Page 1: Configuration Guide
® 3Com Switch 4800G Family Configuration Guide Switch 4800G 24-Port Switch 4800G PWR 24-Port Switch 4800G 48-Port Switch 4800G PWR 48-Port Switch 4800G 24-Port SFP www.3Com.com Part Number: 10015265 Rev. AB Published: March 2008...
Page 2 LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.
Page 3: Table Of Contents
ONTENTS BOUT UIDE Conventions Related Documentation RODUCT VERVIEW Preface Product Models ETWORKING PPLICATIONS Serving as a Convergence Layer Device Serving as a Access Layer Device OGGING N TO AN THERNET WITCH Logging In to an Ethernet Switch Introduction to the User Interface OGGING HROUGH THE ONSOLE...
Page 4 OGGING IN HROUGH BASED ETWORK ANAGEMENT YSTEM Introduction HTTP Connection Establishment Web Server Shutdown/Startup Displaying Web Users OGGING IN HROUGH Introduction Connection Establishment Using NMS IP A ONFIGURING OURCE DDRESS FOR ELNET ERVICE ACKETS Overview Configuring Source IP Address for Telnet Service Packets Displaying the source IP address/Interface Specified for Telnet Packets ONTROLLING OGIN...
Page 5 IP A DDRESSING ONFIGURATION IP Addressing Overview Configuring IP Addresses Displaying and Maintaining IP Addressing IP P ERFORMANCE ONFIGURATION IP Performance Overview Enabling Reception and Forwarding of Directed Broadcasts to a Directly Connected Network Configuring TCP Attributes Configuring ICMP to Send Error Packets Displaying and Maintaining IP Performance ONFIGURATION Introduction to QinQ...
Page 6 GGREGATION ONFIGURATION Configuring Link Aggregation Displaying and Maintaining Link Aggregation Link Aggregation Configuration Example MAC A DDRESS ABLE ANAGEMENT ONFIGURATION Introduction to MAC Address Table Configuring MAC Address Table Management Displaying and Maintaining MAC Address Table Management MAC Address Table Management Configuration Example IP S OURCE UARD...
Page 7 GR O VERVIEW Introduction to Graceful Restart Basic Concepts in Graceful Restart Graceful Restart Communication Procedure Graceful Restart Mechanism for Several Commonly Used Protocols TATIC OUTING ONFIGURATION Introduction Configuring a Static Route Detecting Reachability of the Static Route’s Nexthop Displaying and Maintaining Static Routes Configuration Example RIP C ONFIGURATION...
Page 8 BGP C ONFIGURATION BGP Overview BGP Configuration Task List Configuring BGP Basic Functions Controlling Route Distribution and Reception Configuring BGP Route Attributes Tuning and Optimizing BGP Networks Configuring a Large Scale BGP Network Configuring BGP GR Displaying and Maintaining BGP BGP Configuration Examples Troubleshooting BGP OUTING...
Page 9 Troubleshooting OSPFv3 Configuration 6 IS-IS C ONFIGURATION Introduction to IPv6 IS-IS Configuring IPv6 IS-IS Basic Functions Configuring IPv6 IS-IS Routing Information Control Displaying and Maintaining IPv6 IS-IS IPv6 IS-IS Configuration Example 6 BGP C ONFIGURATION IPv6 BGP Overview Configuration Task List Configuring IPv6 BGP Basic Functions Controlling Route Distribution and Reception Configuring IPv6 BGP Route Attributes...
Page 10 UNNELING ONFIGURATION Introduction to Tunneling Tunneling Configuration Task List Configuring IPv6 Manual Tunnel Configuring 6to4 Tunnel Configuring ISATAP Tunnel Displaying and Maintaining Tunneling Configuration Troubleshooting Tunneling Configuration ULTICAST VERVIEW Introduction to Multicast Multicast Models Multicast Architecture Multicast Packet Forwarding Mechanism IGMP S NOOPING ONFIGURATION...
Page 11 Configuring IPv6 Multicast VLAN Displaying and Maintaining IPv6 Multicast VLAN IPv6 Multicast VLAN Configuration Examples IGMP C ONFIGURATION IGMP Overview IGMP Configuration Task List Configuring Basic Functions of IGMP Adjusting IGMP Performance Displaying and Maintaining IGMP IGMP Configuration Example Troubleshooting IGMP PIM C ONFIGURATION PIM Overview...
Page 12 Displaying and Maintaining 802.1x 802.1x Configuration Example Guest VLAN Configuration Example ACL Assignment Configuration Example HABP C ONFIGURATION Introduction to HABP Configuring HABP Displaying and Maintaining HABP MAC A UTHENTICATION ONFIGURATION MAC Authentication Overview Related Concepts Configuring MAC Authentication Displaying and Maintaining MAC Authentication MAC Authentication Configuration Examples AAA/RADIUS/HWTACACS C ONFIGURATION...
Page 13 Protocols and Standards DHCP S ERVER ONFIGURATION Introduction to DHCP Server DHCP Server Configuration Task List Enabling DHCP Enabling the DHCP Server on an Interface Configuring an Address Pool for the DHCP Server Configuring the DHCP Server Security Functions Configuring the Handling Mode for Option 82 Displaying and Maintaining the DHCP Server DHCP Server Configuration Examples Troubleshooting DHCP Server Configuration...
Page 14 Introduction to IPv6 ACL 4 ACL C ONFIGURATION Creating a Time Range Configuring a Basic IPv4 ACL Configuring an Advanced IPv4 ACL Configuring an Ethernet Frame Header ACL Copying an IPv4 ACL Displaying and Maintaining IPv4 ACLs IPv4 ACL Configuration Example 6 ACL C ONFIGURATION Creating a Time Range...
Page 15 Configuring a WRR Queue Configuring SP+WRR Queues Displaying and Maintaining Congestion Management RIORITY APPING Priority Mapping Overview Configuring a Priority Mapping Table Configuring the Port Priority Configuring Port Priority Trust Mode Displaying and Maintaining Priority Mapping VLAN PPLYING A OLICY TO Overview Applying a QoS Policy to VLANs Displaying and Maintaining QoS Policies Applied to VLANs...
Page 16 Displaying and Maintaining UDP Helper UDP Helper Configuration Example SNMP C ONFIGURATION SNMP Overview SNMP Configuration Configuring SNMP Logging Trap Configuration Displaying and Maintaining SNMP SNMP Configuration Example SNMP Logging Configuration Example RMON C ONFIGURATION RMON Overview Configuring RMON Displaying and Maintaining RMON RMON Configuration Example NTP C ONFIGURATION...
Page 17 Configuring the FTP Server Displaying and Maintaining FTP TFTP C ONFIGURATION TFTP Overview 1001 Configuring the TFTP Client 1002 Displaying and Maintaining the TFTP Client 1003 TFTP Client Configuration Example 1003 NFORMATION ENTER ONFIGURATION Information Center Overview 1005 Configuring Information Center 1009 Displaying and Maintaining Information Center 1015...
Page 18 VRRP C ONFIGURATION Introduction to VRRP 1073 Configuring VRRP for IPv4 1081 Configuring VRRP for IPv6 1084 IPv4-Based VRRP Configuration Examples 1088 IPv6-Based VRRP Configuration Examples 1096 Troubleshooting VRRP 1105 SSH C ONFIGURATION SSH2.0 Overview 1107 Configuring the Device as an SSH Server 1110 Configuring the Device as an SSH Client 1115...
Page 19 LLDP C ONFIGURATION Introduction to LLDP 1181 LLDP Configuration Tasks List 1184 Performing Basic LLDP Configuration 1184 Configuring LLDP Trap 1188 Displaying and Maintaining LLDP 1188 LLDP Configuration Example 1189 ONFIGURATION PoE Overview 1193 PoE Configuration Task List 1194 Configuring the PoE Interface 1194 Configuring PD Power Management 1196...
Page 20 HTTPS Configuration Example 1215 PKI C ONFIGURATION Introduction to PKI 1219 PKI Configuration Task List 1222 Configuring an Entity DN 1222 Configuring a PKI Domain 1223 Submitting a PKI Certificate Request 1225 Retrieving a Certificate Manually 1226 Configuring PKI Certificate Validation 1227 Destroying a Local RSA Key Pair 1228...
Page 21: Bout This Guide
(LAN) operations and familiarity with communication protocols that are used to interconnect LANs. Always download the Release Notes for your product from the 3Com World Wide Web site and check for the latest updates to software and product documentation: http://www.3com.com...
Page 22 If information in this guide differs from information in the release notes, use the information in the Release Notes. These documents are available in Adobe Acrobat Reader Portable Document Format (PDF) on the CD-ROM that accompanies your router or on the 3Com World Wide Web site: http://www.3com.com/...
Page 23: Product
RODUCT VERVIEW Preface 3Com Switch 4800G Family (hereinafter referred to as the Switch 4800G) are Gigabit Ethernet switching products developed by 3Com. The Switch 4800G have abundant service features. They provide the IPv6 forwarding function and 10GE uplink interfaces. Through 3Com-specific cluster management, you can streamline network management.
Page 24: Serving As A Convergence Layer Device
HAPTER ETWORKING PPLICATIONS The Switch 4800G are designed as convergence layer switches or access layer switches for enterprise networks and MANs. The Switch 4800G provide 24 or 48 autosensing Gigabit Ethernet ports and four SFP Combo Gigabit optical interfaces. In addition, the Switch 4800G provide two extension slots. You can configure XFP/CX4 extension module and up to four 10GE ports are supported.
Page 25 Serving as a Access Layer Device Figure 2 Application of Switch 4800G at access layer Core/Aggregation Access S5600-PWR-HI S5600-HI...
Page 26 HAPTER ETWORKING PPLICATIONS...
Page 27: Logging I Ethernet Switch
Telnet users and SSH users Ethernet port Each switch can accommodate up to five VTY users. As the AUX port and the console port of a 3Com switch are the same one, you will be in the AUX user interface if you log in through this port.
Page 28 1: L HAPTER OGGING N TO AN THERNET WITCH Common User Interface Configuration To do… Use the command… Remarks Lock the current user lock Optional interface Execute this command in user view. A user interface is not locked by default. Specify to send messages to send { all | number | type Optional...
Page 29 Introduction to the User Interface To do… Use the command… Remarks Set the display type of a terminal type { ansi | Optional terminal vt100 } By default, the terminal display type is ANSI. The device must use the same type of display as the terminal.
Page 30 1: L HAPTER OGGING N TO AN THERNET WITCH...
Page 31: Logging I N T Hrough The
OGGING HROUGH THE ONSOLE The default system name of the Switch 4800G is 3Com, that is, the command line prompt is 3Com. All the following examples take 3Com as the command line prompt. Introduction To log in through the console port is the most common way to log in to a switch.
Page 32 2: L HAPTER OGGING HROUGH THE ONSOLE Figure 4 Create a connection Figure 5 Specify the port used to establish the connection...
Page 33: Console Port Login Configuration
Console Port Login Configuration Figure 6 Set port parameters terminal window Turn on the switch. The user will be prompted to press the Enter key if the ■ switch successfully completes POST (power-on self test). The prompt (such as <SW4800G>) appears after the user presses the Enter key. You can then configure the switch or check the information about the switch ■...
Page 34 2: L HAPTER OGGING HROUGH THE ONSOLE Table 5 Common configuration of console port login Configuration Description AUX user Configure the Optional interface command level By default, commands of level 3 are available to the configuration available to the users logging in to the AUX user interface. users logging in to the AUX user interface...
Page 35: Console Port Login Configuration With Authentication Mode Being None
Console Port Login Configuration with Authentication Mode Being None Table 6 Console port login configurations for different authentication modes Authentication mode Console port login configuration Description Scheme Specify to AAA configuration Optional perform local specifies whether to Local authentication is authentication or perform local performed by default.
Page 36 2: L HAPTER OGGING HROUGH THE ONSOLE To do… Use the command… Remarks Configure Set the baud speed speed-value Optional the console rate The default baud rate of an AUX port port (also the console port) is 9,600 bps. Set the check parity { even | mark | Optional mode...
Page 37 Console Port Login Configuration with Authentication Mode Being None Note that if you configure not to authenticate the users, the command level available to users logging in to a switch depends on both the authentication-mode none command and the user privilege level level command, as listed in the following table.
Page 38: Console Port Login Configuration With Authentication Mode Being Password
2: L HAPTER OGGING HROUGH THE ONSOLE [SW4800G] user-interface aux 0 # Specify not to authenticate the user logging in through the console port. [SW4800G-ui-aux0] authentication-mode none # Specify commands of level 2 are available to the user logging in to the AUX user interface.
Page 39 Console Port Login Configuration with Authentication Mode Being Password To do… Use the command… Remarks Configure Set the speed speed-value Optional the console baud rate The default baud rate of an AUX port port (also the console port) is 9,600 bps. Set the parity { even | mark | Optional...
Page 40 2: L HAPTER OGGING HROUGH THE ONSOLE authentication-mode password and the user privilege level level command, as listed in the following table. Table 8 Determine the command level (B) Scenario Authentication mode User type Command Command level Local authentication Users logging in The user privilege level Level 3 (authentication-mode...
Page 41: Console Port Login Configuration With Authentication Mode Being Scheme
Console Port Login Configuration with Authentication Mode Being Scheme [SW4800G] user-interface aux 0 # Specify to authenticate the user logging in through the console port using the local password. [SW4800G-ui-aux0] authentication-mode password # Set the local password to 123456 (in plain text). [SW4800G-ui-aux0] set authentication password simple 123456 # Specify commands of level 2 are available to the user logging in to the AUX user interface.
Page 42 2: L HAPTER OGGING HROUGH THE ONSOLE To do… Use the command… Remarks Configure the Enter the default ISP domain Domain name Optional authentication domain view By default, the local AAA mode Specify the AAA authentication default scheme is applied. If you scheme to be applied to { hwtacacs- scheme specify to apply the local...
Page 43 Console Port Login Configuration with Authentication Mode Being Scheme To do… Use the command… Remarks Configure the console port speed speed-value Optional The default baud rate of the AUX port (also the console port) is 9,600 bps. parity { even | mark | Optional none | odd | space } By default, the check...
Page 44 2: L HAPTER OGGING HROUGH THE ONSOLE To do… Use the command… Remarks Set the timeout time for the user idle-timeout minutes Optional interface [ seconds ] The default timeout time of a user interface is 10 minutes. With the timeout time being 10 minutes, the connection to a user interface is terminated if...
Page 45 Console Port Login Configuration with Authentication Mode Being Scheme Set the service type of the local user to Terminal. ■ Configure to authenticate the user logging in through the console port in the ■ scheme mode. The commands of level 2 are available to the user logging in to the AUX user ■...
Page 46 2: L HAPTER OGGING HROUGH THE ONSOLE [SW4800G-ui-aux0] authentication-mode scheme # Set the baud rate of the console port to 19,200 bps. [SW4800G-ui-aux0] speed 19200 # Set the maximum number of lines the screen can contain to 30. [SW4800G-ui-aux0] screen-length 30 # Set the maximum number of commands the history command buffer can store to 20.
Page 47: Logging I Nthrough Telnet
OGGING HROUGH ELNET Introduction You can telnet to a remote switch to manage and maintain the switch. To achieve this, you need to configure both the switch and the Telnet terminal properly. Table 10 Requirements for Telnet to a switch Item Requirement Switch...
Page 48 3: L HAPTER OGGING HROUGH ELNET Table 11 Common Telnet configuration Configuration Description VTY user Configure the command level Optional interface available to users logging in to By default, commands of level 0 are configuration the VTY user interface available to users logging in to a VTY user interface.
Page 49: Telnet Configuration With Authentication Mode Being None
Telnet Configuration with Authentication Mode Being None Table 12 Telnet configurations for different authentication modes Authentication mode Telnet configuration Description Scheme Specify to AAA configuration Optional perform local specifies whether Local authentication is authentication or to perform local performed by default. RADIUS authentication or authentication...
Page 50 3: L HAPTER OGGING HROUGH ELNET To do… Use the command… Remarks Define a shortcut key for escape-key { default | Optional aborting tasks character } The default shortcut key combination for aborting tasks is < Ctrl+C >. Make terminal services shell Optional available...
Page 51 Telnet Configuration with Authentication Mode Being None Commands of level 2 are available to users logging in to VTY 0. ■ Telnet protocol is supported. ■ The screen can contain up to 30 lines. ■ The history command buffer can contain up to 20 commands. ■...
Page 52: Telnet Configuration With Authentication Mode Being Password
3: L HAPTER OGGING HROUGH ELNET Telnet Configuration with Authentication Mode Being Password Configuration Procedure To do… Use the command… Remarks Enter system view system-view Enable the Telnet server telnet server enable Required function Enter one or more VTY user user-interface vty interface views first-number...
Page 53 Telnet Configuration with Authentication Mode Being Password To do… Use the command… Remarks Set the timeout time of the idle-timeout minutes Optional user interface [ seconds ] The default timeout time of a user interface is 10 minutes. With the timeout time being 10 minutes, the connection to a user interface is terminated if no operation is performed in the user...
Page 54: Telnet Configuration With Authentication Mode Being Scheme
3: L HAPTER OGGING HROUGH ELNET Configuration procedure # Enter system view, and enable the Telnet service. <SW4800G> system-view [SW4800G] telnet server enable # Enter VTY 0 user interface view. [SW4800G] user-interface vty 0 # Configure to authenticate users logging in to VTY 0 using the local password. [SW4800G-ui-vty0] authentication-mode password # Set the local password to 123456 (in plain text).
Page 55 Telnet Configuration with Authentication Mode Being Scheme To do… Use the command… Remarks Configure Enter the domain Domain name Optional default ISP By default, the local AAA scheme is authenticati domain view applied. If you specify to apply the on scheme Configure authentication default local AAA scheme, you need to...
Page 56 3: L HAPTER OGGING HROUGH ELNET To do… Use the command… Remarks Make terminal services shell Optional available Terminal services are available in all use interfaces by default. Set the maximum number screen-length Optional of lines the screen can screen-length By default, the screen can contain contain up to 24 lines.
Page 57 Telnet Configuration with Authentication Mode Being Scheme Table 15 Determine the command level when users logging in to switches are authenticated in the scheme mode Scenario Command Authenticatio Command n mode User type level Scheme VTY users that The user privilege level level command is Level 0 (authentication not executed, and the service-type...
Page 58 3: L HAPTER OGGING HROUGH ELNET Configuration Example Network requirements Assume that you are a level 3 AUX user and want to perform the following configuration for Telnet users logging in to VTY 0: Configure the name of the local user to be “guest”. ■...
Page 59: Telnet Connection Establishment
Telnet Connection Establishment # Set the maximum number of lines the screen can contain to 30. [SW4800G-ui-vty0] screen-length 30 # Set the maximum number of commands the history command buffer can store to 20. [SW4800G-ui-vty0] history-command max-size 20 # Set the timeout time to 6 minutes. [SW4800G-ui-vty0] idle-timeout 6 Telnet Connection Establishment...
Page 60 “All user interfaces are used, please try later!”. A 3Com series Ethernet switch can accommodate up to five Telnet connections at same time.
Page 61 Telnet Connection Establishment two Ethernet ports belong to are of the same network segment, or the route between the two VLAN interfaces is available. As shown in Figure 15, after Telnetting to a switch (labeled as Telnet client), you can Telnet to another switch (labeled as Telnet server) by executing the telnet command and then to configure the later.
Page 62 3: L HAPTER OGGING HROUGH ELNET...
Page 63: Ogging In Using Modem
OGGING IN SING ODEM Introduction The administrator can log in to the console port of a remote switch using a modem through PSTN (public switched telephone network) if the remote switch is connected to the PSTN through a modem to configure and maintain the switch remotely.
Page 64: Modem Connection Establishment
4: L HAPTER OGGING IN SING ODEM The above configuration is unnecessary to the modem on the administrator side. The configuration commands and the output of different modems may differ. Refer to the user manual of the modem when performing the above configuration.
Page 65 Modem Connection Establishment The configuration commands and the output of different modems may differ. ■ Refer to the user manual of the modem when performing the above configuration. It is recommended that the baud rate of the AUX port (also the console port) ■...
Page 66 4: L HAPTER OGGING IN SING ODEM Figure 17 Set the telephone number Figure 18 Call the modem Step 5: Provide the password when prompted. If the password is correct, the prompt (such as <SW4800G>) appears. You can then configure or manage the switch.
Page 67: Logging In
OGGING IN HROUGH BASED ETWORK ANAGEMENT YSTEM Introduction A Switch 4800G has a Web server built in. You can log in to a Switch 4800G through a Web browser and manage and maintain the switch intuitively by interacting with the built-in Web server. To log in to a Switch 4800G through the built-in Web-based network management system, you need to perform the related configuration on both the switch and the PC operating as the network management terminal.
Page 68: Web Server Shutdown/Startup
5: L HAPTER OGGING IN HROUGH BASED ETWORK ANAGEMENT YSTEM # Configure the user name to be admin. [SW4800G] local-user admin # Set the user level to level 3. [SW4800G-luser-admin] service-type telnet level 3 # Set the password to admin. [SW4800G-luser-admin] password simple admin Step 3: Establish an HTTP connection between your PC and the switch, as shown in the following figure.
Page 69: Displaying Web Users
Displaying Web Users To do… Use the command… Remarks Start the Web server ip http enable Required Execute this command in system view. Displaying Web Users After the above configurations, execute the display command in any view to display the information about Web users, and thus to verify the configuration effect.
Page 70 5: L HAPTER OGGING IN HROUGH BASED ETWORK ANAGEMENT YSTEM...
Page 71: Logging In Through Nms
OGGING IN HROUGH Introduction You can also log in to a switch through an NMS (network management station), and then configure and manage the switch through the agent module on the switch. The agent here refers to the software running on network devices (switches) ■...
Page 72 6: L HAPTER OGGING IN HROUGH...
Page 73: Configuring Source Ip Address For Telnet Service Packets
IP A ONFIGURING OURCE DDRESS ELNET ERVICE ACKETS Go to these sections for information you are interested in: “Overview” on page 73 ■ “Configuring Source IP Address for Telnet Service Packets” on page 73 ■ “Displaying the source IP address/Interface Specified for Telnet Packets” on ■...
Page 74: Displaying The Source Ip Address/Interface Specified For Telnet Packets
7: C IP A HAPTER ONFIGURING OURCE DDRESS FOR ELNET ERVICE ACKETS Table 21 Configure a source IP address for service packets in system view To do… Use the command… Remarks Specify the source IP address or telnet client source { ip Optional source interface for the switch for ip-address | interface...
Page 75: Controlling Login Sers
ONTROLLING OGIN SERS Introduction A switch provides ways to control different types of login users, as listed in Table 22. Table 22 Ways to control different types of login users Login mode Control method Implementation Related section Telnet By source IP addresses Through basic ACLs Section “Controlling Telnet Users by Source IP Addresses”...
Page 76 8: C HAPTER ONTROLLING OGIN SERS To do… Use the command… Remarks Define rules for the ACL rule [ rule-id ] { permit | Required deny } [ source { sour-addr sour-wildcard | any } | time-range time-name | fragment | logging ]* Quit to system view quit Enter user interface view...
Page 77 Controlling Telnet Users To do… Use the command… Remarks Enter system view system-view Create a basic ACL or enter acl number acl-number As for the acl number basic ACL view [ match-order { config | command, the config auto } ] keyword is specified by default.
Page 78: Controlling Network Management Users By Source Ip Addresses
8: C HAPTER ONTROLLING OGIN SERS Controlling Network You can manage a Switch 4800G through network management software. Management Users by Network management users can access switches through SNMP. Source IP Addresses You need to perform the following two operations to control network management users by source IP addresses.
Page 79: Controlling Web Users By Source Ip Address
Controlling Web Users by Source IP Address As SNMP community name is a feature of SNMPv1 and SNMPv2c, the specified ACLs in the command that configures SNMP community names (the snmp-agent community command) take effect in the network management systems that adopt SNMPv1 or SNMPv2c.
Page 80 8: C HAPTER ONTROLLING OGIN SERS You need to perform the following two operations to control Web users by source IP addresses. Defining an ACL ■ Applying the ACL to control Web users ■ Prerequisites The controlling policy against Web users is determined, including the source IP addresses to be controlled and the controlling actions (permitting or denying).
Page 81: Configuration Procedure
Controlling Web Users by Source IP Address Configuration procedure # Define a basic ACL. <SW4800G> system-view [SW4800G] acl number 2030 match-order config [SW4800G-acl-basic-2030] rule 1 permit source 10.110.100.52 0 [SW4800G-acl-basic-2030] rule 2 deny source any # Apply the ACL to only permit the Web users sourced from the IP address of 10.110.100.52 to access the switch.
Page 82 8: C HAPTER ONTROLLING OGIN SERS...
Page 83: Vlan C
VLAN C ONFIGURATION When configuring VLAN, go to these sections for information you are interested “Introduction to VLAN” on page 83 ■ “Configuring Basic VLAN Attributes” on page 86 ■ “Basic VLAN Interface Configuration” on page 86 ■ “Port-Based VLAN Configuration” on page 87 ■...
Page 84 9: VLAN C HAPTER ONFIGURATION Figure 25 A VLAN diagram VLAN 2 Switch A Switch B Router VLAN 5 A VLAN is not restricted by physical factors, that is to say, hosts that reside in different network segments may belong to the same VLAN, users in a VLAN can be connected to the same switch, or span across multiple switches or routers.
Page 85 Introduction to VLAN IEEE802.1Q defines a four-byte VLAN Tag between the DA&SA field and the Type field to carry VLAN-related information, as shown in Figure 27. Figure 27 The position and the format of the VLAN Tag VLAN Tag DA&SA TPID Priority CFI VLAN ID...
Page 86: Configuring Basic Vlan Attributes
9: VLAN C HAPTER ONFIGURATION Configuring Basic Follow these steps to configure basic VLAN attributes: VLAN Attributes To do… Use the command… Remarks Enter system view system-view Create VLANs vlan { vlan-id1 [ to vlan-id2 ] | Optional all } Using this command can create multiple VLANs in a bulk.
Page 87: Port-Based Vlan Configuration
Port-Based VLAN Configuration To do… Use the command… Remarks Configure an IP address for ip address ip-address { mask | Optional the VLAN interface mask-length } [ sub ] Not configured by default Specify the descriptive string description text Optional for the VLAN interface VLAN interface name is used by default, for example,...
Page 88 9: VLAN C HAPTER ONFIGURATION Default VLAN You can configure the default VLAN for a port. By default, VLAN 1 is the default VLAN for all ports. However, this can be changed as needed. An Access port only belongs to one VLAN. Therefore, its default VLAN is the ■...
Page 89 Port-Based VLAN Configuration To do… Use the command… Remarks Enter system view system-view Enter VLAN view vlan vlan-id Required If the specified VLAN does not exist, this command be created first creates the VLAN before entering its view. Add an Access port to the port interface-list Required current VLAN...
Page 90 9: VLAN C HAPTER ONFIGURATION To do… Use the command… Remarks Allow the specified VLANs to port trunk permit vlan Required pass through the current { vlan-id-list | all } By default, all Trunk ports only Trunk port allow packets of VLAN 1 to pass.
Page 91: Mac Address-Based Vlan Configuration
MAC Address-Based VLAN Configuration MAC Address-Based VLAN Configuration Introduction to MAC With MAC address-based VLANs created, the VLAN to which a packet belongs is Address-Based VLAN determined by its source MAC address, and packets in a MAC address-based VLAN are forwarded after being tagged with the tag of the VLAN. This function is usually coupled with the security technologies (such as 802.1X) to provide secure and flexible network accesses for terminal devices.
Page 92: Protocol-Based Vlan Configuration
9: VLAN C HAPTER ONFIGURATION To do… Use the command… Remarks Enter system view system-view Associate MAC addresses mac-vlan mac-address Required with a VLAN mac-addr [ mask mac-mask ] vlan vlan-id [ priority priority ] Enter Enter Ethernet interface interface-type Use either command.
Page 93 Protocol-Based VLAN Configuration The port processes a tagged packet (that is, a packet carrying a VLAN tag) in the same way as it processes packets of a port-based VLAN. If the port is configured to permit the VLAN identified by this VLAN tag, the ■...
Page 94: Configuring Ip-Subnet-Based Vlan
9: VLAN C HAPTER ONFIGURATION template for llc encapsulation. Otherwise, the encapsulation format of the matching packets will be the same as that of the ipx llc or ipx raw packets respectively. When you use the mode keyword to configure a user-defined protocol ■...
Page 95: Displaying And Maintaining Vlan
Displaying and Maintaining VLAN To do… Use the command… Remarks Allow an IP-subnet-based port hybrid vlan vlan-id-list Required VLAN to pass through the { tagged | untagged } current Hybrid port Configure the association port hybrid ip-subnet-vlan Required between the Hybrid port and vlan vlan-id the IP-subnet-based VLAN Displaying and...
Page 96 9: VLAN C HAPTER ONFIGURATION Configuration procedure 1 Configure Device A # Create VLAN 2, VLAN 6 through VLAN 50, and VLAN 100. <DeviceA> system-view [DeviceA] vlan 2 [DeviceA-vlan2] quit [DeviceA] vlan 100 [DeviceA-vlan100] vlan 6 to 50 Please wait... Done. # Enter GigabitEthernet 1/0/1 port view.
Page 97 VLAN Configuration Example Link delay is 0(sec) Port link-type: trunk Tagged VLAN ID : 2, 6-50, 100 Untagged VLAN ID : 2, 6-50, 100 Port priority: 0 Last 300 seconds input: 8 packets/sec 1513 bytes/sec Last 300 seconds output: 1 packets/sec 179 bytes/sec Input (total): 25504971 packets, 13911485028 bytes 14288575 broadcasts, 11111535 multicasts...
Page 98 9: VLAN C HAPTER ONFIGURATION...
Page 99: Voice Vlan Configuration
Pingtel phone 00e0-7500-0000 Polycom phone 00e0-bb00-0000 3Com phone As the first 24 bits of a MAC address (in binary format), an OUI address is a ■ globally unique identifier assigned to a vendor by IEEE (Institute of Electrical and Electronics Engineers).
Page 100 10: V VLAN C HAPTER OICE ONFIGURATION and matches it against the OUI addresses. If a match is found, the system will automatically add the port into the Voice VLAN and apply ACL rules and configure the packet precedence. An aging time can be configured for the voice VLAN.
Page 101: Configuring Voice Vlan
Configuring Voice VLAN CAUTION: If the voice traffic sent by an IP phone is tagged and that the access port has ■ 802.1x authentication and Guest VLAN enabled, assign different VLAN IDs for the voice VLAN, the default VLAN of the access port, and the 802.1x guest VLAN.
Page 102 10: V VLAN C HAPTER OICE ONFIGURATION To do… Use the command… Remarks Configure the aging time of voice vlan aging minutes Optional the voice VLAN Only applicable to ports in automatic mode and defaults to 1,440 minutes Enable the security mode for voice vlan security enable Optional the voice VLAN...
Page 103: Displaying And Maintaining Voice Vlan
Displaying and Maintaining Voice VLAN To do… Use the command… Remarks Configure the working mode undo voice vlan mode auto Required as manual Disabled by default Add the ports Access port Refer to “Configuring an Use one of the three in manual Access-Port-Based VLAN”...
Page 104 10: V VLAN C HAPTER OICE ONFIGURATION Network diagram Figure 29 Network diagram for automatic voice VLAN mode configuration Internet Configuration procedure # Create VLAN 2 and VLAN 6. <DeviceA> system-view [DeviceA] vlan 2 [DeviceA-vlan2] quit [DeviceA] vlan 6 [DeviceA-vlan6] quit # Configure the voice VLAN aging time.
Page 105 Pingtel phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3com phone # Display the current Voice VLAN state. <DeviceA> display voice vlan state Voice VLAN status: ENABLE Voice VLAN ID: 2 Voice VLAN security mode: Security Voice VLAN aging time: 100 minutes...
Page 106 10: V VLAN C HAPTER OICE ONFIGURATION Network diagram Figure 30 Network diagram for manual voice VLAN mode configuration Internet Configuration procedure # Configure the voice VLAN to work in security mode and only allows legal voice packets to pass through the voice VLAN enabled port. (Optional, enabled by default) <DeviceA>...
Page 107 Pingtel phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3com phone # Display the current voice VLAN state. <DeviceA> display voice vlan state Voice VLAN status: ENABLE Voice VLAN ID: 2 Voice VLAN security mode: Security Voice VLAN aging time: 100 minutes...
Page 108 10: V VLAN C HAPTER OICE ONFIGURATION...
Page 109: Gvrp Configuration
GVRP C ONFIGURATION GARP VLAN Registration Protocol (GVRP) is a GARP application. It functions based on the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for the GVRP devices on the network. When configuring GVRP, go to these sections for information you are interested “Introduction to GVRP”...
Page 110 11: GVRP C HAPTER ONFIGURATION GARP participant sends LeaveAll messages upon the expiration of the LeaveAll timer, which is triggered when the GARP participant is created. Join messages, Leave messages, and LeaveAll message make sure the reregistration and deregistration of GARP attributes are performed in an orderly way.
Page 111 Introduction to GVRP GARP participants send protocol data units (PDU) with a particular multicast MAC address as destination. Based on this address, a device can identify to which GVRP application, GVRP for example, should a GARP PDU be delivered. GARP message format The following figure illustrates the GARP message format.
Page 112: Gvrp Configuration Task List
11: GVRP C HAPTER ONFIGURATION Table 25 Description on the GARP message fields Field Description Value Attribute Value Attribute value VLAN ID for GVRP If the Attribute Event is LeaveAll, Attribute Value is omitted. End Mark Indicates the end of a GARP PDU 0x00 GVRP GVRP enables a device to propagate local VLAN registration information to other...
Page 113 Configuring GVRP To do… Use the command… Remarks Enter system view system-view Enable GVRP globally gvrp Required Globally disabled by default Enter Enter interface interface-type Use either command. Ethernet port Ethernet port interface-number In Ethernet port view, the view or view subsequent configurations port-group...
Page 114: Displaying And Maintaining Gvrp
11: GVRP C HAPTER ONFIGURATION Table 26 Dependencies of GARP timers Timer Lower limit Upper limit Hold 10 centiseconds Not greater than half of the join timer setting Join Not less than two times the hold timer Less than half of the leave timer setting setting Leave Greater than two times the join timer...
Page 115 GVRP Configuration Examples Configuration procedure 1 Configure Device A # Enable GVRP globally. <DeviceA> system-view [DeviceA] gvrp # Configure port GigabitEthernet 1/0/1 as a Trunk port, allowing all VLANs to pass. [DeviceA] interface GigabitEthernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1, the Trunk port.
Page 116 11: GVRP C HAPTER ONFIGURATION GVRP Configuration Network requirements Example II Configure GVRP for dynamic VLAN information registration and update among devices. Specify fixed GVRP registration on Device A and normal GVRP registration on Device B. Network diagram Figure 33 Network diagram for GVRP configuration GE1/0/1 GE1/0/1 Device A...
Page 117 GVRP Configuration Examples [DeviceB-GigabitEthernet1/0/1] gvrp [DeviceB-GigabitEthernet1/0/1] quit # Create VLAN 3 (a static VLAN). [Sysname] vlan 3 3 Verify the configuration # Display dynamic VLAN information on Device A. [DeviceA] display vlan dynamic No dynamic vlans exist! # Display dynamic VLAN information on Device B. [DeviceB] display vlan dynamic Now, the following dynamic VLAN exist(s): GVRP Configuration...
Page 118 11: GVRP C HAPTER ONFIGURATION [DeviceA] vlan 2 2 Configure Device B # Enable GVRP globally. <DeviceB> system-view [DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a Trunk port, allowing all VLANs to pass. [DeviceB] interface GigabitEthernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1.
Page 119 GVRP Configuration Examples [DeviceB] display vlan dynamic No dynamic vlans exist!
Page 120 11: GVRP C HAPTER ONFIGURATION...
Page 121: Ip Addressing
IP A DDRESSING ONFIGURATION When assigning IP addresses to interfaces on your device, go to these sections for information you are interested in: “IP Addressing Overview” on page 121 ■ “Configuring IP Addresses” on page 123 ■ “Displaying and Maintaining IP Addressing” on page 126 ■...
Page 122 12: IP A HAPTER DDRESSING ONFIGURATION Table 27 describes the address ranges of these five classes. Currently, the first three classes of IP addresses are used in quantity. Table 27 IP address classes and ranges Class Address range Description 0.0.0.0 to The IP address 0.0.0.0 is used by a host at bootstrap for 127.255.255.255 temporary communication.
Page 123: Configuring Ip Addresses
Configuring IP Addresses Figure 36 Subnet a Class B network Class B address Net-id Host-id Mask 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Net-id Subnet-id Host-id...
Page 124 12: IP A HAPTER DDRESSING ONFIGURATION To do… Use the command… Remarks Enter system view system-view Enter interface view interface interface-type interface-number Assign an IP address to the ip address ip-address { mask | Required interface mask-length } [ sub ] No IP address is assigned by default.
Page 125 Configuring IP Addresses Network diagram Figure 37 Network diagram for IP addressing configuration 172.16.1.0/24 Switch Host B Vlan -int1 172 .16 .1.1/24 172.16.1.2/24 172 .16 .2.1/24 sub 172 .16.2.2 /24 Host A 172.16.2.0/24 Configuration procedure # Assign a primary IP address and a secondary IP address to VLAN-interface 1. <Switch>...
Page 126: Displaying And Maintaining Ip Addressing
12: IP A HAPTER DDRESSING ONFIGURATION <Switch> ping 172.16.2.2 PING 172.16.2.2: 56 data bytes, press CTRL_C to break Reply from 172.16.2.2: bytes=56 Sequence=1 ttl=255 time=25 ms Reply from 172.16.2.2: bytes=56 Sequence=2 ttl=255 time=26 ms Reply from 172.16.2.2: bytes=56 Sequence=3 ttl=255 time=26 ms Reply from 172.16.2.2: bytes=56 Sequence=4 ttl=255 time=26 ms Reply from 172.16.2.2: bytes=56 Sequence=5 ttl=255 time=26 ms --- 172.16.2.2 ping statistics ---...
Page 127: Ip Performance
IP P ERFORMANCE ONFIGURATION When configuring IP performance, go to these sections for information you are interested in: “IP Performance Overview” on page 127 ■ “Enabling Reception and Forwarding of Directed Broadcasts to a Directly ■ Connected Network” on page 127 “Configuring TCP Attributes”...
Page 128 13: IP P HAPTER ERFORMANCE ONFIGURATION To do… Use the command… Remarks Enter system view system-view Enable the device to receive ip forward-broadcast Required directed broadcasts By default, the device is disabled from receiving directed broadcasts. Enabling Forwarding of Follow these steps to enable the device to forward directed broadcasts: Directed Broadcasts to a Directly Connected To do…...
Page 129: Configuring Tcp Attributes
Configuring TCP Attributes [SwitchA] interface vlan-interface 3 [SwitchA-Vlan-interface3] ip address 1.1.1.2 24 [SwitchA-Vlan-interface3] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 2.2.2.2 24 # Enable VLAN-interface 2 to forward directed broadcasts. [SwitchA-Vlan-interface2] ip forward-broadcast Configure Switch B ■ # Enable Switch B to receive directed broadcasts. <SwitchB>...
Page 130: Configuring Icmp To Send Error Packets
13: IP P HAPTER ERFORMANCE ONFIGURATION To do… Use the command… Remarks Configure TCP synwait timer’s tcp timer syn-timeout Optional timeout value time-value By default, the timeout value is 75 seconds. Configure TCP finwait timer’s tcp timer fin-timeout Optional timeout value time-value By default, the timeout value is 675 seconds.
Page 131 Configuring ICMP to Send Error Packets When the device receives the first fragment of an IP datagram whose ■ destination is the device itself, it will start a timer. If the timer times out before all the fragments of the datagram are received, the device will send a "reassembly timeout"...
Page 132: Displaying And Maintaining Ip Performance
13: IP P HAPTER ERFORMANCE ONFIGURATION To do… Use the command… Remarks Disable sending ICMP timeout packets undo ip ttl-expires Required Enabled by default. Disable sending ICMP destination unreachable undo ip unreachables Required packets Enabled by default. The device stops sending "network unreachable" and "source route failure" ■...
Page 133: Qin
ONFIGURATION When configuring QinQ, go to these sections for information you are interested “Introduction to QinQ” on page 133 ■ “Configuring Basic QinQ” on page 135 ■ “Configuring Selective QinQ” on page 136 ■ “Configuring the TPID Value to Be Carried in VLAN Tags” on page 137 ■...
Page 134 14: Q HAPTER ONFIGURATION Figure 39 Single-tagged frame structure vs. double-tagged Ethernet frame structure 6 bytes 6 bytes 4 bytes 2bytes 46 to 1500 bytes 4 bytes User Etype DATA VLAN Tag Single-tagged frame structure 6 bytes 6 bytes 4 bytes 4 bytes 2 bytes 46 to 1500 bytes...
Page 135: Configuring Basic Qinq
Configuring Basic QinQ Figure 40 VLAN Tag structure of an Ethernet frame 6 bytes 6 bytes 4 bytes 2 bytes 46 to 1500 bytes 4 bytes VLAN Tag Etype DATA 2 bytes 3bits 1 bit 12 bits TPID User Priority VLAN ID The device determines whether a received frame carries a service provider VLAN tag or a customer VLAN tag by checking the corresponding TPID value.
Page 136: Configuring Selective Qinq
14: Q HAPTER ONFIGURATION To do… Use the command… Remarks Enter system view system-view Enter Ethernet Enter Ethernet interface interface-type Required port view or port view interface-number Use either command. port group Enter port port-group { manual view Configurations made in group view port-group-name | Ethernet port view will take...
Page 137: Configuring The Tpid Value To Be Carried In Vlan Tags
Configuring the TPID Value to Be Carried in VLAN Tags Configuring the TPID You can configure the TPID value to be carried in a VLAN tag TPID globally Value to Be Carried in (configuration will take effect on all ports of the device). VLAN Tags To do…...
Page 138 14: Q HAPTER ONFIGURATION Network diagram Figure 41 Network diagram for QinQ configuration Customer A GE1/0/1 Hybrid GE 1/0/3 Public Network Trunk VLAN1000,VLAN2000 Provider A Provider B TPID =0x8200 GE 1/0/1 GE 1/0/2 GE1/0/2 Trunk Access Access Customer B Customer C Configuration procedure With this configuration, the user must allow the QinQ packets to pass between the devices of the service providers.
Page 139 QinQ Configuration Example # Configure the port to tag frames from VLAN 20 with an outer tag with the VLAN ID of 2000. [ProviderA-GigabitEthernet1/0/1] qinq vid 2000 [ProviderA-GigabitEthernet1/0/1-vid-2000] raw-vlan-id inbound 20 [ProviderA-GigabitEthernet1/0/1-vid-2000] quit [ProviderA-GigabitEthernet1/0/1] quit Configuration on GigabitEthernet 1/0/2 ■ # Configure VLAN 1000 as the default VLAN of the port.
Page 140 14: Q HAPTER ONFIGURATION [ProviderB] interface GigabitEthernet 1/0/2 [ProviderB-GigabitEthernet1/0/2] port access vlan 2000 # Enable basic QinQ so as to tag frames from VLAN 20 with an outer tag with the VLAN ID of 2000. [ProviderB-GigabitEthernet1/0/2] qinq enable 3 Configuration on devices on the public network As third-party devices are deployed between Provider A and Provider B, what we discuss here is only the basic configuration that should be made on the devices.
Page 141: Bpdu Tunneling
BPDU T UNNELING ONFIGURATION When configuring BPDU tunneling, go to these sections for information you are interested in: “Introduction to BPDU Tunneling” on page 141 ■ “Configuring BPDU Isolation” on page 142 ■ “Configuring BPDU Transparent Transmission” on page 143 ■...
Page 142: Configuring Bpdu Isolation
15: BPDU T HAPTER UNNELING ONFIGURATION BPDU isolation When a port receives BPDUs of other networks, the port will discard the BPDUs, so that they will not take part in spanning tree calculation. Refer to “Configuring BPDU Isolation” on page 142. BPDU transparent transmission As shown in Figure 42, the upper part is the service provider network, and the lower part represents the customer networks.
Page 143: Configuring Bpdu Transparent Transmission
Configuring BPDU Transparent Transmission To do… Use the command… Remarks Enable BPDU tunneling globally bpdu-tunnel dot1q enable Optional Enabled by default Enter Enter Ethernet interface interface-type Required Ethernet port view interface-number Use either command. port view or Enter port group port-group { manual port group Configurations made in...
Page 144: Configuring Destination Multicast Mac Address For Bpdu Tunnel Frames
15: BPDU T HAPTER UNNELING ONFIGURATION BPDU tunneling must be enabled globally before the BPDU tunnel ■ configuration for a port can take effect. The BPDU tunneling feature is incompatible with the GVRP feature, so these ■ two features cannot be enabled at the same time. For introduction to GVRP, refer to “Introduction to GVRP”...
Page 145: Network Diagram
BPDU Tunneling Configuration Example Network diagram Figure 43 Network diagram for BPDU tunneling configuration Customer A Customer B VLAN2 VLAN4 GE1 /0/1 GE1/0/2 Trunk Provider A Provider B Trunk Trunk VLAN2 VLAN2 GE1 /0/4 GE1/0/3 Provider C Customer D Customer C Configuration procedure 1 Configuration on Provider A # Configure BPDU transparent transmission on GigabitEthernet 1/0/1.
Page 146 15: BPDU T HAPTER UNNELING ONFIGURATION # Configure BPDU transparent transmission on GigabitEthernet 1/0/4. [ProviderC-GigabitEthernet1/0/3] quit [ProviderC] interface GigabitEthernet 1/0/4 [ProviderC-GigabitEthernet1/0/4] port access vlan 2 [ProviderC-GigabitEthernet1/0/4] stp disable [ProviderC-GigabitEthernet1/0/4] undo ntdp enable [ProviderC-GigabitEthernet1/0/4] bpdu-tunnel dot1q enable [ProviderC-GigabitEthernet1/0/4] bpdu-tunnel dot1q stp When STP works stably on the customer network, if Customer A acts as the root bridge, the ports of Customer C and Customer D connected with Provider C can receive BPDUs from Customer A.
Page 147: Port
ORRELATION ONFIGURATION When configuring Ethernet ports, go to these sections for information you are interested in: “Ethernet Port Configuration” on page 147 ■ “Maintaining and Displaying an Ethernet Port” on page 156 ■ Ethernet Port Complete the following tasks to configure an Ethernet port: Configuration Task Remarks...
Page 148 16: P HAPTER ORRELATION ONFIGURATION To do… Use the command… Remarks Enter system view system-view Enter Ethernet port view interface interface-type interface-number Set the description description text Optional string By default, the description string is “interface index + Interface”. Set the duplex mode duplex { auto | full | half } Optional auto by default.
Page 149 Ethernet Port Configuration To do… Use the command… Remarks Enable a specified undo shutdown Optional double Combo port By default, out of the two ports in a Combo port, the one with a smaller port ID is enabled. For detailed information about Combo ports and the corresponding physical ports, refer to the installation manual.
Page 150 16: P HAPTER ORRELATION ONFIGURATION Internal loopback test, which is performed within switching chips to test the ■ functions related to the Ethernet ports. External loopback test, which is used to test the hardware functions of an ■ Ethernet port. To perform external loopback testing on an Ethernet port, you need to install a loopback plug on the Ethernet port.
Page 151 Ethernet Port Configuration To do… Use the command… Remarks Enter system view system-view Enter port Enter manual port group port-group manual group view view port-group-name Enter aggregation port group port-group view aggregation agg-id Follow these steps to configure manual port group: To do…...
Page 152 16: P HAPTER ORRELATION ONFIGURATION To do… Use the command… Remarks Configure multicast storm multicast-suppression { ratio Optional suppression ratio | pps max-pps } By default, all multicast traffic is allowed to pass through a port, that is, multicast traffic is not suppressed.
Page 153 Ethernet Port Configuration Enabling Loopback Loop occurs when a port receives the packets that it sent out. Loops may cause Detection on an broadcast storm. The purpose of loopback detection is to detect loops on a port. Ethernet Port With loopback detection enabled on an Ethernet port, the device checks the port for external loopback periodically.
Page 154 16: P HAPTER ORRELATION ONFIGURATION Ethernet interface on a device can operate in one of the following three Medium Dependent Interface (MDI) modes: Across mode, where the Ethernet interface only accepts crossover cables. ■ Normal mode, where the Ethernet interface only accepts straight-through ■...
Page 155 Ethernet Port Configuration Configuring the Storm The storm constrain function suppresses packet storm in an Ethernet. With this Constrain Function on function enabled on a port, the system detects the unicast traffic, multicast traffic, an Ethernet Port or broadcast traffic passing through the port periodically and takes corresponding actions (that is, blocking or shutting down the port and sending trap messages and logs) if the traffic detected exceeds the threshold.
Page 156: Maintaining And Displaying An Ethernet Port
16: P HAPTER ORRELATION ONFIGURATION To do… Use the command… Remarks Specify to send log when the storm-constrain enable log Optional traffic detected exceeds the By default, the system sends upper threshold or drops log when the traffic detected down below the lower exceeds the upper threshold or threshold from a point higher drops down below the lower...
Page 157: Port
SOLATION ONFIGURATION When configuring port isolation, go to these sections for information you are interested in: “Introduction to Port Isolation” on page 157 ■ “Configuring an Isolation Group” on page 157 ■ “Displaying Isolation Groups” on page 158 ■ “Port Isolation Configuration Example” on page 158 ■...
Page 158: Displaying Isolation Groups
17: P HAPTER SOLATION ONFIGURATION To do… Use the command… Remarks Add a port to an port-isolate enable group Required isolation group as an group-number No ports are added to the isolation ordinary port group by default. Displaying Isolation Groups To do…...
Page 159 Port Isolation Configuration Example [Device] interface GigabitEthernet1/0/3 [Device-GigabitEthernet1/0/3] port-isolate enable # Display the information about the isolation group. <Device> display port-isolate group Port-isolate group information: Uplink port support: No Group ID: 1 GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3...
Page 160 17: P HAPTER SOLATION ONFIGURATION...
Page 161: Link Aggregation Overview
GGREGATION VERVIEW This chapter covers these topics: “Link Aggregation” on page 161 ■ “Approaches to Link Aggregation” on page 162 ■ “Load Sharing in a Link Aggregation Group” on page 165 ■ “Service Loop Group” on page 165 ■ “Aggregation Port Group” on page 166 ■...
Page 162: Approaches To Link Aggregation
18: L HAPTER GGREGATION VERVIEW Table 29 Consistency considerations for ports in an aggregation Category Considerations State of port-level STP (enabled or disabled) Attribute of the link (point-to-point or otherwise) connected to the port Port path cost STP priority Maximum transmission rate Loop protection Root protection Port type (whether the port is an edge port)
Page 163 Approaches to Link Aggregation Manual Link Overview Aggregation Manual aggregations are created manually. Member ports in a manual aggregation are LACP-disabled. Port states in a manual aggregation In a manual aggregation group, ports are either selected or unselected. Selected ports can receive and transmit data frames whereas unselected ones cannot. When setting the state of ports in a manual aggregation group, the system considers the following: The system selects the port with the highest priority in the up state as the...
Page 164 18: L HAPTER GGREGATION VERVIEW When the configuration of some port in a manual aggregation group changes, the system does not remove the aggregation; instead, it re-sets the selected/unselected state of the member ports and re-selects a master port. Static LACP link Overview aggregation Static aggregations are created manually.
Page 165: Load Sharing In A Link Aggregation Group
Load Sharing in a Link Aggregation Group You need to maintain the basic configurations of these ports manually to ensure consistency. As one configuration change may involve multiple ports, this can become troublesome if you need to do that port by port. As a solution, you may add the ports into an aggregation port group where you can make configuration for all member ports.
Page 166: Aggregation Port Group
18: L HAPTER GGREGATION VERVIEW group. At present, you may specify to redirect four types of services, IPv6 (IPv6 unicast), IPv6mc (IPv6 multicast), tunnel, and MPLS. Currently, the the Switch 4800G support to redirect tunnel services only. After creating a service-loop group, assign ports that support its service type to the group considering the following: These ports can be configured only with the physical configuration such as ■...
Page 167: Link
GGREGATION ONFIGURATION When configuring link aggregation, go to these sections for information you are interested in: “Configuring Link Aggregation” on page 167 ■ “Displaying and Maintaining Link Aggregation” on page 169 ■ “Link Aggregation Configuration Example” on page 170 ■ Configuring Link This section covers these topics: Aggregation...
Page 168 19: L HAPTER GGREGATION ONFIGURATION To make an aggregation group to function properly, make sure the selected ■ states of the ports on the both sides of the same link are the same. Configuring a Static Follow these steps to configure a static aggregation group: LACP Link Aggregation Group To do…...
Page 169: Displaying And Maintaining Link Aggregation
Displaying and Maintaining Link Aggregation To do… Use the command… Remarks Configure a name for a link link-aggregation group Required aggregation group agg-id description agg-name None is configured by default. Configuring a Service Follow these steps to configure a service loop group: Loop Group To do…...
Page 170: Link Aggregation Configuration Example
19: L HAPTER GGREGATION ONFIGURATION To do… Use the command… Remarks Display detailed information about display link-aggregation Available in any view specified or all link aggregation verbose [ agg-id ] groups Clear the statistics about LACP for reset lacp statistics [ interface Available in user view specified or all ports interface-type interface-number...
Page 171 Link Aggregation Configuration Example <SwitchA> system-view [SwitchA] link-aggregation group 1 mode static # Add ports GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to the group. [SwitchA] interface GigabitEthernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] port link-aggregation group 1 [SwitchA-GigabitEthernet1/0/1] interface GigabitEthernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] port link-aggregation group 1 [SwitchA-GigabitEthernet1/0/2] interface GigabitEthernet 1/0/3 [SwitchA-GigabitEthernet1/0/3] port link-aggregation group 1 3 Configure a service loop group...
Page 172 19: L HAPTER GGREGATION ONFIGURATION...
Page 173: Mac Address Table Management Configuration
MAC A DDRESS ABLE ANAGEMENT ONFIGURATION When configuring MAC address table management, go to these sections for information you are interested in: “Introduction to MAC Address Table” on page 173 ■ “Configuring MAC Address Table Management” on page 174 ■ “Displaying and Maintaining MAC Address Table Management”...
Page 174: Configuring Mac Address Table Management
20: MAC A HAPTER DDRESS ABLE ANAGEMENT ONFIGURATION As shown in Figure 46, when forwarding a frame, the switch looks up the MAC address table. If an entry is available for the destination MAC address, the switch forwards the frame directly from the hardware. If not, it does the following: 1 Broadcast the frame.
Page 175 Configuring MAC Address Table Management Do not configure a static or dynamic MAC address entry on an aggregation port. Configuring MAC The MAC address table on your device is available with an aging mechanism for Address Aging Timer dynamic entries to prevent its resources from being exhausted. Set the aging timer appropriately: a long aging interval may cause the MAC address table to retain outdated entries and fail to accommodate latest network changes;...
Page 176: Displaying And Maintaining Mac Address Table Management
20: MAC A HAPTER DDRESS ABLE ANAGEMENT ONFIGURATION Displaying and Maintaining MAC To do… Use the command… Remarks Address Table Display MAC address table display mac-address blackhole [ vlan Available in any Management information vlan-id ] [ count ] view display mac-address [ mac-address [ vlan vlan-id ] | [ dynamic | static ] [ interface interface-type interface-number ] [ vlan...
Page 177: Ip Source
IP S OURCE UARD ONFIGURATION When configuring IP Source Guard, go to these sections for information you are interested in: “IP Source Guard Overview” on page 177 ■ “Configuring a Static Binding Entry” on page 177 ■ “Configuring Dynamic Binding Function” on page 178 ■...
Page 178: Configuring Dynamic Binding Function
21: IP S HAPTER OURCE UARD ONFIGURATION To do… Use the command… Remarks Configure a static binding user-bind { ip-address ip-address | Required entry ip-address ip-address mac-address No static binding mac-address | mac-address entry exists by mac-address } default. The system does not support repeatedly configuring a binding entry to one ■...
Page 179 IP Source Guard Configuration Examples On port GigabitEthernet1/0/2 of Switch A, only IP packets with the source ■ MAC address of 00-01-02-03-04-05 and the source IP address of 192.168.0.3 can pass. On port GigabitEthernet1/0/1 of Switch A, only IP packets with the source ■...
Page 180 21: IP S HAPTER OURCE UARD ONFIGURATION 2 Configure Switch B # Configure the IP addresses of various interfaces (omitted). # Configure port GigabitEthernet1/0/1 of Switch B to allow only IP packets with the source MAC address of 00-01-02-03-04-06 and the source IP address of 192.168.0.1 to pass.
Page 181 IP Source Guard Configuration Examples Network diagram Figure 48 Network diagram for configuring dynamic binding GE 1/0/1 GE 1/0 /2 Client A Switch A DHCP server Configuration procedure 1 Configure Switch A # Configure dynamic binding on port GigabitEthernet1/0/1. <SwitchA> system-view [SwitchA] interface GigabitEthernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] ip check source ip-address mac-address [SwitchA-GigabitEthernet1/0/1] quit...
Page 182: Troubleshooting
21: IP S HAPTER OURCE UARD ONFIGURATION Troubleshooting Failed to Configure Symptom Static Binding Entries Configuring static binding entries and dynamic binding function fails on a port. and Dynamic Binding Function Analysis IP Source Guard is not supported on the port which has joined an aggregation group.
Page 183: Overview
DLDP C ONFIGURATION When performing DLDP configuration, go to these sections for information you are interested in: “Overview” on page 183 ■ “DLDP Configuration Task List” on page 190 ■ “Enabling DLDP” on page 190 ■ “Setting DLDP Mode” on page 191 ■...
Page 184 22: DLDP C HAPTER ONFIGURATION Figure 49 Unidirectional fiber link: cross-connected fiber Device A GE1/0/50 GE1/0/51 GE1/0/51 GE1/0/50 Device B Figure 50 Unidirectional fiber link: fiber not connected or disconnected Device A GE1/0/50 GE1/0/51 GE1/0/50 GE1/0/51 Device B DLDP Introduction Device Link Detection Protocol (DLDP) can detect the link status of a fiber cable or twisted pair.
Page 185 Overview DLDP Fundamentals DLDP link states A device is in one of these DLDP link states: Initial, Inactive, Active, Advertisement, Probe, Disable, and DelayDown, as described in Table 30. Table 30 DLDP link states State Description Initial This state indicates that DLDP is not enabled. Inactive This state indicates that DLDP is enabled but the link is down.
Page 186 22: DLDP C HAPTER ONFIGURATION Table 31 DLDP timers DLDP timer Description Entry timer When a new neighbor joins, a neighbor entry is created and the corresponding entry timer is triggered. And when a DLDP packet is received, the device updates the corresponding neighbor entry and the entry aging timer.
Page 187 Overview Table 32 DLDP mode and neighbor entry aging Detecting a neighbor Removing the after the neighbor entry Triggering the corresponding immediately after Enhanced timer neighbor entry ages the Entry timer after an Entry DLDP mode expires timer expires Normal DLDP mode Enhanced DLDP mode Yes The enhanced DLDP mode is designed for addressing black holes.
Page 188 22: DLDP C HAPTER ONFIGURATION MD5 authentication. In this mode, before sending a packet, the sending side ■ encrypts the user configured password using MD5 algorithm, assigns the digest to the Authentication field, and sets the Authentication type field to 2. The receiving side checks the values of the two fields of received DLDP packets and drops the packets with the two fields conflicting with the corresponding local configuration.
Page 189 Overview Table 34 Procedures for processing different types of DLDP packets Packet type Processing procedure Echo packet Retrieves the If the corresponding neighbor entry does not exist, neighbor creates the neighbor entry, triggers the Entry timer, information. and transits to Probe state. If the neighbor information it carries correspondi conflicts with the corresponding locally...
Page 190: Dldp Configuration Task List
22: DLDP C HAPTER ONFIGURATION Table 36 Description on DLDP neighbor states DLDP neighbor state Description Two way A neighbor is in this state after it receives response from its peer. This state indicates the link is a two-way link. Unidirectional A neighbor is in this state when the link connecting it is detected to be a unidirectional link.
Page 191 DLDP Configuration Task List To do… Use the command… Remarks Enable DLDP dldp enable Required Disabled on a port by default You can perform this operation on an optical port or an electrical port. DLDP takes effect only when it is enabled both globally and on a port. Setting DLDP Mode Follow these steps to set DLDP mode: To do…...
Page 192 22: DLDP C HAPTER ONFIGURATION To do… Use the command… Remarks Enter system view system-view Set the DelayDown timer dldp delaydown-timer time Optional 1 second by default DelayDown timer setting applies to all the DLDP-enabled ports. Setting the Port On detecting a unidirectional link, the ports can be shut down in one of the Shutdown Mode following two modes.
Page 193: Displaying And Maintaining Dldp
Displaying and Maintaining DLDP Resetting DLDP State After a unidirectional link is detected, DLDP shuts down the corresponding port. To enable the port to perform DLDP detect again, you can reset DLDP state for it. A port can be in different state after you reset DLDP state for it. That is, it can be in Inactive state (if the port is physically down) or in Active state (if the port is physically up) after you reset DLDP state for it.
Page 194 22: DLDP C HAPTER ONFIGURATION It is desired that the unidirectional links can be disconnected on being ■ detected; and the ports shut down by DLDP can be restored after the fiber connections are corrected. Network diagram Figure 52 Network diagram for DLDP configuration Device A GE1/0/50 GE1/0/51...
Page 195: Troubleshooting
Troubleshooting # Check the information about DLDP. [DeviceA] display dldp DLDP global status : enable DLDP interval : 6s DLDP work-mode : enhance DLDP authentication-mode : none DLDP unidirectional-shutdown : auto DLDP delaydown-timer : 2s The number of enabled ports is 2. Interface GigabitEthernet1/0/50 DLDP port state : disable DLDP link state : down...
Page 196 22: DLDP C HAPTER ONFIGURATION...
Page 197: Mstp Overview
MSTP C ONFIGURATION When configuring MSTP, go to these sections for information you are interested “MSTP Overview” on page 197 ■ “Configuring the Root Bridge” on page 213 ■ “Configuring Leaf Nodes” on page 224 ■ “Performing mCheck” on page 228 ■...
Page 198 23: MSTP C HAPTER ONFIGURATION Basic concepts in STP 1 Root bridge A tree network must have a root; hence the concept of “root bridge” has been introduced in STP. There is one and only one root bridge in the entire network, and the root bridge can change alone with changes of the network topology.
Page 199 MSTP Overview Figure 53 A schematic diagram of designated bridges and designated ports Device A AP 1 AP 2 CP 1 BP 1 Device B Device C BP 2 CP 2 Path cost Path cost is a reference value used for link selection in STP. By calculating the path cost, STP selects relatively “robust”...
Page 200 23: MSTP C HAPTER ONFIGURATION Designated port ID (in the form of port name) ■ 1 Specific calculation process of the STP algorithm Initial state ■ Upon initialization of a device, each port generates a BPDU with itself as the root bridge, in which the root path cost is 0, designated bridge ID is the device ID, and the designated port is the local port.
Page 201 MSTP Overview Table 39 Selection of the root port and designated ports Step Description A non-root-ridge device regards the port on which it received the optimum configuration BPDU as the root port. Based on the configuration BPDU and the path cost of the root port, the device calculates a designated port configuration BPDU for each of the rest ports.
Page 202 23: MSTP C HAPTER ONFIGURATION Table 40 Initial state of each device Device Port name BPDU of port Device A {0, 0, 0, AP1} {0, 0, 0, AP2} Device B {1, 0, 1, BP1} {1, 0, 1, BP2} Device C {2, 0, 2, CP1} {2, 0, 2, CP2} Comparison process and result on each device...
Page 203 MSTP Overview Table 41 Comparison process and result on each device BPDU of port after Device Comparison process comparison Device B Port BP1 receives the configuration BPDU of Device A {0, 0, BP1: {0, 0, 0, ■ 0, AP1}. Device B finds that the received configuration AP1} BPDU is superior to the configuration BPDU of the local BP2: {1, 0, 1,...
Page 204 23: MSTP C HAPTER ONFIGURATION Table 41 Comparison process and result on each device BPDU of port after Device Comparison process comparison Device C Port CP1 receives the configuration BPDU of Device A {0, 0, CP1: {0, 0, 0, ■ 0, AP2}.
Page 205 MSTP Overview Figure 55 The final calculated spanning tree Device A With priority 0 AP 1 BP 1 BP 2 CP 2 Device B With priority 1 Device C With priority 2 To facilitate description, the spanning tree calculation process in this example is simplified, while the actual process is more complicated.
Page 206 23: MSTP C HAPTER ONFIGURATION transition in STP, a newly elected root port or designated port requires twice the forward delay time before transitioning to the forwarding state, when the new configuration BPDU has been propagated throughout the network. Hello time is the time interval at which a device sends hello packets to the ■...
Page 207 MSTP Overview MSTP prunes loop networks into a loop-free tree, thus avoiding proliferation ■ and endless recycling of packets in a loop network. In addition, it provides multiple redundant paths for data forwarding, thus supporting load balancing of VLAN data in the data forwarding process. MSTP is compatible with STP and RSTP.
Page 208 23: MSTP C HAPTER ONFIGURATION The same region name, ■ The same VLAN-to-instance mapping (VLAN 1 is mapped to MST instance 1, ■ VLAN 2 to MST instance 2, and the rest to the command and internal spanning tree (CIST). CIST refers to MST instance 0), and The same MSTP revision level (not shown in the figure).
Page 209 MSTP Overview The common root bridge is the root bridge of the CIST. In Figure 56, for example, the common root bridge is a device in region A0. 9 Boundary port A boundary port is a port that connects an MST region to another MST configuration, or to a single spanning-tree region running STP, or to a single spanning-tree region running RSTP.
Page 210 23: MSTP C HAPTER ONFIGURATION Figure 57 Port roles Connecting to the common root bridge Edge ports Port 2 MST region Port 1 Master port Alternate port Port 6 Port 5 Backup port Designated port Port 3 Port 4 Figure 57 helps understand these concepts. Where, Devices A, B, C, and D constitute an MST region.
Page 211 MSTP Overview Table 42 Ports states supported by different port roles Role/ Root port/ Designated port Alternate port Backup port State Master port Forwarding ‚àö ‚àö Learning ‚àö ‚àö Discarding ‚àö ‚àö ‚àö ‚àö How MSTP works MSTP divides an entire Layer 2 network into multiple MST regions, which are interconnected by a calculated CST.
Page 212: Configuration Task List
23: MSTP C HAPTER ONFIGURATION IEEE 802.1w: Rapid Spanning Tree Protocol ■ IEEE 802.1s: Multiple Spanning Tree Protocol ■ Configuration Task Before configuring MSTP, you need to know the position of each device in each List MST instance: root bridge or leave node. In each instance, one, and only one device acts as the root bridge, while all others as leaf nodes.
Page 213: Configuring The Root Bridge
Configuring the Root Bridge Task Remarks “Configuring Leaf Nodes” on page “Configuring an MST Region” on page Required “Configuring the Work Mode of MSTP Optional Device” on page 216 “Configuring the Timeout Factor” on Optional page 219 “Configuring the Maximum Transmission Optional Rate of Ports”...
Page 214 (a 802.1s-defined protocol selector, which is 0 by default and cannot be configured), MST region name, VLAN-to-MSTI mapping table, and revision level. The 3Com series support only the MST region name, VLAN-to-MSTI mapping ■ table, and revision level. Switches with the settings of these parameters being the same are assigned to the same MST region.
Page 215 Configuring the Root Bridge Specifying the Root MSTP can determine the root bridge of a spanning tree through MSTP calculation. Bridge or a Secondary Alternatively, you can specify the current device as the root bridge using the Root Bridge commands provided by the system. Specifying the current device as the root bridge of a specific spanning tree Follow these steps to specify the current device as the root bridge of a specific spanning tree:...
Page 216 23: MSTP C HAPTER ONFIGURATION MSTP will select the secondary root bridge with the lowest MAC address as the new root bridge. When specifying the root bridge or a secondary root bridge, you can specify ■ the network diameter and hello time. However, these two options are effective only for MST instance 0, namely the CIST.
Page 217 Configuring the Root Bridge a device to a low value, you can specify the device as the root bridge of the spanning tree. An MSTP-compliant device can have different priorities in different MST instances. Configuration procedure Follow these steps to configure the priority of the current device: To do…...
Page 218 23: MSTP C HAPTER ONFIGURATION A larger maximum hops setting means a larger size of the MST region. Only the maximum hops configured on the regional root bridge can restrict the size of the MST region. Configuration example # Set the maximum hops of the MST region to 30. <Sysname>...
Page 219 Configuring the Root Bridge To do… Use the command… Remarks Configure the max age timer stp timer max-age Optional centi-seconds 2,000 centiseconds (20 seconds) by default These three timers set on the root bridge of the CIST apply on all the devices on the entire switched network.
Page 220 23: MSTP C HAPTER ONFIGURATION the upstream device within nine times the hello time, it will assume that the upstream device has failed and start a new spanning tree calculation process. In a very stable network, this kind of spanning tree calculation may occur because the upstream device is busy.
Page 221 Configuring the Root Bridge Configuration example # Set the maximum transmission rate of port GigabitEthernet 1/0/1 to 5. <Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] stp transmit-limit 5 Configuring Ports as If a port directly connects to a user terminal rather than another device or a shared Edge Ports LAN segment, this port is regarded as an edge port.
Page 222 23: MSTP C HAPTER ONFIGURATION Configuration procedure Follow these steps to configure whether a port or a group of ports connect to point-to-point links: To do… Use the command… Remarks Enter system view system-view Enter Ethernet Enter Ethernet interface interface-type Required interface view interface view...
Page 223 Configuring the Root Bridge Configuration procedure Follow these steps to configure the MSTP packet format to be supported by a port or a group of ports: To do… Use the command… Remarks Enter system view system-view Enter Enter interface interface-type Required Ethernet Ethernet...
Page 224: Configuring Leaf Nodes
23: MSTP C HAPTER ONFIGURATION Enabling the MSTP Configuration procedure Feature Follow these steps to enable the MSTP feature: To do… Use the command… Remarks Enter system view system-view Enable the MSTP feature for stp enable Required the device Disabled by default Enter Ethernet Enter Ethernet interface interface-type...
Page 225 Configuring Leaf Nodes Configuring the Refer to “Configuring the Maximum Transmission Rate of Ports” on page 220 in Maximum Transmission the section about root bridge configuration. Rate of Ports Configuring Ports as Refer to “Configuring Ports as Edge Ports” on page 221 in the section about root Edge Ports bridge configuration.
Page 226 23: MSTP C HAPTER ONFIGURATION Table 43 Link speed vs. path cost Link speed Duplex state 802.1d-1998 802.1t Private standard 1000 Mbps Single Port 20,000 Aggregated Link 2 Ports 10,000 Aggregated Link 3 Ports 6,666 Aggregated Link 4 Ports 5,000 10 Gbps Single Port 2,000...
Page 227 Configuring Leaf Nodes On an MSTP-compliant device, a port can have different priorities in different MST instances, and the same port can play different roles in different MST instances, so that data of different VLANs can be propagated along different physical paths, thus implementing per-VLAN load balancing.
Page 228: Performing Mcheck
23: MSTP C HAPTER ONFIGURATION Enabling the MSTP Refer to “Enabling the MSTP Feature” on page 224 in the section about root Feature bridge configuration. Performing mCheck Ports on an MSTP-compliant device have three working modes: STP compatible mode, RSTP mode, and MSTP mode. In a switched network, if a port on the device running MSTP (or RSTP) connects to a device running STP, this port will automatically migrate to the STP-compatible mode.
Page 229: Configuring Digest Snooping
Configuring Digest Snooping Configuring Digest As defined in IEEE 802.1s, interconnected devices are in the same region only Snooping when the region-related configuration (domain name, revision level, VLAN-to-instance mappings) on them is identical. An MSTP-enabled device identifies devices in the same MST region by checking the configuration ID in BPDU packets.
Page 230: Configuring No Agreement Check
23: MSTP C HAPTER ONFIGURATION You need to enable this feature both globally and on associated ports to make ■ it take effect. It is recommended to enable the feature on all associated ports first and then globally, making all configured ports take effect, and disable the feature globally to disable it on all associated ports.
Page 231 Configuring No Agreement Check Both RSTP and MSTP switches can perform rapid transition operation on a designated port only when the port receives an agreement packet from the downstream switch. The differences between RSTP and MSTP switches are: For MSTP, the downstream device’s root port sends an agreement packet only ■...
Page 232 23: MSTP C HAPTER ONFIGURATION Prerequisites A device is the upstream one that is connected to another vendor’s MSTP ■ supported device via a point-to-point link. Configure the same region name, revision level and VLAN-to-instance ■ mappings on the two devices, making them in the same region. Configuration Procedure Follow these steps to configure No Agreement Check: To do…...
Page 233: Configuring Protection Functions
Configuring Protection Functions Configuring An MSTP-compliant device supports the following protection functions: Protection Functions BPDU guard ■ Root guard ■ Loop guard ■ TC-BPDU attack guard ■ The the Switch 4800G support the BPDU guard, root guard and loop guard ■...
Page 234 23: MSTP C HAPTER ONFIGURATION To prevent this situation from happening, MSTP provides the root guard function to protect the root bridge. If the root guard function is enabled on a port, this port will keep playing the role of designated port on all MST instances. Once this port receives a configuration BPDU with a higher priority from an MST instance, it immediately sets that instance port to the listening state, without forwarding the packet (this is equivalent to disconnecting the link connected with this port).
Page 235: Displaying And Maintaining Mstp
Displaying and Maintaining MSTP To do… Use the command… Remarks Enter Ethernet Enter Ethernet interface interface-type Required interface view interface view interface-number Use either command. or port group Enter port port-group { manual view Configurations made in group view port-group-name | Ethernet interface view will aggregation agg-id } take effect on the current...
Page 236: Mstp Configuration Example
23: MSTP C HAPTER ONFIGURATION To do… Use the command… Remarks View the information of port role display stp [ instance Available in any view calculation history for the specified instance-id ] history MSTP instance or all MSTP instances View the statistics of TC/TCN display stp [ instance Available in any view BPDUs sent and received by all...
Page 237 MSTP Configuration Example Configuration procedure 1 Configuration on Device A # Enter MST region view. <DeviceA> system-view [DeviceA] stp region-configuration # Configure the region name, VLAN-to-instance mappings and revision level of the MST region. [DeviceA-mst-region] region-name example [DeviceA-mst-region] instance 1 vlan 10 [DeviceA-mst-region] instance 3 vlan 30 [DeviceA-mst-region] instance 4 vlan 40 [DeviceA-mst-region] revision-level 0...
Page 238 23: MSTP C HAPTER ONFIGURATION [DeviceB] display stp region-configuration Oper configuration Format selector Region name :example Revision level Instance Vlans Mapped 1 to 9, 11 to 29, 31 to 39, 41 to 4094 3 Configuration on Device C # Enter MST region view. <DeviceC>...
Page 239 MSTP Configuration Example # Activate MST region configuration manually. [DeviceD-mst-region] active region-configuration [DeviceD-mst-region] quit # View the MST region configuration information that has taken effect. [DeviceD] display stp region-configuration Oper configuration Format selector Region name :example Revision level Instance Vlans Mapped 1 to 9, 11 to 29, 31 to 39, 41 to 4094...
Page 240 23: MSTP C HAPTER ONFIGURATION...
Page 241: Ip Routing Overview
IP R OUTING VERVIEW Go to these sections for information you are interested in: “IP Routing and Routing Table” on page 241 ■ “Routing Protocol Overview” on page 243 ■ “Displaying and Maintaining a Routing Table” on page 246 ■ The term "router"...
Page 242 24: IP R HAPTER OUTING VERVIEW Outbound interface: Specifies the interface through which the IP packets are to ■ be forwarded. IP address of the next hop: Specifies the address of the next router on the path. ■ If only the outbound interface is configured, its address will be the IP address of the next hop.
Page 243: Routing Protocol Overview
Routing Protocol Overview Figure 63 A sample routing table Router A Router F 17.0.0.1 17.0.0.0 17.0.0.3 16.0.0.2 11.0.0.2 17.0.0.2 Router D 16.0.0.0 11.0.0.0 14.0.0.3 11.0.0.1 16.0.0.1 14.0.0.2 14.0.0.4 Router B 14.0.0.0 Router G 15.0.0.2 12.0.0.1 14.0.0.1 Router E 12.0.0.0 15.0.0.0 13.0.0.2 15.0.0.1 12.0.0.2...
Page 244 24: IP R HAPTER OUTING VERVIEW Operational scope Interior gateway protocols (IGPs): Work within an autonomous system, ■ including RIP, OSPF, and IS-IS. Exterior gateway protocols (EGPs): Work between autonomous systems. The ■ most popular one is BGP. An autonomous system refers to a group of routers that share the same routing policy and work under the same administration.
Page 245 Routing Protocol Overview Routing approach Priority EBGP UNKNOWN The smaller the priority value, the higher the priority. ■ The priority for a direct route is always 0, which you cannot change. Any other ■ type of routes can have their priorities manually configured. Each static route can be configured with a different priority.
Page 246: Displaying And Maintaining A Routing Table
24: IP R HAPTER OUTING VERVIEW Displaying and Maintaining a Routing To do… Use the command… Remarks Table Display brief information display ip routing-table [ verbose Available in any view about the active routes in the | | { begin | exclude | include } routing table regular-expression ] Display information about...
Page 247: Gr Overview
GR O VERVIEW Go to these sections for information you are interested in: “Introduction to Graceful Restart” on page 247 ■ “Basic Concepts in Graceful Restart” on page 247 ■ “Graceful Restart Communication Procedure” on page 248 ■ “Graceful Restart Mechanism for Several Commonly Used Protocols” on page ■...
Page 248: Graceful Restart Communication Procedure
25: GR O HAPTER VERVIEW Graceful Restart Configure a device as GR Restarter in a network. This device and its GR Helper Communication must support GR or be GR capable. Thus, when GR Restarter restarts, its GR Procedure Helper can know its restart process. In some cases, GR Restarter and GR Helper can replace with each other.
Page 249 Graceful Restart Communication Procedure Figure 65 Restarting process for the GR Restarter Router D GR helper Router A GR restarter Router C Router B GR helper GR helper GR capable GR session The administrator restarts GR Restarter or GR Restarter is operating abnormally As illustrated in Figure 65.
Page 250: Graceful Restart Mechanism For Several Commonly Used Protocols
25: GR O HAPTER VERVIEW Figure 67 The GR Restarter obtains topology and routing information from the GR Helper Router D GR helper Router A GR restarter Router C Router B GR helper GR helper Signals to establish GR session As illustrated in Figure 67, the GR Restarter obtains the necessary topology and routing information from all its neighbors through the GR sessions between them and calculates its own routing table based on this information.
Page 251: Static
TATIC OUTING ONFIGURATION When configuring a static route, go to these sections for information you are interested in: “Introduction” on page 251 ■ “Configuring a Static Route” on page 252 ■ “Application Environment of Static Routing” on page 252 ■ “Displaying and Maintaining Static Routes”...
Page 252: Configuring A Static Route
26: S HAPTER TATIC OUTING ONFIGURATION Application Before configuring a static route, you need to know the following concepts: Environment of Static Routing 1 Destination address and mask In the ip route-static command, an IPv4 address is in dotted decimal format and a mask can be either in dotted decimal format or in the form of mask length (the digits of consecutive 1s in the mask).
Page 253: Detecting Reachability Of The Static Route's Nexthop
Detecting Reachability of the Static Route’s Nexthop To do… Use the command… Remarks Configure a static ip route-static dest-address { mask | Required route mask-length } { next-hop-address | By default, preference interface-type interface-number for static routes is 60, [ next-hop-address ] } [ preference tag is 0, and no preference-value ] [ tag tag-value ] description information...
Page 254: Displaying And Maintaining Static Routes
26: S HAPTER TATIC OUTING ONFIGURATION To do… Use the command… Remarks Associate the static ip route-static dest-address { mask | mask-length } Required route with a track next-hop-address track track-entry-number entry [ preference preference-value ] [ tag tag-value ] configured [ description description-text ] by default...
Page 255 Configuration Example Configuration procedure 1 Configuring IP addresses for interfaces (omitted) 2 Configuring static routes # Configure a default route on Switch A <SwitchA> system-view [SwitchA] ip route-static 0.0.0.0 0.0.0.0 1.1.4.2 # Configure two static routes on Switch B <SwitchB> system-view [SwitchB] ip route-static 1.1.2.0 255.255.255.0 1.1.4.1 [SwitchB] ip route-static 1.1.3.0 255.255.255.0 1.1.5.6 # Configure a default route on Switch C...
Page 256 26: S HAPTER TATIC OUTING ONFIGURATION # From Host A, use the ping command to verify the network layer reachability to Host B and Host C.
Page 257: Rip Overview
RIP C ONFIGURATION The term “router” in this document refers to a router in a generic sense or a ■ Layer 3 switch. The Switch 4800G only support single RIP process. ■ When configuring RIP, go to these sections for information you are interested in: “RIP Overview”...
Page 258 27: RIP C HAPTER ONFIGURATION Next hop: IP address of the adjacent router’s interface to reach the destination. ■ Egress interface: Packet outgoing interface. ■ Metric: Cost from the local router to the destination. ■ Route time: Time elapsed since the routing entry was last updated. The time is ■...
Page 259 RIP Overview Operation of RIP The following procedure describes how RIP works. 1 After RIP is enabled, the router sends Request messages to neighboring routers. Neighboring routers return Response messages including information about their routing tables. 2 After receiving such information, the router updates its local routing table, and sends triggered update messages to its neighbors.
Page 260 27: RIP C HAPTER ONFIGURATION Figure 69 RIPv1 Message Format Command Version Must be zero Header Must be zero IP address Route Entries Must be zero Must be zero Metric Command: Type of message. 1 indicates request, and 2 indicates response. ■...
Page 261: Configuring Rip Basic Functions
Configuring RIP Basic Functions Figure 71 RIPv2 Authentication Message Command Version Unused 0xFFFF Authentication type Authentication (16 octets) Authentication Type: 2 represents plain text authentication, while 3 represents ■ MD5. Authentication: Authentication data, including password information when ■ plain text authentication is adopted or including key ID, MD5 authentication data length and sequence number when MD5 authentication is adopted.
Page 262 27: RIP C HAPTER ONFIGURATION To do… Use the command… Remarks Enable RIP on the interface attached to network network-address Required the specified network Disabled by default If you make some RIP configurations in interface view before enabling RIP, ■ those configurations will take effect after RIP is enabled.
Page 263: Configuring Rip Route Control
Configuring RIP Route Control To do… Use the command… Remarks Enter system view system-view Enter RIP view rip [ process-id ] Specify a global RIP version version { 1 | 2 } Optional By default, if an interface has a RIP version specified, the version takes precedence over the global one.
Page 264 27: RIP C HAPTER ONFIGURATION To do… Use the command… Remarks Enter system view system-view Enter interface view interface interface-type interface-number Define an inbound additional routing rip metricin [ route-policy Optional metric route-policy-name ] value 0 by default Define an outbound additional routing rip metricout [ route-policy Optional metric...
Page 265 Configuring RIP Route Control Follow these steps to disable RIP from receiving host routes: To do… Use the command… Remarks Enter system view system-view Enter RIP view rip [ process-id ] Disable RIP from receiving undo host-route Required host routes Enabled by default RIPv2 can be disabled from receiving host routes, but RIPv1 cannot.
Page 266: Configuring Rip Network Optimization
27: RIP C HAPTER ONFIGURATION Using the filter-policy import command filters incoming routes. Routes not ■ passing the filtering will be neither installed into the routing table nor advertised to neighbors. Using the filter-policy export command filters outgoing routes, including ■...
Page 267 Configuring RIP Network Optimization Based on network performance, you need to make RIP timers of RIP routers identical to each other to avoid unnecessary traffic or route oscillation. Configuring Split Horizon and Poison Reverse If both split horizon and poison reverse are configured, only the poison reverse function takes effect.
Page 268 27: RIP C HAPTER ONFIGURATION that all messages are trusty, you can disable zero field check to save CPU resources. Follow these steps to enable zero field check on incoming RIPv1 messages: To do… Use the command… Remarks Enter system view system-view Enter RIP view rip [ process-id ]...
Page 269: Displaying And Maintaining Rip
Displaying and Maintaining RIP neighbor is not directly connected, you must disable source address check on incoming updates. Follow these steps to specify a RIP neighbor: To do… Use the command… Remarks Enter system view system-view Enter RIP view rip [ process-id ] Specify a RIP neighbor peer ip-address Required...
Page 270 27: RIP C HAPTER ONFIGURATION Configuration procedure 1 Configure IP addresses for interfaces (omitted). 2 Configure basic RIP functions # Configure Switch A. <SwitchA> system-view [SwitchA] rip [SwitchA-rip-1] network 192.168.1.0 [SwitchA-rip-1] network 172.16.0.0 [SwitchA-rip-1] network 172.17.0.0 [SwitchA-rip-1] quit # Configure Switch B. <SwitchB>...
Page 271: Troubleshooting Rip
Troubleshooting RIP From the routing table, you can see RIPv2 uses classless subnet masks. Since RIPv1 routing information has a long aging time, it will still exist until aged out after RIPv2 is configured. Troubleshooting RIP No RIP Updates Received Symptom: No RIP updates are received when the links work well.
Page 272 27: RIP C HAPTER ONFIGURATION...
Page 273: Introduction To Ospf
OSPF C ONFIGURATION The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. Open Shortest Path First (OSPF) is a link state interior gateway protocol developed by the OSPF working group of the Internet Engineering Task Force (IETF). At present, OSPF version 2 (RFC2328) is used.
Page 274 28: OSPF C HAPTER ONFIGURATION Routing hierarchy: Supports a four-level routing hierarchy that prioritizes the ■ routes into intra-area, inter-area, external Type-1, and external Type-2 routes. Authentication: Supports interface-based packet authentication to guarantee ■ the security of packet exchange. Multicast: Supports packet multicasting on some types of links. ■...
Page 275 Introduction to OSPF LSU (link state update) packet: Transmits the needed LSAs to the neighbor. ■ LSAck (link state acknowledgment) packet: Acknowledges received LSU ■ packets. It contains the headers of received LSAs (a packet can acknowledge multiple LSAs). LSA types OSPF sends routing information in LSAs, which, as defined in RFC 2328, have the following types: Router LSA: Type-1 LSA, originated by all routers, flooded throughout a single...
Page 276 28: OSPF C HAPTER ONFIGURATION OSPF Area Partition and Area partition Route Summarization When a large number of OSPF routers are present on a network, LSDBs may become so large that a great amount of storage space is occupied and CPU resources are exhausted by performing SPF computation.
Page 277 Introduction to OSPF 3 Backbone Router At least one interface of a backbone router must be attached to the backbone area. Therefore, all ABRs and internal routers in area 0 are backbone routers. 4 Autonomous System Border Router (ASBR) The router exchanging routing information with another AS is an ASBR, which may not reside on the boundary of the AS.
Page 278 28: OSPF C HAPTER ONFIGURATION Figure 75 Virtual link application 1 Transit Area Virtual Link Area 2 Area 0 Area 1 Another application of virtual links is to provide redundant links. If the backbone area cannot maintain internal connectivity due to a physical link failure, configuring a virtual link can guarantee logical connectivity in the backbone area, as shown below.
Page 279 Introduction to OSPF A (totally) stub area cannot have an ASBR because AS external routes cannot ■ be distributed into the stub area. Virtual links cannot transit (totally) stub areas. ■ NSSA area Similar to a stub area, an NSSA area imports no AS external LSA (Type-5 LSA) but can import Type-7 LSAs that are generated by the ASBR and distributed throughout the NSSA area.
Page 280 28: OSPF C HAPTER ONFIGURATION OSPF has two types of route summarization: 1 ABR route summarization To distribute routing information to other areas, an ABR generates Type-3 LSAs on a per network segment basis for an attached non-backbone area. If contiguous network segments are available in the area, you can summarize them with a single network segment.
Page 281 Introduction to OSPF NBMA (Non-Broadcast Multi-Access): When the link layer protocol is Frame ■ Relay, ATM or X.25, OSPF considers the network type as NBMA by default. Packets on these networks are sent to unicast addresses. P2MP (point-to-multipoint): By default, OSPF considers no link layer protocol as ■...
Page 282 28: OSPF C HAPTER ONFIGURATION become the new DR in a very short period by avoiding adjacency establishment and DR reelection. Meanwhile, other routers elect another BDR, which requires a relatively long period but has no influence on routing calculation. Other routers, also known as DRothers, establish no adjacency and exchange no routing information with each other, thus reducing the number of adjacencies on broadcast and NBMA networks.
Page 283 Introduction to OSPF Figure 80 OSPF packet format IP header OSPF packet header Number of LSAs LSA header LSA Data OSPF packet header OSPF packets are classified into five types that have the same packet header, as shown below. Figure 81 OSPF packet header Version Type Packet length...
Page 284 28: OSPF C HAPTER ONFIGURATION Figure 82 Hello packet format Version Packet length Router ID Area ID Checksum AuType Authentication Authentication Network Mask HelloInterval Options Rtr Pri RouterDeadInterval Designated router Backup designated router Neighbor Neighbor Major fields: Network Mask: Network mask associated with the router’s sending interface. If ■...
Page 285 Introduction to OSPF Figure 83 DD packet format Version Packet length Router ID Area ID Checksum AuType Authentication Authentication Interface MTU Options 0 0 0 0 0 I M DD sequence number LSA header LSA header Major fields: Interface MTU: Size in bytes of the largest IP datagram that can be sent out the ■...
Page 286 28: OSPF C HAPTER ONFIGURATION Figure 84 LSR packet format Version Packet length Router ID Area ID Checksum AuType Authentication Authentication LS type Link state ID Advertising router Major fields: LS type: Type number of the LSA to be requested. Type 1 for example indicates ■...
Page 287 Introduction to OSPF Figure 86 LSAck packet format Version Packet length Router ID Area ID Checksum AuType Authentication Authentication LSA header LSA header LSA header format All LSAs have the same header, as shown in the following figure. Figure 87 LSA header format LS age Options LS type...
Page 288 28: OSPF C HAPTER ONFIGURATION Formats of LSAs 1 Router LSA Figure 88 Router LSA format LS age Options Linke state ID Advertising Router LS sequence number LS checksum Length # links Link ID Link data Type #TOS metric TOS metric Link ID Link data Major fields:...
Page 289 Introduction to OSPF Figure 89 Network LSA format LS age Options Linke state ID Advertising Router LS sequence number LS checksum Length Network mask Attached router Major fields: Link State ID: The interface address of the DR ■ Network Mask: The mask of the network (a broadcast or NBMA network) ■...
Page 290 28: OSPF C HAPTER ONFIGURATION A Type-3 LSA can be used to advertise a default route, having the Link State ID and Network Mask set to 0.0.0.0. 1 AS external LSA An AS external LSA originates from an ASBR, describing routing information to a destination outside the AS.
Page 291 Introduction to OSPF Figure 92 NSSA external LSA format LS age Options Linke state ID Advertising Router LS sequence number LS checksum Length Network mask Metric Forwarding address External route tag Supported OSPF Multi-process Features With multi-process support, multiple OSPF processes can run on a router simultaneously and independently.
Page 292: Ospf Configuration Task List
28: OSPF C HAPTER ONFIGURATION After the restart, the GR Restarter will send an OSPF GR signal to its neighbors that will not reset their adjacencies with it. In this way, the GR Restarter can restore the neighbor table upon receiving the responses from neighbors. After reestablishing neighbor relationships, the GR Restarter will synchronize the LSDB and exchange routing information with all adjacent GR-capable neighbors.
Page 293: Configuring Ospf Basic Functions
Configuring OSPF Basic Functions Task Remarks “Configuring OSPF Network Optimization” on “Configuring OSPF Packet Optional page 300 Timers” on page 301 “Specifying an LSA Optional Transmission Delay” on page “Specifying SPF Calculation Optional Interval” on page 302 “Specifying the LSA Minimum Optional Repeat Arrival Interval”...
Page 294: Configuring Ospf Area Parameters
28: OSPF C HAPTER ONFIGURATION To ensure OSPF stability, you need to decide on router IDs and configure them manually. Any two routers in an AS must have different IDs. In practice, the ID of a router is the IP address of one of its interfaces. Enable an OSPF process ■...
Page 295: Configuring Ospf Network Types
Configuring OSPF Network Types area, these LSAs will be translated into type 5 LSAs for advertisement to other areas. Non-backbone areas exchange routing information via the backbone area. Therefore, the backbone and non-backbone areas, including the backbone itself must maintain connectivity. If necessary physical links are not available for this connectivity maintenance, you can configure virtual links to solve it.
Page 296 28: OSPF C HAPTER ONFIGURATION For routers having no direct link in between, you can configure the P2MP type for the related interfaces. If a router in the NBMA network has only a single peer, you can configure the P2P type for the related interfaces. In addition, when configuring broadcast and NBMA networks, you can specify for interfaces router priorities for DR/BDR election.
Page 297: Configuring Ospf Route Control
Configuring OSPF Route Control To do… Use the command… Remarks Enter system view system-view Enter interface view interface interface-type interface-number Configure a router priority for ospf dr-priority priority Optional the interface The default router priority is 1. The DR priority configured with the ospf dr-priority command and the one with the peer command have the following differences The former is for actual DR election.
Page 298 28: OSPF C HAPTER ONFIGURATION To do… Use the command… Remarks Enter system view system-view Enter OSPF view ospf [ process-id | router-id router-id ] * Configure ASBR route asbr-summary ip-address Required summarization { mask | mask-length } [ tag tag | Available on an ASBR only not-advertise | cost cost ] * Not configured by default...
Page 299 Configuring OSPF Route Control To do… Use the command… Remarks Enter system view system-view Enter OSPF view ospf [ process-id | router-id router-id ] * Configure a bandwidth bandwidth-reference value Optional reference value The value defaults to 100 Mbps. If no OSPF cost is configured for an interface, OSPF computes the cost automatically: Interface OSPF cost= Bandwidth reference value/Interface bandwidth.
Page 300: Configuring Ospf Network Optimization
28: OSPF C HAPTER ONFIGURATION To do… Use the command… Remarks Configure a priority for preference [ ase ] Optional OSPF [ route-policy The priority of OSPF internal routes route-policy-name ] value defaults to 10. The priority of OSPF external routes defaults to 150.
Page 301 Configuring OSPF Network Optimization Change OSPF packet timers to adjust the OSPF network convergence speed ■ and network load. On low speed links, you need to consider the delay time for sending LSAs on interfaces. Change the interval for SPF calculation to reduce resource consumption caused ■...
Page 302 28: OSPF C HAPTER ONFIGURATION The hello and dead intervals restore to default values after you change the ■ network type for an interface. The dead interval should be at least four times the hello interval on an ■ interface. The poll interval is at least four times the hello interval.
Page 303 Configuring OSPF Network Optimization To do… Use the command… Remarks Enter system view system-view Enter OSPF view ospf [ process-id | router-id router-id ] * Configure the LSA minimum lsa-arrival-interval interval Optional repeat arrival interval Defaults to 1000 milliseconds. The interval set with the lsa-arrival-interval command should be smaller or equal to the interval set with the lsa-generation-interval command.
Page 304 28: OSPF C HAPTER ONFIGURATION Configuring Stub A stub router is used for traffic control. It tells other OSPF routers not to use it to Routers forward data, but they can have a route to it. The Router LSAs from the stub router may contain different link type values. A value of 3 means a link to the stub network, so the cost of the link remains unchanged.
Page 305 Configuring OSPF Network Optimization Adding the Interface Generally, when an interface sends a DD packet, it adds 0 into the Interface MTU MTU into DD Packets field of the DD packet rather than the interface MTU. Follow these steps to add the interface MTU into DD packets: To do…...
Page 306: Configuring Ospf Graceful Restart
28: OSPF C HAPTER ONFIGURATION To do… Use the command… Remarks Enter system view system-view Bind OSPF MIB to an ospf mib-binding process-id Optional OSPF process The first OSPF process is bound with OSPF MIB by default. Enable OSPF trap snmp-agent trap enable ospf Optional [ process-id ] [ ifauthfail |...
Page 307 Configuring OSPF Graceful Restart To do… Use the command… Remarks Enable the IETF standard graceful-restart ietf Optional Graceful Restart capability for Disabled by default OSPF Configure the Graceful graceful-restart interval Optional Restart interval for OSPF timer 120 seconds by default With the graceful-restart ietf command used, a device can act as a GR ■...
Page 308 28: OSPF C HAPTER ONFIGURATION To do… Use the command… Remarks Configure for which OSPF graceful-restart help Optional neighbors the current router { acl-number | prefix The router can server as a GR can serve as a GR Helper prefix-list } Helper for any OSPF neighbor by default.
Page 309: Displaying And Maintaining Ospf
Displaying and Maintaining OSPF Displaying and Maintaining OSPF To do… Use the command… Remarks Display OSPF brief display ospf [ process-id ] brief Available in any view information Display OSPF statistics display ospf [ process-id ] cumulative Display Link State Database display ospf [ process-id ] lsdb information [ brief | [ { ase | router | network |...
Page 310 28: OSPF C HAPTER ONFIGURATION Configuring OSPF Basic Network requirements Functions As shown in the following figure, all switches run OSPF. The AS is split into three areas, in which, Switch A and Switch B act as ABRs to forward routing information between areas.
Page 311: Verify The Configuration
OSPF Configuration Examples <SwitchC> system-view [SwitchC] ospf [SwitchC-ospf-1] area 1 [SwitchC-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.1] network 10.4.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.1] quit [SwitchC-ospf-1] quit # Configure Switch D <SwitchD> system-view [SwitchD] ospf [SwitchD-ospf-1] area 2 [SwitchD-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.2] network 10.5.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.2] quit [SwitchD-ospf-1] quit 3 Verify the configuration...
Page 312 28: OSPF C HAPTER ONFIGURATION Total Nets: 5 Intra Area: 3 Inter Area: 2 ASE: 0 NSSA: 0 # Display the Link State Database on Switch A. [SwitchA] display ospf lsdb OSPF Process 1 with Router ID 10.2.1.1 Link State Database Area: 0.0.0.0 Type LinkState ID...
Page 313 OSPF Configuration Examples Configuring an OSPF Network requirements Stub Area The following figure shows an AS is split into three areas, where all switches run OSPF. Switch A and Switch B act as ABRs to forward routing information between areas. Switch D acts as the ASBR to redistribute routes (static routes). It is required to configure Area 1 as a Stub area, reducing LSAs to this area without affecting route reachability.
Page 314 28: OSPF C HAPTER ONFIGURATION 10.5.1.0/24 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.1.1.0/24 Inter 10.2.1.1 10.2.1.1 0.0.0.1 Routing for ASEs Destination Cost Type NextHop AdvRouter 3.1.2.0/24 Type2 10.2.1.1 10.5.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 In the above output, since Switch C resides in a normal OSPF area, its routing table contains an external route.
Page 315 OSPF Configuration Examples [SwitchC] display ospf routing OSPF Process 1 with Router ID 10.4.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 0.0.0.0/0 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.2.1.0/24 Transit 10.2.1.2 10.4.1.1 0.0.0.1 10.4.1.0/24 Stub 10.4.1.1 10.4.1.1 0.0.0.1 Total Nets: 3 Intra Area: 2 Inter Area: 1...
Page 316 28: OSPF C HAPTER ONFIGURATION # Configure Switch C. [SwitchC] ospf [SwitchC-ospf-1] area 1 [SwitchC-ospf-1-area-0.0.0.1] nssa [SwitchC-ospf-1-area-0.0.0.1] quit [SwitchC-ospf-1] quit It is recommended to configure the nssa command with the keyword default-route-advertise no-summary on Switch A (an ABR) to reduce the routing table size on NSSA routers.
Page 317 OSPF Configuration Examples Configuring OSPF DR Network requirements Election In the following figure, OSPF Switches A, B, C and D reside on the same ■ network segment. It is required to configure Switch A as the DR, and configure Switch C as the ■...
Page 318 28: OSPF C HAPTER ONFIGURATION # Configure Switch D. <SwitchD> system-view [SwitchD] router id 4.4.4.4 [SwitchD] ospf [SwitchD-ospf-1] area 0 [SwitchD-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit # Display OSPF neighbor information on Switch A. [SwitchA] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.1 Neighbors Area 0.0.0.0 interface 192.168.1.1(Vlan-interface1)’s neighbors...
Page 319 OSPF Configuration Examples # Display neighbor information on Switch D. [SwitchD] display ospf peer verbose OSPF Process 1 with Router ID 4.4.4.4 Neighbors Area 0.0.0.0 interface 192.168.1.4(Vlan-interface1)’s neighbors Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal State: Full Mode:Nbr is Slave Priority: 100 DR: 192.168.1.4...
Page 320 28: OSPF C HAPTER ONFIGURATION DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0 Dead timer due in 39 Neighbor is up for 00:01:41 Authentication Sequence: [ 0 ] Neighbor state change count: 2 Switch A becomes the DR, and Switch C is the BDR. If the neighbor state is full, it means Switch D has established the adjacency with the neighbor.
Page 321 OSPF Configuration Examples # Configure Switch A. <SwitchA> system-view [SwitchA] ospf 1 router-id 1.1.1.1 [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.0.0.0 0.255.255.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ospf 1 router-id 2.2.2.2 [SwitchB-ospf-1] area 1 [SwitchB-ospf-1-area-0.0.0.1] network 192.168.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.1] quit...
Page 322: Network Requirements
28: OSPF C HAPTER ONFIGURATION [SwitchA] display ospf routing OSPF Process 1 with Router ID 1.1.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 172.16.1.1/16 1563 Inter 192.168.1.2 2.2.2.2 0.0.0.0 10.0.0.0/8 Stub 10.1.1.1 1.1.1.1 0.0.0.0 192.168.1.0/24 1562 Stub 192.168.1.1 1.1.1.1...
Page 323: Troubleshooting Ospf Configuration
Troubleshooting OSPF Configuration <SwitchB> system-view [SwitchB] acl number 2000 [SwitchB-acl-basic-2000] rule 10 permit source 192.1.1.1 0.0.0.0 [SwitchB-acl-basic-2000] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ip address 192.1.1.2 255.255.255.0 [SwitchB-Vlan-interface100] ospf dr-priority 0 [SwitchB-Vlan-interface100] quit [SwitchB] router id 2.2.2.2 [SwitchB] ospf 100 [SwitchB-ospf-100] enable link-local-signaling [SwitchB-ospf-100] enable out-of-band-resynchronization [SwitchB-ospf-100] graceful-restart help 2000...
Page 324 28: OSPF C HAPTER ONFIGURATION 3 Ping the neighbor router’s IP address to check connectivity. 4 Check OSPF timers. The neighbor dead interval on an interface must be at least four times the hello interval. 5 On an NBMA network, using the peer ip-address command to specify the neighbor manually is required.
Page 325: Is-Is Overview
IS-IS C ONFIGURATION When configuring IS-IS, go to these sections for information you are interested in: “IS-IS Overview” on page 325 ■ “IS-IS Configuration Task List” on page 340 ■ “Configuring IS-IS Basic Functions” on page 341 ■ “Configuring IS-IS Routing Information Control” on page 342 ■...
Page 326 29: IS-IS C HAPTER ONFIGURATION Link State Database (LSDB). All link states in the network forms the LSDB. There ■ is at least one LSDB in each IS. The IS uses SPF algorithm and LSDB to generate its own routes. Link State Protocol Data Unit (LSPDU) or Link State Packet (LSP).
Page 327 IS-IS Overview The system ID is used in cooperation with the Router ID in practical. For example, a router uses the IP address 168.10.1.1 of the Loopback 0 as the Router ID, the system ID in IS-IS can be obtained in the following way: Extend each decimal number of the IP address to 3 digits by adding 0s from the ■...
Page 328 29: IS-IS C HAPTER ONFIGURATION Level-1 and Level-2 1 Level-1 router The Level-1 router only establishes the neighbor relationship with Level-1 and Level-1-2 routers in the same area. The LSDB maintained by the Level-1 router contains the local area routing information. It directs the packets out of the area to the nearest Level-1-2 router.
Page 329 IS-IS Overview Figure 100 IS-IS topology Area 3 Area 2 L1/L2 L1/L2 Area 1 Area 5 L1/L2 L1/L2 Area 4 Figure 101 shows another network topology running the IS-IS protocol. The Level-1-2 routers connect the Level-1 and Level-2 routers, and also form the IS-IS backbone together with the Level-2 routers.
Page 330 29: IS-IS C HAPTER ONFIGURATION by configuring the routing hierarchy on the interface. For example, the level-1 interface can only establish Level-1 adjacency, while the level-2 interface can only establish Level-2 adjacency. By having this function, you can prevent the Level-1 hello packets from propagating to the Level-2 backbone through the Lever-1-2 router.
Page 331 IS-IS Overview Figure 102 DIS in the IS-IS broadcast network L1/L2 L1/L2 L2 adjacencies L1 adjacencies The DIS creates and updates pseudo nodes as well as their LSP to describe all routers on the network. The pseudonode emulates a virtual node on the broadcast network. It is not a real router.
Page 332 29: IS-IS C HAPTER ONFIGURATION Figure 104 PDU common header format No. of Octets Intradomain routing protocol discriminator Length indicator Version/Protocol ID extension ID length PDU type Version Reserved Maximum area address Intra-domain Routing Protocol Discriminator: Set to 0x83. ■ Length Indicator: The length of the PDU header, including both common and ■...
Page 333 IS-IS Overview Figure 105 L1/L2 LAN IIH format No. of Octets Intradomain routing protocol discriminator Length indicator Version/Protocol ID extension ID length PDU type Version Reserved Maximum area address Reserved/Circuit type Source ID ID length Holding time PDU length Priority LAN ID ID length+1 Variable length fields...
Page 334 29: IS-IS C HAPTER ONFIGURATION Figure 106 P2P IIH format No. of Octets Intradomain routing protocol discriminator Length indicator Version/Protocol ID extension ID length PDU type Version Reserved Maximum area address Reserved/Circuit type Source ID ID length Holding time PDU length Local Circuit ID Variable length fields Instead of the priority and LAN ID fields in the LAN IIH, the P2P IIH has a Local...
Page 335 IS-IS Overview Figure 107 L1/L2 LSP format No. of Octets Intradomain routing protocol discriminator Length indicator Version/Protocol ID extension ID length PDU type Version Reserved Maximum area address PDU length Remaining lifetime ID length+2 LSP ID Sequence number Checksum IS type Variable length fields PDU Length: Total length of the PDU in bytes.
Page 336 29: IS-IS C HAPTER ONFIGURATION Figure 108 LSDB overload Router D Router E Router A Overload Router C Router B IS Type: Type of the router generating the LSP. ■ SNP format The Sequence Number PDU (SNP) confirms the latest received LSPs. It is similar to the Acknowledge packet, but more efficient.
Page 337 IS-IS Overview Figure 110 shows the PSNP packet format. Figure 110 L1/L2 PSNP format No. of Octets Intradomain routing protocol discriminator Length indicator Version/Protocol ID extension ID length PDU type Version Reserved Maximum area address PDU length Source ID ID length+1 Variable length fields The variable fields of PDU are composed of multiple Code-Length-Value (CLV) triplets.
Page 338 29: IS-IS C HAPTER ONFIGURATION Code 1 to 10 of CLV are defined in ISO 10589 (code 3 and 5 are not shown in the table), and others are defined in RFC 1195. IS-IS Features Supported Multiple processes IS-IS supports multiple processes. Multiple processes allow a IS-IS process to work in concert with a group of interfaces.
Page 339 IS-IS Overview System ID ■ The system ID of the originating system. Additional System ID ■ It is the additional virtual system ID configured for the IS-IS router after LSP fragment extension is enabled. Each additional system ID can generate 256 LSP fragments.
Page 340: Is-Is Configuration Task List
29: IS-IS C HAPTER ONFIGURATION information in the extended fragments. Mode-2 is recommended in a network where all the routers that are in the same area and at the same routing level support LSP fragment extension. Dynamic host name mapping mechanism The dynamic host name mapping mechanism provides the mapping between the host names and the system IDs for the IS-IS routers.
Page 341: Configuring Is-Is Basic Functions
Configuring IS-IS Basic Functions Task Remarks “Configuring IS-IS Routing “Specifying a Priority for IS-IS” on page 342 Optional Information Control” on page 342 “Configuring IS-IS Link Cost” on page 343 Required “Configuring the Maximum Number of Optional Equal Cost Routes” on page 344 “Configuring IS-IS Route Summarization”...
Page 342: Configuring Is-Is Routing Information Control
29: IS-IS C HAPTER ONFIGURATION To do… Use the command… Remarks Assign a network entity title network-entity net Required (NET) Not assigned by default Specify a router type is-level { level-1 | level-1-2 | Optional level-2 } The default type is level-1-2. Return to system view quit Enter interface view...
Page 343 Configuring IS-IS Routing Information Control Configuring IS-IS Link There are three ways to configure the interface link cost, in descending order of Cost interface costs: Interface cost: Assign a link cost for a single interface. ■ Global cost: Assign a link cost for all interfaces. ■...
Page 344 29: IS-IS C HAPTER ONFIGURATION To do… Use the command… Remarks Specify an IS-IS cost style cost-style { narrow | wide | Optional wide-compatible | narrow by default { compatible | narrow-compatible } [ relax-spf-limit ] } Configure a bandwidth bandwidth-reference value Optional reference value for automatic...
Page 345 Configuring IS-IS Routing Information Control To do… Use the command… Remarks Enter IS-IS view isis [ process-id ] Configure IS-IS route summary ip-address { mask | Required summarization mask-length } [ avoid-feedback | Not configured by generate_null0_route | tag tag | default [ level-1 | level-1-2 | level-2 ] ] * The cost of the summary route is the lowest cost among those summarized routes.
Page 346: Tuning And Optimizing Is-Is Network
29: IS-IS C HAPTER ONFIGURATION To do… Use the command… Remarks Configure a filtering filter-policy { acl-number | ip-prefix Optional policy to filter ip-prefix-name | route-policy Not configured by default redistributed routes route-policy-name } export [ isis process-id | ospf process-id | rip process-id | bgp | direct | static] Configuring IS-IS Route With this feature enabled, the Level-1-2 router can advertise both Level-1 and...
Page 347 Tuning and Optimizing IS-IS Network If multiple routers in the broadcast network have the same highest DIS priority, the router with the highest MAC address becomes the DIS. This rule applies even all routers’ DIS priority is 0. Configuring IS-IS Timers Follow these steps to configure the IS-IS timers: To do…...
Page 348 29: IS-IS C HAPTER ONFIGURATION To do… Use the command… Remarks Enter interface view interface interface-type interface-number Disable the interface from isis silent Required sending and receiving hello Not disabled by default packets Configuring LSP An IS-IS router periodically advertises all the local LSPs to maintain the LSP Parameters synchronization in the entire area.
Page 349 Tuning and Optimizing IS-IS Network To do… Use the command… Remarks Enable LSP fragment lsp-fragments-extend Optional extension [ level-1 | level-2 | level-1-2 ] Disabled by default [ mode-1 | mode-2 ] Create a virtual system virtual-system Optional virtual-system-id Not created by default Return to system view quit Enter interface view...
Page 350 29: IS-IS C HAPTER ONFIGURATION To do… Use the command… Remarks Assign a local host name is-name sys-name Required No name is assigned by default. This command also enables the mapping between the local system ID and host name Assign a remote host name and is-name map sys-id Optional create a mapping between the...
Page 351 Tuning and Optimizing IS-IS Network To do… Use the command… Remarks Specify the routing domain domain-authentication-mo Required authentication mode de { simple | md5 } password No authentication is enabled [ ip | osi ] for Level-2 routing information, and no password is specified by default.
Page 352: Configuring Is-Is Gr
29: IS-IS C HAPTER ONFIGURATION To do… Use the command… Remarks Enter system view system-view Enter interface view interface interface-type interface-number Enable the interface to send isis small-hello Required small hello packets that have Standard hello packets are no padding field sent by default.
Page 353: Displaying And Maintaining Is-Is
Displaying and Maintaining IS-IS To do… Use the command… Remarks Enable IS-IS, and enter IS-IS isis [ process-id ] Required view Disabled by default Enable the GR capability for graceful-restart Required IS-IS Disabled by default Set the Graceful Restart graceful-restart interval Required interval timer...
Page 354: Is-Is Configuration Example
29: IS-IS C HAPTER ONFIGURATION IS-IS Configuration Example IS-IS Basic Configuration Network requirements As shown in Figure 112, Switch A, B, C and Switch D reside in an IS-IS AS. Switch A and B are Level-1 switches, Switch D is a Level-2 switch and Switch C is a Level-1-2 switch.
Page 355 IS-IS Configuration Example <SwitchC> system-view [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] isis enable 1 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis enable 1 [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis enable 1 [SwitchC-Vlan-interface300] quit # Configure Switch D.
Page 356 29: IS-IS C HAPTER ONFIGURATION *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload [SwitchC] display isis lsdb Database information for ISIS(1) -------------------------------- Level-1 Link State Database LSPID Seq Num Checksum Holdtime Length ATT/P/OL -------------------------------------------------------------------------- 0000.0000.0001.00-00 0x00000006 0xdb60 0/0/0 0000.0000.0002.00-00 0x00000008 0xe651 1053 0/0/0 0000.0000.0002.01-00...
Page 357 IS-IS Configuration Example Route information for ISIS(1) ----------------------------- ISIS(1) IPv4 Level-1 Forwarding Table ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 192.168.0.0/24 NULL Vlan300 Direct D/L/- 10.1.1.0/24 NULL Vlan100 Direct D/L/- 10.1.2.0/24 NULL Vlan200 Direct D/L/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set ISIS(1) IPv4 Level-2 Forwarding Table ------------------------------------- IPV4 Destination...
Page 358 29: IS-IS C HAPTER ONFIGURATION Network diagram Figure 113 Network diagram for DIS selection Switch A Switch B L1/L2 L1/L2 Vlan -int100 Vlan -int100 10.1.1.1/24 10.1.1.2/24 Vlan -int100 Vlan -int100 10.1.1.3/24 10.1.1.4/24 Switch C Switch D Configuration procedure 1 Configure an IP address for each interface (omitted) 2 Enable IS-IS # Configure Switch A.
Page 359 IS-IS Configuration Example <SwitchD> system-view [SwitchD] isis 1 [SwitchD-isis-1] network-entity 10.0000.0000.0004.00 [SwitchD-isis-1] is-level level-2 [SwitchD-isis-1] quit [SwitchD] interface vlan-interface 100 [SwitchD-Vlan-interface100] isis enable 1 [SwitchD-Vlan-interface100] quit # Display information about IS-IS neighbors of Switch A. [SwitchA] display isis peer Peer information for ISIS(1) ---------------------------- System Id: 0000.0000.0002 Interface: Vlan-interface100...
Page 360 29: IS-IS C HAPTER ONFIGURATION IPV4.State IPV6.State Type Down 1497 L1/L2 No/Yes By using the default DIS priority, Switch C is the Level-1 DIS, and Switch D is the Level-2 DIS. The pseudo nodes of Level-1 and Level-2 are 0000.0000.0003.01 and 0000.0000.0004.01 respectively.
Page 361 IS-IS Configuration Example State: Up HoldTime: 25s Type: L1 PRI: 64 System Id: 0000.0000.0001 Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 7s Type: L1 PRI: 100 [SwitchC] display isis interface Interface information for ISIS(1) --------------------------------- Interface: Vlan-interface100 IPV4.State IPV6.State Type Down 1497...
Page 362 29: IS-IS C HAPTER ONFIGURATION Configuration procedure 1 Configure IP addresses of the interfaces on each switch and configure IS-IS. Follow Figure 114 to configure the IP address and subnet mask of each interface. The configuration procedure is omitted. Configure IS-IS on the switches, ensuring that Switch A, Switch B and Switch C can communicate with each other at layer 3 and dynamic route update can be implemented among them with IS-IS.
Page 363 IS-IS Configuration Example Complete CSNP Not Received Number of T1 Pre Expiry: 0 IS-IS(1) Level-2 Restart Status Restart Interval: 150 SA Bit Supported Total Number of Interfaces = 1 Restart Status: RESTARTING T3 Timer Status: Remaining Time: 65535 T2 Timer Status: Remaining Time: 59 Interface Vlan1 T1 Timer Status:...
Page 364 29: IS-IS C HAPTER ONFIGURATION...
Page 365: Bgp Overview
BGP C ONFIGURATION The Border Gateway Protocol (BGP) is a dynamic inter-AS route discovery protocol. When configuring BGP, go to these sections for information you are interested in: “BGP Overview” on page 365 ■ “BGP Configuration Task List” on page 380 ■...
Page 366 30: BGP C HAPTER ONFIGURATION Eliminating route loops completely by adding AS path information to BGP ■ routes Providing abundant routing policies to implement flexible route filtering and ■ selection Easy to extend, satisfying new network developments ■ A router advertising BGP messages is called a BGP speaker, which exchanges new routing information with other BGP speakers.
Page 367 BGP Overview 4-Keepalive, and 5-Route-refresh. The former four are defined in RFC1771, the last one defined in RFC2918. Open After a TCP connection is established, the first message sent by each side is an Open message for peer relationship establishment. The Open message contains the following fields: Figure 116 BGP open message format Version...
Page 368 30: BGP C HAPTER ONFIGURATION Unfeasible Routes Length: The total length of the Withdrawn Routes field in ■ bytes. A value of 0 indicates neither any route is being withdrawn from service, nor Withdrawn Routes field is present in this Update message. Withdrawn Routes: This is a variable length field that contains a list of IP ■...
Page 369 BGP Overview BGP Path Attributes Classification of path attributes Path attributes fall into four categories: Well-known mandatory: Must be recognized by all BGP routers and must be ■ included in every update message. Routing information error occurs without this attribute. Well-known discretionary: Can be recognized by all BGP routers and optional ■...
Page 370 30: BGP C HAPTER ONFIGURATION determine ASs to route the massage back. The number of the AS closest to the receiver’s AS is leftmost, as shown below: Figure 120 AS_PATH attribute 8.0.0.0 AS 10 D=8.0.0.0 D=8.0.0.0 (10) (10) AS 40 AS 20 D=8.0.0.0 D=8.0.0.0...
Page 371 BGP Overview configured, the NEXT_HOP attribute will be modified. For load-balancing information, refer to “BGP Route Selection” on page 372. Figure 121 NEXT_HOP attribute D=8.0.0.0 NEXT_HOP=1.1.1.1 AS 100 AS 200 1.1.1.1/24 EBGP 1.1.2.1/24 8.0.0.0 EBGP D=8.0.0.0 NEXT_HOP=1.1.2.1 AS 300 IBGP D=8.0.0.0 NEXT_HOP=1.1.2.1 4 MED (MULTI_EXIT_DISC)
Page 372 30: BGP C HAPTER ONFIGURATION This attribute is exchanged between IBGP peers only, thus not advertised to any other AS. It indicates the priority of a BGP router. LOCAL_PREF is used to determine the best route for traffic leaving the local AS. When a BGP router obtains from several IBGP peers multiple routes to the same destination but with different next hops, it considers the route with the highest LOCAL_PREF value as the best route.
Page 373 BGP Overview Select the route originated by the local router ■ Select the route with the shortest AS-PATH ■ Select IGP, EGP, Incomplete routes in turn ■ Select the route with the lowest MED value ■ Select routes learned from EBGP, confederation, IBGP in turn ■...
Page 374 30: BGP C HAPTER ONFIGURATION Figure 124 Network diagram for BGP load balancing AS 100 Router A Router B Router C Router E Router D AS 200 In the above figure, Router D and Router E are IBGP peers of Router C. Router A and Router B both advertise a route destined for the same destination to Router C.
Page 375 BGP Overview route recursion. Router C has no idea about the route 8.0.0.0/8, so it discards the packet. Figure 125 IBGP and IGP synchronization AS 10 AS 30 Router A EBGP Router E Router C EBGP IBGP Router D Router B AS 20 If synchronization is configured in this example, the IBGP router (Router D) checks the learned IBGP route from its IGP routing table first.
Page 376 30: BGP C HAPTER ONFIGURATION BGP route dampening uses a penalty value to judge the stability of a route. The bigger the value, the less stable the route. Each time a route flap occurs (the state change of a route from active to inactive is a route flap), BGP adds a penalty value (1000, which is a fixed number and cannot be changed) to the route.
Page 377 BGP Overview Community A peer group makes peers in it enjoy the same policy, while a community makes a group of BGP routers in several ASs enjoy the same policy. Community is a path attribute and advertised between BGP peers, without being limited by AS. A BGP router can modify the community attribute for a route before sending it to other peers.
Page 378 30: BGP C HAPTER ONFIGURATION Figure 128 Network diagram for route reflectors Route Route Reflector1 Reflector2 IBGP Cluster IBGP IBGP IBGP Client Client Client AS 65000 When clients of a route reflector are fully meshed, route reflection is unnecessary because it consumes more bandwidth resources. The system supports using related commands to disable route reflection in this case.
Page 379 BGP Overview The deficiency of confederation is: when changing an AS into a confederation, you need to reconfigure your routers, and the topology will be changed. In large-scale BGP networks, both route reflector and confederation can be used. BGP GR For GR (Graceful Restart) information, refer to “GR Overview”...
Page 380: Bgp Configuration Task List
30: BGP C HAPTER ONFIGURATION The above two attributes are both optional non-transitive, so BGP speakers not supporting multi-protocol ignore the two attributes and do not forward them to peers. Address family MP-BGP employs address family to differentiate network layer protocols. For address family values, refer to RFC 1700 (Assigned Numbers).
Page 381: Configuring Bgp Basic Functions
Configuring BGP Basic Functions Task Remarks “Configuring a Large Scale BGP “Configuring BGP Peer Groups” on Optional Network” on page 390 page 390 “Configuring BGP Community” on Optional page 391 “Configuring a BGP Route Reflector” Optional on page 392 “Configuring a BGP Confederation” Optional on page 392 “Configuring BGP GR”...
Page 382 30: BGP C HAPTER ONFIGURATION To do… Use the command… Remarks Enable the globally log-peer-change Optional logging of Enabled by default peer state changes for a peer or peer { group-name | Optional peer group ip-address } log-change Enabled by default Specify a preferred value for peer { group-name | Optional...
Page 383: Controlling Route Distribution And Reception
Controlling Route Distribution and Reception preferred-value preferred-value in Routing Policy Commands of the IP Routing Volume. Controlling Route Distribution and Reception Prerequisites Before configuring this task, you have completed BGP basic configuration. Configuring BGP Route BGP can advertise the routing information of the local AS to peering ASs, but it Redistribution redistributes routing information from IGP into BGP rather than self-finding.
Page 384 30: BGP C HAPTER ONFIGURATION To do… Use the command… Remarks Enter system view system-view Enter BGP view bgp as-number Configure BGP Configure automatic summary automatic Required route route summarization No route summarization summarization Configure manual aggregate ip-address is configured by default. route summarization { mask | mask-length } Choose either as...
Page 385 Controlling Route Distribution and Reception To do… Use the command… Remarks Configure the filtering of filter-policy { acl-number | Required to choose any; outgoing redistributed routes ip-prefix ip-prefix-name } Not configured by default; export [ direct | isis process-id | ospf process-id | You can configure a filtering rip process-id | | static ] policy as needed;...
Page 386: Configuring Bgp Route Attributes
30: BGP C HAPTER ONFIGURATION Enabling BGP and IGP By default, when a BGP router receives an IBGP route, it only checks the Route Synchronization reachability of the route’s next hop before advertisement. With BGP and IGP synchronization configured, the BGP router cannot advertise the route to EBGP peers unless the route is also available in the IGP routing table.
Page 387 Configuring BGP Route Attributes To do… Use the command… Remarks Configure Configure the default default med med-value Optional the MED MED value 0 by default attribute Enable the comparison of compare-different-as-med Optional MED of routes from Not enabled by different ASs default Enable the comparison of bestroute compare-med...
Page 388: Tuning And Optimizing Bgp Networks
30: BGP C HAPTER ONFIGURATION Using the peer next-hop-local command can specify the router as the next ■ hop for routes to a peer/peer group. If BGP load balancing is configured, the router specify itself as the next hop for routes to a peer/peer group regardless of whether the peer next-hop-local command is configured.
Page 389 Tuning and Optimizing BGP Networks Prerequisites Before configuring this task, you have configured BGP basic functions Configuration Procedure Follow these steps to tune and optimize BGP networks: To do… Use the command… Remarks Enter system view system-view Enter BGP view bgp as-number Configure BGP Configure...
Page 390: Configuring A Large Scale Bgp Network
30: BGP C HAPTER ONFIGURATION To do… Use the command… Remarks Configure the number of BGP load balance number Optional balanced routes Load balancing is not enabled by default. The maximum keepalive interval should be one third of the holdtime and no ■...
Page 391 Configuring a Large Scale BGP Network To do… Use the command… Remarks Configure Create an IBGP peer group group-name Optional an IBGP group [ internal ] You can add multiple peers peer Add a peer into the peer ip-address group into the group.
Page 392: Configuring Bgp Gr
30: BGP C HAPTER ONFIGURATION Configuring a BGP Route Follow these steps to configure a BGP route reflector: Reflector To do… Use the command… Remarks Enter system view system-view Enter BGP view bgp as-number Configure the router as a peer { group-name | Required route reflector and specify a ip-address } reflect-client...
Page 393 Configuring BGP GR To do… Use the command… Remarks Enter system view system-view Enter BGP view bgp as-number Enable GR Capability for BGP graceful-restart Required Disabled by default Configure the maximum time graceful-restart timer Optional allowed for the peer to restart timer 150 seconds by default reestablish a BGP session...
Page 394: Displaying And Maintaining Bgp
30: BGP C HAPTER ONFIGURATION Displaying and Maintaining BGP Displaying BGP To do… Use the command… Remarks Display peer group information display bgp group [ group-name ] Available in any view Display advertised BGP routing display bgp network information Display AS path information display bgp paths [ as-regular-expression ] Display BGP peer/peer group display bgp peer [ ip-address { log-info |...
Page 395: Bgp Configuration Examples
BGP Configuration Examples Resetting BGP Connections To do… Use the command… Remarks Reset all BGP connections reset bgp all Available in user view Reset the BGP connections to an AS reset bgp as-number Reset the BGP connection to a peer reset bgp ip-address [ flap-info ] Reset all EBGP connections...
Page 396 30: BGP C HAPTER ONFIGURATION Configuration procedure 1 Configure IP addresses for interfaces (omitted) 2 Configure IBGP connections # Configure Switch B. <SwitchB> system-view [SwitchB] bgp 65009 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 9.1.1.2 as-number 65009 [SwitchB-bgp] peer 9.1.3.2 as-number 65009 [SwitchB-bgp] quit # Configure Switch C.
Page 397 BGP Configuration Examples Peer MsgRcvd MsgSent OutQ PrefRcv Up/Down State 9.1.1.2 4 65009 0 00:40:54 Established 9.1.3.2 4 65009 0 00:44:58 Established 200.1.1.2 4 65008 1 00:44:03 Established You can find Switch B has established BGP connections to other switches. # Display BGP routing table information on Switch A.
Page 398 30: BGP C HAPTER ONFIGURATION [SwitchA] display bgp routing-table Total Number of Routes: 4 BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop...
Page 399 BGP Configuration Examples Network diagram Figure 131 Network diagram for BGP and IGP synchronization Vlan-int100 8.1.1.1/24 AS 65009 Vlan -int200 3.1.1.2/24 Switch A Vlan -int200 Vlan-int400 Vlan -int300 Vlan-int300 3.1 .1.1/24 9.1.2.1/24 9.1.1.1/24 9.1.1.2/24 AS 65008 Switch B Switch C Configuration procedure 1 Configure IP addresses for interfaces (omitted) 2 Configure OSPF (omitted)
Page 400 30: BGP C HAPTER ONFIGURATION Network NextHop LocPrf PrefVal Path/Og *> 8.1.1.0/24 0.0.0.0 *> 9.1.1.0/24 3.1.1.1 65009? *> 9.1.2.0/24 3.1.1.1 65009? # Configure OSPF to redistribute routes from BGP on Switch B. [SwitchB] ospf [SwitchB-ospf-1] import-route bgp [SwitchB-ospf-1] quit # Display routing table information on Switch C. <SwitchC>...
Page 401 BGP Configuration Examples --- 9.1.2.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 15/37/47 ms BGP Load Balancing and Network requirements MED Attribute Configure BGP on all switches; Switch A is in AS77008, and Switch B and C in ■...
Page 402 30: BGP C HAPTER ONFIGURATION # Configure Switch C. <SwitchC> system-view [SwitchC] bgp 65009 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] peer 200.1.2.2 as-number 65008 [SwitchC-bgp] peer 9.1.1.1 as-number 65009 [SwitchC-bgp] network 9.1.1.0 255.255.255.0 [SwitchC-bgp] quit # Display the routing table on Switch A. [SwitchA] display bgp routing-table Total Number of Routes: 3 BGP Local router ID is 1.1.1.1...
Page 403: Bgp Community Configuration
BGP Configuration Examples # Display the routing table on Switch A. [SwitchA] display bgp routing-table Total Number of Routes: 3 BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network...
Page 404 30: BGP C HAPTER ONFIGURATION <SwitchB> system-view [SwitchB] bgp 20 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 200.1.2.1 as-number 10 [SwitchB-bgp] peer 200.1.3.2 as-number 30 [SwitchB-bgp] quit # Configure Switch C. <SwitchC> system-view [SwitchC] bgp 30 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] peer 200.1.3.1 as-number 20 [SwitchC-bgp] quit # Display the BGP routing table on Switch B.
Page 405 BGP Configuration Examples # Apply the routing policy. [SwitchA] bgp 10 [SwitchA-bgp] peer 200.1.2.2 route-policy comm_policy export [SwitchA-bgp] peer 200.1.2.2 advertise-community # Display the routing table on Switch B. [SwitchB] display bgp routing-table 9.1.1.0 BGP local router ID : 2.2.2.2 Local AS number : 20 Paths: 1 available, 1 best...
Page 406 30: BGP C HAPTER ONFIGURATION # Configure Switch A. <SwitchA> system-view [SwitchA] bgp 100 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] peer 192.1.1.2 as-number 200 # Inject network 1.0.0.0/8 to the BGP routing table. [SwitchA-bgp] network 1.0.0.0 [SwitchA-bgp] quit # Configure Switch B. <SwitchB>...
Page 407 BGP Configuration Examples Network NextHop LocPrf PrefVal Path/Ogn *> 1.0.0.0 192.1.1.1 100i # Display the BGP routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 4.4.4.4 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete...
Page 408 30: BGP C HAPTER ONFIGURATION # Configure Switch A. <SwitchA> system-view [SwitchA] bgp 65001 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] confederation id 200 [SwitchA-bgp] confederation peer-as 65002 65003 [SwitchA-bgp] peer 10.1.1.2 as-number 65002 [SwitchA-bgp] peer 10.1.1.2 next-hop-local [SwitchA-bgp] peer 10.1.2.2 as-number 65003 [SwitchA-bgp] peer 10.1.2.2 next-hop-local [SwitchA-bgp] quit # Configure Switch B.
Page 409 BGP Configuration Examples [SwitchE-bgp] router-id 5.5.5.5 [SwitchE-bgp] confederation id 200 [SwitchE-bgp] peer 10.1.4.1 as-number 65001 [SwitchE-bgp] peer 10.1.5.1 as-number 65001 [SwitchE-bgp] quit 4 Configure the EBGP connection between AS100 and AS200. # Configure Switch A. [SwitchA] bgp 65001 [SwitchA-bgp] peer 200.1.1.2 as-number 100 [SwitchA-bgp] quit # Configure Switch F.
Page 410 30: BGP C HAPTER ONFIGURATION *>i 9.1.1.0/24 10.1.3.1 100i [SwitchD] display bgp routing-table 9.1.1.0 BGP local router ID : 4.4.4.4 Local AS number : 65001 Paths: 1 available, 1 best BGP routing table entry information of 9.1.1.0/24: From : 10.1.3.1 (1.1.1.1) Relay Nexthop : 0.0.0.0 Original nexthop: 10.1.3.1...
Page 411 BGP Configuration Examples <SwitchB> system-view [SwitchB] ospf [SwitchB-ospf] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ospf [SwitchC-ospf] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 193.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit # Configure Switch D.
Page 412 30: BGP C HAPTER ONFIGURATION [SwitchD] bgp 200 [SwitchD-bgp] peer 194.1.1.2 as-number 200 [SwitchD-bgp] peer 195.1.1.2 as-number 200 [SwitchD-bgp] quit 4 Configure attributes for route 1.0.0.0/8, making Switch D give priority to the route learned from Switch C. Configure a higher MED value for the route 1.0.0.0/8 advertised from Switch A ■...
Page 413: Troubleshooting Bgp
Troubleshooting BGP [SwitchC] acl number 2000 [SwitchC-acl-basic-2000] rule permit source 1.0.0.0 0.255.255.255 [SwitchC-acl-basic-2000] quit # Configure a routing policy named localpref on Switch C, setting the local preference of route 1.0.0.0/8 to 200 (the default is 100). [SwitchC] route-policy localpref permit node 10 [SwitchC-route-policy] if-match acl 2000 [SwitchC-route-policy] apply local-preference 200 [SwitchC-route-policy] quit...
Page 414 30: BGP C HAPTER ONFIGURATION 6 Use the ping command to check connectivity. 7 Use the display tcp status command to check the TCP connection. 8 Check whether an ACL disabling TCP port 179 is configured.
Page 415: Routing
OUTING OLICY ONFIGURATION The term “router” refers to a router in a generic sense or a Layer 3 switch running routing protocols. A routing policy is used on a router for route inspection, filtering, attributes modification when routes are received, advertised, or redistributed. When configuring routing policy, go to these sections for information you are interested in: “Introduction to Routing Policy”...
Page 416 31: R HAPTER OUTING OLICY ONFIGURATION router’s address and so on. The match criteria can be set beforehand and then apply them to a routing policy for route distribution, reception and redistribution. Filters Routing protocols can use six filters: ACL, IP prefix list, AS path ACL, community list, extended community list and routing policy.
Page 417: Routing Policy Configuration Task List
Routing Policy Configuration Task List order of node sequence number. Once a node is matched, the routing policy is passed and the packet will not go through the next node. Each node comprises a set of if-match and apply clauses. The if-match clauses define the match criteria.
Page 418 31: R HAPTER OUTING OLICY ONFIGURATION To do… Use the command… Remarks Enter system view system-view Define an IPv4 prefix ip ip-prefix ip-prefix-name [ index index-number ] Required list { permit | deny } ip-address mask-length Not defined [ greater-equal min-mask-length ] [ less-equal by default max-mask-length ] If all items are set to the deny mode, no routes can pass the IPv4 prefix list.
Page 419: Configuring A Routing Policy
Configuring a Routing Policy Defining an Extended You can define multiple items for an extended community list that is identified by Community List number. During matching, the relation between items is logic OR, that is, if routing information matches one of these items, it passes the extended community list.
Page 420 31: R HAPTER OUTING OLICY ONFIGURATION cannot match any if-match clause of the node, it will go to the next node for a match. When a routing policy is defined with more than one node, at least one node ■ should be configured with the permit keyword.
Page 421 Configuring a Routing Policy To do… Use the command… Remarks Match routes having the specified route type if-match route-type Optional { internal | Not configured by external-type1 | default external-type2 | external-type1or2 | is-is-level-1 | is-is-level-2 | nssa-external-type1 | nssa-external-type2 | nssa-external-type1or2 Match RIP, OSPF, or IS-IS routes having the if-match tag value...
Page 422: Displaying And Maintaining The Routing Policy
31: R HAPTER OUTING OLICY ONFIGURATION To do… Use the command… Remarks Set a next hop for IPv4 routes apply ip-address next-hop Optional ip-address Not set by default Redistribute routes to a apply isis { level-1 | level-1-2 | Optional specified ISIS level level-2 } Not configured by default...
Page 423 Routing Policy Configuration Example Network diagram Figure 137 Network diagram for routing policy application to route redistribution IS-IS OSPF Vlan -int100 Vlan -int200 192 .168 .1.2 /24 192 .168 .2.2 /24 Switch B Vlan -int201 172 .17 .1.1/24 Vlan -int100 Vlan -int200 Vlan -int202 192 .168 .1 .1/24...
Page 424 31: R HAPTER OUTING OLICY ONFIGURATION <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B: enable OSPF and redistribute routes from IS-IS. [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] import-route isis 1 [SwitchB-ospf-1] quit...
Page 425: Troubleshooting Routing Policy Configuration
Troubleshooting Routing Policy Configuration 6 Apply the routing policy to route redistribution. # Configure Switch B: apply the routing policy when redistributing routes. [SwitchB] ospf [SwitchB-ospf-1] import-route isis 1 route-policy isis2ospf [SwitchB-ospf-1] quit # Display the OSPF routing table on Switch A. You can find the cost of route 172.17.1.0/24 is 100, tag of route 172.17.1.0/24 is 20, and other external routes have no change.
Page 426 31: R HAPTER OUTING OLICY ONFIGURATION...
Page 427: Ip V 6 Static
TATIC OUTING ONFIGURATION The term “router” in this document refers to a Layer 3 switch running routing protocols. Introduction to IPv6 Static routes are special routes that are manually configured by network Static Routing administrators. They work well in simple networks. Configuring and using them properly can improve the performance of networks and guarantee enough bandwidth for important applications.
Page 428: Displaying And Maintaining Ipv6 Static Routes
32: IP HAPTER TATIC OUTING ONFIGURATION Displaying and Maintaining IPv6 Static Routes To do… Use the command… Remarks Display IPv6 static route display ipv6 routing-table Available in any view information protocol static [ inactive | verbose ] Remove all IPv6 static routes delete ipv6 static-routes all Available in system view Using the undo ipv6 route-static command can delete a single IPv6 static route, while using the delete ipv6 static-routes all command deletes all IPv6 static...
Page 429 IPv6 Static Routing Configuration Example # Configure the default IPv6 static route on Switch C. <SwitchC> system-view [SwitchC] ipv6 [SwitchC] ipv6 route-static :: 0 5::2 3 Configure the IPv6 addresses of hosts and gateways. Configure the IPv6 addresses of all the hosts based upon the network diagram, configure the default gateway of Host A as 1::1, that of Host B as 2::1, and that of Host C as 3::1.
Page 430 32: IP HAPTER TATIC OUTING ONFIGURATION --- 3::1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 62/62/63 ms...
Page 431: Ip V 6 Rip Ng
6 RIP ONFIGURATION The term “router” in this document refers to a Layer 3 switch running routing ■ protocols. The Switch 4800G only support single RIPng process. ■ Introduction to RIPng RIP next generation (RIPng) is an extension of RIP-2 for IPv4. Most RIP concepts are applicable in RIPng.
Page 432 33: IP 6 RIP HAPTER ONFIGURATION Route time: Time that elapsed since a route entry is last changed. Each time a ■ route entry is modified, the routing time is set to 0. Route tag: Identifies the route, used in routing policy to control routing ■...
Page 433: Configuring Ripng Basic Functions
Configuring RIPng Basic Functions Figure 141 IPv6 prefix RTE format IPv6 prefix (16 octets) Route tag Prefix length Metric IPv6 prefix: Destination IPv6 address prefix. ■ Route tag: Route tag. ■ Prefix len: Length of the IPv6 address prefix. ■ Metric: Cost of a route.
Page 434: Configuring Ripng Route Control
33: IP 6 RIP HAPTER ONFIGURATION Configuration Before the configuration, accomplish the following tasks first: Prerequisites Enable IPv6 packet forwarding. ■ Configure an IP address for each interface, and make sure all nodes are ■ reachable. Configuration Procedure Follow these steps to configure the basic RIPng functions: To do…...
Page 435 Configuring RIPng Route Control To do… Use the command… Remarks Specify an outbound routing ripng metricout value Optional additional metric 1 by default Configuring RIPng Route Follow these steps to configure RIPng route summarization: Summarization To do… Use the command… Remarks Enter system view system-view...
Page 436: Tuning And Optimizing The Ripng Network
33: IP 6 RIP HAPTER ONFIGURATION To do… Use the command… Remarks Enter system view system-view Enter RIPng view ripng [ process-id ] Configure a RIPng preference [ route-policy Optional priority route-policy-name ] preference By default, the RIPng priority is 100. Configuring RIPng Route Follow these steps to configure RIPng route redistribution: Redistribution...
Page 437 Tuning and Optimizing the RIPng Network To do… Use the command… Remarks Configure RIPng timers timers { garbage-collect Optional. garbage-collect-value | The RIPng timers have the following suppress suppress-value | defaults: timeout timeout-value | update update-value } * 30 seconds for the update timer ■...
Page 438: Displaying And Maintaining Ripng
33: IP 6 RIP HAPTER ONFIGURATION To do… Use the command… Remarks Enable the poison reverse ripng poison-reverse Required function Disabled by default Configuring Zero Field Some fields in the RIPng packet must be zero. These fields are called zero fields. Check on RIPng Packets With zero field check on RIPng packets enabled, if such a field contains a non-zero value, the entire RIPng packet will be discarded.
Page 439 RIPng Configuration Example Network diagram Figure 142 Network diagram for RIPng configuration RIPng Vlan-int 600 4::1/ 64 Vlan -int 400 2:: 1/64 Vlan- int100 Vlan-int 200 Vlan-int 500 1::1/ 64 3::1/ 64 5::1 /64 Vlan-int 100 Vlan-int 200 1::2 /64 3:: 2/64 Switch C Switch B...
Page 440 33: IP 6 RIP HAPTER ONFIGURATION # Display the routing table of Switch B. [SwitchB] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100 Dest 1::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 6 Sec Dest 2::/64, via FE80::20F:E2FF:FE23:82F5, cost...
Page 441 RIPng Configuration Example Peer FE80::20F:E2FF:FE00:100 on Vlan-interface200 Dest 4::/64, via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec Dest 5::/64, via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec [SwitchA] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::20F:E2FF:FE00:1235 on Vlan-interface100...
Page 442 33: IP 6 RIP HAPTER ONFIGURATION...
Page 443: Ipv 6 Ospf
6 OSPF ONFIGURATION The term “router” in this document refers to a Layer 3 switch running routing ■ protocols. The Switch 4800G only support single OSPFv3 process. ■ Introduction to OSPFv3 OSPFv3 Overview OSPFv3 is OSPF (Open Shortest Path First) version 3 for short, supporting IPv6 and compliant with RFC2740 (OSPF for IPv6).
Page 444 34: IP 6 OSPF HAPTER ONFIGURATION Major fields: Version #: Version of OSPF, which is 3 for OSPFv3. ■ Type: Type of OSPF packet, from 1 to 5 are hello, DD, LSR, LSU, and LSAck ■ respectively. Packet Length: Packet length in bytes, including header. ■...
Page 445: Ipv6 Ospfv3 Configuration Task List
IPv6 OSPFv3 Configuration Task List If a router receives no hello packet from a neighbor after a period, it will declare the peer is down. The period is called dead interval. After sending an LSA to its adjacency, a router waits for an acknowledgment from the adjacency.
Page 446: Configuring Ospfv3 Basic Functions
34: IP 6 OSPF HAPTER ONFIGURATION Task Remarks “Tuning and Optimizing an OSPFv3 Network” “Configuring OSPFv3 Timers” on Optional on page 450 page 450 “Configuring the DR Priority for an Optional Interface” on page 451 “Ignoring MTU Check for DD Optional Packets”...
Page 447: Configuring Ospfv3 Routing Information Management
Configuring OSPFv3 Routing Information Management Prerequisites Enable IPv6 packet forwarding ■ Configure OSPFv3 basic functions ■ Configuring an OSPFv3 Follow these steps to configure an OSPFv3 stub area: Stub Area To do… Use the command… Remarks Enter system view system-view Enter OSPFv3 view ospfv3 [ process-id ] Enter OSPFv3 area view...
Page 448 34: IP 6 OSPF HAPTER ONFIGURATION Prerequisites Enable IPv6 packet forwarding ■ Configure OSPFv3 basic functions ■ Configuring OSPFv3 Follow these steps to configure route summarization between areas: Route Summarization To do… Use the command… Remarks Enter system view system-view Enter OSPFv3 view ospfv3 [ process-id ] Enter OSPFv3 area view...
Page 449 Configuring OSPFv3 Routing Information Management Configuring the If multiple routes to a destination are available, using load balancing to send IPv6 Maximum Number of packets on these routes in turn can improve link utility. OSPFv3 Load-balanced Follow these steps to configure the maximum number of load-balanced routes: Routes To do…...
Page 450: Tuning And Optimizing An Ospfv3 Network
34: IP 6 OSPF HAPTER ONFIGURATION Since OSPFv3 is a link state based routing protocol, it cannot directly filter LSAs ■ to be advertised. Therefore, you need to configure filtering redistributed routes before advertising routes that are not filtered in LSAs into the routing domain. Use of the filter-policy export command takes effect only on the local router.
Page 451 Tuning and Optimizing an OSPFv3 Network The dead interval set on neighboring interfaces cannot be so short. Otherwise, ■ a neighbor is easily considered down. The LSA retransmission interval cannot be so short; otherwise, unnecessary ■ retransmissions occur. Configuring the DR Follow these steps to configure the DR priority for an interface: Priority for an Interface To do…...
Page 452: Displaying And Maintaining Ospfv3
34: IP 6 OSPF HAPTER ONFIGURATION To do… Use the command… Remarks Enable the logging on log-peer-change Required neighbor state changes Enabled by default Displaying and Maintaining OSPFv3 To do… Use the command… Remarks Display OSPFv3 debugging display debugging ospfv3 Available in any state information view...
Page 453: Ospfv3 Configuration Examples
OSPFv3 Configuration Examples OSPFv3 Configuration Examples Configuring OSPFv3 Network requirements Areas In the following figure, all switches run OSPFv3. The AS is split into three areas, in which, Switch B and Switch C act as ABRs to forward routing information between areas.
Page 454 34: IP 6 OSPF HAPTER ONFIGURATION [SwitchB-Vlan-interface100] ospfv3 1 area 0 [SwitchB-Vlan-interface100] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] ospfv3 1 area 1 [SwitchB-Vlan-interface200] quit # Configure Switch C <SwitchC> system-view [SwitchC] ipv6 [SwitchC] ospfv3 [SwitchC-ospfv3-1] router-id 3.3.3.3 [SwitchC-ospfv3-1] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] ospfv3 1 area 0 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 400...
Page 455 OSPFv3 Configuration Examples [SwitchD] display ospfv3 routing E1 - Type 1 external route, IA - Inter area route, - Intra area route E2 - Type 2 external route, - Seleted route OSPFv3 Router with ID (4.4.4.4) (Process 1) ------------------------------------------------------------------------ *Destination: 2001::/64 Type : IA Cost...
Page 456 34: IP 6 OSPF HAPTER ONFIGURATION Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 4 Configure Area 2 as a totally stub area # Configure Switch C, the ABR, to make Area 2 as a totally stub area. [SwitchC-ospfv3-1-area-0.0.0.2] stub no-summary # Display OSPFv3 routing table information on Switch D.
Page 457 OSPFv3 Configuration Examples # Configure Switch A <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ospfv3 1 area 0 [SwitchA-Vlan-interface100] quit # Configure Switch B <SwitchB> system-view [SwitchB] ipv6 [SwitchB] ospfv3 [SwitchB-ospfv3-1] router-id 2.2.2.2 [SwitchB-ospfv3-1] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] ospfv3 1 area 0...
Page 458 34: IP 6 OSPF HAPTER ONFIGURATION [SwitchD] display ospfv3 peer OSPFv3 Area ID 0.0.0.0 (Process 1) ---------------------------------------------------------------------- Neighbor ID State Dead Time Interface Instance ID 1.1.1.1 Full/DROther 00:00:30 Vlan100 2.2.2.2 Full/DROther 00:00:37 Vlan200 3.3.3.3 Full/Backup 00:00:31 Vlan100 3 Configure DR priorities for interfaces. # Configure the DR priority of VLAN-interface 100 as 100 on Switch A.
Page 459: Troubleshooting Ospfv3 Configuration
Troubleshooting OSPFv3 Configuration 3.3.3.3 Full/Backup 00:00:39 Vlan100 4.4.4.4 Full/DROther 00:00:37 Vlan200 # Display neighbor information on Switch D. You can find Switch A becomes the [SwitchD] display ospfv3 peer OSPFv3 Area ID 0.0.0.0 (Process 1) ---------------------------------------------------------------------- Neighbor ID State Dead Time Interface Instance ID 1.1.1.1...
Page 460 34: IP 6 OSPF HAPTER ONFIGURATION Solution 1 Use the display ospfv3 peer command to display OSPFv3 neighbors. 2 Use the display ospfv3 interface command to display OSPFv3 interface information. 3 Use the display ospfv3 lsdb command to display Link State Database information to check integrity.
Page 461: Ipv
6 IS-IS C ONFIGURATION IPv6 IS-IS supports all the features of IPv4 IS-IS except that it advertises IPv6 ■ routing information instead. This document describes only IPv6 IS-IS exclusive configuration tasks. For other configuration tasks, refer to “IS-IS Configuration” on page 325. The term “router”...
Page 462: Configuring Ipv6 Is-Is Routing Information Control
35: IP 6 IS-IS C HAPTER ONFIGURATION Configuration Before the configuration, accomplish the following tasks first: Prerequisites Enable IPv6 globally ■ Configure IP addresses for interfaces, and make sure all neighboring nodes are ■ reachable. Enable IS-IS ■ Configuration Procedure Follow these steps to configure the basic functions of IPv6 IS-IS: To do…...
Page 463: Displaying And Maintaining Ipv6 Is-Is
Displaying and Maintaining IPv6 IS-IS To do… Use command to... Remarks Configure IPv6 IS-IS to ipv6 import-route protocol Optional redistribute routes from [ process-id ] [ allow-ibgp ] [ cost Not configured by another routing protocol cost-value | [ level-1 | level-2 | default level-1-2 ] | route-policy route-policy-name | tag tag-value ] *...
Page 464: Ipv6 Is-Is Configuration Example
35: IP 6 IS-IS C HAPTER ONFIGURATION To do… Use the command… Remarks Clear the IS-IS data reset isis peer system-id [ process-id ] Available in user information of a neighbor view IPv6 IS-IS Network requirements Configuration As shown in Figure 146, Switch A, Switch B, Switch C and Switch D reside in the Example same autonomous system, and all are enabled with IPv6.
Page 465 IPv6 IS-IS Configuration Example [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] isis ipv6 enable 1 [SwitchB-Vlan-interface200] quit # Configure Switch C. <SwitchC> system-view [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0003.00 [SwitchC-isis-1] ipv6 enable [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] isis ipv6 enable 1 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis ipv6 enable 1...
Page 466 35: IP 6 IS-IS C HAPTER ONFIGURATION...
Page 467: Ipv
6 BGP C ONFIGURATION This chapter describes only configuration for IPv6 BGP. For other related information, refer to “BGP Configuration” on page 365. When configuring IPv6 BGP, go to these sections for information you are interested in: “IPv6 BGP Overview” on page 467 ■...
Page 468: Configuration Task List
36: IP 6 BGP C HAPTER ONFIGURATION Configuration Task Complete the following tasks to configure IPv6 BGP: List Task Remarks “Configuring IPv6 BGP Basic Functions” “Configuring an IPv6 Peer” on page Required on page 469 “Advertising a Local IPv6 Route” on Optional page 469 “Configuring a Preferred Value for...
Page 469: Configuring Ipv6 Bgp Basic Functions
Configuring IPv6 BGP Basic Functions Configuring IPv6 BGP Basic Functions Prerequisites Before configuring this task, you need to: Specify IP addresses for interfaces. ■ Enable IPv6. ■ You need create a peer group before configuring basic functions for it. For related information, refer to “Configuring IPv6 BGP Peer Group”...
Page 470 36: IP 6 BGP C HAPTER ONFIGURATION for routes from a peer, the routing policy sets a non-zero preferred value for routes matching it. Other routes not matching the routing policy uses the value set with the command. If the preferred value in the routing policy is zero, the routes matching it will also use the value set with the command.
Page 471: Controlling Route Distribution And Reception
Controlling Route Distribution and Reception Configuring a Follow these steps to configure description for a peer/peer group: Description for a Peer/Peer Group To do… Use the command… Remarks Enter system view system-view Enter BGP view bgp as-number Required Enter IPv6 address family view ipv6-family Configure a description for a peer { ipv6-group-name | Optional...
Page 472 36: IP 6 BGP C HAPTER ONFIGURATION Configuring IPv6 BGP Follow these steps to configure IPv6 BGP route redistribution and filtering: Route Redistribution To do… Use the command… Remarks Enter system view system-view Enter BGP view bgp as-number Enter IPv6 address family view ipv6-family Enable default route default-route imported Optional...
Page 473 Controlling Route Distribution and Reception To do… Use the command… Remarks Specify an IPv6 prefix list to peer { ipv6-group-name | Required filer routes advertised to a ipv6-address } ipv6-prefix Not specified by default peer/peer group ipv6-prefix-name export Members of a peer group must have the same outbound route policy with the ■...
Page 474: Configuring Ipv6 Bgp Route Attributes
36: IP 6 BGP C HAPTER ONFIGURATION Follow these steps to configure IPv6 BGP and IGP route synchronization: To do… Use the command… Remarks Enter system view system-view Enter BGP view bgp as-number Required Enter IPv6 address family view ipv6-family Enable route synchronization synchronization Required...
Page 475 Configuring IPv6 BGP Route Attributes To do… Use the command… Remarks Configure the default value default local-preference Optional for local preference value The value defaults to 100 Advertise routes to a peer { ipv6-group-name | Required peer/peer group with the local ipv6-address } By default, the feature is router as the next hop...
Page 476: Tuning And Optimizing Ipv6 Bgp Networks
36: IP 6 BGP C HAPTER ONFIGURATION To do… Use the command… Remarks Specify a fake AS number for peer { ipv6-group-name | Optional a peer/peer group ipv6-address } fake-as Not specified by default as-number Neglect the AS_PATH bestroute as-path-neglect Optional attribute for best route Not neglected by default...
Page 477 Tuning and Optimizing IPv6 BGP Networks To do… Use the command… Remarks Enter system view system-view Enter BGP view bgp as-number Required Enter IPv6 address family view ipv6-family Configure Specify keepalive timer keepalive keepalive Optional IPv6 BGP interval and holdtime hold holdtime The keepalive interval timers...
Page 478: Configuring A Large Scale Ipv6 Bgp Network
36: IP 6 BGP C HAPTER ONFIGURATION If the peer keep-all-routes command is used, all routes from the peer/peer group will be saved regardless of whether the filtering policy is available. These routes will be used to generate IPv6 BGP routes after soft-reset is performed. Configuring the Follow these steps to configure the maximum number of load balanced routes: Maximum Number of...
Page 479 Configuring a Large Scale IPv6 BGP Network To do… Use the command… Remarks Enter BGP view bgp as-number Required Not enabled by default Enter IPv6 address family view ipv6-family Create an IBGP peer group group ipv6-group-name Required [ internal ] Add a peer into the group peer ipv6-address group Required...
Page 480 36: IP 6 BGP C HAPTER ONFIGURATION When creating a mixed EBGP peer group, you need to create a peer and specify its AS number that can be different from AS numbers of other peers, but you cannot specify AS number for the EBGP peer group. Configuring IPv6 BGP Advertise community attribute to a peer/peer group Community...
Page 481 Configuring a Large Scale IPv6 BGP Network To do… Use the command… Remarks Configure the cluster ID of reflector cluster-id cluster-id Optional the route reflector By default, a route reflector uses its router ID as the cluster In general, since the route reflector forwards routing information between ■...
Page 482: Displaying And Maintaining Ipv6 Bgp Configuration
36: IP 6 BGP C HAPTER ONFIGURATION Displaying and Maintaining IPv6 BGP Configuration Displaying BGP To do… Use the command… Remarks Display IPv6 BGP peer group display bgp ipv6 group Available in any information [ ipv6-group-name ] view Display IPv6 BGP advertised display bgp ipv6 network routing information Display IPv6 BGP AS path...
Page 483: Ipv6 Bgp Configuration Examples
IPv6 BGP Configuration Examples Resetting IPv6 BGP Connections To do… Use the command… Remarks Perform soft reset on IPv6 refresh bgp ipv6 { ipv6-address | all | Available in BGP connections external | group ipv6-group-name | user view internal } { export | import } Reset IPv6 BGP connections reset bgp ipv6 { as-number | ipv6-address [ flap-info ] | all | group ipv6-group-name |...
Page 484 36: IP 6 BGP C HAPTER ONFIGURATION <SwitchB> system-view [SwitchB] ipv6 [SwitchB] bgp 65009 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] ipv6-family [SwitchB-bgp-af-ipv6] peer 9:1::2 as-number 65009 [SwitchB-bgp-af-ipv6] peer 9:3::2 as-number 65009 [SwitchB-bgp-af-ipv6] quit [SwitchB-bgp] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ipv6 [SwitchC] bgp 65009 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] ipv6-family...
Page 485 IPv6 BGP Configuration Examples Local AS number : 65009 Total number of peers : 3 Peers in established state : 3 Peer MsgRcvd MsgSent OutQ PrefRcv Up/Down State 10::2 4 65008 0 00:01:16 Established 9:3::2 4 65009 0 00:00:40 Established 9:1::2 4 65009 0 00:00:19 Established...
Page 486: Troubleshooting Ipv6 Bgp Configuration
36: IP 6 BGP C HAPTER ONFIGURATION [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] ipv6-family [SwitchA-bgp-af-ipv6] peer 100::2 as-number 200 [SwitchA-bgp-af-ipv6] network 1:: 64 #Configure Switch B. <SwitchB> system-view [SwitchB] ipv6 [SwitchB] bgp 200 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] ipv6-family [SwitchB-bgp-af-ipv6] peer 100::1 as-number 100 [SwitchB-bgp-af-ipv6] peer 101::1 as-number 200 [SwitchB-bgp-af-ipv6] peer 101::1 next-hop-local # Configure Switch C.
Page 487 Troubleshooting IPv6 BGP Configuration Processing steps 1 Use the display current-configuration command to verify the peer’s AS number. 2 Use the display bgp ipv6 peer command to verify the peer’s IPv6 address. 3 If the loopback interface is used, check whether the peer connect-interface command is configured.
Page 488 36: IP 6 BGP C HAPTER ONFIGURATION...
Page 489: Routing
OUTING OLICY ONFIGURATION Introduction to Routing Policy Routing Policy A routing policy is used on the router for route inspection, filtering, attributes modifying when routes are received, advertised, or redistributed. When distributing or receiving routing information, a router can use a routing policy to filter routing information.
Page 490: Defining Filtering Lists
37: R HAPTER OUTING OLICY ONFIGURATION AS-path AS path is only applicable to IPv6 BGP. There is an AS-path field in the IPv6 BGP packet. An AS path list specifies matching conditions according to the AS-path field. Community list Community list only applies to IPv6 BGP. The IPv6 BGP packet contains a community attribute field to identify a community.
Page 491 Defining Filtering Lists Defining an IPv6 Prefix Identified by name, each IPv6 prefix list can comprise multiple items. Each item List specifies a matching address range in the form of network prefix, which is identified by index number. During matching, the system compares the route to each item in the ascending order of index number.
Page 492: Configuring A Routing Policy
37: R HAPTER OUTING OLICY ONFIGURATION To do… Use the command… Remarks Define a Define a basic ip community-list Required to define community list community list basic-comm-list-num either; { deny | permit } Not defined by default [ community-number-lis t ] [ internet | no-advertise | no-export | no-export-subconfed...
Page 493 Configuring a Routing Policy Creating a Routing Follow these steps to create a routing policy: Policy To do… Use the command… Remarks Enter system view system-view Create a routing policy and route-policy route-policy-name { permit | Required enter its view deny } node node-number If a node has the permit keyword specified, routing information meeting the ■...
Page 494 37: R HAPTER OUTING OLICY ONFIGURATION To do… Use the command… Remarks Match routes having the if-match route-type { internal Optional specified route type | external-type1 | Not configured by default external-type2 | external-type1or2 | is-is-level-1 | is-is-level-2 | nssa-external-type1 | nssa-external-type2 | nssa-external-type1or2 } * Match the routes having the...
Page 495: Displaying And Maintaining The Routing Policy
Displaying and Maintaining the Routing Policy To do… Use the command… Remarks Set a local preference for IPv6 apply local-preference preference Optional BGP routes Not set by default Set an origin attribute for IPv6 apply origin { igp | egp as-number | Optional BGP routes incomplete }...
Page 496 37: R HAPTER OUTING OLICY ONFIGURATION Network diagram Figure 149 Network diagram for routing policy application to route redistribution 20::/32 30::/32 40::/32 Vlan-int100 Vlan -int100 Vlan -int200 10::1/32 10::2 /32 11::1 /32 Switch A Switch B Configuration procedure 1 Configure Switch A # Configure IPv6 addresses for VLAN-interface 100 and VLAN-interface 200.
Page 497: Troubleshooting Routing Policy Configuration
Troubleshooting Routing Policy Configuration [SwitchB] ipv6 [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ipv6 address 10::2 32 # Enable RIPng on VLAN-interface 100. [SwitchB-Vlan-interface100] ripng 1 enable [SwitchB-Vlan-interface100] quit # Enable RIPng. [SwitchB] ripng # Display RIPng routing table information. [SwitchB-ripng-1] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::7D58:0:CA03:1...
Page 498 37: R HAPTER OUTING OLICY ONFIGURATION...
Page 499: Ip V 6 Basics
ASICS ONFIGURATION When configuring IPv6 basics, go to these sections for information you are interested in: “IPv6 Overview” on page 499 ■ “IPv6 Basics Configuration Task List” on page 508 ■ “Configuring Basic IPv6 Functions” on page 508 ■ “Configuring IPv6 NDP” on page 510 ■...
Page 500 38: IP HAPTER ASICS ONFIGURATION addresses, the size of basic IPv6 headers is 40 bytes and is only twice that of IPv4 headers (excluding the Options field). Figure 150 Comparison between IPv4 packet header format and basic IPv6 packet header format Traffic Total length...
Page 501 IPv6 Overview QoS support The Flow Label field in the IPv6 header allows the device to label packets in a flow and provide special handling for these packets. Enhanced neighbor discovery mechanism The IPv6 neighbor discovery protocol is implemented through a group of Internet Control Message Protocol Version 6 (ICMPv6) messages that manages the information exchange between neighbor nodes on the same link.
Page 502 38: IP HAPTER ASICS ONFIGURATION Unicast address: An identifier for a single interface, similar to an IPv4 unicast ■ address. A packet sent to a unicast address is delivered to the interface identified by that address. Multicast address: An identifier for a set of interfaces (typically belonging to ■...
Page 503 IPv6 Overview node may fill this address in the source address field of an IPv6 packet, but may not use it as a destination IPv6 address. Multicast address IPv6 multicast addresses listed in Table 48 are reserved for special purpose. Table 48 Reserved IPv6 multicast addresses Address Application...
Page 504 38: IP HAPTER ASICS ONFIGURATION Introduction to IPv6 IPv6 Neighbor Discovery Protocol (NDP) uses five types of ICMPv6 messages to Neighbor Discovery implement the following functions: Protocol “Address resolution” on page 504 ■ “Neighbor reachability detection” on page 505 ■ “Duplicate address detection”...
Page 505 IPv6 Overview Figure 152 Address resolution Host A Host B ICMP type = 135 Src = A Dst = solicited-node multicast address of B Data = link layer address of A ICMP type = 136 Src = B Dst = A Data = link layer address of B The address resolution procedure is as follows: 1 Node A multicasts an NS message.
Page 506 38: IP HAPTER ASICS ONFIGURATION The DAD procedure is as follows: 1 Node A sends an NS message whose source address is the unassigned address :: and destination address is the corresponding solicited-node multicast address of the IPv6 address to be detected. The NS message contains the IPv6 address. 2 If node B uses this IPv6 address, node B returns an NA message.
Page 507 IPv6 Overview The selected route is not the default route. ■ The forwarded IPv6 packet does not contain any routing header. ■ IPv6 PMTU Discovery The links that a packet passes from the source to the destination may have different MTUs. In IPv6, when the packet size exceeds the link MTU, the packet will be fragmented at the source end so as to reduce the processing pressure of the forwarding device and utilize network resources rationally.
Page 508: Ipv6 Basics Configuration Task List
38: IP HAPTER ASICS ONFIGURATION Protocols and Standards Protocols and standards related to IPv6 include: RFC 1881: IPv6 Address Allocation Management ■ RFC 1887: An Architecture for IPv6 Unicast Address Allocation ■ RFC 1981: Path MTU Discovery for IP version 6 ■...
Page 509 Configuring Basic IPv6 Functions EUI-64 format: When the EUI-64 format is adopted to form IPv6 addresses, the ■ IPv6 address prefix of an interface is the configured prefix and the interface identifier is derived from the link-layer address of the interface. Manual configuration: IPv6 site-local addresses or aggregatable global unicast ■...
Page 510: Configuring Ipv6 Ndp
38: IP HAPTER ASICS ONFIGURATION You need to execute the ipv6 address auto link-local command before the ■ undo ipv6 address auto link-local command. However, if an IPv6 site-local address or aggregatable global unicast address is already configured for an interface, the interface still has a link-local address because the system automatically generates one for the interface.
Page 511 Configuring IPv6 NDP To do… Use the command… Remarks Enter system view system-view Enter interface view interface interface-type interface-number Configure the maximum ipv6 neighbors Optional number of neighbors max-learning-num number dynamically learned by an interface Configuring Parameters You can configure whether the interface sends an RA message, the interval for Related to an RA sending RA messages, and parameters in RA messages.
Page 512 38: IP HAPTER ASICS ONFIGURATION Follow these steps to configure parameters related to an RA message: To do… Use the command… Remarks Enter system view system-view Configure the current hop ipv6 nd hop-limit value Optional limit 64 by default. Enter interface view interface interface-type interface-number Disable the RA message...
Page 513: Configuring Pmtu Discovery
Configuring PMTU Discovery To do… Use the command… Remarks Set the reachable time ipv6 nd nud Optional reachable-time value By default, the neighbor reachable time on the local interface is 30,000 milliseconds and the Reachable Timer field in RA messages is 0. CAUTION: The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA messages.
Page 514: Configuring Ipv6 Tcp Properties
38: IP HAPTER ASICS ONFIGURATION host sends subsequent packets to the destination host on basis of this MTU. After the aging time expires, the dynamically determined PMTU is removed and the source host re-determines an MTU to send packets through the PMTU mechanism. The aging time is invalid for static PMTU.
Page 515: Configuring Ipv6 Dns
Configuring IPv6 DNS configured capacity. One token allows one ICMPv6 error packet to be sent. Each time an ICMPv6 error packet is sent, the number of tokens in a token bucket decreases by 1. If the number of ICMPv6 error packets successively sent exceeds the capacity of the token bucket, subsequent ICMPv6 error packets cannot be sent out until the number of tokens in the token bucket is updated and new tokens are added to the bucket.
Page 516: Displaying And Maintaining Ipv6 Basics Configuration
38: IP HAPTER ASICS ONFIGURATION Configuring Dynamic If you want to use the dynamic domain name function, you can use the following IPv6 Domain Name command to enable the dynamic domain name resolution function. In addition, Resolution you should configure a DNS server so that a query request message can be sent to the correct server for resolution.
Page 517: Ipv6 Configuration Example
IPv6 Configuration Example To do… Use the command… Remarks Display the total number of display ipv6 neighbors { all | dynamic | Available in neighbor entries satisfying the interface interface-type interface-number | any view specified conditions static | vlan vlan-id } count Display the PMTU information display ipv6 pathmtu { ipv6-address | all | of an IPv6 address...
Page 518 38: IP HAPTER ASICS ONFIGURATION # Enable the IPv6 packet forwarding function. <SwitchA> system-view [SwitchA] ipv6 # Configure VLAN-interface 2 to automatically generate a link-local address. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address auto link-local # Configure an EUI-64 address for VLAN-interface 2. [SwitchA-Vlan-interface2] ipv6 address 2001::/64 eui-64 # Specify an aggregatable global unicast address for VLAN-interface 2.
Page 519 IPv6 Configuration Example ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses # Display the IPv6 information of the interface on Switch B. [SwitchB-Vlan-interface2] display ipv6 interface vlan-interface 2 Vlan-interface2 current state :UP Line protocol current state :UP...
Page 520: Troubleshooting Ipv6 Basics Configuration
38: IP HAPTER ASICS ONFIGURATION --- 2001::20F:E2FF:FE00:1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 40/58/70 ms [SwitchA-Vlan-interface2] ping ipv6 3001::2 PING 3001::2 : 56 data bytes, press CTRL_C to break Reply from 3001::2 bytes=56 Sequence=1 hop limit=255 time = 50 ms Reply from 3001::2...
Page 521: Dual
TACK ONFIGURATION When configuring dual stack, go to these sections for information you are interested in: “Dual Stack Overview” on page 521 ■ “Configuring Dual Stack” on page 521 ■ Dual Stack Overview Dual stack is the most direct approach to making IPv6 nodes compatible with IPv4 nodes.
Page 522 39: D HAPTER TACK ONFIGURATION To do… Use the command… Remarks Enable the IPv6 packet forwarding function ipv6 Required Disabled by default. Enter interface view interface interface-type interface-number Configure an IPv4 address for the interface ip address ip-address Required { mask | mask-length } By default, no IP [ sub ] address is...
Page 523: Tunneling
Tunneling refers to the whole process from data encapsulation to data transfer to data decapsulation. NTP-related commands are available in tunnel interface view on 3Com Switch 4800G Family, but NTP features cannot be enabled after you execute the NTP commands. For related information about NTP, refer to “NTP Configuration” on page 947.
Page 524 40: T HAPTER UNNELING ONFIGURATION Figure 157 Principle of IPv6 over IPv4 tunnel IPv4 header IPv6 header IPv6 data IPv6 header IPv6 data IPv6 header IPv6 data IPv4 network IPv6 network IPv6 network IPv6 over IPv4 tunnel Dual stack router Dual stack router IPv6 host IPv6 host...
Page 525 Introduction to Tunneling Among the above tunnels, the IPv6 manual tunnel is a configured tunnel, while the 6to4 tunnel, and intra-site automatic tunnel address protocol (ISATAP) tunnel are automatic tunnels. 1 IPv6 manually configured tunnel A manually configured tunnel is a point-to-point link. One link is a separate tunnel.
Page 526: Tunneling Configuration Task List
40: T HAPTER UNNELING ONFIGURATION Tunneling Complete the following tasks to configure the tunneling feature: Configuration Task List Task Remarks Configuring IPv6 over IPv4 GRE tunnel “Configuring IPv6 Manual Tunnel” on Optional page 526 “Configuring 6to4 Tunnel” on page 530 Optional “Configuring ISATAP Tunnel”...
Page 527 Configuring IPv6 Manual Tunnel To do… Use the command… Remarks Configure a source address or source { ip-address | Required interface for the tunnel interface-type By default, no source interface-number } address or interface is configured for the tunnel. Configure a destination address for destination ip-address Required the tunnel...
Page 528 40: T HAPTER UNNELING ONFIGURATION Network diagram Figure 159 Network diagram for an IPv6 manual tunnel IPv4 netwok Dual stack Dual stack Vlan -int100 Vlan- int100 192 .168.100.1/24 192.168.50.1/24 Switch A Switch B Configuration procedure Configuration on Switch A ■ # Enable IPv6.
Page 529 Configuring IPv6 Manual Tunnel <SwitchB> system-view [SwitchB] ipv6 # Configure a link aggregation group. Disable STP on the port before adding it into the link aggregation group. [SwitchB] link-aggregation group 1 mode manual [SwitchB] link-aggregation group 1 service-type tunnel [SwitchB] interface GigabitEthernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] stp disable [SwitchB-GigabitEthernet1/0/1] port link-aggregation group 1 [SwitchB-GigabitEthernet1/0/1] quit...
Page 530: Configuring 6To4 Tunnel
40: T HAPTER UNNELING ONFIGURATION Line protocol current state :UP IPv6 is enabled, link-local address is FE80::C0A8:3201 Global unicast address(es): 3001::2, subnet is 3001::/64 Joined group address(es): FF02::1:FFA8:3201 FF02::1:FF00:2 FF02::2 FF02::1 MTU is 1500 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses # Ping the IPv6 address of the peer tunnel interface from Switch A.
Page 531 Configuring 6to4 Tunnel To do… Use the command… Remarks Create a tunnel interface and interface tunnel number Required enter tunnel interface view By default, there is no tunnel interface on the device. Configure an Configure an ipv6 address Required. IPv6 address for IPv6 global { ipv6-address prefix-length Use either command.
Page 532 40: T HAPTER UNNELING ONFIGURATION When you configure a static route, you need to configure a route to the ■ destination address (the destination IP address of the packet, instead of the IPv4 address of the tunnel destination) and set the next-hop to the tunnel interface number or network address at the local end of the tunnel.
Page 533 Configuring 6to4 Tunnel [SwitchA-Vlan-interface100] ip address 2.1.1.1 24 [SwitchA-Vlan-interface100] quit # Configure a route to VLAN-interface 100 of Switch B. (Here the next-hop address of the static route is represented by [nexthop]. In practice, you should configure the real next-hop address according to the network.) [SwitchA] ip route-static 5.1.1.1 24 [nexthop] # Configure an IPv6 address for VLAN-interface 101.
Page 534 40: T HAPTER UNNELING ONFIGURATION [SwitchB-vlan100] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ip address 5.1.1.1 24 [SwitchB-Vlan-interface100] quit # Configure a route to VLAN-interface 100 of Switch A. (Here the next-hop address of the static route is represented by [nexthop]. In practice, you should configure the real next-hop address according to the network.) [SwitchB] ip route-static 2.1.1.1 24 [nexthop] # Configure an IPv6 address for VLAN-interface 101.
Page 535: Configuring Isatap Tunnel
Configuring ISATAP Tunnel Configuring ISATAP Tunnel Configuration IP addresses are configured for interfaces such as VLAN interface, and loopback Prerequisites interface on the device. Such an interface can serve as the source interface of a tunnel to ensure that the tunnel destination address is reachable. Configuration Procedure Follow these steps to configure an ISATAP tunnel: To do…...
Page 536 40: T HAPTER UNNELING ONFIGURATION CAUTION: If the addresses of the tunnel interfaces at the two ends of a tunnel are not in ■ the same network segment, a forwarding route through the tunnel to the peer must be configured so that the encapsulated packet can be forwarded normally.
Page 537 Configuring ISATAP Tunnel # Configure addresses for interfaces. [Switch] vlan 100 [Switch-vlan100] port GigabitEthernet 1/0/2 [Switch-vlan100] quit [Switch] interface vlan-interface 100 [Switch-Vlan-interface100] ipv6 address 3001::1/64 [Switch-Vlan-interface100] quit [Switch] vlan 101 [Switch-vlan101] port GigabitEthernet 1/0/3 [Switch-vlan101] quit [Switch] interface vlan-interface 101 [Switch-Vlan-interface101] ip address 2.1.1.1 255.0.0.0 [Switch-Vlan-interface101] quit # Configure an ISATAP tunnel.
Page 538: Displaying And Maintaining Tunneling Configuration
40: T HAPTER UNNELING ONFIGURATION DAD transmits 0 default site prefix length 48 # A link-local address (fe80::5efe:2.1.1.2) in the ISATAP format was automatically generated for the ISATAP interface. Configure the IPv4 address of the ISATAP switch on the ISATAP interface. C:\>ipv6 rlu 2 2.1.1.1 # After carrying out the above command, look at the information on the ISATAP interface.
Page 539 Troubleshooting Tunneling Configuration interface is down, use the debugging tunnel event command in user view to view the cause. 2 Another possible cause is that the tunnel destination is unreachable. Use the display ipv6 routing-table or display ip routing-table command to view whether the tunnel destination is reachable.
Page 540 40: T HAPTER UNNELING ONFIGURATION...
Page 541: Multicast Overview
ULTICAST VERVIEW This manual chiefly focuses on the IP multicast technology and device operations. Unless otherwise stated, the term “multicast” in this document refers to IP multicast. Introduction to As a technique coexisting with unicast and broadcast, the multicast technique Multicast effectively addresses the issue of point-to-multipoint data transmission.
Page 542 41: M HAPTER ULTICAST VERVIEW In unicast transmission, the traffic over the network is proportional to the number of hosts that need the information. If a large number of users need the information, the information source needs to send a copy of the same information to each of these users.
Page 543 Introduction to Multicast Figure 164 Multicast transmission Host A Receiver Host B Source Host C Server Receiver Host D Receiver Packets for the multicast group Host E Assume that Hosts B, D and E need the information. To receive the information correctly, these hosts need to join a receiver set, which is known as a multicast group.
Page 544: Multicast Models
41: M HAPTER ULTICAST VERVIEW Table 51 An analogy between TV transmission and multicast transmission Step TV transmission Multicast transmission A TV station transmits a TV A multicast source sends multicast data program through a channel. to a multicast group. A user tunes the TV set to the A receiver joins the multicast group.
Page 545: Multicast Architecture
Multicast Architecture SSM model In the practical life, users may be interested in the multicast data from only certain multicast sources. The SSM model provides a transmission service that allows users to specify the multicast sources they are interested in at the client side. The radical difference between the SSM model and the ASM model is that in the SSM model, receivers already know the locations of the multicast sources by some other means.
Page 546 41: M HAPTER ULTICAST VERVIEW Table 52 Class D IP address blocks and description Address block Description 224.0.0.0 to 224.0.0.255 Reserved permanent group addresses. The IP address 224.0.0.0 is reserved, and other IP addresses can be used by routing protocols and for topology searching, protocol maintenance, and so on.
Page 547 Multicast Architecture Figure 165 IPv6 multicast format 0xFF Flags Scope Group ID (112 bits) 0xFF: 8 bits, indicating that this address is an IPv6 multicast address. ■ Flags: 4 bits, of which the high-order flag is reserved and set to 0; the definition ■...
Page 548 41: M HAPTER ULTICAST VERVIEW Figure 166 IPv4-to-MAC address mapping 5 bits lost XXXX X 1110 XXXX XXXX XXXX XXXX XXXX XXXX XXXX 32-bit IPv4 address 23 bits mapped 48-bit MAC address 0000 0001 0000 0000 0101 1110 0XXX XXXX XXXX XXXX XXXX XXXX 25-bit MAC address prefix...
Page 549 Multicast Architecture This section provides only general descriptions about applications and functions of the Layer 2 and Layer 3 multicast protocols in a network. For details of these protocols, refer to the respective chapters. Layer 3 multicast protocols Layer 3 multicast protocols include multicast group management protocols and multicast routing protocols.
Page 550: Multicast Packet Forwarding Mechanism
41: M HAPTER ULTICAST VERVIEW For the SSM model, multicast routes are not divided into inter-domain routes and intra-domain routes. Since receivers know the position of the multicast source, channels established through PIM-SM are sufficient for multicast information transport. Layer 2 multicast protocols Layer 2 multicast protocols include IGMP Snooping/MLD Snooping and multicast VLAN/IPv6 multicast VLAN.
Page 551 Multicast Packet Forwarding Mechanism To ensure multicast packet transmission in the network, unicast routing tables ■ or multicast routing tables specially provided for multicast must be used as guidance for multicast forwarding. To process the same multicast information from different peers received on ■...
Page 552 41: M HAPTER ULTICAST VERVIEW...
Page 553: Igmp Snooping
IGMP S NOOPING ONFIGURATION When configuring IGMP Snooping, go to the following sections for information you are interested in: “IGMP Snooping Overview” on page 553 ■ “IGMP Snooping Configuration Task List” on page 558 ■ “Displaying and Maintaining IGMP Snooping” on page 569 ■...
Page 554 42: IGMP S HAPTER NOOPING ONFIGURATION Figure 170 Before and after IGMP Snooping is enabled on the Layer 2 device Multicast packet transmission Multicast packet transmission without IGMP Snooping when IGMP Snooping runs Multicast router Multicast router Source Source Layer 2 switch Layer 2 switch Host A Host A...
Page 555 IGMP Snooping Overview switch registers all its local router ports (including static and dynamic router ports) in its router port list. Member port: A member port is a port on the Ethernet switch that leads switch ■ towards multicast group members. In the figure, Ethernet 1/0/2 and Ethernet 1/0/3 of Switch A and Ethernet 1/0/2 of Switch B are member ports.
Page 556 42: IGMP S HAPTER NOOPING ONFIGURATION When receiving a membership report A host sends an IGMP report to the multicast router in the following circumstances: Upon receiving an IGMP query, a multicast group member host responds with ■ an IGMP report. When intended to join a multicast group, a host sends an IGMP report to the ■...
Page 557 IGMP Snooping Overview If the forwarding table entry exists and its outgoing port list contains the port, ■ the switch forwards the leave group message to all router ports in the VLAN. Because the switch does not know whether any other hosts attached to the port are still listening to that group address, the switch does not immediately removes the port from the outgoing port list of the forwarding table entry for that group;...
Page 558: Igmp Snooping Configuration Task List
42: IGMP S HAPTER NOOPING ONFIGURATION IGMP Snooping Complete these tasks to configure IGMP Snooping: Configuration Task List Task Remarks “Configuring Basic Functions of IGMP “Enabling IGMP Snooping” on page Required Snooping” on page 559 “Configuring the Version of IGMP Optional Snooping”...
Page 559: Configuring Basic Functions Of Igmp Snooping
Configuring Basic Functions of IGMP Snooping Configuring Basic Functions of IGMP Snooping Configuration Before configuring the basic functions of IGMP Snooping, complete the following Prerequisites task: Configure the corresponding VLANs. ■ Before configuring the basic functions of IGMP Snooping, prepare the following data: Version of IGMP Snooping.
Page 560: Configuring Igmp Snooping Port Functions
42: IGMP S HAPTER NOOPING ONFIGURATION Keep forwarding entries for version 3 static (*, G) joins; ■ Clear forwarding entries from version 3 static (S, G) joins, which will be ■ restored when IGMP Snooping is switched back to version 3. For details about static joins, Refer to “Configuring Static Ports”...
Page 561 Configuring IGMP Snooping Port Functions To do… Use the command… Remarks Enter system view system-view Enter VLAN view vlan vlan-id Configure router port aging igmp-snooping Optional time router-aging-time interval 105 seconds by default Configure member port aging igmp-snooping Optional time host-aging-time interval 260 seconds by default Configuring Static Ports...
Page 562 42: IGMP S HAPTER NOOPING ONFIGURATION To avoid this situation from happening, you can enable simulated joining on a port of the switch, namely configure the port as a simulated member host for a multicast group. When an IGMP query is heard, the simulated host gives a response.
Page 563: Configuring Igmp Snooping Querier
Configuring IGMP Snooping Querier To do… Use the command… Remarks Enter system view system-view Enter IGMP Snooping view igmp-snooping Enable fast leave processing fast-leave [ vlan vlan-list ] Required Disabled by default Configuring fast leave processing on a port or a group of ports Follow these steps to configure fast leave processing on a port or a group of ports: To do…...
Page 564 42: IGMP S HAPTER NOOPING ONFIGURATION routers are present, the Layer 2 switch will act as the IGMP Snooping querier to send IGMP queries, thus allowing multicast forwarding entries to be established and maintained at the data link layer. Follow these steps to enable IGMP Snooping querier: To do…...
Page 565: Configuring An Igmp Snooping Policy
Configuring an IGMP Snooping Policy Configuring IGMP queries and responses in a VLAN Follow these steps to configure IGMP queries and responses in a VLAN: To do… Use the command… Remarks Enter system view system-view Enter VLAN view vlan vlan-id Configure IGMP general igmp-snooping Optional...
Page 566 42: IGMP S HAPTER NOOPING ONFIGURATION Before configuring an IGMP Snooping policy, prepare the following data: ACL rule for multicast group filtering ■ The maximum number of multicast groups that can pass the ports ■ Configuring a Multicast On an IGMP Snooping-enabled switch, the configuration of a multicast group Group Filter allows the service provider to define restrictions on multicast programs available to different users.
Page 567 Configuring an IGMP Snooping Policy If this feature is disabled on a port, the port can be connected with both multicast sources and multicast receivers. Configuring multicast source port filtering globally Follow these steps to configure multicast source port filtering globally: To do…...
Page 568 42: IGMP S HAPTER NOOPING ONFIGURATION Configuring IGMP When a Layer 2 device receives an IGMP report from a multicast group member, Report Suppression the device forwards the message to the Layer 3 device directly connected with it. Thus, when multiple members of a multicast group are attached to the Layer 2 device, the Layer 3 device directly connected with it will receive duplicate IGMP reports from these members.
Page 569: Displaying And Maintaining Igmp Snooping
Displaying and Maintaining IGMP Snooping Configuring Multicast For some special reasons, the number of multicast groups that can be joined on Group Replacement the current switch or port may exceed the number configured for the switch or the port. In addition, in some specific applications, a multicast group newly joined on the switch needs to replace an existing multicast group automatically.
Page 570: Igmp Snooping Configuration Examples
42: IGMP S HAPTER NOOPING ONFIGURATION To do… Use the command… Remarks View the statistics information of display igmp-snooping statistics Available in IGMP messages learned by IGMP any view Snooping Clear IGMP Snooping multicast reset igmp-snooping group Available in group information { group-address | all } [ vlan vlan-id ] user view Clear the statistics information of...
Page 571 IGMP Snooping Configuration Examples Configuration procedure 1 Configure the IP address of each interface Configure an IP address and subnet mask for each interface as per Figure 172. The detailed configuration steps are omitted. 2 Configure Router A # Enable IP multicast routing, enable PIM-DM on each interface, and enable IGMPv2 on GigabitEthernet 1/0/1.
Page 572 42: IGMP S HAPTER NOOPING ONFIGURATION (0.0.0.0, 224.1.1.1): Attribute: Host Port Host port(s):total 2 port. GE1/0/3 (D) ( 00:03:23 ) GE1/0/4 (D) ( 00:03:23 ) MAC group(s): MAC group address:0100-5e01-0101 Host port(s):total 2 port. GE1/0/3 GE1/0/4 As shown above, GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 of Switch A have joined multicast group 224.1.1.1.
Page 573 IGMP Snooping Configuration Examples Network diagram Figure 173 Network diagram for static router port configuration Source Switch A GE 1/0 /2 GE1 /0/1 1.1.1 .2/24 10.1.1.1 /24 GE1 /0/1 Router A 1.1.1.1/24 IGMP querier Switch C GE 1/0/5 GE1 /0/2 GE 1/0/2 Host C Switch B...
Page 574 42: IGMP S HAPTER NOOPING ONFIGURATION # Configure GigabitEthernet 1/0/3 to be a static router port. [SwitchA] interface GigabitEthernet 1/0/3 [SwitchA-GigabitEthernet1/0/3] igmp-snooping static-router-port vlan [SwitchA-GigabitEthernet1/0/3] quit 4 Configure Switch B # Enable IGMP Snooping globally. <SwitchB> system-view [SwitchB] igmp-snooping [SwitchB-igmp-snooping] quit # Create VLAN 100, assign GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to this VLAN, and enable IGMP Snooping in the VLAN.
Page 575 IGMP Snooping Configuration Examples Host port(s):total 1 port. GE1/0/2 (D) ( 00:03:23 ) MAC group(s): MAC group address:0100-5e01-0101 Host port(s):total 1 port. GE1/0/2 As shown above, GigabitEthernet 1/0/3 of Switch A has become a static router port. IGMP Snooping Querier Network requirements Configuration As shown in Figure 174, in a Layer-2-only network environment, Switch C is...
Page 576 42: IGMP S HAPTER NOOPING ONFIGURATION [SwitchA-vlan100] igmp-snooping enable [SwitchA-vlan100] igmp-snooping querier # Set the source IP address of IGMP general queries and group-specific queries to 192.168.1.1. [SwitchA-vlan100] igmp-snooping general-query source-ip 192.168.1.1 [SwitchA-vlan100] igmp-snooping special-query source-ip 192.168.1.1 2 Configure Switch B # Enable IGMP Snooping globally.
Page 577: Troubleshooting Igmp Snooping Configuration
Troubleshooting IGMP Snooping Configuration Troubleshooting IGMP Snooping Configuration Switch Fails in Layer 2 Symptom Multicast Forwarding A switch fails to implement Layer 2 multicast forwarding. Analysis IGMP Snooping is not enabled. Solution 1 Enter the display current-configuration command to view the running status of IGMP Snooping.
Page 578 42: IGMP S HAPTER NOOPING ONFIGURATION whether this configuration conflicts with the configured multicast group policy. If any conflict exists, remove the port as a static member of the multicast group.
Page 579: Mld Snooping Overview
MLD S NOOPING ONFIGURATION When configuring MLD Snooping, go to these sections for information you are interested in: “MLD Snooping Overview” on page 579 ■ “MLD Snooping Configuration Task List” on page 583 ■ “Displaying and Maintaining MLD Snooping” on page 595 ■...
Page 580 43: MLD S HAPTER NOOPING ONFIGURATION Figure 175 Before and after MLD Snooping is enabled on the Layer 2 device IPv6 multicast packet transmission IPv6 multicast packet transmission without MLD Snooping when MLD Snooping runs Multicast router Multicast router Source Source Layer 2 switch Layer 2 switch...
Page 581 MLD Snooping Overview switch registers all its local router ports (including static and dynamic router ports) in its router port list. Member port: A member port (also known as IPv6 multicast group member ■ port) is a port on the Ethernet switch that leads switch towards multicast group members.
Page 582 43: MLD S HAPTER NOOPING ONFIGURATION Membership reports A host sends an MLD report to the multicast router in the following circumstances: Upon receiving an MLD query, an IPv6 multicast group member host responds ■ with an MLD report. When intended to join an IPv6 multicast group, a host sends an MLD report to ■...
Page 583: Mld Snooping Configuration Task List
MLD Snooping Configuration Task List sends an MLD multicast-address-specific query to that IPv6 multicast group through the port that received the done message. Upon hearing the MLD multicast-address-specific query, the switch forwards it through all its router ports in the VLAN and all member ports for that IPv6 multicast group, and performs the following to the receiving port: If any MLD report in response to the MLD multicast-address-specific query is ■...
Page 584: Configuring Basic Functions Of Mld Snooping
43: MLD S HAPTER NOOPING ONFIGURATION Task Remarks “Configuring an MLD Snooping Policy” on “Configuring an IPv6 Multicast Optional page 591 Group Filter” on page 591 “Configuring IPv6 Multicast Optional Source Port Filtering” on page “Configuring Dropping Unknown Optional IPv6 Multicast Data” on page 593 “Configuring MLD Report Optional Suppression”...
Page 585: Configuring Mld Snooping Port Functions
Configuring MLD Snooping Port Functions To do… Use the command… Remarks Enter VLAN view vlan vlan-id Enable MLD Snooping in the mld-snooping enable Required VLAN Disabled by default MLD Snooping must be enabled globally before it can be enabled in a VLAN. ■...
Page 586 43: MLD S HAPTER NOOPING ONFIGURATION IPv6 multicast group and IPv6 multicast source addresses ■ Configuring Aging If the switch receives no MLD general queries or IPv6 PIM hello messages on a Timers for Dynamic dynamic router port, the switch removes the port from the router port list when Ports the aging timer of the port expires.
Page 587 Configuring MLD Snooping Port Functions To do… Use the command… Remarks Enter the Enter Ethernet port view interface Use either command corresponding view interface-type interface-number Enter port group view port-group { manual port-group-name | aggregation agg-id } Configure the port(s) as static member port(s) mld-snooping Required static-group...
Page 588 43: MLD S HAPTER NOOPING ONFIGURATION To do… Use the command… Remarks Enter the Enter Ethernet port interface Use either corresponding view view interface-type command interface-number Enter port group view port-group { manual port-group-name | aggregation agg-id } Configure simulated joining mld-snooping Required host-join...
Page 589: Configuring Mld Snooping Querier
Configuring MLD Snooping Querier To do… Use the command… Remarks Enable fast leave processing mld-snooping Required fast-leave [ vlan Disabled by default vlan-list ] CAUTION: If fast leave processing is enabled on a port to which more than one host is connected, when one host leaves an IPv6 multicast group, the other hosts connected to port and interested in the same IPv6 multicast group will fail to receive IPv6 multicast data addressed to that group.
Page 590 43: MLD S HAPTER NOOPING ONFIGURATION take part in MLD querier elections, it may affect MLD querier elections because it sends MLD general queries with a low source IPv6 address. Configuring MLD You can tune the MLD general query interval based on actual condition of the Queries and Responses network.
Page 591: Configuring An Mld Snooping Policy
Configuring an MLD Snooping Policy CAUTION: Make sure that the MLD query interval is greater than the maximum response time for MLD general queries; otherwise undesired deletion of IPv6 multicast members may occur. Configuring Source IPv6 This configuration allows you to change the source IPv6 address of MLD queries. Addresses of MLD Follow these steps to configure source IPv6 addresses of MLD queries: Queries...
Page 592 43: MLD S HAPTER NOOPING ONFIGURATION To do… Use the command… Remarks Enter system view system-view Enter MLD Snooping view mld-snooping Configure an IPv6 multicast group-policy Required group filter acl6-number [ vlan No IPv6 filter configured by vlan-list ] default, namely hosts can join any IPv6 multicast group.
Page 593 Configuring an MLD Snooping Policy To do… Use the command… Remarks Enter system view system-view Enter the Enter Ethernet interface interface-type Use either command corresponding view port view interface-number Enter port group port-group { manual view port-group-name | aggregation agg-id } Enable IPv6 multicast source port filtering mld-snooping Required...
Page 594 43: MLD S HAPTER NOOPING ONFIGURATION To do… Use the command… Remarks Enter system view system-view Enter MLD Snooping view mld-snooping Enable MLD report report-aggregation Optional suppression Enabled by default Configuring Maximum By configuring the maximum number of IPv6 multicast groups that can be joined Multicast Groups that on a port or a group of ports, you can limit the number of multicast programs that Can Be Joined on a...
Page 595: Displaying And Maintaining Mld Snooping
Displaying and Maintaining MLD Snooping If the IPv6 multicast group replacement is not enabled, new MLD reports will ■ be automatically discarded. Configuring IPv6 multicast group replacement globally Follow these steps to configure IPv6 multicast group replacement globally: To do… Use the command…...
Page 596: Mld Snooping Configuration Examples
43: MLD S HAPTER NOOPING ONFIGURATION MLD Snooping Configuration Examples Simulated Joining Network requirements As shown in Figure 177, Router A connects to the IPv6 multicast source through GigabitEthernet 1/0/2 and to Switch A through GigabitEthernet 1/0/1. Router A is the MLD querier on the subnet.
Page 597 MLD Snooping Configuration Examples # Enable MLD Snooping globally. <SwitchA> system-view [SwitchA] mld-snooping [SwitchA-mld-snooping] quit # Create VLAN 100, assign GigabitEthernet 1/0/1 through GigabitEthernet 1/0/4 to this VLAN, and enable MLD Snooping in the VLAN. [SwitchA] vlan 100 [SwitchA-vlan100] port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/4 [SwitchA-vlan100] mld-snooping enable [SwitchA-vlan100] quit # Enable simulated host joining on GigabitEthernet 1/0/3 and GigabitEthernet...
Page 598 43: MLD S HAPTER NOOPING ONFIGURATION Suppose STP runs on the network. To avoid data loops, the forwarding path ■ from Switch A to Switch C is blocked under normal conditions, and IPv6 multicast traffic flows to the receivers, Host A and Host C, attached to Switch C only along the path of Switch A-Switch B-Switch C.
Page 599 MLD Snooping Configuration Examples [RouterA-GigabitEthernet 1/0/2] pim ipv6 dm [RouterA-GigabitEthernet 1/0/2] quit 3 Configure Switch A # Enable MLD Snooping globally. <SwitchA> system-view [SwitchA] mld-snooping [SwitchA-mld-snooping] quit # Create VLAN 100, assign GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to this VLAN, and enable MLD Snooping in the VLAN. [SwitchA] vlan 100 [SwitchA-vlan100] port GigabitEthernet 1/0/1 to GigabitEthernet 1/0/3 [SwitchA-vlan100] mld-snooping enable...
Page 600 43: MLD S HAPTER NOOPING ONFIGURATION Total 1 IP Group(s). Total 1 IP Source(s). Total 1 MAC Group(s). Router port(s):total 2 port. GE1/0/1 (D) ( 00:01:30 ) GE1/0/3 IP group(s):the following ip group(s) match to one mac group. IP group address:FF1E::101 (::, FF1E::101): Attribute: Host Port...
Page 601 MLD Snooping Configuration Examples # Create VLAN 100 and add GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to VLAN 100. [SwitchA] vlan 100 [SwitchA-vlan100] port GigabitEthernet 1/0/1 GigabitEthernet 1/0/2 # Enable MLD Snooping in VLAN 100 and configure the MLD-Snooping querier feature. [SwitchA-vlan100] mld-snooping enable [SwitchA-vlan100] mld-snooping querier 2 Configure Switch B...
Page 602: Troubleshooting Mld Snooping
43: MLD S HAPTER NOOPING ONFIGURATION Troubleshooting MLD Snooping Switch Fails in Layer 2 Symptom Multicast Forwarding A switch fails to implement Layer 2 multicast forwarding. Analysis MLD Snooping is not enabled. Solution 1 Enter the display current-configuration command to view the running status of MLD Snooping.
Page 603 Troubleshooting MLD Snooping whether this configuration conflicts with the configured IPv6 multicast group policy. If any conflict exists, remove the port as a static member of the IPv6 multicast group.
Page 604 43: MLD S HAPTER NOOPING ONFIGURATION...
Page 605: Introduction To Multicast Vlan
VLAN C ULTICAST ONFIGURATION Introduction to As shown in Figure 180, in the traditional multicast programs-on-demand mode, Multicast VLAN when hosts that belong to different VLANs, Host A, Host B and Host C require multicast programs on demand service, Router A needs to forward a separate copy of the multicast data in each VLAN.
Page 606: Displaying And Maintaining Multicast Vlan
44: M VLAN C HAPTER ULTICAST ONFIGURATION To do… Use the command… Remarks Configure a specific VLAN as multicast-vlan vlan-id Required a multicast VLAN enable Disabled by default Configure sub-VLANs for a multicast-vlan vlan-id Required specific multicast VLAN subvlan vlan-list No sub-VLAN by default.
Page 607 Multicast VLAN Configuration Example Network diagram Figure 181 Network diagram for multicast VLAN configuration VLAN 1024 Source IGMP querier GE1 /0/2 1.1 .1.2/24 Router A GE1/0/1 1.1.1 .1/24 10.110.1.1/24 Vlan -int1024 10 .110 .1.2 /24 GE 1/0/1 Switch A GE1 /0/2 GE 1/0/4 GE 1/0/3 Receiver...
Page 608 44: M VLAN C HAPTER ULTICAST ONFIGURATION The configuration for VLAN 12 and VLAN 13 is similar to the configuration for VLAN 11. # Create VLAN 1024, assign GigabitEthernet 1/0/1 to this VLAN and enable IGMP Snooping in the VLAN. [SwitchA] vlan 1024 [SwitchA-vlan1024] port GigabitEthernet 1/0/1 [SwitchA-vlan1024] igmp-snooping enable...
Page 609: Introduction To Ipv6 Multicast Vlan
VLAN ULTICAST ONFIGURATION Introduction to IPv6 As shown in Figure 182, in the traditional IPv6 multicast programs-on-demand Multicast VLAN mode, when hosts that belong to different VLANs, Host A, Host B and Host C require IPv6 multicast programs on demand service, Router A needs to forward a separate copy of the IPv6 multicast data in each VLAN.
Page 610: Ipv6 Multicast Vlan Configuration Examples
45: IP VLAN C HAPTER ULTICAST ONFIGURATION To do… Use the command… Remarks Configure a specific VLAN as multicast-vlan ipv6 vlan-id Required an IPv6 multicast VLAN enable By default, no VLAN is an IPv6 multicast VLAN. Configure sub-VLANs for a multicast-vlan ipv6 vlan-id Required multicast VLAN...
Page 611 IPv6 Multicast VLAN Configuration Examples Network diagram Figure 183 Network diagram for IPv6 multicast VLAN configuration VLAN 1024 Source MLD querier GE1 /0/2 1::2/64 Router A GE1/0/1 1 ::1/64 2001 ::1/64 Vlan -int1024 2001 ::2 /64 GE 1/0/1 Switch A GE1 /0/2 GE 1/0/4 GE 1/0/3...
Page 612 45: IP VLAN C HAPTER ULTICAST ONFIGURATION [SwitchA] vlan 11 [SwitchA-vlan11] port GigabitEthernet 1/0/2 [SwitchA-vlan11] quit The configuration for VLAN 12 and VLAN 13 is similar. The detailed configuration steps are omitted. # Create VLAN 1024, add GigabitEthernet 1/0/1 to VLAN 1024, and enable MLD Snooping in this VLAN.
Page 613: Igmp C
IGMP C ONFIGURATION When configuring IGMP, go to the following sections for the information you are interested in: “IGMP Overview” on page 613 ■ “IGMP Configuration Task List” on page 617 ■ “IGMP Configuration Example” on page 624 ■ “Troubleshooting IGMP” on page 626 ■...
Page 614 46: IGMP C HAPTER ONFIGURATION Figure 184 Joining multicast groups Router A Router B Ethernet Host A Host B Host C (G2) (G1) (G1) Query Report Assume that Host B and Host C are expected to receive multicast data addressed to multicast group G1, while Host A is expected to receive multicast data addressed to G2, as shown in Figure 184.
Page 615 IGMP Overview address being the address of that multicast group. If no member of a multicast group exists on the subnet, the IGMP routers will not receive any report addressed to that multicast group, so the routers will delete the multicast forwarding entries corresponding to that multicast group after a period of time.
Page 616 46: IGMP C HAPTER ONFIGURATION Enhancements in IGMPv3 The support for the Exclude mode varies with device models. Built upon and being compatible with IGMPv1 and IGMPv2, IGMPv3 provides hosts with enhanced control capabilities and provides enhancements of query and report messages.
Page 617: Igmp Configuration Task List
IGMP Configuration Task List Enhancements in query and report capabilities 1 Query message carrying the source addresses IGMPv3 supports not only general queries (feature of IGMPv1) and group-specific queries (feature of IGMPv2), but also group-and-source-specific queries. A general query does not carry a group address, nor a source address; ■...
Page 618: Configuring Basic Functions Of Igmp
46: IGMP C HAPTER ONFIGURATION Task Description “Configuring Basic Functions of IGMP” on “Enabling IGMP” on page 618 Required page 618 “Configuring IGMP Versions” on Optional page 619 “Configuring a Static Member of a Optional Multicast Group” on page 619 “Configuring a Multicast Group Optional Filter”...
Page 619 Configuring Basic Functions of IGMP To do… Use the command… Description Enable IP multicast routing multicast routing-enable Required Disabled by default Enter interface view interface interface-type interface-number Enable IGMP igmp enable Required Disabled by default Configuring IGMP Because messages vary with different IGMP versions, the same IGMP version Versions should be configured for all routers on the same subnet before IGMP can work properly.
Page 620: Adjusting Igmp Performance
46: IGMP C HAPTER ONFIGURATION Before you can configure an interface of a PIM-SM device as a static member ■ of a multicast group, if the interface is PIM-SM enabled, it must be a PIM-SM DR; if this interface is IGMP enabled but not PIM-SM enabled, it must be an IGMP querier.
Page 621 Adjusting IGMP Performance By default, for the consideration of compatibility, the device does not check the ■ Router-Alert option, namely it processes all the IGMP messages it received. In this case, IGMP messages are directly passed to the upper layer protocol, no matter whether the IGMP messages carry the Router-Alert option or not.
Page 622 46: IGMP C HAPTER ONFIGURATION IGMP is robust to “robustness variable minus 1" packet losses on a network. Therefore, a greater value of the robustness variable makes the IGMP querier “more robust”, but results in a longer multicast group timeout time. Upon receiving an IGMP query (general query or group-specific query), a host starts a delay timer for each multicast group it has joined.
Page 623: Displaying And Maintaining Igmp
Displaying and Maintaining IGMP To do… Use the command… Description Enter system view system-view Enter interface view interface interface-type interface-number Configure IGMP query interval igmp timer query interval Optional 60 seconds by default Configure the IGMP querier igmp robust-count Optional robustness variable robust-value 2 by default...
Page 624: Igmp Configuration Example
46: IGMP C HAPTER ONFIGURATION To do… Use the command… Description View IGMP configuration and display igmp interface [ interface-type Available in any running information interface-number ] [ verbose ] view View routing information in the display igmp routing-table Available in any IGMP routing table [ source-address [ mask { mask | view...
Page 625 IGMP Configuration Example Network diagram Figure 186 Network diagram for IGMP configuration Receiver PIM network Host A Vlan-int101 Vlan -int100 10 .110 .1.1/24 Switch A Host B Querier Vlan -int200 Receiver 10 .110 .2.1/24 Vlan-int201 Host C Switch B Vlan -int200 10 .110 .2.2/24 Vlan-int202 Host D...
Page 626: Troubleshooting Igmp
46: IGMP C HAPTER ONFIGURATION # Enable IP multicast routing on Switch C, and enable IGMP (version 2) on VLAN-interface 200. <SwitchC> system-view [SwitchC] multicast routing-enable [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] igmp enable [SwitchC-Vlan-interface200] igmp version 2 [SwitchC-Vlan-interface200] quit 3 Verify the configuration Carry out the display igmp interface command to view the IGMP configuration and running status on each switch interface.
Page 627 Troubleshooting IGMP abnormal. Typically this is because the shutdown command has been executed on the interface, or the interface connection is incorrect, or no correct IP address has been configured on the interface. 5 Check that no ACL rule has been configured to restrict the host from joining the multicast group G.
Page 628 46: IGMP C HAPTER ONFIGURATION...
Page 629: Pim Overview
PIM C ONFIGURATION When configuring PIM, go to these sections for information you are interested in: “PIM Overview” on page 629 ■ “Configuring PIM-DM” on page 641 ■ “Configuring PIM-SM” on page 643 ■ “Configuring PIM-SSM” on page 652 ■ “Configuring PIM Common Information”...
Page 630 47: PIM C HAPTER ONFIGURATION PIM-DM assumes that at least one multicast group member exists on each ■ subnet of a network, and therefore multicast data is flooded to all nodes on the network. Then, branches without multicast forwarding are pruned from the forwarding tree, leaving only those branches that contain receivers.
Page 631 PIM Overview A prune process is first initiated by a leaf router. As shown in Figure 187, a router without any receiver attached to it (the router connected with Host A, for example) sends a prune message, and this prune process goes on until only necessary branches are left in the PIM-DM domain.
Page 632 47: PIM C HAPTER ONFIGURATION Figure 188 Assert mechanism Router A Router B Ethernet Assert message Multicast packets Receiver Router C As shown in Figure 188, after Router A and Router B receive an (S, G) packet from the upstream node, they both forward the packet to the local subnet. As a result, the downstream node Router C receives two identical multicast packets, and both Router A and Router B, on their own local interface, receive a duplicate packet forwarded by the other.
Page 633 PIM Overview When a receiver is interested in the multicast data addressed to a specific ■ multicast group, the router connected to this receiver sends a join message to the RP corresponding to that multicast group. The path along which the message goes hop by hop to the RP forms a branch of the RPT.
Page 634 47: PIM C HAPTER ONFIGURATION Figure 189 DR election Receiver Source Receiver Hello message Register message Join message As shown in Figure 189, the DR election process is as follows: 1 Routers on the multi-access network send hello messages to one another. The hello messages contain the router priority for DR election.
Page 635 PIM Overview domain, and the position of the RP corresponding to each multicast group is calculated through the BSR mechanism. Figure 190 shows the positions of C-RPs and the BSR in the network. Figure 190 BSR and C-RPs PIM-SM C-RP C-RP C-BSR C-RP...
Page 636 47: PIM C HAPTER ONFIGURATION The multicast data addressed to the multicast group G flows through the RP, reaches the corresponding DR along the established RPT, and finally is delivered to the receiver. When a receiver is no longer interested in the multicast data addressed to a multicast group G, the directly connected DR sends a prune message, which goes hop by hop along the RPT to the RP.
Page 637 PIM Overview Switchover from RPT to SPT Initially, multicast traffic flows along an RPT from the RP to the receivers. Because the RPT is not necessarily the tree that has the shortest path, upon receiving the first multicast packet along the RPT (by default), or when detecting that the multicast traffic rate reaches a configurable threshold (if so configured), the receiver-side DR initiates an RPT-to-SPT switchover process, as follows: 1 First, the receiver-side DR sends an (S, G) join message hop by hop to the multicast...
Page 638 47: PIM C HAPTER ONFIGURATION Figure 193 Relationship between BSR admin-scope regions and the global scope zone in geographic space C-RP BSR 2 C-RP C-RP BSR 1 BSR 3 C-RP Global C-RP C-RP BSR admin-scope regions are geographically separated from one another. Namely, a router must not serve different BSR admin-scope regions.
Page 639 PIM Overview The global scope zone and each BSR admin-scope region have their own C-RPs ■ and BSR. These devices are effective only in their respective admin-scope regions. Namely, the BSR election and RP election are implemented independently within each admin-scope region. Each BSR admin-scope region has its own boundary.
Page 640 47: PIM C HAPTER ONFIGURATION Figure 195 SPT establishment in PIM-SSM Host A Source Receiver Host B Server Receiver Subscribe message Multicast packets Host C As shown in Figure 195, Host B and Host C are multicast information receivers. They send IGMPv3 report messages denoted as (Include S, G) to the respective DRs to express their interest in the information of the specific multicast source S.
Page 641: Configuring Pim-Dm
Configuring PIM-DM draft-ietf-pim-v2-dm-03: Protocol Independent Multicast Version 2 Dense ■ Mode Specification draft-ietf-pim-sm-bsr-03: Bootstrap Router (BSR) Mechanism for PIM Sparse ■ Mode draft-ietf-ssm-arch-02: Source-Specific Multicast for IP ■ draft-ietf-ssm-overview-04: An Overview of Source-Specific Multicast (SSM) ■ Configuring PIM-DM PIM-DM Configuration Complete these tasks to configure PIM-DM: Task List Task...
Page 642 47: PIM C HAPTER ONFIGURATION CAUTION: All the interfaces of the same router must work in the same PIM mode. ■ PIM-DM cannot be used for multicast groups in the SSM group grange. ■ Enabling State Refresh An interface without the state refresh capability cannot forward state refresh messages.
Page 643: Configuring Pim-Sm
Configuring PIM-SM Configuring PIM-DM In PIM-DM, graft is the only type of message that uses the acknowledgment Graft Retry Period mechanism. In a PIM-DM domain, if a router does not receive a graft-ack message from the upstream router within the specified time after it sends a graft message, the router keeps sending new graft messages at a configurable interval, namely graft retry period, until it receives a graft-ack from the upstream router.
Page 644 47: PIM C HAPTER ONFIGURATION Before configuring PIM-SM, prepare the following data: An ACL rule defining a legal BSR address range ■ Hash mask length for RP selection calculation ■ C-BSR priority ■ Bootstrap interval ■ Bootstrap timeout time ■ An ACL rule defining a legal C-RP address range and the range of multicast ■...
Page 645 Configuring PIM-SM You can configure these parameters at three levels: global configuration level, ■ global scope level, and BSR admin-scope level. By default, the global scope parameters and BSR admin-scope parameters are ■ those configured at the global configuration level. Parameters configured at the global scope level or BSR admin-scope level have ■...
Page 646 47: PIM C HAPTER ONFIGURATION Follow these steps to complete basic C-BSR configuration: To do… Use the command… Remarks Enter system view system-view Enter PIM view Configure an interface as a c-bsr interface-type Required C-BSR interface-number No C-BSR is configured by [ hash-length [ priority ] ] default Configure a legal BSR address...
Page 647 Configuring PIM-SM To do… Use the command… Remarks Enable BSR administrative c-bsr admin-scope Required scoping Disabled by default Configure an admin-scope c-bsr group group-address Optional C-BSR { mask | mask-length } No admin-scope BSRs by [ hash-length hash-length | default priority priority ] * Configuring a BSR admin-scope region boundary A BSR has its specific service scope.
Page 648 47: PIM C HAPTER ONFIGURATION By default, the bootstrap timeout time is determined by this formula: Bootstrap ■ timeout = Bootstrap interval × 2 + 10. The default bootstrap interval is 60 seconds, so the default bootstrap timeout = 60 × 2 + 10 = 130 (seconds). If this parameter is manually configured, the system will use the configured ■...
Page 649 Configuring PIM-SM every C-BSR has a chance to become the BSR, you need to configure the same filtering policy on all C-BSRs. Follow these steps to configure a C-RP: To do… Use the command… Remarks Enter system view system-view Enter PIM view Configure an interface to be a c-rp interface-type interface-number Optional...
Page 650 47: PIM C HAPTER ONFIGURATION To do… Use the command… Remarks Enter system view system-view Enter PIM view Configure the C-RP-Adv c-rp advertisement-interval Optional interval interval 60 seconds by default Configure C-RP timeout time c-rp holdtime interval Optional 150 seconds by default The commands introduced in this section are to be configured on C-RPs.
Page 651 Configuring PIM-SM To do… Use the command… Remarks Configure a filtering rule for register-policy acl-number Optional register messages No register filtering rule by default Configure the device to register-header-checksum Optional calculate the checksum based By default, the checksum is on the entire register calculated based on the messages header of register messages...
Page 652: Configuring Pim-Ssm
47: PIM C HAPTER ONFIGURATION Configuring PIM-SSM The PIM-SSM model needs the support of IGMPv3. Therefore, be sure to enable IGMPv3 on PIM routers with multicast receivers. PIM-SSM Configuration Complete these tasks to configure PIM-SSM: Task List Task Remarks “Enabling PIM-SM” on page 652 Required “Configuring the SSM Group Range”...
Page 653: Configuring Pim Common Information
Configuring PIM Common Information To do… Use the command… Remarks Enter system view system-view Enter PIM view Configure the SSM group ssm-policy acl-number Optional range 232.0.0.0/8 by default The commands introduced in this section are to be configured on all routers in the PIM domain.
Page 654 47: PIM C HAPTER ONFIGURATION Prune delay (global value/interface level value) ■ Prune override interval (global value/interface level value) ■ Hello interval (global value/interface level value) ■ Maximum delay between hello message (interface level value) ■ Assert timeout time (global value/interface value) ■...
Page 655 Configuring PIM Common Information neighbor tracking flag bit. You can configure this parameter on all routers in the PIM domain. If different LAN-delay or override-interval values result from the negotiation among all the PIM routers, the largest value will take effect. The LAN-delay setting will cause the upstream routers to delay processing received prune messages.
Page 656 47: PIM C HAPTER ONFIGURATION Configuring hello options on an interface Follow these steps to configure hello options on an interface: To do… Use the command… Remarks Enter system view system-view Enter interface view interface interface-type interface-number Configure the priority for DR pim hello-option dr-priority Optional election...
Page 657 Configuring PIM Common Information To do… Use the command… Remarks Enter PIM view Configure the hello interval timer hello interval Optional 30 seconds by default Configure assert timeout time holdtime assert interval Optional 180 seconds by default Configure the join/prune timer join-prune interval Optional interval...
Page 658: Displaying And Maintaining Pim
47: PIM C HAPTER ONFIGURATION To do… Use the command… Remarks Configure the maximum size jp-pkt-size packet-size Optional of a join/prune message 8,100 bytes by default Configure the maximum jp-queue-size queue-size Optional number of (S, G) entries in a 1,020 by default join/prune message Displaying and Maintaining PIM...
Page 659: Pim Configuration Examples
PIM Configuration Examples PIM Configuration Examples PIM-DM Configuration Network requirements Example Receivers receive VOD information through multicast. The receiver groups of ■ different organizations form stub networks, and one or more receiver hosts exist in each stub network. The entire PIM domain operates in the dense mode. Host A and Host C are multicast receivers in two stub networks.
Page 660 47: PIM C HAPTER ONFIGURATION Switch C Vlan-int200 10.110.2.2/24 Vlan-int102 192.168.3.1/24 Configuration procedure 1 Configure the interface IP addresses and unicast routing protocol for each switch Configure the IP address and subnet mask for each interface as per Figure 196. Detailed configuration steps are omitted here.
Page 661 PIM Configuration Examples Vlan101 192.168.2.2 (local) Vlan102 192.168.3.2 (local) Carry out the display pim neighbor command to view the PIM neighboring relationships among the switches. For example: # View the PIM neighboring relationships on Switch D. [SwitchD] display pim neighbor Total Number of Neighbors = 3 Neighbor Interface...
Page 662 47: PIM C HAPTER ONFIGURATION Downstream interface(s) information: Total number of downstreams: 3 1: Vlan-interface103 Protocol: pim-dm, UpTime: 00:03:27, Expires: never 2: Vlan-interface101 Protocol: pim-dm, UpTime: 00:03:27, Expires: never 3: Vlan-interface102 Protocol: pim-dm, UpTime: 00:03:27, Expires: never PIM-SM Configuration Network requirements Example Receivers receive VOD information through multicast.
Page 663 PIM Configuration Examples Network diagram Figure 197 Network diagram for PIM-SM domain configuration Receiver Host A Switch A Vlan -int100 Vlan -int102 Host B Vlan -int102 Receiver Vlan -int300 Vlan -int105 Vlan -int103 Vlan -int200 Vlan -int105 Vlan -int103 Source Vlan -int104 Switch D Switch E...
Page 664 47: PIM C HAPTER ONFIGURATION <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] igmp enable [SwitchA-Vlan-interface100] pim sm [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] pim sm [SwitchA-Vlan-interface101] quit [SwitchA] interface vlan-interface 102 [SwitchA-Vlan-interface102] pim sm [SwitchA-Vlan-interface102] quit The configuration on Switch B and Switch C is similar to that on Switch A.
Page 665 PIM Configuration Examples [SwitchE] display pim bsr-info Elected BSR Address: 192.168.9.2 Priority: 0 Hash mask length: 30 State: Elected Scope: Not scoped Uptime: 00:00:18 Next BSR message scheduled at: 00:01:52 Candidate BSR Address: 192.168.9.2 Priority: 0 Hash mask length: 30 State: Pending Scope: Not scoped Candidate RP: 192.168.9.2(Vlan-interface102)
Page 666 47: PIM C HAPTER ONFIGURATION UpTime: 00:00:42 Upstream interface: Vlan-interface101, Upstream neighbor: 192.168.9.2 RPF prime neighbor: 192.168.9.2 Downstream interface(s) information: Total number of downstreams: 1 1: Vlan-interface100 Protocol: pim-sm, UpTime: 00:00:42, Expires:00:03:06 The information on Switch B and Switch C is similar to that on Switch A. # View the PIM routing table information on Switch D.
Page 667 PIM Configuration Examples IGMPv3 is to run between Switch A and N1, and between Switch B/Switch C ■ and N2. Network diagram Figure 198 Network diagram for PIM-SSM configuration Receiver Host A Switch A Vlan -int100 Vlan -int102 Host B Vlan -int102 Receiver Vlan -int300...
Page 668 47: PIM C HAPTER ONFIGURATION # Enable IP multicast routing on Switch A, enable PIM-SM on each interface, and enable IGMPv3 on VLAN-interface 100, which connects Switch A to the stub network. <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] igmp enable [SwitchA-Vlan-interface100] igmp version 3 [SwitchA-Vlan-interface100] pim sm...
Page 669: Troubleshooting Pim Configuration
Troubleshooting PIM Configuration (10.110.5.100, 232.1.1.1) Protocol: pim-ssm, Flag: UpTime: 00:13:25 Upstream interface: Vlan-interface101 Upstream neighbor: 192.168.1.2 RPF prime neighbor: 192.168.1.2 Downstream interface(s) information: Total number of downstreams: 1 1: Vlan-interface100 Protocol: igmp, UpTime: 00:13:25, Expires: - The information on Switch B and Switch C is similar to that on Switch A. # View the PIM routing table information on Switch D.
Page 670 47: PIM C HAPTER ONFIGURATION existing unicast route, and is independent of PIM. The RPF interface must be PIM-enabled, and the RPF neighbor must also be a PIM neighbor. If PIM is not enabled on the router where the RPF interface or the RPF neighbor resides, the establishment of a multicast distribution tree will surely fail, causing abnormal multicast forwarding.
Page 671 Troubleshooting PIM Configuration Solution 1 Check the multicast forwarding boundary configuration. Use the display current-configuration command to check the multicast forwarding boundary settings. Use the multicast boundary command to change the multicast forwarding boundary settings. 2 Check the multicast filter configuration. Use the display current-configuration command to check the multicast filter configuration.
Page 672 47: PIM C HAPTER ONFIGURATION The RP is the core of a PIM-SM domain. Make sure that the RP information on ■ all routers is exactly the same, a specific group G is mapped to the same RP, and unicast routes are available to the RP. Solution 1 Check whether routes to C-RPs, the RP and the BSR are available.
Page 673: Msdp C
MSDP C ONFIGURATION When configuring MSDP, go to these sections for information you are interested “MSDP Overview” on page 673 ■ “MSDP Configuration Task List” on page 679 * MERGEFORMAT ■ “Displaying and Maintaining MSDP” on page 685 ■ “MSDP Configuration Examples” on page 685 ■...
Page 674 48: MSDP C HAPTER ONFIGURATION interconnected in series. Relayed by these MSDP peers, an SA message sent by an RP can be delivered to all other RPs. Figure 199 Where MSDP peers are in the network PIM-SM 1 PIM-SM 2 Router A Router B Source...
Page 675 MSDP Overview Implementing inter-domain multicast delivery by leveraging MSDP peers As shown in Figure 200, an active source (Source) exists in the domain PIM-SM 1, and RP 1 has learned the existence of Source through multicast source registration. If RPs in PIM-SM 2 and PIM-SM 3 also wish to know the specific location of Source so that receiver hosts can receive multicast traffic originated from it, MSDP peering relationships should be established between RP 1 and RP 3 and between RP 3 and RP 2 respectively.
Page 676 48: MSDP C HAPTER ONFIGURATION 5 Upon receiving the SA message create by RP 1, RP 2 in PIM-SM 2 checks whether there are any receivers for the multicast group in the domain. 6 If so, the RPT for the multicast group G is maintained between RP 2 and the receivers.
Page 677 MSDP Overview As illustrated in Figure 201, these MSDP peers dispose of SA messages according to the following RPF check rules: 1 When RP 2 receives an SA message from RP 1 Because the source-side RP address carried in the SA message is the same as the MSDP peer address, which means that the MSDP peer where the SA is from is the RP that has created the SA message, RP 2 accepts the SA message and forwards it to its other MSDP peer (RP 3).
Page 678 48: MSDP C HAPTER ONFIGURATION Usually an Anycast RP address is configured on a logic interface, like a loopback interface. Figure 202 Typical network diagram of Anycast RP RP 1 RP 2 Router B Router A Source Receiver PIM-SM MSDP peers SA message The work process of Anycast RP is as follows: 1 The multicast source registers with the nearest RP.
Page 679: Msdp Configuration Task List
MSDP Configuration Task List Protocols and Standards MSDP is documented in the following specifications: RFC 3618: Multicast Source Discovery Protocol (MSDP) ■ RFC 3446: Anycast Rendezvous Point (RP) mechanism using Protocol ■ Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) MSDP Configuration Complete these tasks to configure MSDP: Task List...
Page 680: Configuring An Msdp Peer Connection
48: MSDP C HAPTER ONFIGURATION To do… Use the command… Remarks Enter system view system-view Enable IP multicast routing multicast routing-enable Required Disabled by default Enable MSDP and enter MSDP msdp Required view Disabled by default Creating an MSDP Peer An MSDP peering relationship is identified by an address pair, namely the address Connection of the local MSDP peer and that of the remote MSDP peer.
Page 681 Configuring an MSDP Peer Connection Before configuring an MSDP peer connection, prepare the following data: Description information of MSDP peers ■ Name of an MSDP mesh group ■ MSDP peer connection retry interval ■ Configuring MSDP Peer With the MSDP peer description information, the administrator can easily Description distinguish different MSDP peers and thus better manage MSDP peers.
Page 682: Configuring Sa Messages Related Parameters
48: MSDP C HAPTER ONFIGURATION Configuring MSDP Peer MSDP peers are interconnected over TCP (port number 639). You can flexibly Connection Control control sessions between MSDP peers by manually deactivating and reactivating the MSDP peering connections. When the connection between two MSDP peers is deactivated, SA messages will no longer be delivered between them, and the TCP connection is closed without any connection setup retry, but the configuration information will remain unchanged.
Page 683 Configuring SA Messages Related Parameters If the source-side RP is enabled to encapsulate register messages in SA messages, when there is a multicast packet to deliver, the source-side RP encapsulates a register message containing the multicast packet in an SA message and sends it out.
Page 684 48: MSDP C HAPTER ONFIGURATION Configuring an SA By configuring an SA message creation rule, you can enable the router to filter the Message Filtering Rule (S, G) entries to be advertised when creating an SA message, so that the propagation of messages of multicast sources is controlled.
Page 685: Displaying And Maintaining Msdp
Displaying and Maintaining MSDP To do… Use the command… Remarks Enter system view system-view Enter MSDP view msdp Enable the SA message cache cache-sa-enable Optional mechanism Enabled by default Configure the maximum peer peer-address Optional number of SA messages the sa-cache-maximum sa-limit 8192 by default router can cache...
Page 686 48: MSDP C HAPTER ONFIGURATION Network diagram Figure 203 Network diagram for inter-AS multicast configuration leveraging BGP routes AS 100 AS 200 Receiver Receiver Loop 0 Switch F Switch E Vlan -int105 Source 1 Vlan -int105 Vlan-int102 Vlan -int100 PIM-SM 3 Switch A PIM-SM 2 Vlan-int102...
Page 687 MSDP Configuration Examples <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchA] interface vlan-interface 103 [SwitchA-Vlan-interface103] pim sm [SwitchA-Vlan-interface103] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] pim sm [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] igmp enable [SwitchA-Vlan-interface200] pim sm [SwitchA-Vlan-interface200] quit The configuration on Switch B, Switch C, Switch D, Switch E, and Switch F is similar to the configuration on Switch A.
Page 688 48: MSDP C HAPTER ONFIGURATION [SwitchB] ospf 1 [SwitchB-ospf-1] import-route bgp [SwitchB-ospf-1] quit The configuration on Switch C and Switch E is similar to the configuration on Switch B. 5 Configure MSDP peers # Configure an MSDP peer on Switch B. [SwitchB] msdp [SwitchB-msdp] peer 192.168.1.2 connect-interface vlan-interface 101 [SwitchB-msdp] quit...
Page 689 MSDP Configuration Examples To view the BGP routing table information on the switches, use the display bgp routing-table command. For example: # View the BGP routing table information on Switch C. [SwitchC] display bgp routing-table Total Number of Routes: 13 BGP Local router ID is 2.2.2.2 Status codes: * - valid, >...
Page 690 48: MSDP C HAPTER ONFIGURATION Description: Information about connection status: State: Up Up/down time: 00:15:47 Resets: 0 Connection interface: Vlan-interface101 (192.168.1.1) Number of sent/received messages: 16/16 Number of discarded output messages: 0 Elapsed time since last connection or counters clear: 00:17:51 Information about (Source, Group)-based SA filtering policy: Import policy: none Export policy: none...
Page 691 MSDP Configuration Examples Network diagram Figure 204 Network diagram for inter-AS multicast configuration leveraging static RPF peers AS 100 AS 200 PIM-SM 3 Receiver Vlan -int105 Vlan -int105 Switch E Switch F Source 1 Loop 0 Vlan -int100 Receiver Switch A PIM-SM 2 Vlan-int101 Vlan -int104...
Page 692 48: MSDP C HAPTER ONFIGURATION <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchA] interface vlan-interface 103 [SwitchA-Vlan-interface103] pim sm [SwitchA-Vlan-interface103] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] pim sm [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] igmp enable [SwitchA-Vlan-interface200] pim sm [SwitchA-Vlan-interface200] quit The configuration on Switch B, Switch C, Switch D, Switch E, and Switch F is similar to the configuration on Switch A.
Page 693 MSDP Configuration Examples [SwitchE] ip ip-prefix list-c permit 192.168.0.0 16 greater-equal 16 less-equal 32 [SwitchE] msdp [SwitchE-msdp] peer 192.168.3.2 connect-interface vlan-interface 102 [SwitchE-msdp] static-rpf-peer 192.168.3.2 rp-policy list-c [SwitchE-msdp] quit 5 Verify the configuration Carry out the display bgp peer command to view the BGP peering relationships between the switches.
Page 694 48: MSDP C HAPTER ONFIGURATION Network diagram Figure 205 Network diagram for anycast RP configuration Source 1 Source 2 Switch A Switch C Switch E Vlan-int300 Vlan -int400 Receiver 1 Receiver 2 Switch B Switch D Vlan -int100 Vlan -int200 Loop 10 Loop 10 PIM-SM...
Page 695 MSDP Configuration Examples [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] igmp enable [SwitchB-Vlan-interface100] pim sm [SwitchB-Vlan-interface100] quit [SwitchB] interface vlan-interface 103 [SwitchB-Vlan-interface103] pim sm [SwitchB-Vlan-interface103] quit [SwitchB] interface Vlan-interface 101 [SwitchB-Vlan-interface101] pim sm [SwitchB-Vlan-interface101] quit [SwitchB] interface loopback 0 [SwitchB-LoopBack0] pim sm [SwitchB-LoopBack0] quit [SwitchB] interface loopback 10 [SwitchB-LoopBack10] pim sm...
Page 696 48: MSDP C HAPTER ONFIGURATION [SwitchD] display msdp brief MSDP Peer Brief Information Configured Listen Connect Shutdown Down Peer’s Address State Up/Down time SA Count Reset Count 1.1.1.1 00:10:18 To view the PIM routing information on the switches, use the display pim routing-table command.
Page 697: Troubleshooting Msdp
Troubleshooting MSDP [SwitchD] display pim routing-table Total 1 (*, G) entry; 1 (S, G) entry (*, 225.1.1.1) RP: 10.1.1.1 (local) Protocol: pim-sm, Flag: WC UpTime: 00:12:07 Upstream interface: Register Upstream neighbor: NULL RPF prime neighbor: NULL Downstream interface(s) information: Total number of downstreams: 1 1: Vlan-interface200 Protocol: igmp, UpTime: 00:12:07, Expires: - (10.110.6.100, 225.1.1.1)
Page 698 48: MSDP C HAPTER ONFIGURATION No SA Entries in the Symptom Router’s SA Cache MSDP fails to send (S, G) entries through SA messages. Analysis The import-source command is used to control sending (S, G) entries through ■ SA messages to MSDP peers. If this command is executed without the acl-number argument, all the (S, G) entries will be filtered off, namely no (S, G) entries of the local domain will be advertised.
Page 699 Troubleshooting MSDP 4 Verify that the C-BSR address is different from the anycast RP address.
Page 700 48: MSDP C HAPTER ONFIGURATION...
Page 701: Multicast Routing And Forwarding Configuration
ULTICAST OUTING AND ORWARDING ONFIGURATION When configuring multicast routing and forwarding, go to these sections for information you are interested in: “Multicast Routing and Forwarding Overview” on page 701 ■ “Configuring Multicast Routing and Forwarding” on page 706 ■ “Displaying and Maintaining Multicast Routing and Forwarding” on page 709 ■...
Page 702 49: M HAPTER ULTICAST OUTING AND ORWARDING ONFIGURATION Implementation of the RPF mechanism Upon receiving a multicast packet that a multicast source S sends to a multicast group G, the router first searches its multicast forwarding table: 1 If the corresponding (S, G) entry exists, and the interface on which the packet actually arrived is the incoming interface in the multicast forwarding table, the router forwards the packet to all the outgoing interfaces.
Page 703 Multicast Routing and Forwarding Overview destination address. The corresponding routing entry explicitly defines the RPF interface and the RPF neighbor. 4 Then, the router selects one from these two optimal routes as the RPF route. The selection is as follows: 5 If configured to use the longest match principle, the router selects the longest match route from the two;...
Page 704 49: M HAPTER ULTICAST OUTING AND ORWARDING ONFIGURATION 2. This means that the interface on which the packet actually arrived is not the RPF interface. The RPF check fails and the packet is discarded. A multicast packet from Source arrives on VLAN-interface 2 of Switch C, and ■...
Page 705: Configuration Task List
Configuration Task List multicast information from Source travels from Switch A to Switch B and then to Switch C. Multicast Traceroute The multicast traceroute utility is used to trace the path that a multicast stream flows down from the multicast source to the last-hop router. Concepts in multicast traceroute 1 Last-hop router: If a router has one of its interfaces connecting to the subnet the given destination address is on, and if the router is able to forward multicast...
Page 706: Configuring Multicast Routing And Forwarding
49: M HAPTER ULTICAST OUTING AND ORWARDING ONFIGURATION Configuring Multicast Routing and Forwarding Configuration Before configuring multicast routing and forwarding, complete the following Prerequisites tasks: Configure a unicast routing protocol so that all devices in the domain are ■ interoperable at the network layer. Enable PIM (PIM-DM or PIM-SM).
Page 707 Configuring Multicast Routing and Forwarding To do… Use the command… Remarks Enter system view system-view Configure a multicast ip rpf-route-static source-address { mask | Required static route mask-length } [ protocol [ process-id ] ] No multicast [ route-policy policy-name ] { rpf-nbr-address | static route interface-type interface-number } [ preference configured by...
Page 708 49: M HAPTER ULTICAST OUTING AND ORWARDING ONFIGURATION To do… Use the command… Remarks Enter system view system-view Enter interface view interface interface-type interface-number Configure a multicast multicast boundary Required forwarding boundary group-address { mask | No forwarding boundary by mask-length } default Configuring the...
Page 709: Displaying And Maintaining Multicast Routing And Forwarding
Displaying and Maintaining Multicast Routing and Forwarding Displaying and Maintaining Multicast To do… Use the command… Remarks Routing and View the multicast display multicast boundary [ group-address Available in Forwarding boundary information [ mask | mask-length ] ] [ interface any view interface-type interface-number ] View the multicast...
Page 710 49: M HAPTER ULTICAST OUTING AND ORWARDING ONFIGURATION Switch A, Switch B and Switch C run OSPF. ■ Typically, Receiver can receive the multicast data from Source through the path ■ Switch A - Switch B, which is the same as the unicast route. Perform the following configuration so that Receiver can receive the multicast ■...
Page 711 Configuration Examples [SwitchB-Vlan-interface101] quit [SwitchB] interface vlan-interface 102 [SwitchB-Vlan-interface102] pim dm [SwitchB-Vlan-interface102] quit # Enable IP multicast routing on Switch A, and enable PIM-DM on each interface. <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] pim dm [SwitchA-Vlan-interface200] quit [SwitchA] interface vlan-interface 102 [SwitchA-Vlan-interface102] pim dm [SwitchA-Vlan-interface102] quit...
Page 712 49: M HAPTER ULTICAST OUTING AND ORWARDING ONFIGURATION Switch B and Switch C run OSPF, and have no unicast routes to Switch A. ■ Typically, Receiver can receive the multicast data from Source 1 in the OSPF ■ domain. Perform the following configuration so that Receiver can receive multicast data ■...
Page 713: Troubleshooting Multicast Routing And Forwarding
Troubleshooting Multicast Routing and Forwarding [SwitchC-Vlan-interface300] pim dm [SwitchC-Vlan-interface300] quit [SwitchC] interface vlan-interface 102 [SwitchC-Vlan-interface102] pim dm [SwitchC-Vlan-interface102] quit The configuration on Switch B is similar to that on Switch A. The specific configuration steps are omitted here. # Use the display multicast rpf-info command to view the RPF routes to Source 2 on Switch B and Switch C.
Page 714 49: M HAPTER ULTICAST OUTING AND ORWARDING ONFIGURATION Analysis If the multicast static route is not configured or updated correctly to match the ■ current network conditions, the route entry does not exist in the multicast route configuration table and multicast routing table. If the optimal route is found, the multicast static route may also fail.
Page 715: 802.1X Overview
802.1 ONFIGURATION When configuring 802.1x, go to these sections for information you are interested “802.1x Overview” on page 715 ■ “Configuring 802.1x” on page 726 ■ “Configuring a Guest VLAN” on page 728 ■ “Displaying and Maintaining 802.1x” on page 729 ■...
Page 716 50: 802.1 HAPTER ONFIGURATION Figure 210 Architecture of 802.1x Authentication Supplicant system Authenticator system server system Authentication Authenticator Services offered by Supplicant PAE server Authenticator s EAP protocol system exchanges carried in Port higher layer unauthorized protocol LAN/WLAN Supplicant system: A system at one end of the LAN segment, which is ■...
Page 717 802.1x Overview The uncontrolled port is always open in both the inbound and outbound ■ directions to allow EAPOL protocol frames to pass, guaranteeing that the supplicant can always send and receive authentication frames. The controlled port is open to allow normal traffic to pass only when it is in the ■...
Page 718 50: 802.1 HAPTER ONFIGURATION Figure 212 EAPOL frame format PAE Ethernet type Protocol version Type Length Packet body PAE Ethernet type: Protocol type. It takes the value 0x888E. ■ Protocol version: Version of the EAPOL protocol supported by the EAPOL frame ■...
Page 719 802.1x Overview Figure 213 EAP packet format Code Identifier Length Data Code: Type of the EAP packet, which can be Request, Response, Success, or ■ Failure. An EAP packet of the type of Success or Failure has no Data field, and has a length of 4.
Page 720 50: 802.1 HAPTER ONFIGURATION Message-Authenticator Figure 216 shows the encapsulation format of the Message-Authenticator attribute. The Message-Authenticator attribute is used to prevent access requests from being snooped during EAP or CHAP authentication. It must be included in any packet with the EAP-Message attribute; otherwise, the packet will be considered invalid and get discarded.
Page 721 802.1x Overview Figure 217 Message exchange in EAP relay mode EAPOL EAPOR Authenticator system RADUIS Supplicant system server EAPOL -Start EAP -Request / Identity RADIUS Access - Request EAP - Response / Identity (EAP- Response / Identity ) RADIUS Access-Challenge EAP -Request / MD5 challenge ( EAP- Request / MD5 challenge ) RADIUS Access-Request...
Page 722 50: 802.1 HAPTER ONFIGURATION 7 When receiving the EAP-Request/MD5 Challenge packet, the supplicant uses the offered challenge to encrypt the password part (this process is not reversible), creates an EAP-Response/MD5 Challenge packet, and then sends the packet to the authenticator. 8 After receiving the EAP-Response/MD5 Challenge packet, the authenticator relays the packet in a RADIUS Access-Request packet to the authentication server.
Page 723 802.1x Overview Figure 218 Message exchange in EAP termination mode RADIUS EAPOL Authenticator system RADUIS Supplicant system server EAPOL-Start EAP- Resquest / Identity EAP - Response / Identity EAP - Request / MD5 challenge EAP - Response / MD5 challenge RADIUS Access - Request (CHAP- Response / MD5 challenge) RADIUS Access - Accept...
Page 724 50: 802.1 HAPTER ONFIGURATION multicasts EAP-Request/Identity frames to the supplicant system at an interval defined by this timer. Supplicant timeout timer (supp-timeout): Once an authenticator sends an ■ EAP-Request/MD5 Challenge frame to a supplicant, it starts this timer. If this timer expires but it receives no response from the supplicant, it retransmits the request.
Page 725 802.1x Overview If the port link type is Hybrid, the assigned VLAN is allowed to pass the current ■ port without carrying the tag. The default VLAN ID of the port is that of the assigned VLAN. The assigned VLAN neither changes nor affects the configuration of a port. However, as the assigned VLAN has higher priority than the user-configured VLAN, it is the assigned VLAN that takes effect after a user passes authentication.
Page 726: Configuring 802.1X
50: 802.1 HAPTER ONFIGURATION device. You can change the access rights of users by modifying authorization ACL settings on the RADIUS server or changing the corresponding ACL rules on the device. Configuring 802.1x Configuration 802.1x provides a user identity authentication scheme. However, 802.1x cannot Prerequisites implement the authentication scheme solely by itself.
Page 727 Configuring 802.1x To do… Use the command… Remarks Set timers dot1x timer Optional { handshake-period The defaults are as follows: handshake-period-value | quiet-period 15 seconds for the handshake quiet-period-value | timer, server-timeout 60 seconds for the quiet server-timeout-value | timer, supp-timeout supp-timeout-value | 100 seconds for the server...
Page 728: Configuring A Guest Vlan
50: 802.1 HAPTER ONFIGURATION To do… Use the command… Remarks Set the port access control dot1x port-method Optional method for the port { macbased | portbased } macbased by default Set the maximum number of dot1x max-user Optional users for the port user-number By default, the maximum number of concurrent users...
Page 729: Displaying And Maintaining 802.1X
Displaying and Maintaining 802.1x To do… Use the command… Remarks Configure the guest VLAN for dot1x guest-vlan vlan-id Required specified or all ports [ interface interface-list ] By default, a port is Or in Ethernet interface view configured with no guest VLAN.
Page 730 50: 802.1 HAPTER ONFIGURATION Specify the switch to try up to five times at an interval of 5 seconds in ■ transmitting a packet to the RADIUS server until it receives a response from the server, and to send real time accounting packets to the accounting server every 15 minutes.
Page 731: Configuration Example
802.1x Configuration Example [Sysname-radius-radius1] primary authentication 10.1.1.1 [Sysname-radius-radius1] primary accounting 10.1.1.2 # Configure the IP addresses of the secondary authentication and accounting RADIUS servers. [Sysname-radius-radius1] secondary authentication 10.1.1.2 [Sysname-radius-radius1] secondary accounting 10.1.1.1 # Specify the shared key for the device to exchange packets with the authentication server and the accounting server.
Page 732: Guest Vlan Configuration Example
50: 802.1 HAPTER ONFIGURATION # Enable 802.1x globally. [Sysname] dot1x # Enable 802.1x for port GigabitEthernet 1/0/1. [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitGigabitEthernet1/0/1] dot1x [Sysname-GigabitGigabitEthernet1/0/1] quit # Set the port access control method. (Optional. The default answers the requirement.) [Sysname] dot1x port-method macbased interface GigabitEthernet 1/0/1 Guest VLAN Network requirements Configuration...
Page 733 Guest VLAN Configuration Example Network diagrams Figure 220 Network diagram for guest VLAN configuration Update server Authenticator server VLAN 10 VLAN 2 GE 1/0 /4 GE 1/0 /3 VLAN 1 VLAN 5 GE 1/0/1 GE1/0/2 Switch Internet Supplicant Figure 221 Network diagram with VLAN 10 as the guest VLAN Update server Authenticator server VLAN 10...
Page 734 50: 802.1 HAPTER ONFIGURATION Figure 222 Network diagram when the supplicant passes authentication Update server Authenticator server VLAN 10 VLAN 2 GE 1/0 /4 GE1/0/3 VLAN 5 VLAN 5 GE1/0/1 GE 1/0/2 Switch Internet VLAN 5 Supplicant Configuration procedure # Configure RADIUS scheme 2000. <Sysname>...
Page 735: Acl Assignment Configuration Example
ACL Assignment Configuration Example [Sysname-GigabitGigabitEthernet1/0/1] dot1x port-control auto [Sysname-GigabitGigabitEthernet1/0/1] quit # Create VLAN 10. [Sysname] vlan 10 [Sysname-vlan10] quit # Specify port GigabitEthernet 1/0/1 to use VLAN 10 as its guest VLAN. [Sysname] dot1x guest-vlan 10 interface GigabitEthernet 1/0/1 You can use the display current-configuration or display interface GigabitEthernet 1/0/1 command to view your configuration.
Page 736 50: 802.1 HAPTER ONFIGURATION <Sysname> system-view [Sysname] radius scheme 2000 [Sysname-radius-2000] primary authentication 10.1.1.1 1812 [Sysname-radius-2000] primary accounting 10.1.1.2 1813 [Sysname-radius-2000] key authentication abc [Sysname-radius-2000] key accounting abc [Sysname-radius-2000] user-name-format without-domain [Sysname-radius-2000] quit # Create an ISP domain and specify the AAA schemes. [Sysname] domain 2000 [Sysname-isp-2000] authentication default radius-scheme 2000 [Sysname-isp-2000] authorization default radius-scheme 2000...
Page 737: Habp C
802.1x-enabled ports and allow only the authorized ports to forward packets. If a port fails 802.1x authentication and authorization, protocol packets passing the port will be blocked. The 3Com Authentication Bypass Protocol (HABP) aims at solving this problem.
Page 738: Displaying And Maintaining Habp
51: HABP C HAPTER ONFIGURATION To do… Use the command… Remarks Enable HABP habp enable Optional Enabled by default Configure HABP to work in habp server vlan vlan-id Required server mode HABP works in client mode by default. Set the interval to send HABP habp timer interval Optional requests...
Page 739: Mac Authentication Configuration
MAC A UTHENTICATION ONFIGURATION When configuring MAC authentication, go to these sections for information you are interested in: “MAC Authentication Overview” on page 739 ■ “Related Concepts” on page 740 ■ “Configuring MAC Authentication” on page 741 ■ “Displaying and Maintaining MAC Authentication” on page 742 ■...
Page 740: Related Concepts
52: MAC A HAPTER UTHENTICATION ONFIGURATION If the authentication succeeds, the user will be granted permission to access the network resources. Local MAC In local MAC authentication, the device performs authentication of users locally Authentication and different items need to be manually configured for users on the device according to the type of MAC authentication username: If the type of MAC authentication username is MAC address, a local user must ■...
Page 741: Configuring Mac Authentication
Configuring MAC Authentication Configuring MAC Authentication Configuration Create and configure an ISP domain. ■ Prerequisites For local authentication, create the local users and configure the passwords. ■ For RADIUS authentication, ensure that a route is available between the device ■ and the RADIUS server.
Page 742: Displaying And Maintaining Mac Authentication
52: MAC A HAPTER UTHENTICATION ONFIGURATION You can neither add a MAC authentication enabled port into an aggregation ■ group, nor enable MAC authentication on a port added into an aggregation group. Displaying and Maintaining MAC Authentication To do… Use the command… Remarks Display the global MAC display mac-authentication...
Page 743 MAC Authentication Configuration Examples [Sysname] domain aabbcc.net [Sysname-isp-aabbcc.net] authentication lan-access local [Sysname-isp-aabbcc.net] quit # Enable MAC authentication globally. [Sysname] mac-authentication # Enable MAC authentication for port GigabitEthernet 1/0/1. [Sysname] mac-authentication interface GigabitEthernet 1/0/1 # Specify the ISP domain for MAC authentication. [Sysname] mac-authentication domain aabbcc.net # Set the MAC authentication timers.
Page 744 52: MAC A HAPTER UTHENTICATION ONFIGURATION Network diagram Figure 225 Network diagram for MAC authentication using RADIUS Authentication servers (RADIUS server cluster) 10 .1.1.1 10 .1.1.2 GE1 /0/1 Authenticator 1.1 .1.1/24 Internet Supplicant Switch Configuration procedure 1 Configure MAC authentication on the device # Configure the IP addresses of the interfaces.
Page 745 MAC Authentication Configuration Examples [Sysname] mac-authentication user-name-format fixed account aaa pass word simple 123456 2 Verify the configuration # Display global MAC authentication information. <Sysname> display mac-authentication MAC address authentication is Enabled. User name format is fixed account Fixed username:aaa Fixed password:123456 Offline detect period is 180s Quiet period is 60s.
Page 746 52: MAC A HAPTER UTHENTICATION ONFIGURATION Configuration procedure # Configure the IP addresses of the interfaces. (Omitted) # Configure the RADIUS scheme. <Sysname> system-view [Sysname] radius scheme 2000 [Sysname-radius-2000] primary authentication 10.1.1.1 1812 [Sysname-radius-2000] primary accounting 10.1.1.2 1813 [Sysname-radius-2000] key authentication abc [Sysname-radius-2000] key accounting abc [Sysname-radius-2000] user-name-format without-domain [Sysname-radius-2000] quit...
Page 747: Aaa/Radius/Hwtacacs Configuration
AAA/RADIUS/HWTACACS ONFIGURATION When configuring AAA/RADIUS/HWTACACS, go to these sections for information you are interested in: “AAA/RADIUS/HWTACACS Overview” on page 747 ■ “AAA/RADIUS/HWTACACS Configuration Task List” on page 756 ■ “Configuring AAA” on page 758 ■ “Configuring RADIUS” on page 765 ■...
Page 748 53: AAA/RADIUS/HWTACACS C HAPTER ONFIGURATION Figure 227 AAA networking diagram Internet User RADIUS server HWTACACS server When a user tries to establish a connection to the NAS and obtain the rights to access other networks or some network resources, the NAS authenticates the user or the corresponding connection.
Page 749 AAA/RADIUS/HWTACACS Overview AAA can be implemented through multiple protocols. Currently, the device supports using RADIUS and HWTACACS for AAA, and RADIUS is often used in practice. Introduction to RADIUS Remote Authentication Dial-In User Service (RADIUS) is a distributed information interaction protocol in the client/server model. RADIUS can protect networks against unauthorized access and is often used in network environments where both high security and remote user access are required.
Page 750 53: AAA/RADIUS/HWTACACS C HAPTER ONFIGURATION A RADIUS server supports multiple user authentication methods, such as the Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) of Point-to-Point Protocol (PPP). In addition, a RADIUS server can act as the client of another AAA server to provide proxy authentication or accounting service.
Page 751 AAA/RADIUS/HWTACACS Overview 6 The subscriber accesses the network resources. 7 The host requests the RADIUS client to tear down the connection and the RADIUS client sends a stop-accounting request (Accounting-Request) to the RADIUS server. 8 The RADIUS server returns a stop-accounting response (Accounting-Response) and stops accounting.
Page 752 53: AAA/RADIUS/HWTACACS C HAPTER ONFIGURATION Table 58 Main values of the Code field Code Packet type Description Accounting-Response From the server to the client. The server sends to the client a packet of this type to notify that it has received the Accounting-Request and has correctly recorded the accounting information.
Page 753 Attribute 26 consists of the following four parts: Vendor-ID (four bytes): Indicates the ID of the vendor. Its most significant byte is ■ 0 and the other three bytes contain a code complying with RFC 1700. The vendor ID of 3Com is 2011.
Page 754 Vendor-Length Vendor-Data (Specified attribute value Introduction to 3Com Terminal Access Controller Access Control System (HWTACACS) is an HWTACACS enhanced security protocol based on TACACS (RFC 1492). Similar to RADIUS, it uses the server/client model for information exchange between NAS and HWTACACS server.
Page 755 AAA/RADIUS/HWTACACS Overview Basic message exchange process of HWTACACS The following takes Telnet user as an example to describe how HWTACACS performs user authentication, authorization, and accounting. Figure 232 illustrates the basic message exchange process of HWTACACS. Figure 232 Basic message exchange process of HWTACACS for a Telnet user 1 A Telnet user applies to access the NAS.
Page 756: Aaa/Radius/Hwtacacs Configuration Task List
53: AAA/RADIUS/HWTACACS C HAPTER ONFIGURATION 6 After receiving the username from the user, the HWTACACS client sends to the server a continue-authentication packet carrying the username. 7 The HWTACACS server sends back an authentication response, requesting the login password. 8 Upon receipt of the response, the HWTACACS client requests of the user the login password.
Page 757 AAA/RADIUS/HWTACACS Configuration Task List Task Remarks “Configuring an AAA Authentication Scheme for Required an ISP Domain” on page 759 For local authentication, refer to “Configuring Local User Attributes” on page 763. For RADIUS authentication, refer to “Configuring RADIUS” on page 765. For HWTACACS authentication, refer to “Configuring HWTACACS”...
Page 758: Configuring Aaa
53: AAA/RADIUS/HWTACACS C HAPTER ONFIGURATION Configuring AAA By configuring AAA, you can provide network access service for legal users, protect the networking devices, and avoid unauthorized access and bilking. In addition, you can configure ISP domains to perform AAA on accessing users. In AAA, users are divided into lan-access users (such as 802.1x users and MAC authentication users), login users (such as SSH, Telnet, FTP, and terminal access users), and command line users (that is, command line authentication users).
Page 759 Configuring AAA To do… Use the command… Remarks Place the ISP domain to the state { active | block } Optional state of active or blocked When created, an ISP is in the state of active by default, and users in the domain can request network services.
Page 760 53: AAA/RADIUS/HWTACACS C HAPTER ONFIGURATION To do… Use the command… Remarks Specify the default authentication default Optional authentication scheme for all { hwtacacs-scheme local by default types of users hwtacacs-scheme-name [ local ] | local | none | radius-scheme radius-scheme-name [ local ] | Specify the authentication authentication lan-access Optional...
Page 761 Configuring AAA Before configuring an authorization scheme, complete these three tasks: 1 For HWTACACS authorization, configure the HWTACACS scheme to be referenced first. For RADIUS authorization, the RADIUS authorization scheme must be same as the RADIUS authentication scheme; otherwise, it does not take effect. 2 Determine the access mode or service type to be configured.
Page 762 53: AAA/RADIUS/HWTACACS C HAPTER ONFIGURATION If the primary authentication scheme is local or none, the system performs ■ local authorization or does not perform any authorization, rather than uses the RADIUS or HWTACACS scheme. Authorization information of the RADIUS server is sent to the RADIUS client ■...
Page 763 Configuring AAA To do… Use the command… Remarks Specify the accounting accounting login Optional scheme for login users { hwtacacs-scheme The default accounting hwtacacs-scheme-name scheme is used by default. [ local ] | local | none | radius-scheme radius-scheme-name [ local ] } With the accounting optional command configured, a user that will be ■...
Page 764 53: AAA/RADIUS/HWTACACS C HAPTER ONFIGURATION To do… Use the command… Remarks Specify the Specify the service service-type { lan-access | Required service types for the user { ssh | telnet | terminal } * No service is authorized to a types for [ level level ] } user by default...
Page 765: Configuring Radius
Configuring RADIUS The attribute ip command only applies to authentications that support IP ■ address passing, such as 802.1x. If you configure the command to authentications that do not support IP address passing, such as MAC address authentication, the local authentication will fail. The attribute port command binds a port by its number only, regardless of ■...
Page 766 53: AAA/RADIUS/HWTACACS C HAPTER ONFIGURATION To do… Use the command… Remarks Create a RADIUS scheme and radius scheme Required enter RADIUS scheme view radius-scheme-name Not defined by default Configure the IP address and primary authentication Required UDP port of the primary ip-address [ port-number ] The defaults are as follows: RADIUS...
Page 767 Configuring RADIUS authentication/authorization and accounting packets, the port for authentication/authorization must be different from that for accounting. You can set the maximum number of stop-accounting request transmission ■ buffer, allowing the device to buffer and resend a stop-accounting request until it receives a response or the number of transmission retries reaches the configured limit.
Page 768 53: AAA/RADIUS/HWTACACS C HAPTER ONFIGURATION The maximum number of retransmission attempts of RADIUS packets ■ multiplied by the RADIUS server response timeout period cannot be greater than 75. Refer to the timer response-timeout command in the command manual for ■ configuring RADIUS server response timeout period.
Page 769 Configuring RADIUS To do… Use the command… Remarks Set the status of the primary state primary Optional RADIUS authentication { active | active for every server authentication/authorization block } configured with IP address in server the RADIUS scheme Set the status of the primary state primary accounting RADIUS accounting server { active | block }...
Page 770 53: AAA/RADIUS/HWTACACS C HAPTER ONFIGURATION command is thus provided for you to decide whether to include a domain name in a username to be sent to a RADIUS server. If a RADIUS scheme defines that the username is sent without the ISP domain ■...
Page 771: Configuring Hwtacacs
Configuring HWTACACS To configure the maximum number of retransmission attempts of RADIUS ■ packets, refer to the command retry in the command manual. Configuring RADIUS With the accounting-on function enabled, a device sends, whenever it reboots, Accounting-on accounting-on packets to the RADIUS server, requesting the server to force its users offline.
Page 772 53: AAA/RADIUS/HWTACACS C HAPTER ONFIGURATION To do… Use the command… Remarks Enter system view system-view Create a HWTACACS scheme hwtacacs scheme Required and enter HWTACACS hwtacacs-scheme-name Not defined by default scheme view Up to 16 HWTACACS schemes can be configured. ■...
Page 773 Configuring HWTACACS The IP addresses of the primary and secondary authorization servers cannot be ■ the same. Otherwise, the configuration fails. You can remove an authorization server only when no active TCP connection ■ for sending authorization packets is using it. Specifying the Follow these steps to specify the HWTACACS accounting servers and perform HWTACACS Accounting...
Page 774 53: AAA/RADIUS/HWTACACS C HAPTER ONFIGURATION To do… Use the command… Remarks Set the shared keys for key { accounting | Required HWTACACS authentication, authentication | No shared key exists by authorization, and accounting authorization } string default. packets Configuring Attributes Follow these steps to configure the attributes related to the data sent to the Related to the Data Sent HWTACACS server:...
Page 775: Displaying And Maintaining Aaa/Radius/Hwtacacs
Displaying and Maintaining AAA/RADIUS/HWTACACS To do… Use the command… Remarks Set the real-time accounting timer realtime-accounting Optional interval minutes 12 minutes by default For real-time accounting, a NAS must transmit the accounting information of ■ online users to the HWTACACS accounting server periodically. Note that if the device does not receive any response to the information, it does not disconnect the online users forcibly The real-time accounting interval must be a multiple of 3.
Page 776: Aaa/Radius/Hwtacacs Configuration Examples
53: AAA/RADIUS/HWTACACS C HAPTER ONFIGURATION To do… Use the command… Remarks Clear buffered reset stop-accounting-buffer Available in user stop-accounting requests that { radius-scheme radius-server-name | view get no responses session-id session-id | time-range start-time stop-time | user-name user-name } Clear the statistics on the local reset local-server statistics Available in user server...
Page 777 AAA/RADIUS/HWTACACS Configuration Examples Network diagram Figure 233 Configure AAA for Telnet users by a HWTACACS server Authentication/Accounting server 10.1.1 .1/24 Internet Telnet user Switch Configuration procedure # Configure the IP addresses of various interfaces (omitted). # Enable the Telnet server on the switch. <Switch>...
Page 778 53: AAA/RADIUS/HWTACACS C HAPTER ONFIGURATION [Switch-isp-1] accounting default hwtacacs-scheme hwtac [Switch-isp-hwtacacs] accounting default hwtacacs-scheme hwtac AAA for Telnet Users by Network requirements Separate Servers As shown in Figure 234, configure the switch to provide local authentication, HWTACACS authorization, and RADIUS accounting services to Telnet users. The user name and the password for Telnet users are both telnet.
Page 779: Troubleshooting Aaa/Radius/Hwtacacs
Troubleshooting AAA/RADIUS/HWTACACS [Switch] hwtacacs scheme hwtac [Switch-hwtacacs-hwtac] primary authorization 10.1.1.2 49 [Switch-hwtacacs-hwtac] key authorization expert [Switch-hwtacacs-hwtac] user-name-format without-domain [Switch-hwtacacs-hwtac] quit # Configure the RADIUS scheme. [Switch] radius scheme rd [Switch-radius-rd] primary accounting 10.1.1.1 1813 [Switch-radius-rd] key accounting expert [Switch-radius-rd] server-type extended [Switch-radius-rd] user-name-format without-domain [Switch-radius-rd] quit # Create local user named telnet.
Page 780 53: AAA/RADIUS/HWTACACS C HAPTER ONFIGURATION Check that: 1 The NAS and the RADIUS server can ping each other. 2 The username is in the userid@isp-name format and a default ISP domain is specified on the NAS. 3 The user is configured on the RADIUS server. 4 The password entered by the user is correct.
Page 781: Arp Overview
ARP C ONFIGURATION When configuring ARP, go to these sections for information you are interested in: “ARP Overview” on page 781 ■ “Configuring ARP” on page 783 ■ “Configuring Gratuitous ARP” on page 785 ■ “Displaying and Maintaining ARP” on page 786 ■...
Page 782 54: ARP C HAPTER ONFIGURATION Hardware address length and protocol address length: They respectively specify ■ the length of a hardware address and a protocol address, in bytes. For an Ethernet address, the value of the hardware address length field is "6". For an IP(v4) address, the value of the protocol address length field is "4".
Page 783: Configuring Arp
Configuring ARP When Host A and Host B are not on the same subnet, Host A first sends an ARP request to the gateway. The destination IP address in the ARP request is the IP address of the gateway. After obtaining the MAC address of the gateway from an ARP reply, Host A encapsulates the packet and sends it to the gateway.
Page 784 54: ARP C HAPTER ONFIGURATION To do… Use the command… Remarks Configure a non-permanent arp static ip-address Required static ARP entry mac-address No non-permanent static ARP entry is configured by default. CAUTION: The vlan-id argument must be the ID of an existing VLAN which corresponds to the ARP entries.
Page 785: Configuring Gratuitous Arp
Configuring Gratuitous ARP ARP Configuration Network requirements Example Enable the ARP entry check. ■ Set the aging time for dynamic ARP entries to 10 minutes. ■ Set the maximum number of dynamic ARP entries that VLAN-interface 10 can ■ learn to 1000. Add a static ARP entry, with the IP address being 192.168.1.1/24, the MAC ■...
Page 786: Displaying And Maintaining Arp
54: ARP C HAPTER ONFIGURATION To do… Use the command… Remarks Enable the gratuitous ARP gratuitous-arp-learning Required packet learning function enable Enabled by default. Displaying and Maintaining ARP To do… Use the command… Remarks Display the ARP entries in the display arp { { all | dynamic | static } | Available in any ARP mapping table...
Page 787: Proxy Arp Overview
ARP C ROXY ONFIGURATION When configuring proxy ARP, go to these sections for information you are interested in: “Proxy ARP Overview” on page 787 ■ “Enabling Proxy ARP” on page 787 ■ “Displaying and Maintaining Proxy ARP” on page 787 ■...
Page 788: Proxy Arp Configuration Examples
55: P ARP C HAPTER ROXY ONFIGURATION To do… Use the command… Remarks Display whether local proxy display local-proxy-arp [ interface Available in any view ARP is enabled Vlan-interface vlan-id ] Proxy ARP Configuration Examples Proxy ARP Configuration Network requirements Example Host A and Host D have IP addresses of the same network segment.
Page 789 Proxy ARP Configuration Examples Local Proxy ARP Network requirements Configuration Example Host A and Host B belong to the same VLAN, and are connected to ■ in Case of Port Isolation GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3 of Switch B respectively. Switch B is connected to Switch A via GigabitEthernet 1/0/1.
Page 790 55: P ARP C HAPTER ROXY ONFIGURATION Ping Host B on Host A to verify that the two hosts cannot be pinged through, which indicates they are isolated at Layer 2. # Configure local proxy ARP to let Host A and Host B communicate at Layer 3. [SwitchA-Vlan-interface2] local-proxy-arp enable [SwitchA-Vlan-interface2] quit Ping Host B on Host A to verify that the two hosts can be pinged through, which...
Page 791: Dhcp Overview
DHCP O VERVIEW When configuring ARP, go to these sections for information you are interested in: “Introduction to DHCP” on page 791 ■ “DHCP Address Allocation” on page 792 ■ “DHCP Message Format” on page 793 ■ “DHCP Options” on page 794 ■...
Page 792: Dhcp Address Allocation
56: DHCP O HAPTER VERVIEW DHCP Address Allocation Allocation Mechanisms DHCP supports three mechanisms for IP address allocation. Manual allocation: The network administrator assigns an IP address to a client ■ like a WWW server, and DHCP conveys the assigned address to the client. Automatic allocation: DHCP assigns a permanent IP address to a client.
Page 793: Dhcp Message Format
DHCP Message Format If there are multiple DHCP servers, IP addresses offered by other DHCP servers ■ are assignable to other clients. IP Address Lease The IP address dynamically allocated by a DHCP server to a client has a lease. After Extension the lease duration elapses, the IP address will be reclaimed by the DHCP server.
Page 794: Dhcp Options
56: DHCP O HAPTER VERVIEW server sent a reply back by broadcast. The remaining bits of the flags field are reserved for future use. ciaddr: Client IP address. ■ yiaddr: ’your’ (client) IP address, assigned by the server. ■ siaddr: Server IP address, from which the clients obtained configuration ■...
Page 795 DHCP Options Option 67: Bootfile name option. It specifies the bootfile name to be assigned ■ to the client. Option 150: TFTP server IP address option. It specifies the TFTP server IP address ■ to be assigned to the client. For more information about DHCP options, refer to RFC 2132.
Page 796: Protocols And Standards
56: DHCP O HAPTER VERVIEW 2 Verbose padding format: The padding contents for sub-options in the verbose padding format are: sub-option 1: Padded with the user-specified access node identifier (ID of the ■ device that adds Option 82 in DHCP messages), and type, number, and VLAN ID of the port that received the client’s request.
Page 797: Dhcp Server
DHCP S ERVER ONFIGURATION When configuring the DHCP server, go to these sections for information you are interested in: “Introduction to DHCP Server” on page 797 ■ “DHCP Server Configuration Task List” on page 799 ■ “Enabling DHCP” on page 799 ■...
Page 798 57: DHCP S HAPTER ERVER ONFIGURATION leaves are addresses statically bound to clients. For the same level address pools, a previously configured pool has a higher selection priority than a new one. At the very beginning, subnetworks inherit network parameters and clients inherit subnetwork parameters.
Page 799: Dhcp Server Configuration Task List
DHCP Server Configuration Task List 5 The IP address that was a conflict or passed its lease duration If no IP address is assignable, the server will not respond. DHCP Server Complete the following tasks to configure the DHCP server: Configuration Task List Task...
Page 800: Configuring An Address Pool For The Dhcp Server
57: DHCP S HAPTER ERVER ONFIGURATION Without subaddress specified, assign an IP address from the address pool of ■ the subnet which the primary IP address of the server’s interface (connected to the client) belongs to. Configuring an Address Pool for the DHCP Server Configuration Task List Complete the following tasks to configure an address pool:...
Page 801 Configuring an Address Pool for the DHCP Server When the client with the MAC address or ID requests an IP address, the DHCP server will find the IP address from the binding for the client. A DHCP address pool now supports only one static binding, which can be a MAC-to-IP or ID-to-IP binding.
Page 802 57: DHCP S HAPTER ERVER ONFIGURATION To do… Use the command… Remarks Enter system view system-view Enter DHCP address pool view dhcp server ip-pool pool-name Specify an IP address range network network-address Required [ mask-length | mask mask ] Not specified by default, meaning no assignable address.
Page 803 Configuring an Address Pool for the DHCP Server To do… Use the command… Remarks Enter DHCP address pool view dhcp server ip-pool pool-name Specify DNS servers for the dns-list ip-address&<1-8> Required client Not specified by default. Configuring WINS A Microsoft DHCP client using NetBIOS protocol contacts a Windows Internet Servers and NetBIOS Naming Service (WINS) server for name resolution.
Page 804 57: DHCP S HAPTER ERVER ONFIGURATION Follow these steps to configure the BIMS server IP address, port number, and shared key in the DHCP address pool: To do… Use the command… Remarks Enter system view system-view Enter DHCP address pool view dhcp server ip-pool pool-name Specify the BIMS server IP bims-server ip ip-address...
Page 805 Configuring an Address Pool for the DHCP Server To do… Use the command… Remarks Specify the failover IP address voice-config fail-over Optional ip-address dialer-string No failover IP address is specified by default. Specify an IP address for the network calling processor before performing other configuration.
Page 806: Configuring The Dhcp Server Security Functions
57: DHCP S HAPTER ERVER ONFIGURATION Define existing DHCP options. Some options have no unified definitions in RFC ■ 2132; however, vendors can define such options as needed. The self-defined DHCP option enables DHCP clients to obtain vendor-specific information. Extend existing DHCP options. When the current DHCP options cannot meet ■...
Page 807 Configuring the DHCP Server Security Functions Configuration Before performing this configuration, complete the following configuration on the Prerequisites DHCP server: Enable DHCP ■ Configure the DHCP address pool ■ Enabling Unauthorized There are unauthorized DHCP servers on networks, which reply DHCP clients with DHCP Server Detection wrong IP addresses.
Page 808: Configuring The Handling Mode For Option
57: DHCP S HAPTER ERVER ONFIGURATION Configuring the When the DHCP server receives a message with Option 82, if the server is Handling Mode for configured to handle Option 82, it will return a response message carrying Option Option 82 82 to assign an IP address to the requesting client.
Page 809: Dhcp Server Configuration Examples
DHCP Server Configuration Examples To do… Use the command… Remarks Clear information about IP reset dhcp server conflict { all | ip Available in user address conflicts ip-address } view Clear information about reset dhcp server ip-in-use { all | ip dynamic bindings ip-address | pool [ pool-name ] } Clear information about...
Page 810 57: DHCP S HAPTER ERVER ONFIGURATION Network diagram Figure 246 DHCP network diagram Client WINS server Client Client 10 .1 .1.4/25 Vlan -int1 Vlan-int2 10.1.1.126/25 10.1.1.254 /25 10 .1.1.1/25 10.1.1 .129 /25 Switch A Gateway A Gateway B DHCP server 10.1.1.2 /25 Vlan -int1 Switch B...
Page 811: Troubleshooting Dhcp Server Configuration
Troubleshooting DHCP Server Configuration [SwitchA] dhcp server ip-pool 2 [SwitchA-dhcp-pool-2] network 10.1.1.128 mask 255.255.255.128 [SwitchA-dhcp-pool-2] expired day 5 [SwitchA-dhcp-pool-2] gateway-list 10.1.1.254 Troubleshooting DHCP Symptom Server Configuration A client’s IP address obtained from the DHCP server conflicts with another IP address. Analysis A host on the subnet may have the same IP address.
Page 812 57: DHCP S HAPTER ERVER ONFIGURATION...
Page 813: Dhcp Relay
DHCP R ELAY GENT ONFIGURATION When configuring the DHCP relay agent, go to these sections for information you are interested in: “Introduction to DHCP Relay Agent” on page 813 ■ “Configuration Task List” on page 815 ■ “Configuring the DHCP Relay Agent” on page 815 ■...
Page 814 58: DHCP R HAPTER ELAY GENT ONFIGURATION Figure 247 DHCP relay agent application DHCP client DHCP client IP network DHCP relay agent DHCP client DHCP client DHCP server No matter whether a relay agent exists or not, the DHCP server and client interact with each other in a similar way (see section “Dynamic IP Address Allocation Process”...
Page 815: Configuration Task List
Configuration Task List If a reply returned by the DHCP server contains Option 82, the DHCP relay agent will remove the Option 82 before forwarding the reply to the client. If a client’s requesting Handling Padding message has... strategy format The DHCP relay agent will...
Page 816 58: DHCP R HAPTER ELAY GENT ONFIGURATION To do… Use the command… Remarks Enter system view system-view Enter interface view Interface interface-type interface-number Enable the DHCP relay agent dhcp select relay Required on the current interface With DHCP enabled, interfaces work in the DHCP server mode.
Page 817 Configuring the DHCP Relay Agent receiving the DHCP-RELEASE request, the DHCP server then releases the IP address for the client. Follow these steps to configure the DHCP relay agent in system view to send a DHCP-RELEASE request: To do… Use the command… Remarks Enter system view system-view...
Page 818 58: DHCP R HAPTER ELAY GENT ONFIGURATION simply conveys the message to the DHCP server, thus it does not remove the IP address from its bindings. To solve this, the DHCP relay agent can update dynamic bindings at a specified interval. The DHCP relay agent uses the IP address of a client and the MAC address of the DHCP relay interface to regularly send a DHCP-REQUEST message to the DHCP server.
Page 819: Displaying And Maintaining Dhcp Relay Agent Configuration
Displaying and Maintaining DHCP Relay Agent Configuration Enabling the DHCP relay agent on the specified interface ■ Correlating a DHCP server group with relay agent interfaces ■ Configuring the DHCP relay agent to support Option 82 Follow these steps to configure the DHCP relay agent to support Option 82: To do…...
Page 820: Dhcp Relay Agent Configuration Example
58: DHCP R HAPTER ELAY GENT ONFIGURATION DHCP Relay Agent Network requirements Configuration VLAN-interface 1 on the DHCP relay agent (Switch A) connects to the network Example where DHCP clients reside. The IP address of VLAN-interface 1 is 10.10.1.1/24 and IP address of VLAN-interface 2 is 10.1.1.2/24 that communicates with the DHCP server 10.1.1.1/24.
Page 821: Troubleshooting Dhcp Relay Agent Configuration
Troubleshooting DHCP Relay Agent Configuration Troubleshooting DHCP Symptom Relay Agent DHCP clients cannot obtain any configuration parameters via the DHCP relay Configuration agent. Analysis Some problems may occur with the DHCP relay agent or server configuration. Enable debugging and execute the display command on the DHCP relay agent to view the debugging information and interface state information for locating the problem.
Page 822 58: DHCP R HAPTER ELAY GENT ONFIGURATION...
Page 823: Introduction To Dhcp Client
3CRS48G-48-91 3Com Switch 4800G 48-Port 3CRS48G-48P-91 3Com Switch 4800G PWR 48-Port 3CRS48G-24S-91 3Com Switch 4800G 24-Port SFP Enabling the DHCP Follow these steps to enable the DHCP client on an interface: Client on an Interface To do… Use the command…...
Page 824: Displaying And Maintaining The Dhcp Client
59: DHCP C HAPTER LIENT ONFIGURATION To do… Use the command… Remarks Enable the DHCP client on the ip address dhcp-alloc Required interface [ client-identifier mac Disabled by default. interface-type interface-number ] An interface can be configured to acquire an IP address in multiple ways, but ■...
Page 825: Dhcp Snooping
DHCP S NOOPING ONFIGURATION When configuring DHCP snooping, go to these sections for information you are interested in: “DHCP Snooping Overview” on page 825 ■ “Configuring DHCP Snooping Basic Functions” on page 828 ■ “Configuring DHCP Snooping to Support Option 82” on page 828 ■...
Page 826 60: DHCP S HAPTER NOOPING ONFIGURATION configured as trusted or untrusted, ensuring the clients to obtain IP addresses from authorized DHCP servers. Trusted: A trusted port forwards DHCP messages, ensuring that DHCP clients ■ can obtain valid IP addresses. Untrusted: The DHCP-ACK or DHCP-OFFER packets received from an untrusted ■...
Page 827 DHCP Snooping Overview Figure 251 Configure trusted ports in a cascaded network DHCP client Host A DHCP snooping DHCP server Switch A GE1 /0/1 SwitchD GE 1/0 /1 GE1/0/1 GE 1/0 /2 GE 1/0/4 GE1 /0/2 DHCP snooping DHCP client GE1/0/3 GE1/0/3 Switch C...
Page 828: Configuring Dhcp Snooping Basic Functions
60: DHCP S HAPTER NOOPING ONFIGURATION Configuring DHCP Follow these steps to configure DHCP snooping basic functions: Snooping Basic Functions To do… Use the command… Remarks Enter system view system-view Enable DHCP snooping dhcp-snooping Required Disabled by default. Enter Ethernet port view interface interface-type interface-number Specify the port as trusted...
Page 829: Displaying And Maintaining Dhcp Snooping
Displaying and Maintaining DHCP Snooping If the handling strategy of the DHCP-Snooping-enabled device is configured as ■ replace, you need to configure a padding format for Option 82. If the handling strategy is keep or drop, you need not configure any padding format.
Page 830 60: DHCP S HAPTER NOOPING ONFIGURATION # Specify GigabitEthernet 1/0/1 as trusted port. [SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] dhcp-snooping trust [SwitchB-GigabitEthernet1/0/1] quit # Configure DHCP Snooping to support Option 82 on GigabitEthernet 1/0/2. [SwitchB] interface gigabitethernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] dhcp-snooping information enable # Configure the padding format to verbose for Option 82 on GigabitEthernet 1/0/2.
Page 831: Bootp Client
BOOTP C LIENT ONFIGURATION While configuring a BOOTP client, go to these sections for information you are interested in: “Introduction to BOOTP Client” on page 831 ■ “Configuring an Interface to Dynamically Obtain an IP Address Through ■ BOOTP” on page 832 “Displaying and Maintaining BOOTP Client Configuration”...
Page 832: Configuring An Interface To Dynamically Obtain An Ip Address Through Bootp
61: BOOTP C HAPTER LIENT ONFIGURATION Obtaining an IP Address Dynamically A DHCP server can take the place of the BOOTP server in the following dynamic IP address acquisition. A BOOTP client dynamically obtains an IP address from a BOOTP server in the following way: 1 The BOOTP client broadcasts a BOOTP request, which contains its own MAC address.
Page 833 BOOTP Client Configuration Example # Configure VLAN-interface 1 to dynamically obtain an IP address from the DHCP server. <SwitchB> system-view [SwitchB] interface vlan-interface 1 [SwitchB-Vlan-interface1] ip address bootp-alloc To make the BOOTP client to obtain an IP address from the DHCP server, you need to perform additional configurations on the DHCP server.
Page 834 61: BOOTP C HAPTER LIENT ONFIGURATION...
Page 835: Acl Overview
ACL O VERVIEW In order to filter traffic, network devices use sets of rules, called access control lists (ACLs), to identify and handle packets. When configuring ACLs, go to these chapters for information you are interested “ACL Overview” on page 835 ■...
Page 836: Introduction To Ipv4 Acl
62: ACL O HAPTER VERVIEW When an ACL is assigned to a piece of hardware and referenced by a QoS ■ policy for traffic classification, the switch does not take action according to the traffic behavior definition on a packet that does not match the ACL. When an ACL is referenced by a piece of software to control Telnet, SNMP, and ■...
Page 837 Introduction to IPv4 ACL Depth-first match for a basic IPv4 ACL The following shows how your switch performs depth-first match in a basic IPv4 ACL: 1 Sort rules by source IP address wildcard first and compare packets against the rule configured with more zeros in the source IP address wildcard prior to other rules.
Page 838: Introduction To Ipv6 Acl
62: ACL O HAPTER VERVIEW Whenever the step changes, the rules are renumbered. Continuing with the above example, if you change the step from 5 to 2, the rules are renumbered 0, 2, 4, 6, and so on. Benefits of using the step With the step and rule numbering/renumbering mechanism, you do not need to assign rules numbers when defining them.
Page 839 Introduction to IPv6 ACL IPv6 ACL Naming When creating an IPv6 ACL, you can specify a unique name for it. Afterwards, you can identify the IPv6 ACL by its name. An IPv6 ACL can have only one name. Whether to specify a name for an ACL is up to you.
Page 840 62: ACL O HAPTER VERVIEW IPv6 ACL Step Refer to “IPv4 ACL Step” on page 837. Effective Period of an Refer to “Effective Period of an IPv4 ACL” on page 838. IPv6 ACL...
Page 841: Ipv
4 ACL C ONFIGURATION When configuring an IPv4 ACL, go to these sections for information you are interested in: “Creating a Time Range” on page 851 ■ “Configuring a Basic IPv4 ACL” on page 842 ■ “Configuring an Advanced IPv4 ACL” on page 844 ■...
Page 842: Configuring A Basic Ipv4 Acl
63: IP 4 ACL C HAPTER ONFIGURATION Compound time range created using the time-range time-name start-time to ■ end-time days { from time1 date1 [ to time2 date2 ] | to time2 date2 } command. A time range thus created recurs on the day or days of the week only within the specified period.
Page 843 Configuring a Basic IPv4 ACL To do… Use the command… Remarks Create and enter basic acl number acl-number Required IPv4 ACL view [ name acl-name ] The default match order is config. [ match-order { auto | config } ] If you specify a name for an IPv4 ACL when creating the ACL, you can use the acl name acl-name...
Page 844: Configuring An Advanced Ipv4 Acl
63: IP 4 ACL C HAPTER ONFIGURATION Configuring an Advanced IPv4 ACLs filter packets based on source IP address, destination IP Advanced IPv4 ACL address, protocol carried on IP, and other protocol header fields, such as the TCP/UDP source port, TCP/UDP destination port, ICMP message type, and ICMP message code.
Page 845: Configuring An Ethernet Frame Header Acl
Configuring an Ethernet Frame Header ACL You will fail to create or modify a rule if its permit/deny statement is exactly the ■ same as another rule. In addition, if the ACL match order is set to auto rather than config, you cannot modify ACL rules. You may use the display acl command to verify rules configured in an ACL.
Page 846: Copying An Ipv4 Acl
63: IP 4 ACL C HAPTER ONFIGURATION To do… Use the command… Remarks Create or modify a rule rule [ rule-id ] { deny | Required permit } [ cos vlan-pri | To create multiple rules, dest-mac dest-addr repeat this step. dest-mask | lsap lsap-code lsap-wildcard | source-mac Note that the lsap keyword is...
Page 847: Displaying And Maintaining Ipv4 Acls
Displaying and Maintaining IPv4 ACLs Configuration Procedure Follow these steps to copy an IPv4 ACL: To do… Use the command… Remarks Enter system view system-view Copy an existing IPv4 ACL to acl copy { source-acl-number | name Required generate a new one of the source-acl-name } to same type { dest-acl-number | name...
Page 848 63: IP 4 ACL C HAPTER ONFIGURATION Network Diagram Figure 253 Network diagram for IPv4 ACL configuration President`s office 192.168.1.0/24 Salary query server 192.168.4.1 GE1/0/1 GE 1/0 /4 GE1/0/2 GE 1/0 /3 Switch R&D department Marketing department 192.168.2.0/24 192.168.3.0/24 Configuration Procedure 1 Create a time range for office hours # Create a periodic time range spanning 8:00 to 18:00 in working days.
Page 849 IPv4 ACL Configuration Example [Switch] traffic behavior b_rd [Switch-behavior-b_rd] filter deny [Switch-behavior-b_rd] quit # Configure class c_market for packets matching IPv4 ACL 3001. [Switch] traffic classifier c_market [Switch-classifier-c_market] if-match acl 3001 [Switch-classifier-c_market] quit # Configure traffic behavior b_ market to deny matching packets. [Switch] traffic behavior b_market [Switch-behavior-b_market] filter deny [Switch-behavior-b_market] quit...
Page 850 63: IP 4 ACL C HAPTER ONFIGURATION...
Page 851: Ipv
6 ACL C ONFIGURATION When configuring IPv6 ACLs, go to these sections for information you are interested in: “Creating a Time Range” on page 851 ■ “Configuring a Basic IPv6 ACL” on page 851 ■ “Configuring an Advanced IPv6 ACL” on page 852 ■...
Page 852: Configuring An Advanced Ipv6 Acl
64: IP 6 ACL C HAPTER ONFIGURATION To do… Use the command… Remarks Create an IPv6 ACL description text Optional description By default, no IPv6 ACL description is present. Create a rule rule rule-id comment text Optional description By default, no rule description is present. You will fail to create or modify a rule if its permit/deny statement is exactly the ■...
Page 853 Configuring an Advanced IPv6 ACL To do… Use the command… Remarks Enter system view system-view Create and enter advanced acl ipv6 number Required IPv6 ACL view acl6-number [ name The default match order is acl6-name ] [ match-order config. { auto | config } ] If you specify a name for an IPv6 ACL when creating the ACL, you can use the acl ipv6...
Page 854: Copying An Ipv6 Acl
64: IP 6 ACL C HAPTER ONFIGURATION <Sysname> system-view [Sysname] acl ipv6 number 3000 [Sysname-acl6-adv-3000] rule permit tcp source 2030:5060::9050/64 # Verify the configuration. [Sysname-acl6-adv-3000] display acl ipv6 3000 Advanced IPv6 ACL 3000, named -none-, 1 rule, ACL’s step is 5 rule 0 permit tcp source 2030:5060::9050/64 Copying an IPv6 ACL This feature allows you to copy an existent IPv6 ACL to generate a new one, which...
Page 855 IPv6 ACL Configuration Example Configure an ACL to deny access of the R&D department to external networks. Network Diagram Figure 254 Network diagram for IPv6 ACL configuration GE 1/0/1 To the router Switch R&D department 4050 ::9000 /120 Configuration Procedure # Create an IPv6 ACL 2000.
Page 856 64: IP 6 ACL C HAPTER ONFIGURATION...
Page 857: Introduction
VERVIEW Introduction Quality of Service (QoS) is a concept generally existing in occasions where service supply-demand relations exist. QoS measures the ability to meet the service needs of customers. Generally, the evaluation is not to give precise grading. The purpose of the evaluation is to analyze the conditions where the services are good and the conditions where the services still need to be improved, so that specific improvements can be implemented.
Page 858: Occurrence And Influence Of Congestion And The Countermeasures
65: Q HAPTER VERVIEW Telnet do not necessarily require high bandwidth but they are highly dependent on low delay and need to be processed preferentially in case of congestion. The emergence of new services brings forward higher requirements for the service capability of the IP network.
Page 859: Major Traffic Management Techniques
Major Traffic Management Techniques Aggravated congestion will consume a large amount of network resources ■ (especially memory resources), and unreasonable resource assignment will even lead to system resource deadlock and cause the system breakdown. It is obvious that congestion is the root of service performance declination because congestion makes traffic unable to get resources timely.
Page 860 65: Q HAPTER VERVIEW...
Page 861: Traffic Classification , Tp, And Lr Configuration
, TP, RAFFIC LASSIFICATION ONFIGURATION When configuring traffic classification, TP, and LR, go to these section for information you are interested in: “Traffic Classification Overview” on page 861 ■ “TP and LR Overview” on page 864 ■ “Traffic Evaluation and Token Bucket” on page 864 ■...
Page 862 66: T , TP, LR C HAPTER RAFFIC LASSIFICATION ONFIGURATION occurs, queue scheduling is performed on the packets; when congestion get worse, congestion avoidance is performed on the packets. Priority The following describes several types of precedence: 1 IP precedence, ToS precedence, and DSCP precedence Figure 256 DS field and ToS field Bits: Bits:...
Page 863 Traffic Classification Overview Class selector (CS) class: This class comes from the IP ToS field and includes ■ eight subclasses; Best Effort (BE) class: This class is a special class without any assurance in the CS ■ class. The AF class can be degraded to the BE class if it exceeds the limit. Current IP network traffic belongs to this class by default.
Page 864: Tp And Lr Overview
66: T , TP, LR C HAPTER RAFFIC LASSIFICATION ONFIGURATION Figure 258 802.1Q tag headers Byte 1 Byte 2 Byte 3 Byte 4 TCI (Tag Control Information) TPID (Tag Protocol Identifier) 0 0 0 Priority VLAN ID In the figure above, the 3-bit priority field in TCI is 802.1p precedence in the range of 0 to 7.
Page 865 Traffic Evaluation and Token Bucket Figure 259 Evaluate traffic with a token bucket Put tokens in the bucket at the set rate Packets to be sent through this port Continue to send Packet classification Token bucket Drop Evaluating Traffic with a The evaluation for the traffic specification is based on whether the number of Token Bucket tokens in the bucket can meet the need of packet forwarding.
Page 866: Lr Configuration
66: T , TP, LR C HAPTER RAFFIC LASSIFICATION ONFIGURATION implement different regulation policies in different conditions, including “enough tokens in C bucket”, “insufficient tokens in C bucket but enough tokens in E bucket” and “insufficient tokens in both C bucket and E bucket”. The typical application of TP is to supervise the specification of certain traffic into the network and limit it within a reasonable range, or to “discipline”...
Page 867: Displaying And Maintaining Lr
Displaying and Maintaining LR To do… Use the command… Remarks Configure LR qos lr outbound cir Required committed-information-rate [ cbs committed-burst-size ] LR Configuration Limit the outbound rate of GigabitEthernet 1/0/1 to 640 kbps. Examples # Enter system view <Sysname> system-view # Enter interface view [Sysname] interface GigabitEthernet 1/0/1 # Configure LR parameter and limit the outbound rate to 640 kbps...
Page 868 66: T , TP, LR C HAPTER RAFFIC LASSIFICATION ONFIGURATION...
Page 869: Overview
OLICY ONFIGURATION When configuring QoS policy, go to these sections for information that you are interested in: “Overview” on page 869 ■ “Configuring QoS Policy” on page 870 ■ “Introduction to QoS Policies” on page 870 ■ “Configuring a QoS Policy” on page 870 ■...
Page 870: Configuring Qos Policy
67: Q HAPTER OLICY ONFIGURATION Configuring QoS The procedure for configuring QoS policy is as follows: Policy 1 Define a class and define a group of traffic classification rules in class view. 2 Define a traffic behavior and define a group of QoS actions in traffic behavior view.
Page 871 Configuring a QoS Policy Configuration procedure Follow these steps to define a class: To do… Use the command… Remarks Enter system view system-view Create a class and enter the traffic classifier Required corresponding class view classifier-name [ operator By default, the and keyword { and | or } ] is specified.
Page 872 67: Q HAPTER OLICY ONFIGURATION Table 69 The form of the match-criteria argument Form Description service-dot1p Specifies to match packets by 802.1p precedence of the service provider 8021p-list network. The 8021p-list argument is a list of CoS values. You can provide up to eight space-separated CoS values for this argument.
Page 873 Configuring a QoS Policy To do… Use the command… Remarks Enter system view system-view Create a traffic behavior traffic behavior behavior-name Required and enter the behavior-name: corresponding traffic Behavior name. This behavior view operation leads you to traffic behavior view Configure accounting accounting Required...
Page 874 67: Q HAPTER OLICY ONFIGURATION # Create the traffic behavior (This operation leads you to traffic behavior view). [Sysname] traffic behavior test # Configure TP action for the traffic behavior. [Sysname-behavior-test] car cir 640 Defining a Policy A policy associates a class with a traffic behavior. Each traffic behavior is comprised of a group of QoS actions.
Page 875 Configuring a QoS Policy Table 70 The support for the inbound direction and the outbound direction Action Inbound Outbound Supported Supported Traffic filtering Supported Supported Traffic mirroring Supported Supported Configuring the outer VLAN Supported Not supported Traffic redirecting Supported Not supported Remarking the customer Not supported Supported...
Page 876: Displaying And Maintaining Qos Policy
67: Q HAPTER OLICY ONFIGURATION [Sysname] qos policy test [Sysname-qospolicy-test] # Associate the traffic behavior named test_behavior with the class named test_class. [Sysname-qospolicy-test] classifier test_class behavior test_behavio [Sysname-qospolicy-test] quit # Enter port view. [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] # Apply the policy to the port. [Sysname-GigabitEthernet1/0/1] qos apply policy test inbound Displaying and Maintaining QoS...
Page 877: Congestion Management
ONGESTION ANAGEMENT When configuring congestion management, go to these section for information that you are interested in: “Overview” on page 877 ■ “Congestion Management Policy” on page 877 ■ “Configuring an SP Queue” on page 879 ■ “Configuring a WRR Queue” on page 880 ■...
Page 878 68: C HAPTER ONGESTION ANAGEMENT The following paragraphs describe strict-priority (SP) queue-scheduling algorithm, and weighted round robin (WRR) queue-scheduling algorithm. 1 SP queue-scheduling algorithm Figure 260 Diagram for SP queuing Queue 7 High priority Packets to be sent through this port Queue 6 Sent packets Interface...
Page 879: Configuring An Sp Queue
In this way, the bandwidth resources are fully utilized. 3Com Switch 4800G Family support the following three queue scheduling algorithms: All the queues are scheduled through the SP algorithm.
Page 880: Configuring A Wrr Queue
68: C HAPTER ONGESTION ANAGEMENT To do… Use the command… Remarks Enter Enter interface interface-type Perform either of the two operations. port view port interface-number The configuration performed in or port view Ethernet port view applies to the group Enter port-group { manual current port only.
Page 881: Configuring Sp+Wrr Queues
Configuring SP+WRR Queues Configuration Examples Network requirements Configure WRR queue scheduling algorithm on GigabitEthernet1/0/1, and assign weight 1, 2, 4, 6, 8, 10, 12, and 14 to queue 0 through queue 7. Configuration procedure # Enter system view. <Sysname> system-view # Configure the WRR queues on GigabitEthernet1/0/1 port.
Page 882: Displaying And Maintaining Congestion Management
68: C HAPTER ONGESTION ANAGEMENT To do… Use the command… Remarks Configure WRR queue qos wrr queue-id group Required scheduling group-id weight queue-weight Configuration Examples Network requirements Configure to adopt SP+WRR queue scheduling algorithm on ■ GigabitEthernet1/0/1. Configure queue 0, queue 1, queue 2 and queue 3 on GigabitEthernet1/0/1 to ■...
Page 883: Priority Mapping Overview
RIORITY APPING When configuring priority mapping, go to these sections for information you are interested in: “Priority Mapping Overview” on page 883 ■ “Configuring a Priority Mapping Table” on page 884 ■ “Configuring the Port Priority” on page 885 ■ “Configuring Port Priority Trust Mode”...
Page 884: Configuring A Priority Mapping Table
69: P HAPTER RIORITY APPING Table 71 The default values of dot1p-lp mapping and dot1p-dp mapping Imported priority value dot1p-lp mapping dot1p-dp mapping 802.1p precedence (dot1p) Local precedence (lp) Drop precedence (dp) Table 72 The default values of dscp-dp mapping, dscp-dot1p mapping, and dscp-dscp mapping Imported priority value...
Page 885: Configuring The Port Priority
Configuring the Port Priority To do… Use the command… Remarks Enter priority mapping table qos map-table { dot1p-dp | Required view dot1p-lp | dscp-dot1p | To configure a priority dscp-dp | dscp-dscp } mapping table, you need to enter the corresponding priority mapping table view.
Page 886: Configuring Port Priority Trust Mode
69: P HAPTER RIORITY APPING Configuration The port priority of the port is determined. Prerequisites Configuration Procedure Follow these steps to configure port priority: To do… Use the command… Remarks Enter system view system-view Enter port Enter port interface interface-type Perform either of the two view or port view...
Page 887: Displaying And Maintaining Priority Mapping
Displaying and Maintaining Priority Mapping To do… Use the command… Remarks Configure to trust the qos trust dscp Required DSCP precedence of the By default, the 802.1p received packets precedence of the received packets is trusted. Configuration Examples Network requirements Configure to trust the DSCP precedence of the received packets.
Page 888 69: P HAPTER RIORITY APPING...
Page 889: Olicy To Vlan
VLAN PPLYING A OLICY TO When applying a QoS policy to VLANs, go to these sections for information that you are interested in: “Overview” on page 889 ■ “Applying a QoS Policy to VLANs” on page 889 ■ “Displaying and Maintaining QoS Policies Applied to VLANs” on page 890 ■...
Page 890: Displaying And Maintaining Qos Policies Applied To Vlans
70: A VLAN HAPTER PPLYING A OLICY TO Displaying and Maintaining QoS To do… Use the command… Remarks Policies Applied to Display the QoS policies display qos vlan-policy Available in any view VLANs applied to VLANs { name policy-name | vlan [ vlan-id ] } Clear the statistics reset qos vlan-policy [ vlan...
Page 891: Traffic
RAFFIC IRRORING ONFIGURATION When configuring traffic mirroring, go to these sections for information that you are interested in: “Overview” on page 891 ■ “Configuring Traffic Mirroring” on page 891 ■ “Displaying and Maintaining Traffic Mirroring” on page 892 ■ “Traffic Mirroring Configuration Examples” on page 892 ■...
Page 892: Displaying And Maintaining Traffic Mirroring
71: T HAPTER RAFFIC IRRORING ONFIGURATION Displaying and Maintaining Traffic To do… Use the command… Remarks Mirroring Display the configuration display traffic behavior Available in any view information about the user-defined behavior-name user-defined traffic behavior Display the configuration display qos policy information about the user-defined policy-name user-defined policy...
Page 893 Traffic Mirroring Configuration Examples # Configure a traffic behavior and define the action of mirroring traffic to GigabitEthernet1/0/2 in the traffic behavior. [Sysname] traffic behavior 1 [Sysname-behavior-1] mirror-to interface GigabitEthernet 1/0/2 [Sysname-behavior-1] quit # Configure a QoS policy and associate traffic behavior 1 with classification rule 1. [Sysname] qos policy 1 [Sysname-policy-1] classifier 1 behavior 1 [Sysname-policy-1] quit...
Page 894 71: T HAPTER RAFFIC IRRORING ONFIGURATION...
Page 895: Port
IRRORING ONFIGURATION When configuring port mirroring, go to these sections for information you are interested in: “Introduction to Port Mirroring” on page 895 ■ “Configuring Local Port Mirroring” on page 897 ■ “Configuring Remote Port Mirroring” on page 898 ■ “Displaying and Maintaining Port Mirroring”...
Page 896 72: P HAPTER IRRORING ONFIGURATION devices in a network. Currently, remote port mirroring can only be implemented on Layer 2. Implementing Port Port mirroring is implemented through port mirroring groups, which fall into these Mirroring three categories: local port mirroring group, remote source port mirroring group, and remote destination port mirroring group.
Page 897: Configuring Local Port Mirroring
Configuring Local Port Mirroring Destination device contains destination mirroring port, and remote destination port mirroring groups are created on destination devices. Upon receiving a mirrored packet, the destination device checks to see if the VLAN ID of the received packet is the same as that of the remote mirroring VLAN of the remote destination port mirroring group.
Page 898: Configuring Remote Port Mirroring
72: P HAPTER IRRORING ONFIGURATION Configuring Remote Port Mirroring Configuring a Remote Follow these steps to configure a remote port mirroring group Source Mirroring Group To do… Use the command… Remarks Enter system view system-view Create a remote source mirroring-group group-id Required mirroring group remote-source...
Page 899: Displaying And Maintaining Port Mirroring
Displaying and Maintaining Port Mirroring Configuring a Remote Follow these steps to configure a remote destination port mirroring group: Destination Port Mirroring Group To do… Use the command… Remarks Enter system view system-view Create a remote destination port mirroring-group Required mirroring group group-id remote-destination...
Page 900: Port Mirroring Configuration Examples
72: P HAPTER IRRORING ONFIGURATION Port Mirroring Configuration Examples Local Port Mirroring Network requirements Configuration Example The departments of a company connect to each other through Ethernet switches: Research and Development (R&D) department is connected to Switch C ■ through GigabitEthernet 1/0/1. Marketing department is connected to Switch C through GigabitEthernet ■...
Page 901 Port Mirroring Configuration Examples # Add port GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to the port mirroring group as source ports. Add port GigabitEthernet 1/0/3 to the port mirroring group as the destination port. [SwitchC] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 Gig abitEthernet 1/0/2 both [SwitchC] mirroring-group 1 monitor-port GigabitEthernet 1/0/3 # Display the configuration of all the port mirroring groups.
Page 902 72: P HAPTER IRRORING ONFIGURATION Network diagram Figure 266 Network diagram for remote port mirroring configuration Switch A Switch B Switch C GE1/0/3 GE 1/0/1 GE 1/0/1 GE 1/0/2 GE 1/0/1 GE1 /0/2 GE1/0/2 Department 1 Department 2 Data monitoring device Configuration procedure 1 Configure Switch A (the source device).
Page 903 Port Mirroring Configuration Examples # Configure port GigabitEthernet 1/0/2 as a trunk port and configure the port to permit the packets of VLAN 2. [SwitchB] interface GigabitEthernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] port link-type trunk [SwitchB-GigabitEthernet1/0/2] port trunk permit vlan 2 1 Configure Switch C (the destination device). # Configure port GigabitEthernet 1/0/1 as a trunk port and configure the port to permit the packets of VLAN 2.
Page 904 72: P HAPTER IRRORING ONFIGURATION...
Page 905: Cluster Management Configuration
Cluster management is implemented through 3Com Group Management Protocol version 2 (Switch Clusteringv2). By employing Switch Clusteringv2, a network administrator can manage multiple devices using the public IP address of one device in a cluster.
Page 906 73: C HAPTER LUSTER ANAGEMENT ONFIGURATION Figure 267 Network diagram for a cluster Network 69.110.1.100 management device Network Management 69.110.1.1 device Member device Cluster Member device Candidate Member device device Cluster management offers the following advantages: Saving public IP address resource ■...
Page 907 Cluster Management Overview Figure 268 Role change in a cluster Candidate device Designates as a Leaves a management cluster device Cancels the Joins a designated cluster management device Management device Member device A device in a cluster changes its role according to the following rules: A candidate device becomes a management device when you create a cluster ■...
Page 908 73: C HAPTER LUSTER ANAGEMENT ONFIGURATION Introduction to NDP NDP is used to discover the information about directly connected neighbors, including the device name, software version, and connecting port of the adjacent devices. NDP works in the following ways: A device running NDP periodically sends NDP packets to its neighbors. An NDP ■...
Page 909 Cluster Management Overview The adjacent device performs the same operation until the NTDP topology ■ collection request is sent to all the devices within specified hops. When the NTDP topology collection request is advertised in the network, large numbers of network devices receive the NTDP topology collection request and send NTDP topology collection response at the same time, which may cause congestion and the management device busyness.
Page 910 73: C HAPTER LUSTER ANAGEMENT ONFIGURATION devices at the same interval. Upon receiving the handshake packets from the other side, the management device or member device simply changes or remains its state as Active, without sending a response. If the management device does not receive the handshake packets from a ■...
Page 911: Cluster Configuration Task List
Cluster Configuration Task List of the management VLAN can you set the packets without tags from the management VLAN to pass the ports; otherwise, only the packets with tags from the management VLAN can pass the ports. Refer to “Introduction to VLAN” on page 83. Cluster Configuration Before configuring a cluster, you need to determine the roles and functions the Task List...
Page 912: Configuring The Management Device
73: C HAPTER LUSTER ANAGEMENT ONFIGURATION CAUTION: Disabling the NDP and NTDP functions on the management device and member devices after a cluster is created will not cause the cluster to be dismissed, but will influence the normal operation of the cluster. Configuring the Management Device Enabling NDP Globally...
Page 913 Configuring the Management Device To do… Use the command… Remarks Enter system view system-view Enable NTDP globally ntdp enable Optional Enabled by default Enable NTDP for the port interface interface-type Optional interface-number NTDP is enabled on all ports ntdp enable by default.
Page 914 73: C HAPTER LUSTER ANAGEMENT ONFIGURATION To do… Use the command… Remarks Manually collect NTDP ntdp explore Required information Enabling the Cluster Function To do… Use the command… Remarks Enter system view system-view Enable the cluster function cluster enable Optional globally Enabled by default.
Page 915 Configuring the Management Device To do… Use the command… Remarks Enter system view system-view Specify the management management-vlan vlan-id Optional VLAN By default, VLAN 1 is the management VLAN. Enter cluster view cluster Configure the private IP ip-pool Required address range for member administrator-ip-address For a cluster to work normally, devices on a device which...
Page 916 73: C HAPTER LUSTER ANAGEMENT ONFIGURATION Configuring In a cluster, the management device and member devices communicate by Communication sending handshake packets to maintain connection between them. You can Between the configure interval of sending handshake packets and the holdtime of a device on Management Device the management device.
Page 917: Configuring The Member Devices
Configuring the Member Devices To do… Use the command… Remarks Enter cluster view cluster Add a candidate device to the add-member Optional cluster [ member-number ] mac-address mac-address [ password password ] Remove a member device delete-member Required from the cluster member-number [ to-black-list ] Rebooting a member device...
Page 918: Configuring Access Between The Management Device And Its Member Devices
73: C HAPTER LUSTER ANAGEMENT ONFIGURATION To do… Use the command… Remarks Delete a member device from undo Required the cluster administrator-address Configuring Access After having successfully configured NDP, NTDP and cluster, you can configure, Between the manage and monitor the member devices through the management device. You Management Device can manage member devices in a cluster through switching from the operation and Its Member...
Page 919: Adding A Candidate Device To A Cluster
Adding a Candidate Device to a Cluster Adding a Candidate Follow these steps to add a candidate device to a cluster: Device to a Cluster To do… Use the command… Remarks Enter system view system-view Enter cluster view cluster Add a candidate device to the administrator-address Required cluster...
Page 920 73: C HAPTER LUSTER ANAGEMENT ONFIGURATION To do… Use the command… Remarks Enter system view system-view Enter cluster view cluster Add a device to the blacklist black-list add-mac mac-address Optional Remove a device from the black-list delete-mac { all | Optional blacklist mac-address }...
Page 921 Configuring Advanced Cluster Functions To do… Use the command… Remarks Configure the TFTP server tftp-server ip-address Required shared by the member devices By default, no TFTP server is in the cluster configured for a cluster. Configure the log host shared logging-host ip-address Required by the member devices in the...
Page 922: Displaying And Maintaining Cluster Management
73: C HAPTER LUSTER ANAGEMENT ONFIGURATION Displaying and Maintaining Cluster To do… Use the command… Remarks Management Display NDP configuration display ndp [ interface interface-list ] Available in any information view Display the global NTDP display ntdp information Display the device display ntdp device-list [ verbose ] information collected through NTDP...
Page 923 Cluster Management Configuration Examples Ethernet 1/1 port of the management device belongs to VLAN 2, whose ■ interface IP address is 163.172.55.1/24. The network management interface of the management device is VLAN-interface 2. VLAN 2 is the network management (NM) interface of the management device. All the devices in the cluster use the same FTP server and TFTP server, which ■...
Page 924 73: C HAPTER LUSTER ANAGEMENT ONFIGURATION 2 Configuring the management device # Enable NDP globally and for the GigabitEthernet1/0/2,GigabitEthernet1/0/3 ports. <Switch> system-view [Switch] ndp enable [Switch] interface GigabitEthernet1/0/2 [Switch- GigabitEthernet1/0/2] ndp enable [Switch-GigabitEthernet1/0/2] quit [Switch] interface GigabitEthernet1/0/3 [Switch-GigabitEthernet1/0/3] ndp enable [Switch-GigabitEthernet1/0/3 quit # Configure the period for the receiving device to keep NDP packets as 200 seconds.
Page 925 Cluster Management Configuration Examples [Switch-GigabitEthernet 1/0/3] port trunk permit vlan 10 [Switch-GigabitEthernet 1/0/3] quit # Enable the cluster function. [Switch] cluster enable # Enter cluster view. [Switch] cluster # Configure an IP address pool for the cluster. The IP address pool contains six IP addresses, starting from 172.16.0.1.
Page 926 73: C HAPTER LUSTER ANAGEMENT ONFIGURATION You can execute the cluster switch-to administrator command to switch to ■ the operation interface of the management device. For detailed information about these configurations, refer to the preceding ■ description in this chapter.
Page 927: Introduction To Udp Helper
UDP H ELPER ONFIGURATION When configuring UDP Helper, go to these sections for information you are interested in: “Introduction to UDP Helper” on page 927 ■ “Configuring UDP Helper” on page 927 ■ “Displaying and Maintaining UDP Helper” on page 928 ■...
Page 928: Displaying And Maintaining Udp Helper
74: UDP H HAPTER ELPER ONFIGURATION To do… Use the command… Remarks Specify the destination server udp-helper server ip-address Required to which UDP packets are to No destination server is be forwarded specified by default. CAUTION: The UDP Helper enabled device cannot forward DHCP broadcast packets. That ■...
Page 929 UDP Helper Configuration Example # Enable UDP Helper. <SwitchA> system-view [SwitchA] udp-helper enable # Enable the forwarding broadcast packets with the UDP destination port number [SwitchA] udp-helper port 55 # Specify the server with the IP address of 10.2.1.1 as the destination server to which UDP packets are to be forwarded.
Page 930 74: UDP H HAPTER ELPER ONFIGURATION...
Page 931: Snmp Configuration
SNMP C ONFIGURATION When configuring SNMP, go to these sections for information you are interested “SNMP Overview” on page 931 ■ “SNMP Configuration” on page 933 ■ “Configuring SNMP Logging” on page 935 ■ “Trap Configuration” on page 936 ■ “Displaying and Maintaining SNMP”...
Page 932 75: SNMP C HAPTER ONFIGURATION Get operation: NMS gets the value of a certain variable of Agent through this ■ operation. Set operation: NMS can reconfigure certain values in the Agent MIB ■ (Management Information Base) to make the Agent perform certain tasks by means of this operation.
Page 933: Snmp Configuration
{ contact sys-contact | The defaults are as follows: location sys-location | version { all | { v1 | v2c | 3Com Corporation for v3 }* } } contact, Marlborough, MA for location, and SNMP v3 for the version.
Page 934 { contact sys-contact | The defaults are as follows: location sys-location | version { { v1 | v2c | v3 }* | 3Com Corporation for all } } contact, Marlborough, MA for location and SNMP v3 for the version.
Page 935: Configuring Snmp Logging
Configuring SNMP Logging To do… Use the command… Remarks Configure the maximum size snmp-agent packet Optional of an SNMP packet that can max-size byte-count 15,00 bytes by default be received or sent by an SNMP agent Configure the switch fabric ID snmp-agent local-switch Optional for a local SNMP agent...
Page 936: Trap Configuration
75: SNMP C HAPTER ONFIGURATION The size of SNMP logs cannot exceed that allowed by the information center ■ and the sum of the node, and value field of each log information cannot exceed 1K bytes; otherwise, the exceeded part will be output. For the detailed description of system information, the information center and ■...
Page 937: Displaying And Maintaining Snmp
Displaying and Maintaining SNMP To do… Use the command… Remarks Configure target host snmp-agent target-host Required attribute for Traps trap address udp-domain { ip-address | ipv6 ipv6-address } [ udp-port port-number ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ] Configure the source address snmp-agent trap source...
Page 938: Snmp Configuration Example
75: SNMP C HAPTER ONFIGURATION SNMP Configuration Network requirements Example The NMS connects to the agent, a switch, through an Ethernet. ■ The IP address of the NMS is 1.1.1.2/24. ■ The IP address of VLAN interface on the switch is 1.1.1.1/24. ■...
Page 939: Snmp Logging Configuration Example
SNMP Logging Configuration Example With SNMPv2c, the user needs to specify the read only community, the read and write community, the timeout time, and number of retries. The user can inquire and configure the device through the NMS. The configurations on the agent and the NMS must match. SNMP Logging Network requirements Configuration...
Page 940 75: SNMP C HAPTER ONFIGURATION The following log information is displayed on the terminal when NMS performs ■ the SET operation to Agent. %Jan 1 02:59:42:576 2006 Sysname SNMP/6/SET: seqNO = <11> srcIP = <1.1.1.2> op = <set> errorIndex = <0> errorStatus =<noError> node = <sysName(1.3.6.1.2.1.1.5.0)> value = <Sysnam e>...
Page 941: Rmon C
RMON C ONFIGURATION When configuring RMON, go to these sections for information you are interested “RMON Overview” on page 941 ■ “Configuring RMON” on page 943 ■ “Displaying and Maintaining RMON” on page 944 ■ “RMON Configuration Example” on page 945 ■...
Page 942 RMON Groups Among the ten RMON groups defined by RMON specifications (RFC 1757), 3Com series Ethernet switches support the event group, alarm group, history group and statistics group. Besides, 3Com also defines and implements the private alarm group, which enhances the functions of the alarm group.
Page 943: Configuring Rmon
Configuring RMON Compares the result with the defined threshold and generates an appropriate ■ event. If the count result overpasses the same threshold multiple times, only the first one can cause an alarm event. That is, the rising alarm and falling alarm are alternate. History group The history group controls the periodic statistical sampling of data, such as bandwidth utilization, number of errors, and total number of packets.
Page 944: Displaying And Maintaining Rmon
76: RMON C HAPTER ONFIGURATION To do… Use the command… Remarks Create an entry in the private rmon prialarm entry-number Optional alarm table prialarm-formula prialarm-des sampling-interval { absolute | changeratio | delta } rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 entrytype { forever | cycle cycle-period } [ owner text ] Two entries with the same configuration cannot be created.
Page 945: Rmon Configuration Example
RMON Configuration Example To do… Use the command… Remarks Display RMON event log display rmon eventlog Available in any information [ event-number ] view RMON Configuration Network requirements Example Agent is connected to a configuration terminal through its console port and to a remote NMS across the Internet.
Page 946 76: RMON C HAPTER ONFIGURATION # Configure an alarm group to sample received bytes on GigabitEthernet 1/0/1. When the received bytes exceed the upper or below the lower limit, logging is enabled. [Sysname] rmon alarm 1 1.3.6.1.2.1.16.1.1.1.4.1 delta rising-threshold 1000 1 falling-threshold 100 1 owner 1-rmon [Sysname] display rmon alarm 1 Alarm table 1 owned by 1-rmon is VALID.
Page 947: Ntp Overview
NTP C ONFIGURATION The local clock of a Switch 4800Gcannot be set as a reference clock. It can serve as a reference clock source to synchronize the clock of other devices only after it is synchronized. When configuring NTP, go to these sections for information you are interested in: “NTP Overview”...
Page 948 77: NTP C HAPTER ONFIGURATION To implement certain functions, such as scheduled restart of all devices within ■ the network, all devices must be consistent in timekeeping. When multiple systems process a complex event in cooperation, these systems ■ must use that same reference clock to ensure the correct execution sequence. For increment backup between a backup server and clients, timekeeping must ■...
Page 949 NTP Overview The process of system clock synchronization is as follows: Switch A sends Switch B an NTP message, which is timestamped when it leaves ■ Switch A. The time stamp is 10:00:00 am (T1). When this NTP message arrives at Switch B, it is timestamped by Switch B. The ■...
Page 950 77: NTP C HAPTER ONFIGURATION Figure 278 Clock synchronization message format Mode Stratum Poll Precision Root delay (32 bits) Root dispersion (32 bits) Reference identifier (32 bits) Reference timestamp (64 bits) Originate timestamp (64 bits) Receive timestamp (64 bits) Transmit timestamp (64 bits) Authenticator (optional 96 bits) Main fields are described as follows: LI: 2-bit leap indicator.
Page 951 NTP Overview Receive Timestamp: the local time at which the request arrived at the service ■ host. Transmit Timestamp: the local time at which the reply departed the service host ■ for the client. Authenticator: authentication information. ■ Operation Modes of NTP Switches running NTP can implement clock synchronization in one of the following modes: Server/client mode...
Page 952 77: NTP C HAPTER ONFIGURATION passive mode and sends a reply, with the Mode field in the message set to 2 (symmetric passive). By exchanging messages, the symmetric peers mode is established between the two switches. Then, the two switches can synchronize, or be synchronized by, each other.
Page 953: Ntp Configuration Task List
NTP Configuration Task list messages set to 5 (multicast mode). Clients listen to the multicast messages from servers. After a client receives the first multicast message, the client and the server start to exchange messages, with the Mode field set to 3 (client mode) and 4 (server mode) to calculate the network delay between client and the server.
Page 954 77: NTP C HAPTER ONFIGURATION Configuring NTP For switches working in the server/client mode, you only need to make Server/Client Mode configurations on the clients, and not on the servers. Follow these steps to configure an NTP client: To do… Use the command…...
Page 955 Configuring the Operation Modes of NTP Typically, at least one of the symmetric-active and symmetric-passive peers has ■ been synchronized; otherwise the clock synchronization will not proceed. You can configure multiple symmetric-passive peers by repeating the ■ ntp-service unicast-peer command. Configuring NTP The broadcast server periodically sends NTP broadcast messages to the broadcast Broadcast Mode...
Page 956: Configuring Optional Parameters Of Ntp
77: NTP C HAPTER ONFIGURATION To do… Use the command… Remarks Enter interface view interface interface-type Enter the interface used to interface-number receive NTP multicast messages Configure the switch to work ntp-service multicast-client Required in the NTP multicast client [ ip-address ] mode Configuring the multicast server To do…...
Page 957: Configuring Access-Control Rights
Configuring Access-Control Rights To do… Use the command… Remarks Disable the interface from ntp-service in-interface Required receiving NTP messages disable An interface is enabled to receive NTP messages by default Configuring the Maximum Number of To do… Use the command… Remarks Dynamic Sessions Enter system view...
Page 958: Configuring Ntp Authentication
77: NTP C HAPTER ONFIGURATION The access-control right mechanism provides only a minimum degree of security protection for the system running NTP. A more secure method is identity authentication. Configuring NTP The NTP authentication feature should be enabled for a system running NTP in a Authentication network where there is a high security demand.
Page 959 Configuring NTP Authentication To do… Use the command… Remarks Configure the key as ntp-service reliable Required a trusted key authentication-keyid keyid No authentication key is configured to be trusted by default Associate the Server/client mode: Required specified key with an ntp-service unicast-server You can associate a NTP server...
Page 960: Displaying And Maintaining Ntp
77: NTP C HAPTER ONFIGURATION Displaying and Maintaining NTP To do… Use the command… Remarks View the information of NTP service display ntp-service status Available in any view status View the information of NTP display ntp-service sessions Available in any view sessions [ verbose ] View the brief information of the...
Page 961 NTP Configuration Examples # Specify Switch A as the NTP server of Switch B so that Switch B is synchronized to Switch A. <SwitchB> system-view [SwitchB] ntp-service unicast-server 1.0.1.11 # View the NTP status of Switch B after clock synchronization. [SwitchB] display ntp-service status Clock status: synchronized Clock stratum: 3...
Page 962 77: NTP C HAPTER ONFIGURATION Network diagram Figure 284 Network diagram for NTP symmetric peers mode configuration Switch A 3.0 .1.31/24 3.0.1.32/24 3 .0.1.33/24 Switch B Switch C Configuration procedure 1 Configuration on Switch A: # Specify the local clock as the reference source, with the stratum level of 2. <SwitchA>...
Page 963 NTP Configuration Examples Clock precision: 2^7 Clock offset: -21.1982 ms Root delay: 15.00 ms Root dispersion: 775.15 ms Peer dispersion: 34.29 ms Reference time: 15:22:47.083 UTC Apr 20 2007 (C6D95647.153F7CED) As shown above, Switch B has been synchronized to Switch C, and the clock stratum level of Switch B is 2, while that of Switch C is 1.
Page 964 77: NTP C HAPTER ONFIGURATION # Configure Switch C to work in the broadcast server mode and send broadcast messages through VLAN-interface 2. [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] ntp-service broadcast-server 1 Configuration on Switch D: # Configure Switch D to work in the broadcast client mode and receive broadcast messages on VLAN-interface 2.
Page 965 NTP Configuration Examples Configuring NTP Network requirements Multicast Mode Switch C’s local clock is to be used as a reference source, with the stratum level ■ of 2. Switch C works in the multicast server mode and sends out multicast messages ■...
Page 966 77: NTP C HAPTER ONFIGURATION # View the NTP status of Switch D after clock synchronization. [SwitchD] display ntp-service status Clock status: synchronized Clock stratum: 3 Reference clock ID: 3.0.1.31 Nominal frequency: 100.0000 Hz Actual frequency: 100.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 31.00 ms Root dispersion: 8.31 ms...
Page 967 NTP Configuration Examples # View the NTP status of Switch A after clock synchronization. [SwitchA] display ntp-service status Clock status: synchronized Clock stratum: 3 Reference clock ID: 3.0.1.31 Nominal frequency: 100.0000 Hz Actual frequency: 100.0000 Hz Clock precision: 2^7 Clock offset: 0.0000 ms Root delay: 40.00 ms Root dispersion: 10.83 ms Peer dispersion: 34.30 ms...
Page 968 77: NTP C HAPTER ONFIGURATION 2 Configuration on Switch B: <SwitchB> system-view # Enable NTP authentication on Switch B. [SwitchB] ntp-service authentication enable # Set an authentication key. [SwitchB] ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey # Specify the key as key as a trusted key. [SwitchB] ntp-service reliable authentication-keyid 42 # Specify Switch A as the NTP server.
Page 969 NTP Configuration Examples [SwitchB] display ntp-service sessions source reference stra reach poll offset delay disper ************************************************************************** [12345] 1.0.1.11 127.127.1.0 -75.5 31.0 16.5 note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured Total associations : Configuring NTP Network requirements Broadcast Mode with Switch C’s local clock is to be used as a reference source, with the stratum level ■...
Page 970 77: NTP C HAPTER ONFIGURATION 2 Configuration on Switch D: # Configure NTP authentication <SwitchD> system-view [SwitchD] ntp-service authentication enable [SwitchD] ntp-service authentication-keyid 88 authentication-mode md5 123456 [SwitchD] ntp-service reliable authentication-keyid 88 # Configure Switch D to work in the NTP broadcast client mode [SwitchD] interface vlan-interface 2 [SwitchD-Vlan-interface2] ntp-service broadcast-client Now, Switch D can receive broadcast messages through VLAN-interface 2, and...
Page 971: Dns Overview
DNS C ONFIGURATION When configuring DNS, go to these sections for information you are interested in: “DNS Overview” on page 971 ■ “Configuring the DNS Client” on page 973 ■ “Configuring the DNS Proxy” on page 974 ■ “Displaying and Maintaining DNS” on page 974 ■...
Page 972 78: DNS C HAPTER ONFIGURATION 4 The DNS client returns the resolution result to the application after receiving a response from the DNS server. Figure 289 Dynamic domain name resolution Request Request User Resolver program Response Response DNS server Save Read Cache DNS client...
Page 973: Configuring The Dns Client
Configuring the DNS Client If an alias is configured for a domain name on the DNS server, the device can resolve the alias into the IP address of the host. DNS Proxy Introduction to DNS proxy A DNS proxy forwards DNS requests and replies between DNS clients and a DNS server.
Page 974: Configuring The Dns Proxy
78: DNS C HAPTER ONFIGURATION To do… Use the command… Remarks Configure a mapping between a ip host hostname ip-address Required host name and IP address in the Not configured by static name resolution table default. The IP address you last assign to the host name will overwrite the previous one if there is any.
Page 975: Dns Configuration Examples
DNS Configuration Examples DNS Configuration Examples Static Domain Name Network requirements Resolution Switch uses the static domain name resolution to access Host with IP address Configuration Example 10.1.1.2 through domain name host.com. Network diagram Figure 291 Network diagram for static domain name resolution 10.1.1.2/24 10.1.1.1/24 host.com...
Page 976 78: DNS C HAPTER ONFIGURATION Network diagram Figure 292 Network diagram for dynamic domain name resolution IP network 2.1.1.2 /16 1.1.1.1 /16 2.1.1.1/16 3.1.1 .1/16 host.com Switch DNS server Host DNS client Configuration procedure Before performing the following configuration, make sure that there is a route ■...
Page 977 DNS Configuration Examples Figure 294 Add a host In Figure 294, right click zone com, and then select New Host to bring up a dialog box as shown in Figure 295. Enter host name host and IP address 3.1.1.1. Figure 295 Add a mapping between domain name and IP address 1 Configure the DNS client # Enable dynamic domain name resolution.
Page 978 78: DNS C HAPTER ONFIGURATION <Sysname> system-view [Sysname] dns resolve # Specify the DNS server 2.1.1.2. [Sysname] dns server 2.1.1.2 # Configure com as the name suffix. [Sysname] dns domain com 2 Configuration verification # Execute the ping host command on the device to verify that the communication between the device and the host is normal and that the corresponding destination IP address is 3.1.1.1.
Page 979 DNS Configuration Examples Network diagram Figure 296 Network diagram for DNS proxy Switch B DNS client 4.1.1 .1/24 DNS server Switch A 2.1.1.1 /24 DNS proxy 2.1.1 .2/24 1.1 .1.1/24 IP network 3.1.1 .1/24 host.com Host Configuration procedure Before performing the following configuration, assume that Switch A, the DNS server, and the host are reachable to each other and the IP addresses of the interfaces are configured as shown in Figure 296.
Page 980: Troubleshooting Dns Configuration
78: DNS C HAPTER ONFIGURATION [SwitchB] ping host.com Trying DNS resolve, press CTRL_C to break Trying DNS server (2.1.1.2) PING host.com (3.1.1.1): data bytes, press CTRL_C to break Reply from 3.1.1.1: bytes=56 Sequence=1 ttl=126 time=3 ms Reply from 3.1.1.1: bytes=56 Sequence=2 ttl=126 time=1 ms Reply from 3.1.1.1: bytes=56 Sequence=3 ttl=126 time=1 ms Reply from 3.1.1.1: bytes=56 Sequence=4 ttl=126 time=1 ms Reply from 3.1.1.1: bytes=56 Sequence=5 ttl=126 time=1 ms...
Page 981: File
YSTEM ANAGEMENT ONFIGURATION When configuring the file system management, go to these sections for information you are interested in: “File System Management” on page 981 ■ “Configuration File Management” on page 985 ■ “Displaying and Maintaining Device Configuration” on page 989 ■...
Page 982 79: F HAPTER YSTEM ANAGEMENT ONFIGURATION To do… Use the command… Remarks Display the current path Optional Available in user view Display files or directories dir [ /all ] [ file-url ] Optional Available in user view Change the current path cd directory Optional Available in user view...
Page 983 File System Management CAUTION: Empty the recycle bin timely with the reset recycle-bin command to save ■ memory space. As the delete /unreserved file-url command deletes a file permanently and ■ the action cannot be undone, use it with caution. The execute command cannot ensure the execution of each command.
Page 984 79: F HAPTER YSTEM ANAGEMENT ONFIGURATION alert: where the system warns you about operations that may bring ■ undesirable consequence such as file corruption or data loss. quiet: where the system does not do that in any cases. ■ To prevent undesirable consequence resulted from misoperations, the alert mode is preferred.
Page 985: Configuration File Management
Configuration File Management Configuration File The device provides the configuration file management function with a Management user-friendly operating interface for you to manage the configuration files conveniently. This section covers these topics: “Configuration File Overview” on page 985 ■ “Saving the Current Configuration” on page 986 ■...
Page 986 79: F HAPTER YSTEM ANAGEMENT ONFIGURATION When removing a configuration file from a device, you can specify to remove ■ the main or backup configuration file. Or, if it is a file having both the main and backup attributes, you can specify to erase the main or backup attribute of the file.
Page 987 Configuration File Management filename you entered is different from that existing in the system, this command will erase its backup attribute to allow only one backup attribute configuration file in the device. Normal attribute. When you use the save file-name command to save the ■...
Page 988 TFTP server for next startup. For 3Com Switch 4800G Family Ethernet switches, the file to be backed up or restored is the main configuration file for next startup. Backing up the configuration file for next startup To do…...
Page 989: Displaying And Maintaining Device Configuration
Displaying and Maintaining Device Configuration Use the display startup command (in user view) to verify if you have set the ■ startup configuration file, and use the dir command to verify if this file exists. If the file is set as NULL or does not exist, the backup will be unsuccessful. Restoring the startup configuration file To do…...
Page 990 79: F HAPTER YSTEM ANAGEMENT ONFIGURATION...
Page 991: Ftp Overview
FTP C ONFIGURATION When configuring FTP, go to these sections for information you are interested in: “FTP Overview” on page 991 ■ “Configuring the FTP Client” on page 992 ■ “Configuring the FTP Server” on page 996 ■ “Displaying and Maintaining FTP” on page 999 ■...
Page 992: Configuring The Ftp Client
80: FTP C HAPTER ONFIGURATION CAUTION: The FTP function is available when a route exists between the FTP server and ■ the FTP client. When a device serving as the FTP server logs onto the device using IE, some IE ■...
Page 993 Configuring the FTP Client To do… Use the command… Remarks Log onto the remote FTP ftp [ server-address Use either approach. server directly in user view [ service-port ] [ source Available in user view { interface interface-type interface-number | ip source-ip-address } ] ] Log onto the remote FTP server indirectly in FTP...
Page 994 80: FTP C HAPTER ONFIGURATION To do… Use the command… Remarks Display files/directories information on dir [ remotefile [ localfile ] ] Optional the FTP server Check files/directories on the FTP ls [ remotefile [ localfile ] ] Optional server Download a file from the FTP server get remotefile [ localfile ] Optional...
Page 995 Configuring the FTP Client Network diagram Figure 298 Network diagram for FTPing an image file from an FTP server FTP Client FTP Server 10.2.2.1/16 10.1.1.1/16 Switch IP network Console Configuration procedure # Check files on your device. Remove those redundant to ensure adequate space for the startup file to be downloaded.
Page 996: Configuring The Ftp Server
80: FTP C HAPTER ONFIGURATION CAUTION: Startup files for next startup must be saved under the root directory. You can copy or move a file to change the path of it to the root directory. For description of the corresponding command, refer to “Specifying a Boot ROM File for the Next Device Boot”...
Page 997 Configuring the FTP Server To do… Use the command… Remarks Assign a password to the user password { simple | cipher } Required password Assign the FTP service to the service-type ftp Required user By default, the system does not support anonymous FTP access, and does not assign any service.
Page 998 80: FTP C HAPTER ONFIGURATION [Sysname-luser-abc] password simple pwd [Sysname-luser-abc] level 3 # Specify abc to use FTP, and authorize its access to certain directory. [Sysname-luser-abc] service-type ftp [Sysname-luser-abc] work-directory flash:/ [Sysname-luser-abc] quit # Enable FTP server. [Sysname] ftp server enable [Sysname] quit # Check files on your device.
Page 999: Displaying And Maintaining Ftp
Displaying and Maintaining FTP description of the corresponding command, refer to “Specifying a Boot ROM File for the Next Device Boot” on page 1040. Displaying and Maintaining FTP To do… Use the command… Remarks Display the configuration of display ftp client Available in any view the FTP client configuration...
Page 1000 1000 80: FTP C HAPTER ONFIGURATION...

This manual is also suitable for:

Switch 4800g pwr 24-port Switch 4800g 48-port Switch 4800g pwr 48-portd 4800g 3crs48g-24-91 3crs48g-48-91 ... Show all

3Com Switch 4800G 24-Port Configuration Manual

Bout this Guide

Product

Networking

Logging I Ethernet Switch

N to an

Logging I N T Hrough the

Logging I Nthrough Telnet

Ogging in Using Modem

Logging in

Logging in through Nms

CONFIGURING SOURCE IP ADDRESS for TELNET SERVICE PACKETS Overview

Controlling Login Sers

Vlan C

Voice Vlan Configuration

Gvrp Configuration

Ip Addressing

Ip Performance

Qin

Bpdu Tunneling

Port

Port

Link Aggregation Overview

Link

Mac Address Table Management Configuration

Ip Source

22 Dldp C Onfiguration

23 Mstp C Onfiguration

Ip Routing Overview

Gr Overview

Static

27 Rip Configuration

28 Ospf Configuration

29 Is-Is Configuration

30 Bgp Configuration

Routing

Ip V 6 Static

Ip V 6 Rip Ng

Ipv 6 Ospf

Ipv

Ipv

Routing

Ip V 6 Basics

Dual

Tunneling

Multicast Overview

Igmp Snooping

43 Mld Snoopingconfiguration

Quick Links

Configuration Guide

Troubleshooting

Related Manuals for 3Com Switch 4800G 24-Port

Summary of Contents for 3Com Switch 4800G 24-Port