementation Of Vlan-Vpn

    Operation Manual – VLAN-VPN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 VLAN-VPN Configuration It provides Layer 2 VPN tunnels that are simpler. VLAN-VPN can be implemented through manual configuration. That is, signaling protocol-related configuration is not needed. The VLAN-VPN feature provides you with the following benefits: Saves public network VLAN ID resource.

  • Page 807: Vlan-Vpn Configuration

    Operation Manual – VLAN-VPN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 VLAN-VPN Configuration process of receiving/forwarding a packet, the TPID value cannot be any of the protocol type value listed in Table 1-1. Table 1-1 Commonly used protocol type values in Ethernet frames...

  • Page 808: Tpid Adjusting Configuration

    Operation Manual – VLAN-VPN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 VLAN-VPN Configuration Operation Command Description Required Enable the VLAN-VPN feature vlan-vpn enable By default, the VLAN-VPN on the port feature is disabled on a port. 1.2.3 TPID Adjusting Configuration I.

  • Page 809: Displaying Vlan-Vpn Configuration

    Operation Manual – VLAN-VPN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 VLAN-VPN Configuration Caution: A port cannot be configured as both a VLAN VPN port and a VLAN VPN uplink port at the same time. With the TPID being 0x8100, every port can be configured as a VLAN VPN uplink port.
  • Page 810 Operation Manual – VLAN-VPN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 VLAN-VPN Configuration Employ VLAN-VPN on Switch A and Switch B to enable the PC users and PC servers to communicate with each through a VPN, and employ VLAN-VPN on Switch A and Switch B to enable the Terminal users and Terminal servers to communicate with each other through a VPN.
  • Page 811 Operation Manual – VLAN-VPN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 VLAN-VPN Configuration [SwitchA-GigabitEthernet1/0/12] vlan-vpn uplink enable Configure Switch B. # Enable the VLAN-VPN feature on GigabitEthernet 1/0/21 of Switch B and tag the packets received on this port with the tag of VLAN 1040 as the outer VLAN tag.
  • Page 812 Operation Manual – VLAN-VPN H3C S5100-SI/EI Series Ethernet Switches Chapter 1 VLAN-VPN Configuration As GigabitEthernet 1/0/11 of Switch A is a VLAN-VPN port, when a packet from the customer’s network side reaches this port, it is tagged with the default VLAN tag of the port (VLAN 1040).

  • Page 813: Chapter 2 Selective Qinq Configuration

    Operation Manual – VLAN-VPN H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Selective QinQ Configuration Chapter 2 Selective QinQ Configuration Note: The contents of this chapter are only applicable to the S5100-EI series among S5100-SI/EI series switches. 2.1 Selective QinQ Overview 2.1.1 Selective QinQ Overview...

  • Page 814: Inner-To-Outer Tag Priority Mapping

    Operation Manual – VLAN-VPN H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Selective QinQ Configuration In this implementation, Switch A is an access device of the service provider. The users connecting to it include common customers (in VLAN 8 to VLAN 100), VIPs (in VLAN 101 to VLAN 200), and IP telephone users (in VLAN 201 to VLAN 300).

  • Page 815: Configuring The Inner-To-Outer Tag Priority Mapping Feature

    Operation Manual – VLAN-VPN H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Selective QinQ Configuration Table 2-1 Enable the selective QinQ feature Operation Command Description Enter system view system-view — Enter Ethernet port interface interface-type — view interface-number Configure the outer...

  • Page 816: Selective Qinq Configuration Example

    Operation Manual – VLAN-VPN H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Selective QinQ Configuration 2.3 Selective QinQ Configuration Example 2.3.1 Processing Private Network Packets by Their Types I. Network requirements GigabitEthernet 1/0/3 of Switch A provides public network access for PC users and IP phone users.
  • Page 817 Operation Manual – VLAN-VPN H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Selective QinQ Configuration II. Network diagram For PC User VLAN100~108 GE1/0/12 Public Network SwitchB VLAN1000/VLAN1200 GE1/0/11 GE1/0/13 GE1/0/5 SwitchA For IP Phone VLAN200~230 GE1/0/3 PC User IP Phone User...
  • Page 818 Operation Manual – VLAN-VPN H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Selective QinQ Configuration # Configure GigabitEthernet 1/0/3 as a hybrid port and configure VLAN 5 as its default VLAN. Configure GigabitEthernet1/0/3 to remove VLAN tags when forwarding packets of VLAN 5, VLAN 1000, and VLAN 1200.
  • Page 819 Operation Manual – VLAN-VPN H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Selective QinQ Configuration # Configure GigabitEthernet1/0/12 as a hybrid port and configure VLAN 12 as its default VLAN . Configure GigabitEthernet 1/0/12 to remove VLAN tags when forwarding packets of VLAN 12 and VLAN 1000.
  • Page 820 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 HWPing Configuration ....................1-1 1.1 HWPing Overview......................1-1 1.1.1 Introduction to HWPing ................... 1-1 1.1.2 Test Types Supported by HWPing................1-2 1.1.3 HWPing Test Parameters ..................1-2 1.2 HWPing Configuration .......................

  • Page 821: Chapter 1 Hwping Configuration

    Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration Chapter 1 HWPing Configuration When configuring HWPing, go to these sections for information you are interested in: HWPing Overview HWPing Configuration HWPing Configuration Examples 1.1 HWPing Overview 1.1.1 Introduction to HWPing...

  • Page 822: Test Types Supported By Hwping

    Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration Figure 1-1 HWPing illustration 1.1.2 Test Types Supported by HWPing Table 1-1 Test types supported by HWPing Supported test types Description ICMP test DHCP test FTP test For these types of tests, you need to configure the HWPing client and corresponding servers.

  • Page 823: Hwping Configuration

    Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration Table 1-2 HWPing test parameters Test parameter Description For a TCP/UDP/jitter test, you must specify a destination IP Destination address address, and the destination address must be the IP address...
  • Page 824 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration Test parameter Description This parameter is used to set the interval at which the Automatic test HWPing client periodically performs the same test interval (frequency) automatically. The probe timeout timer is started after the HWPing client Probe timeout time sends out a test packet.

  • Page 825: Hwping Server Configuration

    Other types of tests need to configure HWPing client and corresponding different servers. You can enable both the HWPing client and HWPing server functions on an H3C S5100SI/EI Ethernet switch, that is, the switch can serve as a HWPing client and server simultaneously.
  • Page 826 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration Configuring ICMP test on HWPing client Follow these steps to configure ICMP test on HWPing client: To do… Use the command… Remarks Enter system view system-view —...
  • Page 827 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration To do… Use the command… Remarks display hwping results Required Display test results [ admin-name Available in any view. operation-tag ] Configuring DHCP test on HWPing client Follow these steps to configure DHCP test on HWPing client: To do…...
  • Page 828 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration To do… Use the command… Remarks Enter system view system-view — Required Enable the HWPing client hwping-agent enable By default, the HWPing client function function is disabled.
  • Page 829 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration To do… Use the command… Remarks Configure an FTP username name Required login username By default, neither username nor Configure an FTP password is configured. password password...
  • Page 830 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration To do… Use the command… Remarks Required Configure the test test-type http type By default, the test type is ICMP. Optional Configure the number of probes count times...
  • Page 831 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration To do… Use the command… Remarks Required The destination address must be the IP address of Configure the destination destination-ip ip-address a UDP listening service on IP address the HWPing server.
  • Page 832 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration To do… Use the command… Remarks Optional Configure the type of tos value By default, the service service type is zero. Optional Configure the number of By default, each jitter...
  • Page 833 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration To do… Use the command… Remarks Optional Configure the number of count times By default, each test probes per test makes one probe. Optional Configure the maximum...
  • Page 834 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration Use the To do… Remarks command… Required in a Tcpprivate test A Tcppublic test is a TCP connection test on port 7. Use the hwping-server tcpconnect ip-address 7 command on...
  • Page 835 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration Configuring UDP test on HWPing client Follow these steps to configure UDP test on HWPing client: To do… Use the command… Remarks Enter system view system-view —...
  • Page 836 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration To do… Use the command… Remarks Optional Configure the datasize size By default, the data packet size is data packet size 100 bytes. Optional Configure the By default, the automatic test...
  • Page 837 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration To do… Use the command… Remarks Optional By default, the automatic Configure the automatic test interval is zero frequency interval test interval seconds, indicating no automatic test will be made.

  • Page 838: Displaying Hwping Configuration

    1.3.1 ICMP Test I. Network requirements An H3C S5100-SI/EI series Ethernet switch serves as the HWPing client. A HWPing ICMP test between the switch and another switch uses ICMP to test the round trip time (RTT) for packets generated by the HWPing client to travel to and back from the destination switch.
  • Page 839 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration III. Configuration procedure Configure HWPing Client (Switch A): # Enable the HWPing client. <Sysname> system-view [Sysname] hwping-agent enable # Create a HWPing test group, setting the administrator name to administrator and test tag to ICMP.

  • Page 840: Dhcp Test

    1.3.2 DHCP Test I. Network requirements Both the HWPing client and the DHCP server are H3C S5100-SI/EI series Ethernet switches. Perform a HWPing DHCP test between the two switches to test the time required for the HWPing client to obtain an IP address from the DHCP server.
  • Page 841 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration # Configure the source interface, which must be a VLAN interface. Make sure the DHCP server resides on the network connected to this interface. [Sysname-hwping-administrator-dhcp] source-interface Vlan-interface 1 # Configure to make 10 probes per test.

  • Page 842: Ftp Test

    1.3.3 FTP Test I. Network requirements Both the HWPing client and the FTP server are H3C S5100-SI/EI series Ethernet switches. Perform a HWPing FTP test between the two switches to test the connectivity to the specified FTP server and the time required to upload a file to the server after the connection is established.
  • Page 843 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration [Sysname-hwping-administrator-ftp] destination-ip 10.2.2.2 # Configure the FTP login username. [Sysname-hwping-administrator-ftp] username admin # Configure the FTP login password. [Sysname-hwping-administrator-ftp] password admin # Configure the type of FTP operation.

  • Page 844: Http Test

    1.3.4 HTTP Test I. Network requirements An H3C S5100-SI/EI series Ethernet switch serves as the HWPing client, and a PC serves as the HTTP server. Perform a HWPing HTTP test between the switch and the HTTP server to test the connectivity and the time required to download a file from the HTTP server after the connection to the server is established.
  • Page 845 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration # Create a HWPing test group, setting the administrator name to administrator and test tag to HTTP. [Sysname] Hwping administrator http # Configure the test type as http.

  • Page 846: Jitter Test

    1.3.5 Jitter Test I. Network requirements Both the HWPing client and the HWPing server are H3C S5100-SI/EI series Ethernet switches. Perform a HWPing jitter test between the two switches to test the delay jitter of the UDP packets exchanged between this end (HWPing client) and the specified destination end (HWPing server).
  • Page 847 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration III. Configuration procedure Configure HWPing Server (Switch B): # Enable the HWPing server and configure the IP address and port to listen on. <Sysname> system-view [Sysname] hwping-server enable [Sysname] hwping-server udpecho 10.2.2.2 9000...

  • Page 848: Snmp Test

    For detailed output description, see the corresponding command manual. 1.3.6 SNMP Test I. Network requirements Both the HWPing client and the SNMP Agent are H3C S5100-SI/EI series Ethernet switches. Perform HWPing SNMP tests between the two switches to test the time 1-28...
  • Page 849 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration required from Switch A sends an SNMP query message to Switch B (SNMP Agent) to it receives a response from Switch B. II. Network diagram Figure 1-7 Network diagram for the SNMP test III.
  • Page 850 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration [Sysname-hwping-administrator-snmp] destination-ip 10.2.2.2 # Configure to make 10 probes per test. [Sysname-hwping-administrator-snmp] count 10 # Set the probe timeout time to 30 seconds. [Sysname-hwping-administrator-snmp] timeout 30 # Start the test.

  • Page 851: Tcp Test (Tcpprivate Test) On The Specified Ports

    1.3.7 TCP Test (Tcpprivate Test) on the Specified Ports I. Network requirements Both the HWPing client and the HWPing server are H3C S5100-SI/EI series Ethernet switches. Perform a HWPing Tcpprivate test to test time required to establish a TCP connection between this end (Switch A) and the specified destination end (Switch B), with the port number set to 8000.

  • Page 852: Udp Test (Udpprivate Test) On The Specified Ports

    For detailed output description, see the corresponding command manual. 1.3.8 UDP Test (Udpprivate Test) on the Specified Ports I. Network requirements Both the HWPing client and the HWPing server are H3C S5100-SI/EI series Ethernet switches. Perform a HWPing Udpprivate test on the specified ports between the two 1-32...
  • Page 853 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration switches to test the RTT of UDP packets between this end (HWPing client) and the specified destination end (HWPing server). II. Network diagram Figure 1-9 Network diagram for the Udpprivate test III.

  • Page 854: Dns Test

    1.3.9 DNS Test I. Network requirements An H3C S5100-SI/EI series Ethernet switch serves as the HWPing client, and a PC serves as the DNS server. Perform a HWPing DNS test between the switch and the DNS server to test the time required from the client sends a DNS request to it receives a resolution result from the DNS server.
  • Page 855 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration II. Network diagram Figure 1-10 Network diagram for the DNS test III. Configuration procedure Configure DNS Server: Use Windows 2003 Server as the DNS server. For DNS server configuration, refer to the related instruction on Windows 2003 Server configuration.
  • Page 856 Operation Manual – HWPing H3C S5100-SI/EI Series Ethernet Switches Chapter 1 HWPing Configuration Min/Max/Average Round Trip Time: 6/10/8 Square-Sum of Round Trip Time: 756 Last complete test time: 2006-11-28 11:50:40.9 Extend result: SD Maximal delay: 0 DS Maximal delay: 0...
  • Page 857 Operation Manual – DNS H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 DNS Configuration....................... 1-1 1.1 DNS Overview ........................1-1 1.1.1 Static Domain Name Resolution ................1-1 1.1.2 Dynamic Domain Name Resolution ................ 1-1 1.2 Configuring Domain Name Resolution ................1-3 1.2.1 Configuring Static Domain Name Resolution............

  • Page 858: Chapter 1 Dns Configuration

    Operation Manual – DNS H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DNS Configuration Chapter 1 DNS Configuration When configuring DNS, go to these sections for information you are interested in: DNS Overview Configuring Domain Name Resolution Displaying and Maintaining DNS...
  • Page 859 Operation Manual – DNS H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DNS Configuration resolution procedure is as follows: A user program sends a name query to the resolver in the DNS client. The DNS resolver looks up the local domain name cache for a match. If a match is found, it sends the corresponding IP address back.

  • Page 860: Configuring Domain Name Resolution

    Operation Manual – DNS H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DNS Configuration If there is no dot in the domain name, such as aabbcc, the resolver will consider this as a host name and add a DNS suffix before processing. The original name such as aabbcc is used if all DNS lookups fail.

  • Page 861: Displaying And Maintaining Dns

    Operation Manual – DNS H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DNS Configuration Note: You may configure up to six DNS servers and ten DNS suffixes. 1.3 Displaying and Maintaining DNS To do… Use the command… Remarks Display static DNS database...

  • Page 862: Dynamic Domain Name Resolution Configuration Example

    Operation Manual – DNS H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DNS Configuration # Execute the ping host.com command to verify that the device can use static domain name resolution to get the IP address 10.1.1.2 corresponding to host.com. [Sysname] ping host.com PING host.com (10.1.1.2): 56...
  • Page 863 Operation Manual – DNS H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DNS Configuration III. Configuration procedure Note: Before doing the following configuration, make sure that: The routes between the DNS server, Switch, and Host are reachable. Necessary configurations are done on the devices. For the IP addresses of the interfaces, see the figure above.

  • Page 864: Troubleshooting Dns

    Operation Manual – DNS H3C S5100-SI/EI Series Ethernet Switches Chapter 1 DNS Configuration 1.5 Troubleshooting DNS I. Symptom After enabling the dynamic domain name resolution, the user cannot get the correct IP address. II. Solution Use the display dns dynamic-host command to check that the specified domain name is in the cache.

  • Page 865: Smart Link-Monitor Link

    Operation Manual – Smart Link-Monitor Link H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Smart Link Configuration.................... 1-1 1.1 Smart Link Overview......................1-1 1.1.1 Basic Concepts in Smart Link ................. 1-1 1.1.2 Operating Mechanism of Smart Link............... 1-3 1.2 Configuring Smart Link ......................

  • Page 866: Chapter 1 Smart Link Configuration

    Operation Manual – Smart Link-Monitor Link H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Smart Link Configuration Chapter 1 Smart Link Configuration When configuring smart link, go to these sections for information you are interested in: Smart Link Overview Configuring Smart Link...
  • Page 867 Operation Manual – Smart Link-Monitor Link H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Smart Link Configuration II. Master port The master port can be either an Ethernet port or a manually-configured or static LACP aggregation group. For example, you can configure GigabitEthernet 1/0/1 of switch A in Figure 1-1 as the master port through the command line.

  • Page 868: Operating Mechanism Of Smart Link

    Operation Manual – Smart Link-Monitor Link H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Smart Link Configuration 1.1.2 Operating Mechanism of Smart Link Figure 1-2 Network diagram of Smart Link operating mechanism As shown in Figure 1-2, GigabitEthernet 1/0/1 on Switch A is active and GigabitEthernet 1/0/2 on Switch A is blocked.

  • Page 869: Configuring Smart Link

    Operation Manual – Smart Link-Monitor Link H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Smart Link Configuration 1.2 Configuring Smart Link Note: Before configuring a member port of a smart link group, you must: Disable the port to avoid loops, thus preventing broadcast storm.

  • Page 870: Configuring Associated Devices

    Operation Manual – Smart Link-Monitor Link H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Smart Link Configuration To do… Use the command… Remarks Required Enable the function of By default, no sending flush messages control VLAN for flush enable control-vlan vlan-id...

  • Page 871: Precautions

    Operation Manual – Smart Link-Monitor Link H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Smart Link Configuration However, you do not have to enable all the ports of an associated device to process flush messages received from the specified control VLAN. You need to enable this function only on the ports that are on the active and backup links connecting the Smart Link device and the target device.

  • Page 872: Displaying And Maintaining Smart Link

    I. Network requirements As shown in Figure 1-3, Switch A is an H3C S5100-SI/EI series Ethernet switch. Switch C, Switch D and Switch E support Smart Link. Configure Smart Link feature to provide remote PCs with reliable access to the server.
  • Page 873 Operation Manual – Smart Link-Monitor Link H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Smart Link Configuration II. Network diagram Figure 1-3 Network diagram for Smart Link configuration III. Configuration procedure Configure a smart link group on Switch A and configure member ports for it.
  • Page 874 Operation Manual – Smart Link-Monitor Link H3C S5100-SI/EI Series Ethernet Switches Chapter 1 Smart Link Configuration # Configure to send flush messages within VLAN 1. [SwitchA-smlk-group1] flush enable control-vlan 1 Enable the function of processing flush messages received from VLAN 1 on Switch C.

  • Page 875: Chapter 2 Monitor Link Configuration

    Operation Manual – Smart Link-Monitor Link H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Monitor Link Configuration Chapter 2 Monitor Link Configuration When configuring Monitor Link, go to these sections for information you are interested Introduction to Monitor Link Configuring Monitor Link...

  • Page 876: How Monitor Link Works

    Operation Manual – Smart Link-Monitor Link H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Monitor Link Configuration 2.1.1 How Monitor Link Works Figure 2-2 Network diagram for a monitor link group implementation As shown in Figure 2-2, the devices Switch C and Switch D are connected to the uplink device Switch E.

  • Page 877: Configuring Monitor Link

    Operation Manual – Smart Link-Monitor Link H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Monitor Link Configuration Note: Currently, member ports of a monitor link group cannot be dynamic link aggregation groups. If the uplink or downlink port in the monitor link group is a link aggregation group, you cannot directly delete this aggregation group or change this aggregation group into a dynamic aggregation group.

  • Page 878: Configuring The Uplink Port

    Operation Manual – Smart Link-Monitor Link H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Monitor Link Configuration 2.2.3 Configuring the Uplink Port Follow these steps to configure the uplink port: To do… Use the command… Remarks Enter system view system-view —...

  • Page 879: Displaying Monitor Link Configuration

    Operation Manual – Smart Link-Monitor Link H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Monitor Link Configuration To do… Use the command… Remarks Configure the specified link link-aggregation group aggregation group as group-id downlink a downlink port of the monitor link group...

  • Page 880: Monitor Link Configuration Example

    Operation Manual – Smart Link-Monitor Link H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Monitor Link Configuration 2.4 Monitor Link Configuration Example 2.4.1 Implementing Collaboration Between Smart Link and Monitor Link I. Network requirements As shown in Figure 2-3, the PCs access the server and Internet through the switch.
  • Page 881 Operation Manual – Smart Link-Monitor Link H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Monitor Link Configuration [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface GigabitEthernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] stp disable # Return to system view. [SwitchA-GigabitEthernet1/0/2] quit # Create smart link group 1 and enter smart link group view.
  • Page 882 Operation Manual – Smart Link-Monitor Link H3C S5100-SI/EI Series Ethernet Switches Chapter 2 Monitor Link Configuration [SwitchE] smart-link flush enable control-vlan 1 port GigabitEthernet 1/0/10 to GigabitEthernet 1/0/11...

  • Page 883: Ipv6 Management

    Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IPv6 Configuration....................... 1-1 1.1 IPv6 Overview........................1-1 1.1.1 IPv6 Features ......................1-1 1.1.2 Introduction to IPv6 Address ................... 1-3 1.1.3 Introduction to IPv6 Neighbor Discovery Protocol ..........1-7 1.1.4 Introduction to IPv6 DNS..................

  • Page 884: Chapter 1 Ipv6 Configuration

    The term “router” in this document refers to a router in a generic sense or an Ethernet switch running a routing protocol. H3C S5100-SI/EI Series Ethernet Switches support IPv6 management features, but do not support IPv6 forwarding and related features.
  • Page 885 Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration Figure 1-1 Comparison between IPv4 header format and IPv6 header format II. Adequate address space The source IPv6 address and the destination IPv6 address are both 128 bits (16 bytes) long.

  • Page 886: Introduction To Ipv6 Address

    Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration VI. Support for QoS The Flow Label field in the IPv6 header allows the device to label packets in a flow and provide special handling for these packets.
  • Page 887 Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration Caution: The double-colon :: can be used only once in an IPv6 address. Otherwise, the device is unable to determine how many zeros the double-colon represents when converting it to zeros to restore the IPv6 address to a 128-bit address.
  • Page 888 Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration Table 1-1 Mapping between address types and format prefixes Type Format prefix (binary) IPv6 prefix ID Unassigned 00...0 (128 bits) ::/128 address Loopback 00...1 (128 bits)
  • Page 889 Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration IV. Multicast address Multicast addresses listed in Table 1-2 are reserved for special purpose. Table 1-2 Reserved IPv6 multicast addresses Address Application FF01::1 Node-local scope all-nodes multicast address...

  • Page 890: Introduction To Ipv6 Neighbor Discovery Protocol

    Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration Figure 1-2 Convert a MAC address into an EUI-64 address 1.1.3 Introduction to IPv6 Neighbor Discovery Protocol The IPv6 Neighbor Discovery Protocol (NDP) uses five types of ICMPv6 messages to...
  • Page 891 Note: H3C S5100-SI/EI Series Ethernet Switches do not support the RS, RA, or Redirect message. Of the above mentioned IPv6 NDP functions, H3C S5100-SI/EI Series Ethernet Switches support the following three functions: address resolution, neighbor unreachability detection, and duplicate address detection.
  • Page 892 Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration After receiving the NS message, node B judges whether the destination address of the packet is the corresponding solicited-node multicast address of its own IPv6 address. If yes, node B learns the link-layer address of node A and returns an NA message containing the link-layer address of node B in the unicast mode.

  • Page 893: Introduction To Ipv6 Dns

    Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration Node A learns that the IPv6 address is being used by node B after receiving the NA message from node B. Otherwise, node B is not using the IPv6 address and node A can use it.

  • Page 894: Configuring An Ipv6 Unicast Address

    Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration Task Remarks Configuring a Static IPv6 Route Optional Configuring IPv6 TCP Properties Optional Configuring the Maximum Number of IPv6 ICMP Error Optional Packets Sent within a Specified Time...
  • Page 895 Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration To do... Use the command... Remarks Use either command Manually ipv6 address { ipv6-address By default, no assign an IPv6 prefix-length | site-local address address ipv6-address/prefix-length }...

  • Page 896: Configuring Ipv6 Ndp

    Chapter 1 IPv6 Configuration Note: IPv6 unicast addresses can be configured for only one VLAN interface on an H3C S5100-SI/EI Ethernet switch. The total number of global unicast addresses and site-local addresses on the VLAN interface can be up to four.
  • Page 897 Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration Follow these steps to configure a static neighbor entry: To do... Use the command... Remarks Enter system view system-view — ipv6 neighbor ipv6-address Configure a static...
  • Page 898 Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration To do… Use the command… Remarks Enter system view system-view — Enter VLAN interface interface interface-type — view interface-number Optional Configure the attempts to send an 1 by default.

  • Page 899: Configuring A Static Ipv6 Route

    Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration 1.2.3 Configuring a Static IPv6 Route You can configure static IPv6 routes for network interconnection in a small sized IPv6 network. Follow these steps to configure a static IPv6 route: To do…...

  • Page 900: Configuring The Maximum Number Of Ipv6 Icmp Error Packets Sent Within A Specified Time

    Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration 1.2.5 Configuring the Maximum Number of IPv6 ICMP Error Packets Sent within a Specified Time If too many IPv6 ICMP error packets are sent within a short time in a network, network congestion may occur.

  • Page 901: Configuring Ipv6 Dns

    Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration 1.2.7 Configuring IPv6 DNS I. Configuring a static IPv6 DNS entry You can directly use a host name when applying telnet applications and the system will resolve the host name into an IPv6 address.

  • Page 902: Displaying And Maintaining Ipv6

    Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration Note: The dns resolve and dns domain commands are the same as those of IPv4 DNS. For details about the commands, refer to DNS Operation in this manual.

  • Page 903: Ipv6 Configuration Example

    Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration To do… Use the command… Remarks Display the statistics of IPv6 display udp ipv6 statistics UDP packets Clear IPv6 dynamic domain reset dns ipv6 dynamic-host name cache information...
  • Page 904 Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration III. Configuration procedure Configure Switch A. # Configure an automatically generated link-local address for the interface VLAN-interface 2. <SwitchA> system-view [SwitchA] interface Vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address auto link-local # Configure an EUI-64 address for the interface VLAN-interface 2.
  • Page 905 Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration Hosts use stateless autoconfig for addresses # Display the brief IPv6 information of the interface on Switch B. [SwitchB-Vlan-interface2] display ipv6 interface Vlan-interface 2 Vlan-interface2 current state : UP...
  • Page 906 Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration Reply from FE80::20F:E2FF:FE00:1 bytes=56 Sequence=5 hop limit=255 time = 60 ms --- FE80::20F:E2FF:FE00:1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/66/80 ms...
  • Page 907 Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 1 IPv6 Configuration 0.00% packet loss round-trip min/avg/max = 50/60/70 ms 1-24...

  • Page 908: Chapter 2 Ipv6 Application Configuration

    IPv6 Application Configuration Example Troubleshooting IPv6 Application 2.1 Introduction to IPv6 Application IPv6 are supporting more and more applications. Most of IPv6 applications are the same as those of IPv4. The applications supported on H3C S5100-SI/EI Series Ethernet Switches are: Ping Traceroute...

  • Page 909: Ipv6 Traceroute

    Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IPv6 Application Configuration Caution: When you use the ping ipv6 command to verify the reachability of the destination, you must specify the “–i” keyword if the destination address is a link-local address.

  • Page 910: Ipv6 Tftp

    Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IPv6 Application Configuration Follow these steps to traceroute IPv6: To do… Use the command… Remarks tracert ipv6 [ -f first-ttl | -m Required Traceroute IPv6 max-ttl | -p port | -q packet-num |...

  • Page 911: Ipv6 Application Configuration Example

    I. Network requirements Figure 2-3, SWA, SWB, and SWC are three switches, among which SWA is an H3C S5100-SI/EI Ethernet switch, SWB and SWC are two switches supporting IPv6 forwarding. In a LAN, there is a Telnet server and a TFTP server for providing Telnet...
  • Page 912 Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IPv6 Application Configuration service and TFTP service to the switch respectively. It is required that you telnet to the telnet server from SWA and download files from the TFTP server.

  • Page 913: Troubleshooting Ipv6 Application

    Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IPv6 Application Configuration 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/46/110 ms # On SWA, configure static routes to SWC, the Telnet Server, and the TFTP Server.

  • Page 914: Unable To Run Traceroute

    Operation Manual – IPv6 Management H3C S5100-SI/EI Series Ethernet Switches Chapter 2 IPv6 Application Configuration Use the display ipv6 route-table command to verify that the destination is reachable. Use the ping ipv6 -t timeout { destination-ipv6-address | hostname } [ -i interface-type interface-number ] command to increase the timeout time limit, so as to determine whether it is due to the timeout limit is too small.

  • Page 915: Poe-Poe Profile

    Operation Manual – PoE-PoE Profile H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 PoE Configuration ....................... 1-1 1.1 PoE Overview ........................1-1 1.1.1 Introduction to PoE....................1-1 1.1.2 PoE Features Supported by S5100-SI/EI ............... 1-1 1.2 PoE Configuration......................

  • Page 916: Poe Overview

    Operation Manual – PoE-PoE Profile H3C S5100-SI/EI Series Ethernet Switches Chapter 1 PoE Configuration Chapter 1 PoE Configuration 1.1 PoE Overview 1.1.1 Introduction to PoE Power over Ethernet (PoE)-enabled devices use twisted pairs through electrical ports to supply power to the remote powered devices (PD) in the network and implement power supply and data transmission simultaneously.
  • Page 917 Operation Manual – PoE-PoE Profile H3C S5100-SI/EI Series Ethernet Switches Chapter 1 PoE Configuration Table 1-1 Power supply parameters of PoE switches Number Maximum Total power Input Maximum Maximum electrical provided Switch power ports by each supply distance output supplying...

  • Page 918: Poe Configuration

    Operation Manual – PoE-PoE Profile H3C S5100-SI/EI Series Ethernet Switches Chapter 1 PoE Configuration PoE protection PoE restoration Switch temperature(℃) temperature(℃) S5100-26C-PWR-EI S5100-50C-PWR-EI The switch supports the PoE profile feature, that is, different PoE policies can be set for different user groups. These PoE policies are each saved in the corresponding PoE profile and applied to ports of the user groups.

  • Page 919: Enabling The Poe Feature On A Port

    Operation Manual – PoE-PoE Profile H3C S5100-SI/EI Series Ethernet Switches Chapter 1 PoE Configuration 1.2.2 Enabling the PoE Feature on a Port Table 1-4 Enable the PoE feature on a port Operation Command Description Enter system view system-view — interface interface-type Enter Ethernet port view —...

  • Page 920: Setting The Poe Mode On A Port

    Operation Manual – PoE-PoE Profile H3C S5100-SI/EI Series Ethernet Switches Chapter 1 PoE Configuration auto: When the switch is close to its full load in supplying power, it will first supply power to the PDs that are connected to the ports with critical priority, and then supply power to the PDs that are connected to the ports with high priority.

  • Page 921: Configuring The Pd Compatibility Detection Function

    Operation Manual – PoE-PoE Profile H3C S5100-SI/EI Series Ethernet Switches Chapter 1 PoE Configuration Table 1-7 Set the PoE mode on a port Operation Command Description Enter system view system-view — interface interface-type Enter Ethernet port view — interface-number Optional...

  • Page 922: Upgrading The Pse Processing Software Online

    Operation Manual – PoE-PoE Profile H3C S5100-SI/EI Series Ethernet Switches Chapter 1 PoE Configuration 1.2.8 Upgrading the PSE Processing Software Online The online upgrading of PSE processing software can update the processing software or repair the software if it is damaged. Before performing the following configuration, download the PSE processing software to the Flash of the switch.

  • Page 923: Poe Configuration Example

    Operation Manual – PoE-PoE Profile H3C S5100-SI/EI Series Ethernet Switches Chapter 1 PoE Configuration Table 1-11 Display PoE configuration Operation Command Description Display the PoE status of a display poe interface specific port or all ports of the [ interface-type...
  • Page 924 Operation Manual – PoE-PoE Profile H3C S5100-SI/EI Series Ethernet Switches Chapter 1 PoE Configuration II. Networking diagram Figure 1-1 Network diagram for PoE III. Configuration procedure # Upgrade the PSE processing software online. <SwitchA> system-view [SwitchA] poe update refresh 0290_021.s19 # Enable the PoE feature on GigabitEthernet 1/0/1, and set the PoE maximum output power of GigabitEthernet 1/0/1 to 12,000 mW.
  • Page 925 Operation Manual – PoE-PoE Profile H3C S5100-SI/EI Series Ethernet Switches Chapter 1 PoE Configuration # Enable the PD compatibility detect of the switch to allow the switch to supply power to part of the devices noncompliant with the 802.3af standard.

  • Page 926: Chapter 2 Poe Profile Configuration

    Operation Manual – PoE-PoE Profile H3C S5100-SI/EI Series Ethernet Switches Chapter 2 PoE Profile Configuration Chapter 2 PoE Profile Configuration 2.1 Introduction to PoE Profile On a large-sized network or a network with mobile users, to help network administrators to monitor the PoE features of the switch, S5100-SI/EI series Ethernet switches provide the PoE profile features.

  • Page 927: Displaying Poe Profile Configuration

    Operation Manual – PoE-PoE Profile H3C S5100-SI/EI Series Ethernet Switches Chapter 2 PoE Profile Configuration Operation Command Description apply poe-profile profile-name interface In system view interface-type interface-number [ to interface-type Apply the interface-number ] existing PoE profile to the Use either approach.

  • Page 928: Poe Profile Configuration Example

    Operation Manual – PoE-PoE Profile H3C S5100-SI/EI Series Ethernet Switches Chapter 2 PoE Profile Configuration Table 2-2 Display the PoE profile configuration Operation Command Description Display the detailed display poe-profile { all-profile | information about the interface interface-type Available in any...
  • Page 929 Operation Manual – PoE-PoE Profile H3C S5100-SI/EI Series Ethernet Switches Chapter 2 PoE Profile Configuration II. Network diagram Figure 2-1 PoE profile application III. Configuration procedure # Create Profile1, and enter PoE profile view. <SwitchA> system-view [SwitchA] poe-profile Profile1 # In Profile1, add the PoE policy configuration applicable to GigabitEthernet 1/0/1 through GigabitEthernet 1/0/5 ports for users of group A.
  • Page 930 Operation Manual – PoE-PoE Profile H3C S5100-SI/EI Series Ethernet Switches Chapter 2 PoE Profile Configuration [SwitchA] poe-profile Profile2 # In Profile2, add the PoE policy configuration applicable to GigabitEthernet 1/0/6 through GigabitEthernet 1/0/10 ports for users of group A. [SwitchA-poe-profile-Profile2] poe enable...

  • Page 931: Appendix

    Operation Manual – Appendix H3C S5100-SI/EI Series Ethernet Switches Table of Contents Table of Contents Appendix A Acronyms ........................A-1...
  • Page 932 Operation Manual – Appendix H3C S5100-SI/EI Series Ethernet Switches Appendix A Acronyms Appendix A Acronyms Authentication, Authorization and Accounting Area Border Router Access Control List Address Resolution Protocol Autonomous System ASBR Autonomous System Border Router Backup Designated Router Committed Access Rate...
  • Page 933 Operation Manual – Appendix H3C S5100-SI/EI Series Ethernet Switches Appendix A Acronyms ICMP Internet Control Message Protocol IGMP Internet Group Management Protocol Interior Gateway Protocol Internet Protocol Link State Advertisement LSDB Link State DataBase Medium Access Control Management Information Base...
  • Page 934 Operation Manual – Appendix H3C S5100-SI/EI Series Ethernet Switches Appendix A Acronyms TCP/IP Transmission Control Protocol/ Internet Protocol TFTP Trivial File Transfer Protocol Type of Service Time To Live User Datagram Protocol VLAN Virtual LAN Video On Demand Weighted Round Robin...

This manual is also suitable for:

S5100-8p-siS5100-16p-siS5100-24p-siS5100-48p-siS5100-8p-eiS5100-16p-ei ... Show all

Table of Contents