Amer.com SS3GR50i Configuration Manual

L3 gigabit ethernet switch with ip stacking

Table of Contents

Quick Links

SS3GR50i / SS3GR26i

L3 Gigabit Ethernet Switch

With IP Stacking

CONFIGURATION GUIDE

(ver 2.1)

Table of Contents

Troubleshooting

Need help?

Do you have a question about the SS3GR50i and is the answer not in the manual?

Questions and answers

Summary of Contents for Amer.com SS3GR50i

Page 1: Configuration Guide
SS3GR50i / SS3GR26i L3 Gigabit Ethernet Switch With IP Stacking CONFIGURATION GUIDE (ver 2.1)
Page 2 © Amer.com Corp., 1997-2008 All rights reserved. No part of this publication may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from Amer.com, as stipulated by the United States Copyright Act of 1976.
Page 3 Overview SS3GR50i/26i L3 Gigabit Ethernet Switch is a high performance routing switch released can be deployed as an aggregation device for enterprise and campus networks. SS3GR50i/26i L3 Gigabit Ethernet Switch supports a variety of network interfaces from 100Mb, 1000Mb to 10 GB Ethernet.
Page 4: Table Of Contents
TABLE OF CONTENTS Chapter 1 Switch Management .................... 10 1.1 Management Options..................... 10 1.1.1 Out-Of-Band Management ..................10 1.1.2 In-band Management ....................13 1.1.3 Management Via Telnet ....................13 1.1.4 Management Via HTTP ....................15 1.2 Management Interface ....................17 1.2.1 CLI Interface .......................
Page 5 3.2 Cluster Network Management Configuration Sequence ..........49 3.3 Examples of Cluster Administration ................51 3.4 Cluster Administration Troubleshooting................52 Chapter 4 Port Configuration ....................54 4.1 Introduction to Port......................54 4.2 Network Port Configuration Task List ................54 4.3 Port Configuration Example ................... 56 4.4 Port Troubleshooting......................
Page 6 9.3.1 Dot1q-tunnel Introduction ................... 77 9.3.2 Dot1q-tunnel Configuration..................78 9.3.3 Typical Applications Of The Dot1q-tunnel ..............79 9.3.4 Dot1q-tunnel Troubleshooting..................80 9.4 VLAN-translation Configuration..................80 9.4.1 VLAN-translation Introduction..................80 9.4.2 VLAN-translation Configuration .................. 80 9.4.3 Typical application of VLAN-translation ..............81 9.4.4 VLAN-translation Troubleshooting ................
Page 7 Chapter 12 QoS Configuration..................... 107 12.1 Introduction to QoS ....................107 12.1.1 QoS Terms......................107 12.1.2 QoS Implementation ....................108 12.1.3 Basic QoS Model....................109 12.2 QoS Configuration Task List..................112 12.3 QoS Example......................116 12.4 QoS Troubleshooting ....................118 Chapter 13 PBR Configuration.....................
Page 8 15.5.3 ARP Troubleshooting ....................141 Chapter 16 ARP Scanning Prevention Function Configuration ........142 16.1 Introduction to ARP Scanning Prevention Function ........... 142 16.2 ARP Scanning Prevention Configuration Task Sequence .......... 142 16.3 ARP Scanning Prevention Typical Examples ............. 145 16.4 ARP Scanning Prevention Troubleshooting Help ............
Page 9 22.2 DHCP Snooping Configuration Task Sequence ............172 22.3 DHCP Snooping Typical Application ................175 22.4 DHCP Snooping Troubleshooting Help ..............176 22.4.1 Monitor And Debug Information ................176 22.4.2 DHCP Snooping Troubleshooting Help..............176...
Page 10: Chapter 1 Switch Management
Switch Management 1.1 Management Options After purchasing the switch, the user needs to configure the switch for network management. SS3GR50I/26I series Switch provides two management options: in-band management and out-of-band management. 1.1.1 Out-Of-Band Management Out-of-band management is the management through Console interface. Generally, the user will use out-of-band management for the initial switch configuration, or when in-band management is not available.
Page 11 Serial port cable One end attach to the RS-232 serial port, the other end to the Console port. SS3GR50I/26I series Functional Console port required. Step 2： Entering the HyperTerminal Open the HyperTerminal included in Windows after the connection established. The example below is based on the HyperTerminal included in Windows XP.
Page 12 “OK”. Fig 1-5 Opening HyperTerminal Step 3 : CLI interface Power on the switch, the following appears in the HyperTerminal windows, that is the CLI configuration mode for SS3GR50I/26I series Switch. Testing RAM... 0x077C0000 RAM OK Loading MiniBootROM...
Page 13: In-Band Management
3) If not 2), Telnet client can connect to an IP address of the switch via other devices, such as a router. SS3GR50I/26I series Switch is a Layer 3 switch that can be configured with several IP addresses. The following example assumes the shipment status of the switch where only VLAN1 exists in the system.
Page 14 Console mode), The configuration commands are as follows (All switch configuration prompts are assumed to be “switch” hereafter if not otherwise specified): Switch> Switch>en Switch#config Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip address 10.1.128.251 255.255.255.0 Switch(Config-if-Vlan1)#no shutdown To enable the Telnet Server function, users should type the CLI command telnet-server enable in the global mode as below: Switch>enable Switch#config...
Page 15: Management Via Http
username <user> password {0|7} <password>. Assume an authorized user in the switch has a username of “test”, and password of “test”, the configuration procedure should like the following: Switch>en Switch#config Switch(config)#username test password 0 test Enter valid login name and password in the Telnet configuration interface, Telnet user will be able to enter the switch’s CLI configuration interface.
Page 16 Step 2: Run HTTP protocol on the host. Open the Web browser on the host and type the IP address of the switch.Or run directly the HTTP protocol on the Windows. For example, the IP address of the switch is “10.1.128.251”. Fig 1-9 Run HTTP Protocol Step 3: Logon to the switch To logon to the HTTP configuration interface, valid login user name and password are required;...
Page 17: Management Interface
Fig 1-11 Main Web Configuration Interface 1.2 Management Interface 1.2.1 CLI Interface CLI interface is familiar to most users. As aforementioned, out-of-band management and Telnet login are all performed through CLI interface to manage the switch. CLI Interface is supported by Shell program, which consists of a set of configuration commands. Those commands are categorized according to their functions in switch configuration and management.
Page 18 Or, when exit command is run under Global Mode, it will also return to the Admin Mode. SS3GR50I/26I series Switch also provides a shortcut key sequence "Ctrl+z”, this allows an easy way to exit to Admin Mode from any configuration mode (except User Mode).
Page 19 Interface Mode for configuration of all the interfaces. 1.2.2.4 Interface Mode Use the interface command under Global Mode can enter the interface mode specified. SS3GR50I/26I series Switch provides three interface type: VLAN interface, Ethernet port and port-channel, and accordingly the three interface configuration modes. Interface...
Page 20 Using the vlan <vlan-id> command under Global Mode can enter the corresponding VLAN Mode. Under VLAN Mode the user can configure all member ports of the corresponding VLAN. Run the exit command to exit the VLAN Mode to Global Mode. 1.2.2.6 DHCP Address Pool Mode Type the ip dhcp pool <name>...
Page 21: Configuration Syntax
Mode 1.2.3 Configuration Syntax SS3GR50I/26I series Switch provides various configuration commands. Although all the commands are different, they all abide by the syntax for SS3GR50I/26I series Switch configuration commands. The general commands format of SS3GR50I/26I series Switch is shown below: cmdtxt <variable>...
Page 22: Help Function
1.2.5 Help Function There are two ways in SS3GR50I/26I series Switch for the user to access help information: the “help” command and the “?”. Access to Help...
Page 23: Input Verification
Quotation marks are not used in pairs. end of command line! 1.2.7 Fuzzy Match Support SS3GR50I/26I series switch shell support fuzzy match in searching command and keyword. Shell will recognize commands or keywords correctly if the entered string causes no conflict. For example:...
Page 24 2) However, for command “show running-config”, the system will report a “> Ambiguous command!” error if only “show r” is entered, as Shell is unable to tell whether it is “show run” or “show running-config”. Therefore, Shell will only recognize the command if “sh ru” is entered.
Page 25: Basic Switch Configuration
Chapter 2 Basic Switch Configuration 2.1 Basic Configuration Basic switch configuration includes commands for entering and exiting the admin mode, commands for entering and exiting interface mode, for configuring and displaying the switch clock, for displaying the version information of the switch system, etc. Command Explanation Normal User Mode/ Admin Mode...
Page 26 Telnet employs the Client-Server mode, the local system is the Telnet client and the remote host is the Telnet server. SS3GR50I/26I series switch can be either the Telnet Server or the Telnet client.
Page 27: Ssh
“no telnet-server securityipv6 <ipv6-addr>“ command deletes the authorized Telnet secure address. authentication login configure telnet authentication mode {local|radius|tacacs} no authentication login Admin Mode Display debug information for Telnet client login to the switch; the “no terminal monitor no terminal monitor monitor”...
Page 28 Global Mode Enable SSH function on the switch; the ssh-server enable “no ssh-server enable” command no ssh-server enable disables SSH function. Configure the username and password of ssh-user <user-name> password {0|7} SSH client software for logging on the switch; the “no ssh-user <password>...
Page 29: Configurate Switch Ip Addresses
Switch(config)#ssh-server enable 2.3 Configurate Switch IP Addresses All Ethernet ports of SS3GR50I/26I series switch is default to Data Link layer ports and perform layer 2 forwarding. VLAN interface represent a Layer 3 interface function which can be assigned an IP address, which is also the IP address of the switch. All VLAN interface related configuration commands can be configured under VLAN Mode.
Page 30: Snmp Configuration
Command Explanation VLAN interface mode ip address <ip_address> <mask> Configure the VLAN interface IP address; [secondary] the “no ip address <ip_address> <mask> no ip address <ip_address> <mask> [secondary]” command deletes VLAN [secondary] interface IP address. ipv6 address <ipv6-address / Configure IPv6 address,including prefix-length>...
Page 31 widely used in computer network management. SNMP is an evolving protocol. SNMP v1 [RFC1157] is the first version of SNMP which is adapted by vast numbers of manufacturers for its simplicity and easy implementation; SNMP v2c is an enhanced version of SNMP v1, which supports layered network management;...
Page 32: Introduction To Mib
HMAC-SHA are used for authentication. VACM is used to classify the users’ access permission. It puts the users with the same access permission in the same group. Users can’t conduct the operation which is not authorized. 2.4.2 Introduction to MIB The network management information accessed by NMS is well defined and organized in a Management Information Base (MIB).
Page 33: Introduction To Rmon
sub-trees which are called groups. Objects in those groups cover all the functional domains in network management. NMS obtains the network management information by visiting the MIB of SNMP Agent. The switch can operate as a SNMP Agent, and supports both SNMP v1/v2c and SNMP v3. The switch supports basic MIB-II, RMON public MIB and other public MID such as BRIDGE MIB.
Page 34 Command Explanation Global mode snmp-server enabled Enable the SNMP Agent function on the switch; the “no snmp-server enabled” no snmp-server enabled command disables the SNMP Agent function on the switch. 2. Configure SNMP community string Command Explanation Global mode snmp-server community {ro|rw} <string> Configure the community string for the no snmp-server community <string>...
Page 35 6. Configure group Command Explanation Global mode snmp-server group <group-string> Set the group information on the switch. {noauthnopriv|authnopriv|authpriv} [[read This command is used to configure VACM <read-string>] [write <write-string>] [notify for SNMP v3. <notify-string>]] no snmp-server group <group-string> {noauthnopriv|authnopriv|authpriv} 7. Configure view Command Explanation Global mode...
Page 36: Typical Snmp Configuration Examples
2.4.5 Typical SNMP Configuration Examples Switch 1.1.1.9 1.1.1.5 Fig 2-2 Typical SNMP Configuration The IP address of the NMS is 1.1.1.5; the IP address of the switch (Agent) is 1.1.1.9 Scenario 1: The NMS network administrative software uses SNMP protocol to obtain data from the switch.
Page 37: Snmp Troubleshooting
SNMP debug function and verify debug information. If users still can’t solve the SNMP problems, Please contact our technical and service center. 2.5 Switch Upgrade SS3GR50I/26I series switch provides two ways for switch upgrade: BootROM upgrade and the TFTP/FTP upgrade under Shell.
Page 38: Switch System Files
2.5.1 Switch System Files The system files includes system image file and boot file. The updating of the switch is to update the two files by overwrite the old files with the new ones. The system image files refers to the compressed files of the switch hardware drivers, and software support program, etc, namely what we usually call the IMG update file.
Page 39 Step 3: Under BootROM mode, run “setconfig” to set the IP address and mask of the switch under BootROM mode, server IP address and mask, and select TFTP or FTP upgrade. Suppose the switch address is 192.168.1.2/24, and PC address is 192.168.1.66/24, and select TFTP upgrade, the configuration should like: [Boot]: setconfig Host IP Address: [10.1.1.1] 192.168.1.2...
Page 40: Ftp/Tftp Upgrade
Step 4: Enable FTP/TFTP server in the PC. For TFTP, run TFTP server program; for FTP, run FTP server program. Before start downloading upgrade file to the switch, verify the connectivity between the server and the switch by ping from the server. If ping succeeds, run “load” command in the BootROM mode from the switch;...
Page 41 And file list can also be retrieved from the server in ftp client mode. Of course, SS3GR50I/26I series switch can also upload current configuration files or system files to the remote FTP/TFTP servers(can be hosts or other switches). When SS3GR50I/26I series switch operates as a FTP/TFTP server, it can provide file upload and download service for authorized FTP/TFTP clients, as file list service as FTP server.
Page 42 Boot file: refers to the file initializes the switch, also referred to as the ROM upgrade file (Large size file can be compressed as IMAGE file). In SS3GR50I/26I series switch, the boot file is allowed to save in ROM only. SS3GR50I/26I series switch mandates the name of the boot file to be boot.rom.
Page 43 CONFIGURATION GUIDE SS3GR50i/26i （4） Shut down FTP server 3. TFTP server configuration （1） Start TFTP server （2） Configure TFTP server connection idle time （3） Configure retransmission times before timeout for packets without acknowledgement （4） Shut down TFTP server 1. FTP/TFTP client configuration （1）FTP/TFTP client upload/download file...
Page 44 CONFIGURATION GUIDE SS3GR50i/26i Global Mode tftp-server Set maximum retransmission time within retransmission-timeout < timeout interval. seconds > （3）Modify TFTP server connection retransmission time Command Explanation Global Mode tftp-server Set the retransmission time for TFTP server. retransmission-number < number > 2.5.3.3 FTP/TFTP Configuration Examples It is the same configuration switch for IPv4 addresses and IPv6 addresses.
Page 45 CONFIGURATION GUIDE SS3GR50i/26i Switch#copy ftp: //Switch:switch@10.1.1.1/12_30_nos.img nos.img With the above commands, the switch will have the “nos.img” file in the computer downloaded to the FLASH. TFTP Configuration Computer side configuration: Start TFTP server software on the computer and place the “nos.img” file to the appropriate TFTP server directory on the computer.
Page 46 Switch#copy tftp: //10.1.1.1/ boot.rom boot.rom Switch#copy tftp: //10.1.1.1/ startup-config startup-config Scenario 5: SS3GR50I/26I series switch acts as FTP client to view file list on the FTP server. Synchronization conditions: The switch connects to a computer by an Ethernet port, the computer is a FTP server with an IP address of 10.1.1.1;...
Page 47 CONFIGURATION GUIDE SS3GR50i/26i Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip address 10.1.1.2 255.255.255.0 Switch(Config-if-Vlan1)#no shut Switch(Config-if-Vlan1)#exit Switch(config)#dir ftp: //Switch: Admin@10.1.1.1 220 Serv-U FTP-Server v2.5 build 6 for WinSock ready... 331 User name okay, need password. 230 User logged in, proceed. 200 PORT Command successful.
Page 48 CONFIGURATION GUIDE SS3GR50i/26i If the switch is upgrading system file or system start up file through FTP, the switch must not be restarted until “close ftp client” or “226 Transfer complete.” is displayed, indicating upgrade is successful, otherwise the switch may be rendered unable to start. If the system file and system start up file upgrade through FTP fails, please try to upgrade again or use the BootROM mode to upgrade.
Page 49: Chapter 3 Cluster Configuration
CONFIGURATION GUIDE SS3GR50i/26i Chapter 3 Cluster Configuration 3.1 Introduction to cluster network management Cluster network management is an in-band configuration management. Unlike CLI, SNMP and Web Config which implement a direct management of the target switches through a management workstation, cluster network management implements a direct management of the target switches (member switches) through an intermediate switch (commander switch).
Page 50 CONFIGURATION GUIDE SS3GR50i/26i Set holdtime of heartbeat of the cluster Set interval of sending heartbeat packets among the switches of the cluster Clear the list of candidate switches discovered by the commander switch Configure attributes of the cluster in the candidate switch...
Page 51: Examples Of Cluster Administration
CONFIGURATION GUIDE SS3GR50i/26i Clear the list of candidate switches clear cluster candidate-table discovered by the commander switch 4. Configure attributes of the cluster in the candidate switch Command Explanation Global Mode cluster register timer <timer-value> Set interval of sending cluster register...
Page 52: Cluster Administration Troubleshooting
CONFIGURATION GUIDE SS3GR50i/26i Configuration Procedure 1. Configure the command switch Configuration of SwitchA Switch(config)#cluster run Switch(config)#cluster ip-pool 1.2.3.4 Switch(config)#cluster commander 4624 Switch(config)#cluster auto-add enable 2. Configure the member switch Configuration of SwitchB-SwitchD Switch(config)#cluster run 3.4 Cluster Administration Troubleshooting When encountering problems in applying the cluster admin, please check the following possible...
Page 53 CONFIGURATION GUIDE SS3GR50i/26i...
Page 54: Chapter 4 Port Configuration
4.1 Introduction to Port SS3GR50I/SS3GR26I series Switch comes with 8 Gigabit Combo ports , 16 SFP Gigabit fiber ports and （for SS3GR50I/SS3GR26I-26） 2 SFP 10G fiber ports. The Combo ports can be configured to as either 1000GX-TX ports or Gigabit fiber ports.
Page 55 CONFIGURATION GUIDE SS3GR50i/26i Interface Mode Sets the combo port mode (combo ports combo-forced-mode { copper-forced only);the “no combo-forced-mode” | copper-preferred-auto | sfp-forced | command restores the default combo sfp-preferred-auto } mode for combo ports, i.e, fiber ports first. no combo-forced-mode...
Page 56: Port Configuration Example
CONFIGURATION GUIDE SS3GR50i/26i 4.3 Port Configuration Example SwitchA SwitchB 1/12 1/10 SwitchC Fig 1-1 Port Configuration Example No VLAN has been configured in the switches, default VLAN1 is used. Switch Port Property SwitchA Ingress bandwidth limit: 150 M SwitchB Mirror source port...
Page 57 CONFIGURATION GUIDE SS3GR50i/26i combinations are set, the port throughput may fall below the expected performance...
Page 58: Port Isolation Function Configuration
CONFIGURATION GUIDE SS3GR50i/26i Chapter 5 Port Isolation Function Configuration 5.1 Introduction to Port Isolation Function Port isolation is an independent port-based function working in an inter-port way, which isolates flows of different ports from each other. With the help of port isolation, users can isolate ports within a vlan to save vlan resources and enhance network security.
Page 59: Typical Examples Of Port Isolation Function
CONFIGURATION GUIDE SS3GR50i/26i Command Explanation Global Mode Apply the port isolation configuration to isolate layer-2 flows, layer-3 flows or all isolate-port apply [<l2|l3|all>] flows. 4. Display the configuration of port isolation Command Explanation Admin Mode and global Mode Display the configuration of port isolation, including all configured port isolation show isolate-port group [<WORD>]...
Page 60 CONFIGURATION GUIDE SS3GR50i/26i normal. The uplink port can communicate with any port normally. The configuration of S1: Switch(config)#isolate-port group test Switch(config)#isolate-port group test switchport interface ethernet 1/1;1/10...
Page 61: Chapter 6 Port Loopback Detection Function Configuration
CONFIGURATION GUIDE SS3GR50i/26i Chapter 6 Port Loopback Detection Function Configuration 6.1 Introduction to Port Loopback Detection Function With the development of switches, more and more users begin to access the network through Ethernet switches. In enterprise network, users access the network through layer-2 switches, which means urgent demands for both internet and the internal layer 2 Interworking.
Page 62: Port Loopback Detection Function Example
CONFIGURATION GUIDE SS3GR50i/26i 1．Configure the time interval of loopback detection Command Explanation Global Mode Configure the time interval of loopback loopback-detection interval-time detection <loopback> <no-loopback> 2．Enable the function of port loopback detection Command Explanation Port Mode loopback-detection specified-vlan <vl Enable and disable the function of port an-list>...
Page 63: Troubleshooting Help On Port Loopback Detection
CONFIGURATION GUIDE SS3GR50i/26i Fig 3-1 A Typical Example of Port Loopback Detection As shown in the above configuration, the switch will detect the existence of loopbacks in the network topology. After enabling the function of loopback detection on the port connecting the...
Page 64: Chapter 7 Port Channel Configuration
If a port in Port Channel fails, the other ports will undertake traffic of that port through a traffic allocation algorithm. This algorithm is carried out by the hardware. SS3GR50I/SS3GR26I series switch offers 2 methods for configuring port aggregation: manual Port Channel creation and LACP (Link Aggregation Control Protocol) dynamic Port Channel creation.
Page 65: Port Channel Configuration Task List
8 port groups and 8 ports in each port group are supported. Once ports are aggregated, they can be used as a normal port. SS3GR50I/SS3GR26I series switch have a built-in aggregation interface configuration mode, the user can perform related configuration in this mode just like in the VLAN and physical port configuration mode.
Page 66: Port Channel Example
Fig 4-2 Configuring Port Channel in LACP Example: The switches in the description below are all SS3GR50I/SS3GR26I series switch and as shown in the figure, ports 1, 2, 3, 4 of SwitchA are access ports that belong to vlan1. Add those four ports to group1 in active mode.
Page 67 CONFIGURATION GUIDE SS3GR50i/26i named “Port-Channel2”; configurations can be made in their respective aggregated port configuration mode. Scenario 2: Configuring Port Channel in ON mode. SwitchA SwitchB Fig 4-3 Configuring Port Channel in ON mode Example: As shown in the figure, ports 1, 2, 3, 4 of SwitchA are access ports that belong to vlan1.
Page 68: Port Channel Troubleshooting
CONFIGURATION GUIDE SS3GR50i/26i (It should be noted that whenever a new port joins in an aggregated port group, the group will be ungrouped first and re-aggregated to form a new group.) Now all four ports in both SwitchA and SwitchB are aggregated in “on” mode and become an aggregated port respectively.
Page 69: Chapter 8 Jumbo Configuration
CONFIGURATION GUIDE SS3GR50i/26i Chapter 8 Jumbo Configuration 8.1 Jumbo Introduction So far the Jumbo (Jumbo Frame) has not reach a determined standard in the industry (including the format and length of the frame). Normally frames sized within 1519-8996 should be considered jumbo frame. Networks with jumbo frames will increase the speed of the whole network by 2% to 5%.
Page 70: Chapter 9 Vlan Configuration
By this way, virtual workgroups can be formed regardless of the physical location of the devices. IEEE announced IEEE 802.1Q protocol to direct the standardized VLAN implementation, and the VLAN function of SS3GR50I/SS3GR26I series switch is implemented following IEEE 802.1Q.
Page 71: Vlan Configuration Task List
Lowering network cost Enhancing network security VLAN and GVRP (GARP VLAN Registration Protocol) defined by 802.1Q are implemented in SS3GR50I/SS3GR26I series switch. The chapter will describe the use and configuration of VLAN and GVRP in details. 9.1.2 VLAN Configuration Task List 1.
Page 72 CONFIGURATION GUIDE SS3GR50i/26i Set the current port as Trunk or Access switchport mode {trunk|access} port. 5. Set Trunk port Command Explanation Interface Mode switchport trunk allowed vlan {WORD | all | Set/delete VLAN allowed to be add WORD | except WORD|remove crossed by Trunk.
Page 73: Typical Vlan Application
CONFIGURATION GUIDE SS3GR50i/26i Command Explanation VLAN mode private-vlan association Set/delete Private VLAN association. <secondary-vlan-list> no private-vlan association 9.1.3 Typical VLAN Application Scenario: Fig 1-2 Typical VLAN Application Topology The existing LAN is required to be partitioned to 3 VLANs due to security and application requirements.
Page 74: Gvrp Configuration
CONFIGURATION GUIDE SS3GR50i/26i Connect the Trunk ports of both switches for a Trunk link to convey the cross-switch VLAN traffic; connect all network devices to the other ports of corresponding VLANs. In this example, port 1 and port 12 is spared and can be used for management port or for other purposes.
Page 75: Gvrp Configuration Task List
CONFIGURATION GUIDE SS3GR50i/26i population of such register information to the other switches. Switches support GVRP can receive VLAN dynamic register information from the other switches, and update local VLAN register information according the information received. The switch enabled GVRP can also populate their own VLAN register information to the other switches.
Page 76 CONFIGURATION GUIDE SS3GR50i/26i Switch A Switch B Switch C Fig 1-3 Typical GVRP Application Topology To enable dynamic VLAN information register and update among switches, GVRP protocol is to be configured in the switch. Configure GVRP in Switch A, B and C, enable Switch B to learn VLAN100 dynamically so that the two workstation connected to VLAN100 in Switch A and C can communicate with each other through Switch B without static VLAN100 entries.
Page 77: Gvrp Troubleshooting
The GARP counter setting in for Trunk ports in both ends of Trunk link must be the same, otherwise GVRP will not work properly.It is recommended to avoid enabling GVRP and RSTP at the same time in SS3GR50I/SS3GR26I seriesseries switch. If GVRP is to be enabled, RSTP function for the ports must be disabled first.
Page 78: Dot1Q-Tunnel Configuration
The user network is considerably independent. When the ISP internet is upgrading their network, the user networks do not have to change their original configuration. Detailed description on the application and configuration of dot1q-tunnel of SS3GR50I/SS3GR26I series will be provided in this section. 9.3.2 Dot1q-tunnel Configuration 9.3.2.1 Configuration Task Sequence Of Dot1q-Tunnel...
Page 79: Typical Applications Of The Dot1Q-Tunnel
CONFIGURATION GUIDE SS3GR50i/26i Configure the dot1q-tunnel function on the ports Configure the type of protocol (TPID) on the ports 1. Configure the dot1q-tunnel function on the ports Command Explanation Port mode Configur dot1q-tunnel enable Enter/exit the dot1q-tunnel mode on e the the ports.
Page 80: Dot1Q-Tunnel Troubleshooting
CONFIGURATION GUIDE SS3GR50i/26i Switch(Config-If-Ethernet1/10)#exit Switch(config)# PE2: Switch(config)#vlan 3 Switch(Config-Vlan3)#switchport interface ethernet 1/1 Switch(Config-Vlan3)#exit Switch(config)#interface ethernet 1/1 Switch(Config-If-Ethernet1/1)# dot1q-tunnel enable Switch(Config-If-Ethernet1/1)#dot1q-tunnel tpid 9100 Switch(Config-If-Ethernet1/1)# exit Switch(config)#interface ethernet 1/10 Switch(Config-If-Ethernet1/10)#switchport mode trunk Switch(Config-If-Ethernet1/10)#exit Switch(config)# 9.3.4 Dot1q-tunnel Troubleshooting Enabling dot1q-tunnel on Trunk port will make the tag of the data packet unpredictable which is not required in the application.
Page 81: Typical Application Of Vlan-Translation
CONFIGURATION GUIDE SS3GR50i/26i Command Explanation Port mode Enter/exit the port VLAN-translation vlan-translation enable no vlan-translation enable mode. 2. Configure the VLAN-translation relation of the port Command Explanation Port mode vlan-translation <old-vlan-id> to <new-vlan-id> {in|out} Add/delete a VLAN-translation relation. no vlan-translation old-vlan-id {in|out} 3.
Page 82: Vlan-Translation Troubleshooting
9.5.1 Dynamic VLAN Introduction The dynamic VLAN is named corresponding to the static VLAN (namely the port based VLAN). Dynamic VLAN supported by the SS3GR50I/SS3GR26I switch includes MAC-based VLAN, IP-subnet-based VLAN and Protocol-based VLAN. The MAC-based VLAN division is based on the MAC address of each host, namely every host with a MAC address will be assigned to certain VLAN.
Page 83: Dynamic Vlan Configuration
CONFIGURATION GUIDE SS3GR50i/26i VLANs. This is very attractive to the network administrators who wish to organize the user by applications and services. Moreover the user can move freely within the network while maintaining his membership. Advantage of this method enables user to change physical position without changing their VLAN residing configuration, while the VLAN can be divided by types of protocols which is important to the network administrators.
Page 84 CONFIGURATION GUIDE SS3GR50i/26i Command Explanation Global Mode Add/delete the correspondence mac-vlan mac <mac-addrss> vlan between the MAC address and the <vlan-id> priority <priority-id> VLAN, namely specified MAC no mac-vlan {mac <mac-addrss>|all} address join/leave specified VLAN. 4. Configure the IP-subnet-based VLAN function on the port...
Page 85: Typical Application Of The Dynamic Vlan
CONFIGURATION GUIDE SS3GR50i/26i Command Explanation Global Mode Configure the priority of the dynamic dynamic-vlan mac-vlan prefer dynamic-vlan subnet-vlan prefer VLAN. 9.5.3 Typical Application Of The Dynamic VLAN Scenario: In the office network Department A belongs to VLAN100. Several members of this department often have the need to move within the whole office network.
Page 86: Dynamic Vlan Troubleshooting
CONFIGURATION GUIDE SS3GR50i/26i 9.5.4 Dynamic VLAN Troubleshooting On the switch configured with dynamic VLAN, if the two connected equipment (e.g. PC) are both belongs to the same dynamic VLAN, first communication between the two equipment may not go through. The solution will be letting the two equipment positively send data packet to the switch (such as ping), to let the switch learn their source MAC, then the two equipment will be able to communicate freely within the dynamic VLAN.
Page 87: Voice Vlan Configuration
CONFIGURATION GUIDE SS3GR50i/26i traffic which will be transmitted at specified priority. Meanwhile, when voice equipment is physically relocated, it still belongs to the Voice VLAN without any further configuration modification, which is because it is based on voice equipment other than switch port.
Page 88: Voice Vlan Troubleshooting
CONFIGURATION GUIDE SS3GR50i/26i 00-03-0f-11-22-33, IP-phone2 MAC address is 00-03-0f-11-22-55. Fig 1-8 VLAN typical apply topology Figure Configuration Configuration Explanation items Voice VLAN Global configuration on the Switch. Configuration procedure: Switch 1: Switch(config)#vlan 100 Switch(Config-Vlan100)#exit Switch(config)#voice-vlan vlan 100 Switch(config)#voice-vlan mac 00-03-0f-11-22-33 mask 255 priority 5 name...
Page 89: Chapter 10 Mac Table Configuration
CONFIGURATION GUIDE SS3GR50i/26i Chapter 10 MAC Table Configuration 10.1 Introduction to MAC Table MAC table is a table identifies the mapping relationship between destination MAC addresses and switch ports. MAC addresses can be categorized as static MAC addresses and dynamic MAC addresses.
Page 90 PC1 and PC2 belongs to a same physical segment (same collision domain), the physical segment connects to port 1/5 of SS3GR50I/SS3GR26I series switch; PC3 and PC4 belongs to the same physical segment that connects to port 1/12 of SS3GR50I/SS3GR26I series switch.
Page 91: Forward Or Filter
SS3GR50I/SS3GR26I series switch have learnt the MAC address of PC1 and PC3, and the user manually configured the mapping relationship for PC2 and PC4 to ports. The MAC table of SS3GR50I/SS3GR26I series switch will be: MAC Address...
Page 92: Mac Address Table Configuration Task List
CONFIGURATION GUIDE SS3GR50i/26i frame within the same VLAN. If the destination MAC address is found in the MAC table but belonging to different VLANs, the switch can only broadcast the unicast frame in the VLAN it belongs to. 10.2 Mac Address Table Configuration Task List...
Page 93: Typical Configuration Examples
CONFIGURATION GUIDE SS3GR50i/26i 10.3 Typical Configuration Examples 1/11 MAC 00-01-11-11-11-11 MAC 00-01-33-33-33-33 MAC 00-01-22-22-22-22 MAC 00-01-44-44-44-44 Fig 2-2 MAC Table typical configuration example Scenario: Four PCs as shown in the above figure connect to port 1/5, 1/7, 1/9, 1/11 of switch, all the four PCs belong to the default VLAN1.
Page 94: Mac Address Function Extension
CONFIGURATION GUIDE SS3GR50i/26i Spanning Tree calculation finishes, and the port will learn the MAC address. If not the problems mentioned above , please check for the switch portand contact technical support for solution. 10.5 MAC Address Function Extension 10.5.1 MAC Address Binding 10.5.1.1 Introduction to MAC Address Binding...
Page 95 CONFIGURATION GUIDE SS3GR50i/26i Enable MAC address binding function for the port and lock the port. When a port is locked, the MAC address learning function for the port will be disabled: the switchport port-security “no switchport port-security” command no switchport port-security...
Page 96 CONFIGURATION GUIDE SS3GR50i/26i 10.5.1.3 Binding MAC Address Binding Troubleshooting Enabling MAC address binding for ports may fail in some occasions. Here are some possible causes and solutions: If MAC address binding cannot be enabled for a port, make sure the port is not enabling Spanning tree or port aggregation and is not configured as a Trunk port.
Page 97: Chapter 11 Mstp Configuration
CONFIGURATION GUIDE SS3GR50i/26i Chapter 11 MSTP Configuration 11.1 MSTP Introduction The MSTP (Multiple STP) is a new spanning-tree protocol which is based on the STP and the RSTP. It runs on all the bridges of a bridged-LAN. It calculates a common and internal spanning tree (CIST) for the bridge-LAN which consists of the bridges running the MSTP, the RSTP and the STP.
Page 98: Port Roles
CONFIGURATION GUIDE SS3GR50i/26i In the above network, if the bridges are running the STP or the RSTP, one port between Bridge M and Bridge B should be blocked. But if the bridges in the yellow range run the MSTP and are configured in the same MST region, MSTP will treat this region as a bridge.
Page 99: Mstp Load Balance
CONFIGURATION GUIDE SS3GR50i/26i 11.1.3 MSTP Load Balance In a MSTP region, VLANs can by mapped to various instances. That can form various topologies. Each instance is independent from the others and each distance can have its own attributes such as bridge priority and port cost etc. Consequently, the VLANs in different instances have their own paths.
Page 100 CONFIGURATION GUIDE SS3GR50i/26i no spanning-tree mst <instance-id> cost spanning-tree mst <instance-id> port-priority <port-priority> Set port priority for specified instance no spanning-tree mst <instance-id> port-priority 3. Configure MSTP region parameters Command Explanation Global Mode Enter MSTP region mode. The “ no spanning-tree mst configuration spanning-tree mst configuration”...
Page 101 CONFIGURATION GUIDE SS3GR50i/26i 5. Configure the fast migrate feature for MSTP Command Explanation Interface Mode spanning-tree link-type p2p Set the port link type {auto|force-true|force-false} no spanning-tree link-type spanning-tree portfast [bpdufilter| Set the port to be an boundary port bpduguard] no spanning-tree portfast...
Page 102: Mstp Example
CONFIGURATION GUIDE SS3GR50i/26i Command Explanation Global Mode Enable: the spanning-tree flush once the topology changes. Disable:the spanning tree don’t flush when the topology changes. spanning-tree tcflush enable Protect: the spanning-tree flush not spanning-tree tcflush disable more than one time every ten...
Page 103 CONFIGURATION GUIDE SS3GR50i/26i Bridge Name SwitchA SwitchB SwitchC SwitchD Bridge MAC …00-00-01 …00-00-02 …00-00-03 …00-00-04 Address Bridge Priority 32768 32768 32768 32768 Port 1 Port 2 Port 3 Port 4 Port 5 Port 6 Port 7 Port 1 200000 200000...
Page 104 CONFIGURATION GUIDE SS3GR50i/26i SwitchB(Config-Vlan30)#exit SwitchB(config)#vlan 40 SwitchB(Config-Vlan40)#exit SwitchB(config)#vlan 50 SwitchB(Config-Vlan50)#exit SwitchB(config)#spanning-tree mst configuration SwitchB(Config-Mstp-Region)#description mstp SwitchB(Config-Mstp-Region)#instance 3 vlan 20;30 SwitchB(Config-Mstp-Region)#instance 4 vlan 40;50 SwitchB(Config-Mstp-Region)#exit SwitchB(config)#interface e1/1-7 SwitchB(Config-Port-Range)#switchport mode trunk SwitchB(Config-Port-Range)#exit SwitchB(config)#spanning-tree SwitchC: SwitchC(config)#vlan 20 SwitchC(Config-Vlan20)#exit SwitchC(config)#vlan 30 SwitchC(Config-Vlan30)#exit SwitchC(config)#vlan 40...
Page 105 CONFIGURATION GUIDE SS3GR50i/26i In the MSTP region which SwitchB, SwitchC and SwitchD belong to, SwitchB is the region root of the instance 0, SwitchC is the region root of the instance 3 and SwitchD is the region root of the instance 4.
Page 106: Mstp Troubleshooting
CONFIGURATION GUIDE SS3GR50i/26i SwitchB SwitchC SwitchD Fig 1-5 The Topology Of the Instance 4 after the MSTP Calculation 11.4 MSTP Troubleshooting In order to run the MSTP on the switch port, the MSTP has to be enabled globally. If the MSTP is not enabled globally, it can’t be enabled on the port.
Page 107: Chapter 12 Qos Configuration
CONFIGURATION GUIDE SS3GR50i/26i Chapter 12 QoS Configuration 12.1 Introduction to QoS QoS (Quality of Service) is a set of capabilities that allow you to create differentiated services for network traffic, thereby providing better service for selected network traffic. QoS is a guarantee for service quality of consistent and predictable data transfer service to fulfill program requirements.
Page 108: Qos Implementation
CONFIGURATION GUIDE SS3GR50i/26i packets. Remark: Ingress action of QoS, perform allowing, degrading or discarding operations to packets according to the policing policies. Queuing: Egress QoS action. Put the packets to appropriate egress queues according to the packet CoS value. Scheduling: QoS egress action. Configure the weight for eight egress queues WRR (Weighted Round Robin).
Page 109: Basic Qos Model
CONFIGURATION GUIDE SS3GR50i/26i 12.1.3 Basic QoS Model The basic QoS consists of five parts: Classification, Policing, Remark, Queuing and Scheduling, where classification, policing and remark are sequential ingress actions, and Queuing and Scheduling are QoS egress actions. Fig 1-3 Basic QoS Model Classification: Classify traffic according to packet classification information and generate internal DSCP value based on the classification information.
Page 110 CONFIGURATION GUIDE SS3GR50i/26i Fig 1-4 Classification process Policing and remark: Each packet in classified ingress traffic is assigned an internal DSCP value and can be policed and remarked. Policing can be performed based on DSCP value to configure different policies that allocate bandwidth to classified traffic.
Page 111 CONFIGURATION GUIDE SS3GR50i/26i Check policing policy,is traffic in-profile? Fig 1-5 Policing and Remarking process Queuing and scheduling: Packets at the egress will re-map the internal DSCP value to CoS value, the queuing operation assigns packets to appropriate queues of priority according to the CoS value;...
Page 112: Qos Configuration Task List
CONFIGURATION GUIDE SS3GR50i/26i Fig 1-6 Queuing and Scheduling process 12.2 QoS Configuration Task List 1． Enable QoS QoS can be enabled or disabled in Global Mode. QoS must be enabled first in Global Mode to configure the other QoS commands.
Page 113 CONFIGURATION GUIDE SS3GR50i/26i degrading, assigning new DSCP value) can be applied to different data streams. You can also define a policy set that can be use in a policy map by several classes. 4． Apply QoS to the ports Configure the trust mode for ports or bind policies to ports. A policy will only take effect on a port when it is bound to that port.
Page 114 CONFIGURATION GUIDE SS3GR50i/26i <policy-map-name>” command deletes the specified policy map. class <class-map-name> After a policy map is created, it can be no class <class-map-name> associated to a class. Different policy or new DSCP value can be applied to different data streams in class mode;...
Page 115 CONFIGURATION GUIDE SS3GR50i/26i Interface Mode mls qos trust [cos [pass-through-dscp]|dscp Configure port trust; the “no [pass-through-cos]|ip-precedence [pass-through mls qos trust” command cos]|port priority <cos>] disables the current trust no mls qos trust status of the port. mls qos cos {<default-cos> } Configure the default CoS value of the port;...
Page 116: Qos Example
CONFIGURATION GUIDE SS3GR50i/26i default setting. 6. Configure QoS mapping Command Explanation Global Mode mls qos map {cos-dscp <dscp1...dscp8> | Set CoS to DSCP mapping, DSCP dscp-cos <dscp-list> to <cos> | dscp-mutation to CoS mapping, DSCP to DSCP <dscp-mutation-name> <in-dscp> to mutation mapping, IP precedence to DSCP and policed DSCP mapping;...
Page 117 CONFIGURATION GUIDE SS3GR50i/26i The configuration steps are listed below: Switch#config Switch(config)#access-list 1 permit 192.168.1.0 0.0.0.255 Switch(config)#mls qos Switch(config)#class-map c1 Switch(Config-ClassMap-c1)#match access-group 1 Switch(Config-ClassMap-c1)#exit Switch(config)#policy-map p1 Switch(Config-PolicyMap-p1)#class c1 Switch(Config-PolicyMap-p1-Class-c1)#policy 10000 4000 exceed-action drop Switch(Config-PolicyMap-p1-Class-c1)#exit Switch(Config-PolicyMap-p1)#exit Switch(config)#interface ethernet 1/2 Switch(Config-If-Ethernet1/2)#service-policy input p1 Configuration result: An ACL name 1 is set to matching segment 192.168.1.0.
Page 118: Qos Troubleshooting
CONFIGURATION GUIDE SS3GR50i/26i assigns different IP precedences. For example, set IP precedence for packets from segment 192.168.1.0 to 5 on port ethernet 1/1. The port connecting to switch2 is a trunk port. In SwitchB, set port ethernet 1/1 that connecting to swtich1 to trust IP precedence. Thus inside the QoS domain, packets of different priorities will go to different queues and get different bandwidth.
Page 119: Chapter 13 Pbr Configuration
CONFIGURATION GUIDE SS3GR50i/26i Chapter 13 PBR Configuration 13.1 Introduction to PBR PBR（Policy-Based Routing）is a method which determines the next-hop of the data packets by policy messages such as source address, destination address, IP priority, TOS value, IP protocol, source port No., destination port No, etc.
Page 120 CONFIGURATION GUIDE SS3GR50i/26i Switch(config)#class-map c1 Switch(Config-ClassMap-c1)#match access-group a1 Switch(Config-ClassMap-c1)# exit Switch(config)#policy-map p1 Switch(Config-PolicyMap-p1)#class c1 Switch(Config-PolicyMap-Class-p1)#set ip nexthop 218.31.1.119 Switch(Config-PolicyMap-Class-p1)#exit Switch(Config-PolicyMap-p1)#exit Switch(config)#interface ethernet 1/1 Switch(Config-If-Ethernet1/1)#service-policy input p1 Configuration results First set an ACL a1 with two items. The first item matches source IP segments 192.168.1.0/24 （allowed）.
Page 121: Chapter 14 Flow-Based Redirection
CONFIGURATION GUIDE SS3GR50i/26i Chapter 14 Flow-based Redirection 14.1 Introduction to Flow-based Redirection Flow-based redirection function enables the switch to transmit the data frames meeting some special condition (specified by ACL) to another specified port. The fames meeting a same special condition are called a class of flow, the ingress port of the data frame is called the source port of redirection, and the specified egress port is called the destination port of redirection.
Page 122: Flow-Based Redirection Examples
CONFIGURATION GUIDE SS3GR50i/26i redirection in the system/port 14.3 Flow-based Redirection Examples Scenario : User’s request of configuration is listed as follows: redirecting the frames whose source IP is 192.168.1.111 received from port 1 to port 6, that is sending the frames whose source IP is 192.168.1.111 received from port 1 through port 6...
Page 123 CONFIGURATION GUIDE SS3GR50i/26i...
Page 124: Chapter 15 L3 Forward Configuration
15.1 Layer 3 Interface 15.1.1 Introduction to Layer 3 Interface Layer 3 interface can be created on SS3GR50I/SS3GR26I series switch. The Layer 3 interface is not a physical interface but a virtual interface. Layer 3 interface is built on VLANs. The Layer 3 interface can contain one or more layer 2 ports which belong to the same VLAN, or contain no layer 2 ports.
Page 125: Ip Configuration
CONFIGURATION GUIDE SS3GR50i/26i 1. Create Layer 3 Interface Explanation Command Global Mode Creates a VLAN interface (VLAN interface is a Layer 3 interface); the “no interface interface vlan <vlan-id> vlan <vlan-id>” command deletes the no interface vlan <vlan-id> VLAN interface (Layer 3 interface) created in the switch.
Page 126 CONFIGURATION GUIDE SS3GR50i/26i IPv4 has shown its deficiency when facing the present scale and complexity of Internet. IPv6 refers to the sixth version of Internet protocol which is the next generation Internet protocol designed by IETF to replace the current Internet protocol version 4 (IPv4). IPv6 was specially developed to make up the shortages of IPv4 addresses so that Internet can develop further.
Page 127: Ip Configuration
CONFIGURATION GUIDE SS3GR50i/26i find network routers easily by address automatic configuration function of IPv6 while obtaining a globally unique IPv6 address automatically as well which makes the devices using IPv6 Internet plug-and-play. Automatic address configuration function also makes the readdressing of existing network easier and more convenient, and it is more convenient for network operators to manage the transformation from one provider to another.
Page 128 CONFIGURATION GUIDE SS3GR50i/26i 1．Configure the IPv4 address of three-layer interface 1． Configure the IPv4 address of three-layer interface Command Explanation VLAN Interface Configuration Mode Configure IP address of VLAN interface; the no ip address ip address <ip-address> <mask> [secondary] [<ip-address> <mask>] no ip address [<ip-address>...
Page 129 CONFIGURATION GUIDE SS3GR50i/26i Enable functions such as IPv6 data packet transmission, neighbor discovery, router ipv6 enable advertisement, routing protocol, etc. The NO no ipv6 enable command disables IPv6 function. (2). Configure interface IPv6 address Command Explanation Interface Configuration Mode Configure IPv6 address,...
Page 130 CONFIGURATION GUIDE SS3GR50i/26i （2）Configure Send Neighbor solicitation Message Interval Explanation Command Interface Configuration Mode Set the interval of the interface to send ipv6 nd ns-interval <seconds> neighbor query message. The NO command no ipv6 nd ns-interval <seconds> resumes default value (1 second).
Page 131 CONFIGURATION GUIDE SS3GR50i/26i ipv6 nd prefix <ipv6-address/prefix-length> <valid-lifetime> Configure the address prefix and <preferred-lifetime> [off-link] advertisement parameters of router. The NO [no-autoconfig] command cancels the address prefix of no ipv6 nd prefix routing advertisement. <ipv6-address/prefix-length> <valid-lifetime> <preferred-lifetime> [off-link] [no-autoconfig] （8）Configure static IPv6 neighbor Entries...
Page 132 CONFIGURATION GUIDE SS3GR50i/26i Command Admin Mode Tunnel Configuration Mode [tunnel soure {<ipv4-address> | Configure tunnel source end IPv4 address. <interface-name>} The NO command deletes the IPv4 address no tunnel soure {<ipv4-address> | of tunnel source end. <interface-name>} （4）Configure Tunnel Destination...
Page 133: Ip Configuration Examples
CONFIGURATION GUIDE SS3GR50i/26i ipv6 route <ipv6-address/prefix-length> {<interface-type interface-number> | tunnel Configure tunnel routing. The NO command <tnl-id>} clears tunnel routing. no ipv6 route <ipv6-address/prefix-length> {<interface-type interface-number> | tunnel <tnl-id>} 15.2.3 IP Configuration Examples 15.2.3.1 Configuration Examples of IPv4 SwitchB PC-A...
Page 134 CONFIGURATION GUIDE SS3GR50i/26i 5、 The IPv4 address of PC-A is 192.168.1.100, and the IPv4 address of PC-B is 192.168.3.100. 6、 Configure static routing 192.168.3.0/24 on SwitchA, and configure static routing 192.168.1.0/24 on SwitchB. 7、 Ping each other among PCs. Note: First make sure PC-A and Switch can access each other by ping, and PC-B and SwitchB can access each other by ping.
Page 135 CONFIGURATION GUIDE SS3GR50i/26i 3、 Configure 2 vlans on SwitchB, namely, vlan2 and vlan3. 4、 Configure IPv6 address 2002::2/64 in vlan2 of SwitchB, and configure IPv6 address 2003::1/64 in vlan3. 5、 The IPv6 address of PC-A is 2001::11/64, and the IPv6 address of PC-B is 2003::33/64.
Page 136 CONFIGURATION GUIDE SS3GR50i/26i ipv6 route 2001::/64 2002::1 no login Example 2: SwitchC SwithA SwitchB PC-A PC-B Fig 1-3 IPv6 tunnel This case is IPv6 tunnel with the following user configuration requirements: SwitchA and SwitchB are tunnel nodes, dual-stack is supported. SwitchC only runs IPv4, PC-A and PC-B communicate.
Page 137: Ipv6 Troubleshooting
Gateway devices can forward IP packets from one subnet to another; such forwarding uses routes to find a path. IP forwarding of SS3GR50I/SS3GR26I series switch is done with the participation of hardware, and can achieve wire speed forwarding . In addition, flexible management is provided to adjust and monitor forwarding.
Page 138: Ip Route Aggregation Configuration Task
CONFIGURATION GUIDE SS3GR50i/26i status. 15.3.2 IP Route Aggregation Configuration Task 1. Set whether IP route aggregation algorithm with/without optimization should be used. Command Explanation ip fib optimize Enables the switch to use optimized IP route aggregation algorithm; the “no ip fib no ip fib optimize optimize”...
Page 139: Urpf Configuration Task Sequence
CONFIGURATION GUIDE SS3GR50i/26i As the priority of the ACL rules corresponding with URPF is low which will not block various protocol data packet, so enabling this function will not affect the regular operation of the switch routing protocols. 15.4.2 URPF Configuration Task Sequence...
Page 140: Arp
15.5.1 Introduction to ARP ARP (Address Resolution Protocol) is mainly used to resolve IP address to Ethernet MAC address. SS3GR50I/SS3GR26I series switch supports both dynamic ARP and static ARP configuration.Furthermore, SS3GR50I/SS3GR26I series switch supports the configuration of proxy ARP for some applications. For instance, when an ARP request is received on the port,...
Page 141: Arp Troubleshooting
CONFIGURATION GUIDE SS3GR50i/26i 3. Clear dynamic ARP Command Explanation Admin mode The command “clear arp-cache” clears clear arp-cache the content of current ARP table, but it does not clear the current static ARP table arit etic Command Explanation Global mode Set the hash arithmetic of the layer 3 table.
Page 142: Chapter 16 Arp Scanning Prevention Function Configuration
CONFIGURATION GUIDE SS3GR50i/26i Chapter 16 ARP Scanning Prevention Function Configuration 16.1 Introduction to ARP Scanning Prevention Function ARP scanning is a common method of network attack. In order to detect all the active hosts in a network segment, the attack source will broadcast lots of ARP messages in the segment, which will take up a large part of the bandwidth of the network.
Page 143 CONFIGURATION GUIDE SS3GR50i/26i 4. Configure trusted IP 5. Configure automatic recovery time 6. Display relative information of debug information and ARP scanning Enable the ARP Scanning Prevention function. Command Explanation Global configuration mode Enable or disable the ARP Scanning anti-arpscan enable...
Page 144 CONFIGURATION GUIDE SS3GR50i/26i anti-arpscan recovery time <seconds> Set automatic recovery time no anti-arpscan recovery time Display relative information of debug information and ARP scanning Command Explanation Global configuration mode Enable or disable the log function of ARP anti-arpscan log enable...
Page 145: Arp Scanning Prevention Typical Examples
CONFIGURATION GUIDE SS3GR50i/26i 16.3 ARP Scanning Prevention Typical Examples SWITCH B E1/1 E1/19 SWITCH A E1/2 Server (192.168.1.100) Fig 2-1 ARP scanning prevention typical configuration example In the network topology above, port E1/1 of SWITCH B is connected to port E1/19 of SWITCH A, the port E1/2 of SWITCH A is connected to file server (IP address is 192.168.1.100), and all the...
Page 146 CONFIGURATION GUIDE SS3GR50i/26i If the state of a port is showed as not closed when using “show anti-arpscan”, it means that the port is not closed by the ARP scanning prevention function. If the port is closed by other modules, users can check it with “show interface”.
Page 147: Chapter 17 Prevent Arp, Nd Spoofing Configuration
CONFIGURATION GUIDE SS3GR50i/26i Chapter 17 Prevent ARP, ND Spoofing Configuration 17.1 Overview 17.1.1 ARP ( Address Resolution Protocol) Generally speaking, ARP (RFC-826) protocol is mainly responsible of mapping IP address to relevant 48-bit physical address, that is Mac address, for instance, IP address is 192.168.0.1, network card Mac address is 00-03-0F-FD-1D-2B.
Page 148: Prevent Arp, Nd Spoofing Configuration
CONFIGURATION GUIDE SS3GR50i/26i firstly, and sends a great deal of counterfeited ARP application packets to switches, after switches learn these packets, they will cover previously corrected IP, mapping of MAC address, and then some corrected IP, MAC address mapping are modified to correspondence relationship configured by attack packets so that the switch makes mistake on transfer packets, and takes an effect on the whole network.
Page 149: Prevent Arp, Nd Spoofing Example
CONFIGURATION GUIDE SS3GR50i/26i 3. Function on changing dynamic ARP, ND to static ARP, ND Command Explanation Global Mode and Interface Mode ip arp-security convert Change dynamic ARP, ND to static ARP, ND ipv6 nd-security convert 17.3 Prevent ARP, ND Spoofing Example...
Page 150 CONFIGURATION GUIDE SS3GR50i/26i So it is very important to protect ARP list, configure to forbid ARP learning command in stable environment, and then change all dynamic ARP to static ARP, the learned ARP will not be refreshed, and protect for users.
Page 151: Chapter 18 Arp Guard Configuration
CONFIGURATION GUIDE SS3GR50i/26i Chapter 18 ARP GUARD Configuration 18.1 ARP GUARD Introduction There is serious security vulnerability in the design of ARP protocol, which is any network device, can send ARP messages to advertise the mapping relationship between IP address and MAC address.
Page 152: Arp Guard Configuration Task List
CONFIGURATION GUIDE SS3GR50i/26i 18.2 ARP GUARD Configuration Task List 1. Configure the protected IP address Command Explanation Port configuration mode arp-guard ip <addr> Configure/delete ARP GUARD address no arp-guard ip <addr>...
Page 153: Chapter 19 Arp Local Proxy Configuration
CONFIGURATION GUIDE SS3GR50i/26i Chapter 19 Arp local proxy Configuration 19.1 Introduction to Arp local proxy function In a real application environment, the switches in the aggregation layer are required to implement local arp proxy function to avoid arp cheating. This function will restrict the forwarding of arp messages in the same vlan and thus direct the L3 forwarding of the data flow through the switch.
Page 154: Arp Local Proxy Function Configuration Task List
CONFIGURATION GUIDE SS3GR50i/26i interface isolation, arp messages will not be forwarded within the vlan, which means other PCs will not receive it. 19.2 arp local proxy function configuration task list 1． Enable arp local proxy function 1．Enable arp local proxy function...
Page 155: Help On Arp Local Proxy Function Troubleshooting
CONFIGURATION GUIDE SS3GR50i/26i Switch(Config-if-Vlan1)#exit 19.4 Help on arp local proxy function troubleshooting Arp local proxy function is disabled by default. Users can view the current configuration with display command. With correct configuration, by enabling debug of arp, users can check whether the arp proxy is normal and send proxy arp messages.
Page 156: Chapter 20 Dhcp Configuration
In this case, a DHCP relay is required to forward such DHCP packets so that the DHCP packets exchange can be completed between the DHCP client and server. SS3GR50I/SS3GR26I series switch can act as both a DHCP server and a DHCP relay. DHCP...
Page 157: Dhcp Server Configuration
CONFIGURATION GUIDE SS3GR50i/26i server supports not only dynamic IP address assignment, but also manual IP address binding (i.e. specify a specific IP address to a specified MAC address or specified device ID over a long period. The differences and relations between dynamic IP address allocation and manual IP address binding are: 1) IP address obtained dynamically can be different every time;...
Page 158 CONFIGURATION GUIDE SS3GR50i/26i default-router [<address1>[<address2>[…<address8> Configure default gateway for DHCP clients no default-router dns-server [<address1>[<address2>[…<address8> Configure DNS server for DHCP clients no dns-server Configure Domain name for DHCP domain-name <domain> clients; the “no domain-name” command no domain-name deletes the domain name.
Page 159: Dhcp Relay Configuration
CONFIGURATION GUIDE SS3GR50i/26i DHCP Address Pool Mode hardware-address <hardware-address> Specify the hardware address when [{Ethernet | IEEE802|<type-number>}] assigning address manually no hardware-address host <address> [<mask> | Specify the IP address to be assigned <prefix-length> ] to the specified client when binding...
Page 160: Dhcp Configuration Example
To save configuration efforts of network administrators and users, a company is using SS3GR50I/SS3GR26I series switch as a DHCP server. The Admin VLAN IP address is 10.16.1.2/16. The local area network for the company is divided into network A and B according to the office locations.
Page 161 CONFIGURATION GUIDE SS3GR50i/26i Default gateway 10.16.1.200 Default gateway 10.16.1.200 10.16.1.201 10.16.1.201 DNS server 10.16.1.202 DNS server 10.16.1.202 WINS server 10.16.1.209 WINS server 10.16.1.209 WINS node type H-node WINS node type H-node Lease 3 days Lease 3 days In location A, a machine with MAC address 00-03-22-23-dc-ab is assigned with a fixed IP address of 10.16.1.210 and named as “management”.
Page 162: Dhcp Troubleshooting
CONFIGURATION GUIDE SS3GR50i/26i DHCP Client E1/1 E1/2 192.168.1.1 10.1.1.1 DHCP Client DHCP Relay DHCP Server 10.1.1.10 DHCP Client Fig 1-3 DHCP Relay Configuration As shown in the above figure, route switch is configured as a DHCP relay. The DHCP server address is 10.1.1.10, TFTP server address is 10.1.1.20, the configuration steps is as follows:...
Page 163 In such case, DHCP server should be examined for an address pool that is in the same segment of the switch VLAN, such a pool should be added if not present, and (This does not indicate SS3GR50I/SS3GR26I series switch cannot assign IP address for different segments, see solution 2 for details.) In DHCP service, pools for dynamic IP allocation and manual binding are conflicting, i.e., if...
Page 164: Chapter 21 Dhcp Option 82 Configuration
CONFIGURATION GUIDE SS3GR50i/26i Chapter 21 DHCP option 82 Configuration 21.1 Introduction to DHCP option 82 DHCP option 82 is the Relay Agent Information Option, its option code is 82. DHCP option 82 is aimed at strengthening the security of DHCP servers and improving the IP address configuration policy.
Page 165: Option 82 Working Mechanism
CONFIGURATION GUIDE SS3GR50i/26i SubOpt: the sequence number of sub-option, the sequence number of Circuit ID sub-option is 1, the sequence number of Remote ID sub-option is 2. Len: the number of bytes in Sub-option Value, not including the two bytes in SubOpt segment and Len segment.
Page 166: Dhcp Option 82 Configuration Task List
CONFIGURATION GUIDE SS3GR50i/26i segment of the message. Then it will forward the reply message with DHCP configuration information and option 82 information to DHCP Relay Agent. 4）DHCP Relay Agent will peel the option 82 information from the replay message sent by DHCP server, and then forward the message with DHCP configuration information to the DHCP client.
Page 167 CONFIGURATION GUIDE SS3GR50i/26i This command is used to set the retransmitting policy of the system for the received DHCP request message which contains option 82. The drop mode means that if the message has option82, then the system will drop it without processing;...
Page 168: Dhcp Option 82 Application Examples
CONFIGURATION GUIDE SS3GR50i/26i This command is used to enable the ip dhcp server relay information switch DHCP server to identify option82. enable The “no ip dhcp server relay information no ip dhcp server relay information enable” command will make the server enable ignore the option 82.
Page 169 CONFIGURATION GUIDE SS3GR50i/26i distinguish that whether the DHCP client is from the network connected to Switch1 or Switch2. So, all the PC terminals connected to Switch1 and Switch2 will get addresses from the public address pool of the DHCP server. After the DHCP option 82 function is enabled, since the...
Page 170: Dhcp Option 82 Troubleshooting Help
CONFIGURATION GUIDE SS3GR50i/26i default-lease-time 86400; #24 Hours max-lease-time 172800; #48 Hours allow members of "Switch3Vlan2Class1"; pool { range 192.168.102.51 192.168.102.80; default-lease-time 43200; #12 Hours max-lease-time 86400; #24 Hours allow members of "Switch3Vlan2Class2"; Now, the DHCP server will allocate addresses for the network nodes from Switch1 which are relayed by Switch3 within the range of 192.168.102.21 ~ 192.168.102.50, and allocate...
Page 171 CONFIGURATION GUIDE SS3GR50i/26i...
Page 172: Chapter 22 Dhcp Snooping Configuration
CONFIGURATION GUIDE SS3GR50i/26i Chapter 22 DHCP snooping Configuration 22.1 Introduction to DHCP Snooping DHCP Snooping can effectively block attacks of fake DHCP Servers. Defense against Fake DHCP Server： once the switch intercepts the DHCP Server reply packets （including DHCPOFFER, DHCPACK, and DHCPNAK）, it will alarm and respond according to the situation（shutdown the port or send Black hole）...
Page 173 CONFIGURATION GUIDE SS3GR50i/26i 9. Set defense actions 10. Set rate limitation of DHCP messages 11. Enable the debug switch 1．Enable DHCP Snooping Command Explanation Globe mode ip dhcp snooping enable no ip dhcp snooping enable Enable or disable the dhcp snooping function 2．...
Page 174 CONFIGURATION GUIDE SS3GR50i/26i ip dhcp snooping trust Set or delete the dhcp snooping trust no ip dhcp snooping trust attributes of ports. Enable DHCP SNOOPING binding DOT1X function Command Explanation Port mode ip dhcp snooping binding dot1x Enable or disable the dhcp snooping binding...
Page 175: Dhcp Snooping Typical Application
CONFIGURATION GUIDE SS3GR50i/26i ip dhcp snooping action {shutdown|blackhole} [recovery Set or delete the dhcp snooping automatic <second>] defense actions of ports. no ip dhcp snooping action 10．Set rate limitation of data transmission Command Explanation Globe mode Set rate limitation of the transmission of ip dhcp snooping limit-rate <pps>...
Page 176: Dhcp Snooping Troubleshooting Help
CONFIGURATION GUIDE SS3GR50i/26i Setting DHCP Snooping on the switch will effectively detect and block this kind of network attack. Configuration sequence is: switch# switch#config switch(config)#ip dhcp snooping switch(config)#interface ethernet 1/11 switch(Config-If-Ethernet1/11)#ip dhcp snooping trust switch(Config-If-Ethernet1/11)#exit switch(config)#interface ethernet 1/12 switch(Config-If-Ethernet1/12)#ip dhcp snooping trust...
Page 177 (EGP). IGP is the protocol used to calculate the route to a destination inside an autonomous system. IGP supported by SS3GR50I/SS3GR26I series switch include RIP and OSPF, RIP and OSRF can be configured according to the requirement. SS3GR50I/SS3GR26I series switch supports running several IGP dynamic routing protocols at the same time. Or, other dynamic routing protocols and static route can be introduced to a dynamic routing protocol, so that multiple routing protocols can be associated.
Page 178: Routing Table
SS3GR50i/26i EGP is used to exchange routing information among different autonomous systems, such as BGP protocol. EGP supported by SS3GR50I/SS3GR26I series switch include BGP-4, BGP-4+. 23.1 Routing Table As mentioned before, layer3 switch is mainly used to establish the route from the current layer3 switch to a network or a host, and to forward packets according to the route.
Page 179: Ip Routing Policy
The matching rules can be previously configured to be applied in the routing publishing, receiving and distributing policies. Five filters are provided in SS3GR50I/SS3GR26I series switch: route-map, acl, as-path, community-list and ip-prefix for use. We will introduce each filter in following sections: 1.
Page 180: Ip Routing Policy Configuration Task List
CONFIGURATION GUIDE SS3GR50i/26i Different nodes in a route-map is an “or” relation logically. The system checks each node of the route-map in turn and once certain node test is passed the route-map test will be passed without taking the next node test.
Page 181 CONFIGURATION GUIDE SS3GR50i/26i 3, Define the set clause in route-map 4, Define address prefix list 1.Define route-map Command Explanation Global mode Configure route-map; the route-map <map_name> {deny | permit} no route-map <map_name> [{deny | <sequence_num> no route-map <map_name> [{deny | permit} permit} <sequence_num>]...
Page 182 CONFIGURATION GUIDE SS3GR50i/26i Match the address or next-hop; The no match ip match ip <address | next-hop> <ip-acl-name | <address | next-hop> ip-acl-num | prefix-list list-name> [<ip-acl-name | ip-acl-num no match ip <address | next-hop> [<ip-acl-name | | prefix-list [list-name]>] ip-acl-num | prefix-list [list-name]>]...
Page 183 CONFIGURATION GUIDE SS3GR50i/26i set as-path prepend <as-num> Add a specified AS No. no set as-path prepend [<as-num>] before the BGP routing messages as-path series; The no set as-path prepend [<as-num>] command deletes the configuration Configure the BGP atomic set atomic-aggregate no set atomic-aggregate aggregate property;...
Page 184 CONFIGURATION GUIDE SS3GR50i/26i set local-preference <pre_val> Set local preference; The no set local-preference [<pre_val>] no set local-preference [<pre_val>] command deletes the configuration set metric < +/- metric_val | metric_val> Set routing metric value; no set metric [+/- metric_val | metric_val]...
Page 185: Configuration Examples
CONFIGURATION GUIDE SS3GR50i/26i Global mode Describe the prefix list; The no ip prefix-list ip prefix-list <list_name> description <description> <list_name> description no ip prefix-list <list_name> description command deletes the configuration Set the prefix list; The no ip prefix-list <list_name> ip prefix-list <list_name> [seq <sequence_number>] [seq <deny | permit>...
Page 186 CONFIGURATION GUIDE SS3GR50i/26i SwitchB Switch A 192.68.11.1 VLAN1 VLAN3 192.68.10.1 VLAN2 192.68.6.1 VLAN2 VLAN3 192.68.6.2 VLAN1 192.68.5.2 172.16.20.1 VLAN1 VLAN3 192.68.5.1 172.16.20.2 SwitchD VLAN2 VLAN2 172.16.1.1 172.16.1.2 SwitchC Fig 1-1 Policy routing Configuration configuration procedure: (only SwitchA is listed,configurations for other switches are omitted.)
Page 187: Introduction To Static Route
CONFIGURATION GUIDE SS3GR50i/26i Chapter 24 Static Route 24.1 Introduction to Static Route As mentioned earlier, the static route is the manually specified path to a network or a host. Static route is simple and consistent, and can prevent illegal route modification, and is convenient for load balance and route backup.
Page 188 CONFIGURATION GUIDE SS3GR50i/26i Set static routing; the no ip ip route {<ip-prefix> <mask> | route {<ip-prefix> <mask> | <ip-prefix>/<prefix-length>} {<gateway-address> | <ip-prefix>/<prefix-length>} <gateway-interface>} [<distance>] [<gateway-address> | no ip route {<ip-prefix> <mask> | <gateway-interface>] <ip-prefix>/<prefix-length>} [<gateway-address> | [<distance>] command <gateway-interface>] [<distance>] deletes a static route entry 24.4 Configuration Examples...
Page 189 CONFIGURATION GUIDE SS3GR50i/26i Next hop use the partner IP address Switch(config)#ip route 10.1.4.0 255.255.255.0 10.1.3.1 Configuration of layer3 SwitchB Switch#config Switch(config)#ip route 0.0.0.0 0.0.0.0 10.1.3.2 In this way, ping connectivity can be established between PC-A and PC-C, and PC-B and PC-C...
Page 190: Introduction To Rip
CONFIGURATION GUIDE SS3GR50i/26i Chapter 25 25.1 Introduction to RIP RIP is first introduced in ARPANET, this is a protocol dedicated to small, simple networks. RIP is a distance vector routing protocol based on the Bellman-Ford algorithm. Network devices running vector routing protocol send 2 kind of information to the neighboring devices regularly: Number of hops to reach the destination network, or metrics to use or number of networks to pass.
Page 191 (simple plaintext password and MD5 password authentication are supported), and support variable length subnet mask. RIP-II used some of the zero field of RIP-I and require no zero field verification. SS3GR50I/SS3GR26I series switch send RIP-II packets in multicast by default, both RIP-I and RIP-II packets will be accepted.
Page 192: Rip Configuration Task List
Delete the specified route in RIP route table 1. Enable RIP protocol Applying RIP route protocol with basic configuration in SS3GR50I/SS3GR26I series switch is simple. Normally you only have to open the RIP switch and configure the segments running RIP, namely send and receive the RIP data packet by default RIP configuration.
Page 193 CONFIGURATION GUIDE SS3GR50i/26i Router and address family configuration mode Enables the segment running RIP protocol; network <A.B.C.D/M | ifname|vlan> the no network <A.B.C.D/M | ifname|vlan> no network <A.B.C.D/M | ifname|vlan> command deletes the segment. 2. Configure RIP protocol parameters （1）Configure RIP packet transmitting mechanism 1）Configure the RIP data packet point-transmitting...
Page 194 CONFIGURATION GUIDE SS3GR50i/26i Generate a default route to the RIP protocol; default-information originate the no default-information originate no default-information originate command cancels the feature. 2）Configure interface authentication mode and password Command Explanation Interface configuration mode ip rip authentication mode { text| Sets the authentication method;...
Page 195 CONFIGURATION GUIDE SS3GR50i/26i accept-lifetime <start-time> Configure a key on the key chain and accept {<end-time>| duration<seconds>| it as an authorized time; the no infinite} accept-lifetime command delete it no accept-lifetime send-lifetime <start-time> {<end-time>| Configure the transmitting period of a key on duration<seconds>| infinite}...
Page 196 CONFIGURATION GUIDE SS3GR50i/26i 1）Configure RIP routing priority 2）Configure the RIP route capacity limit in route table 3）Configure timer for RIP update, timeout and hold-down 4）Configure RIP UDP receiving buffer size Command Explanation Router configuration mode distance <number> [<A.B.C.D/M> ] Specify the route administratively distance of [<access-list-name|access-list-number...
Page 197: Rip Examples
CONFIGURATION GUIDE SS3GR50i/26i Sets the version of RIP packets to receive on all ports; the no action of this command set ip rip receive version {1 | 2 | } the version to the one configured by the no ip rip receive version...
Page 198 CONFIGURATION GUIDE SS3GR50i/26i connected with SwitchB and SwitchC, and RIP routing protocol is running in all of the three switches. SwitchA （interface vlan1： 10.1.1.1,interface vlan2： 20.1.1.1） exchanges Layer 3 switch update messages only with SwitchB（interface vlan1：10.1.1.2）, but not with SwitchC（interface vlan 2: 20.1.1.2）.
Page 199: Rip Troubleshooting
CONFIGURATION GUIDE SS3GR50i/26i 25.4 RIP Troubleshooting The RIP protocol may not be working properly due to errors such as physical connection, configuration error when configuring and using the RIP protocol. So users should pay attention to following: First ensure the physic connection is correct...
Page 200: Introduction To Ripng
CONFIGURATION GUIDE SS3GR50i/26i Chapter 26 RIPng 26.1 Introduction to RIPng RIPng is first introduced in ARPANET, this is a protocol dedicated to small, simple networks. RIPng is a distance vector routing protocol based on the Bellman-Ford algorithm. Network devices running vector routing protocol send 2 kind of information to the neighboring devices...
Page 201 CONFIGURATION GUIDE SS3GR50i/26i deletes the abovementioned routes, but set the costs of those routes to infinite. “Triggering update” mechanism defines whenever route metric changed by the gateway, the gateway advertise the update packets immediately other than wait for the 30 sec timer.
Page 202: Ripng Configuration Task List
Delete the specified route in RIPng route table 1. Enable RIPng protocol Applying RIPng route protocol with basic configuration in SS3GR50I/SS3GR26I series switch is simple. Normally you only have to open the RIPng switch and configure the segments running RIPng, namely send and receive the RIPng data packet by default RIPng configuration.
Page 203 CONFIGURATION GUIDE SS3GR50i/26i Specify the IPv6 Link-local address and interface of the neighboring route needs [no] neighbor <IPv6-address> point-transmitting; the [no] neighbor <ifname> <IPv6-address> <ifname> command cancels the appointed router. Block the RIPng multicast on specified port and the RIPng data packet is only transmittable among Layer 3 switch [no] passive-interface <ifname>...
Page 204 CONFIGURATION GUIDE SS3GR50i/26i Configure that provide a deviation value to the route metric value when the port sends or [no] offset-list <access-list-number receives RIPng data packet; the [no] |access-list-name> {in|out} <number offset-list <access-list-number > [<ifname>] |access-list-name> {in|out} <number > [<ifname>] command removes the deviation table 3）configure and apply route filter and route aggregation...
Page 205: Ripng Configuration Examples
CONFIGURATION GUIDE SS3GR50i/26i (4) Delete the specified route in RIPng route table Command Explanation Admin Mode clear IPv6 rip route the command deletes a specified route from {<IPv6-address>|kernel|static|conne the RIP route table cted|rip|ospf|isis|bgp|all} 26.3 RIPng Configuration Examples SwitchC Interface VLAN 1...
Page 206: Ripng Troubleshooting
CONFIGURATION GUIDE SS3GR50i/26i SwitchA (config-router)#passive-interface Vlan1 SwitchA (config-router)#exit Layer 3 SwitchB Enable RIPng protocol SwitchB (config)#router IPv6 rip SwitchB (config-router-rip)#exit Configure the IPv6 address and interfaces of Ethernet port vlan1 to run RIPng SwitchB #config SwitchB (config)# interface Vlan1 SwitchB (config-if)# IPv6 address 2001:1:1::2/64...
Page 207: Introduction To Ospf
CONFIGURATION GUIDE SS3GR50i/26i Chapter 27 OSPF 27.1 Introduction to OSPF OSPF is abbreviation for Open Shortest Path First. It is an interior dynamic routing protocol for autonomous system based on link-state. The protocol creates a link-state database by exchanging link-states among layer3 switches, and then uses the Shortest Path First algorithm to generate a route table basing on that database.
Page 208 CONFIGURATION GUIDE SS3GR50i/26i 5) Each neighboring layer3 switch copies the LSA packet and passes it to the next neighbor (i.e. flooding). 6) Since routing database is not recalculated before layer3 switch forwards LSA flooding, the converging time is greatly reduced.
Page 209 CONFIGURATION GUIDE SS3GR50i/26i external route and type 2 external route, in the order of highest priority to lowest. The route inside an area and between areas describe the internal network structure of an autonomous system, while external routes describe how to select the routing information to destination outside the autonomous system.
Page 210: Ospf Configuration Task List
CONFIGURATION GUIDE SS3GR50i/26i 1） Each OSPF-enabled layer3 switch maintains a database (LS database) describing the link-state of the topology structure of the whole autonomous system. Each layer3 switch generates a link-state advertisement according to its surrounding network topology structure (router LSA), and sends the LSA to other layer3 switches through link-state update (LSU) packets.
Page 211 Disable OSPF protocol 1. Enable OSPF protocol Basic configuration of OSPF routing protocol on SS3GR50I/SS3GR26I series switch is quite simple, usually only enabling OSPF and configuration of the OSPF area for the interface are required. The OSPF protocol parameters can use the default settings. If OSPF protocol parameters need to be modified, please refer to “2.
Page 212 CONFIGURATION GUIDE SS3GR50i/26i 2）Set the OSPF interface to receive only 3）Configure the cost for sending packets from the interface Command Explanation Interface configuration mode Configures the authentication method by the ip ospf authentication interface to accept OSPF packets; the no ip...
Page 213 CONFIGURATION GUIDE SS3GR50i/26i （2）Configure OSPF route introduction parameters Configure the routes of the other protocols to introduce to OSPF. Command Explanation OSPF protocol configuration mode redistribute { bgp | connected | static | Distribute other protocols to find routing rip | kernel} [ metric-type { 1 | 2 } ] [ tag and static routings as external routing <tag>...
Page 214: Ospf Example
27.3.1 Configuration Example of OSPF Scenario 1: OSPF autonomous system. This scenario takes an OSPF autonomous system consists of five SS3GR50I/SS3GR26I series switch for example, where layer3 SwitchA and SwitchE make up OSPF area 0, layer3 SwitchB and SwitchC form OSPF area 1 (assume vlan1 interface of layer3 SwitchA belongs to area 0), layer3 SwitchD forms OSPF area 2 (assume vlan2 interface of layer3 SwitchE belongs to area 0).
Page 215 CONFIGURATION GUIDE SS3GR50i/26i SwitchA#config SwitchA(config)# interface vlan 1 SwitchA(config-if-vlan1)# ip address 10.1.1.1 255.255.255.0 SwitchA(config-if-vlan1)#no shut-down SwitchA(config-if-vlan1)#exit Configuration of the IP address for interface vlan2 Configure the IP address of interface vlan2 SwitchA(config)# interface vlan 2 SwitchA(config-if-vlan2)# ip address 100.1.1.1 255.255.255.0 SwitchA (config-if-vlan2)#exit Enable OSPF protocol, configure the area number for interface vlan1 and vlan2.
Page 216 CONFIGURATION GUIDE SS3GR50i/26i SwitchD(config-if-vlan3)# ip address30.1.1.2 255.255.255.0 SwitchD(config-if-vlan3)#no shut-down SwitchD(config-if-vlan3)#exit Enable OSPF protocol, configure the OSPF area interfaces vlan3 resides in. SwitchD(config)#router ospf SwitchD(config-router)# network 30.1.1.0/24 area 0 SwitchD(config-router)#exit SwitchD(config)#exit Layer 3 SwitchE Configuration of the IP address for interface vlan2...
Page 217 CONFIGURATION GUIDE SS3GR50i/26i network N1-N4 and layer3 SwitchA-SwitchD, area2 include network N8-N10, host H1 and layer3 SwitchH, area3 include N5-N7 and layer3 SwitchF, SwitchG SwitchA0 and Switch11, and network N8-N10 share a summary route with host H1(i.e. area3 is defined as a STUB area).
Page 218 CONFIGURATION GUIDE SS3GR50i/26i the area 0 backbone layer3 switches by MD5 authentication.. The followings are just configurations for all layer3 switches in area 1, configurations for layer3 switches of the other areas are omitted. The following are the configurations of SwitchA SwitchB.SwitchC and SwitchD:...
Page 219 CONFIGURATION GUIDE SS3GR50i/26i SwitchB(config-If-Vlan2)#ip ospf authentication SwitchB(config-If-Vlan2)#ip ospf authentication-key DCS SwitchB(config-If-Vlan2)#exit Configure IP address and area number for interface vlan1. SwitchB(config)# interface vlan 1 SwitchB(config-If-Vlan1)#ip address 20.1.2.1 255.255.255.0 SwitchB(config-If-Vlan1)#exit SwitchB(config)#router ospf SwitchB(config-router)#network 20.1.2.0/24 area 1 SwitchB(config-router)#exit SwitchB(config)#exit 3)SwitchC： Configure IP address for interface vlan2...
Page 220 CONFIGURATION GUIDE SS3GR50i/26i SwitchC(config-router)#exit Configure MD5 key authentication. SwitchC(config)#interface vlan 1 SwitchC (config-If-Vlan1)#ip ospf authentication message-digest SwitchC (config-If-Vlan1)#ip ospf authentication-key DCS SwitchC (config-If-Vlan1)#exit SwitchC(config)#exit SwitchC# 4)SwitchD： Configure IP address for interface vlan2 SwitchD#config SwitchD(config)# interface vlan 2 SwitchD(config-If-Vlan2)# ip address 10.1.1.4 255.255.255.0 SwitchD(config-If-Vlan2)#exit Enable OSPF protocol, configure the area number for interface vlan2.
Page 221 CONFIGURATION GUIDE SS3GR50i/26i SwitchB Interface vlan1:10.1.1.2/24 vlan1:10.1.1.1/24 SwitchC Interface SwitchA Interface vlan2:20.1.1.1/24 Vlan2:20.1.1.2/24 Fig 5-3 OSPF VPN Example The above figure shows that a network consists of three Layer 3 switches in which the switchA as PE, SwitchB and SwitchC as CE1 and CE2. The PE is connected to CE1 and CE2 through vlan1 and vlan2.
Page 222: Ospf Troubleshooting
CONFIGURATION GUIDE SS3GR50i/26i SwitchA(config-router)#exit SwitchA(config)#router ospf 200 vpnc SwitchA(config-router)#network 20.1.1.0/24 area 0 SwitchA(config-router)#redistribute bgp The Layer 3 SwitchB of CE1： Configure the IP address of Ethernet E 1/2 SwitchB#config SwitchB(config)# interface Vlan1 SwitchB(config-if-vlan1)# ip address 10.1.1.2 255.255.255.0 SwitchB (config-if-vlan1)exit Enable OSPF protocol and configuring OSPF segments SwitchB(config)#router ospf SwitchB(config-router-rip)#network 10.1.1.0/24 area 0...
Page 223 CONFIGURATION GUIDE SS3GR50i/26i If the OSPF routing problem remains unresolved after checking and debugging, please use debug ospf packet/events commands and record the debug messages in three minutes ,then send it to our technical service center.
Page 224: Introduction To Ospfv
CONFIGURATION GUIDE SS3GR50i/26i Chapter 28 OSPFv3 28.1 Introduction to OSPFv3 OSPFv3（Open Shortest Path First） is the third version for Open Shortest Path First, and it is the IPv6 version of OSPF Protocol. It is an interior dynamic routing protocol for autonomous system based on link-state.
Page 225 CONFIGURATION GUIDE SS3GR50i/26i 5) Each neighboring layer3 switch copies the LSA packet and passes it to the next neighbor (i.e. flooding). 6) Since routing database is not recalculated before layer3 switch forwards LSA flooding, the converging time is greatly reduced.
Page 226 CONFIGURATION GUIDE SS3GR50i/26i autonomous system, while external routes describe external routes describe how to select the routing information to destination outside the autonomous system. The first type of exterior route corresponds to the information introduced by OSPFv3 from the other interior routing protocols, the costs of those routes are comparable with the costs of OSPFv3 routes;...
Page 227: Ospfv3 Configuration Task List
CONFIGURATION GUIDE SS3GR50i/26i (router LSA), and sends the LSA to other layer3 switches through link-state update (LSU) packets. Thus, each layer3 switches receives LSAs from other layer3 switches, and all LSAs combined to the link-state database. b) Since a LSA is the description of the network topology structure around a layer3 switch, the LS database is the description of the network topology structure of the whole network.
Page 228 It is very simple to run the basic configurations of OSPFv3 routing protocol on the Layer 3 switch of SS3GR50I/SS3GR26I series switch, normally only enabling OSPFv3, implement OSPFv3 interface, the default value is defined to OSPFv3 protocol parameters. Refer to 2.
Page 229 CONFIGURATION GUIDE SS3GR50i/26i IPv6 ospf cost <cost> [instance-id Appoint interface to implement required cost of OSPFv3 protocol. The no IPv6 ospf cost <id>] no IPv6 ospf cost [instance-id <id>] [instance-id <id>] restores the default setting 3）Configure OSPFv3 packet sending timer parameter (timer of broadcast interface sending HELLO packet to poll, timer of neighboring layer3 switch invalid timeout, timer of LSA transmission delay and timer of LSA retransmission.
Page 230 CONFIGURATION GUIDE SS3GR50i/26i Introduces other protocol discovery routing and static routing regarded as external routing message. The [no]redistribute {kernel |connected| [no]redistribute {kernel |connected| static| rip| isis| bgp} [metric<value>] static| rip| isis| bgp} [metric<value>] [metric-type {1|2}][route-map<word>] [metric-type {1|2}][route-map<word>] command cancels imported external routing message.
Page 231: Ospfv3 Examples
28.3 OSPFv3 Examples Examples 1:OSPF autonomous system. This scenario takes an OSPF autonomous system consists of five SS3GR50I/SS3GR26I series switch for example, where layer3 SwitchA and SwitchD make up OSPF area 0, layer3 Switch2 and Switch3 form OSPF area 1 (assume vlan1 interface of layer3 SwitchA belongs to area 0), layer3 SwitchD forms OSPF area2 (assume vlan2 interface of layer3 SwitchD belongs to area 0).
Page 232 CONFIGURATION GUIDE SS3GR50i/26i SwitchB(config)#router IPv6 ospf SwitchB (config-router)#router-id 192.168.2.2 Configure interface vlan1 address, vlan2 IPv6 address and affiliated OSPFv3 area SwitchB#config SwitchB(config)# interface vlan 1 SwitchB(config-if-vlan1)# IPv6 address 2010:1:1::2/64 SwitchB(config-if-vlan1)# IPv6 router ospf area 0 SwitchB(config-if-vlan1)#exit SwitchB(config)# interface vlan 3...
Page 233: Ospfv3 Troubleshooting
CONFIGURATION GUIDE SS3GR50i/26i SwitchD(config-router)#router-id 192.168.2.5 Configure interface IPv6 address and affiliated OSPFv3 area SwitchD#config SwitchD(config)# interface vlan 2 SwitchD(config-if-vlan2)# IPv6 address 2100:1:1::2/64 SwitchD(config-if-vlan2)# IPv6 router ospf area 0 SwitchD(config-if-vlan2)#exit Configure interface vlan3 IPv6 address and affiliated area SwitchD(config)# interface vlan 3...
Page 234: Bgp Introduction
Corporation. BGP has been used since1989, its earliest three versions are RFC1105 （BGP-1） , RFC1163 （BGP-2）and RFC1267（BGP-3）.Currently, the most popular one is RFC1771（BGP-4）. The SS3GR50I/SS3GR26I series switch supports BGP-4. Characteristics of BGP-4 1． BGP-4 is suitable for the distributed structure and supports Classless InterDomain Routing (CIDR).
Page 235 CONFIGURATION GUIDE SS3GR50i/26i transmission is reduced greatly and it is suitable for the mass routing information transmitted on the internet For political and economical reasons, each AS expects to filter and control the route, BGP-4 provides abundant route policies which make BGP-4 more extendable to encourage the internet development.
Page 236 CONFIGURATION GUIDE SS3GR50i/26i Generally, the outer neighbors are connected physically and the inner neighbors can be in any place of the AS. The difference is finally shown in the dealing manner of BGP to routing information. The equipments may check the AS numbers of the Open Message from neighbors to decide treating the neighbor switches as the exterior neighbor or as the interior neighbor.
Page 237: Bgp Configuration Task List
CONFIGURATION GUIDE SS3GR50i/26i select the route with the shortest AS path; 5. If the AS paths are the same, select the route with the lowest “origin” type （IGP<EGP<INCOMPLETE）; 6. If the “origin” types are the same, select the route with the lowest MED attribute. Unless activating command “bgp always-compare-med”, this comparison is only available among the...
Page 238 CONFIGURATION GUIDE SS3GR50i/26i 15．Configure BGP capability Negotiation 16．Configure Routing Server 17．Configure Path-Selected Rule Ⅰ． Basic BGP configuration tasks 1.Enable BGP Routing Command Explanation Global mode router bgp <as-id> Enable BGP, “no router no router bgp <as-id> <as-id>”command disenable BGP process.
Page 239 CONFIGURATION GUIDE SS3GR50i/26i Command Explanation BGP configuration mode This command can store routing information from neighbors and neighbor <ip-address> <TAG> peers; neighbor soft-reconfiguration inbound <ip-address> <TAG> neighbor <ip-address> <TAG> soft-reconfiguration inbound soft-reconfiguration inbound command cancels the storage of routing information.
Page 240 CONFIGURATION GUIDE SS3GR50i/26i While sending route Next-Hop neighbor { <ip-address> | <TAG> } Next-Hop as the switch’s address; the no next-hop-self neighbor { <ip-address> | <TAG> } no neighbor { <ip-address> | <TAG> } command cancels next-hop-self next-hop-self setting. 2）Cancel default Next-Hop through route map...
Page 241 CONFIGURATION GUIDE SS3GR50i/26i Set the version used by BGP neighbor {<ip-address> | <TAG>} version neighbors; the no neighbor <value> {<ip-address> <TAG>} no neighbor {<ip-address> | <TAG>} version command recovers version default setting. Presently only supporting version 4 Ⅱ．Advanced BGP configuration tasks 1．Use Route Maps to Modify Route...
Page 242 CONFIGURATION GUIDE SS3GR50i/26i 4．Configure BGP Confederation Command Explanation BGP configuration mode Configure confederation identifier; bgp confederation identifier <as-id> confederation no bgp confederation identifier <as-id> identifier <as-id> command deletes confederation identifier Configure the AS affiliated to the AS confederation; the no bgp confederation peers <as-id>...
Page 243 CONFIGURATION GUIDE SS3GR50i/26i be used. Command Explanation BGP configuration mode Configure the allowance of the route reflector from clients to clients; the no bgp bgp client-to-client reflection client-to-client reflection commands no bgp client-to-client reflection forbids this allowance. 6．Configure Peer Groups （1）...
Page 244 CONFIGURATION GUIDE SS3GR50i/26i neighbor <ip-address> <TAG> <ip-address> <TAG> default-originate [route-map <NAME>] default-originate [route-map command cancels <NAME>] sending default route. neighbor Configure community <ip-address> <TAG> send-community attributes sent to the neighbor . neighbor <ip-address> <TAG> send-community Configure a particular neighbor’s neighbor { <ip-address> | <TAG> } timers <keep keep-alive and hold-time timer;...
Page 245 CONFIGURATION GUIDE SS3GR50i/26i route-reflector-client <ip-address> <TAG> route-reflector-client command deletes a client. When sending route, configure neighbor { <ip-address> | <TAG> } next-hop-self Next-Hop as its address; the no neighbor <ip-address> <TAG> neighbor <ip-address> next-hop-self <TAG> } next-hop-self command cancels the setting.
Page 246 CONFIGURATION GUIDE SS3GR50i/26i Configure the BGP timers of all the timers bgp <keep alive> <holdtime> neighbors; the no timers bgp command no timers bgp recovers the default value. （2） Configure the timer value of a particular neighbor Command Explanation BGP configuration mode...
Page 247 CONFIGURATION GUIDE SS3GR50i/26i 12． Configure BGP’s MED Value （1） Configure MED value Command Explanation Route map configuration command set metric <metric-value> Configure metric value; the no set metric no set metric command recovers the default value. （2） Apply route selection based on MED according to the path from different AS...
Page 248 CONFIGURATION GUIDE SS3GR50i/26i neighbor {<ip-address>|<TAG>} capability {dynamic | route-refresh} no neighbor {<ip-address>|<TAG>} capability {dynamic | route-refresh} neighbor {<ip-address>|<TAG>} provides capability negotiation capability prefix-list regulation and carry out this capability match while establishing connection. The {<both>|<send>|<receive>} neighbor {<ip-address>|<TAG>} currently supported capabilities include...
Page 249: Configuration Examples Of Bgp
CONFIGURATION GUIDE SS3GR50i/26i bgp always-compare-med no bgp always-compare-med BGP may change some path-select rules bgp bestpath as-path ignore by configuration to change the best no bgp bestpath as-path ignore selection and compare MED under EBGP bgp bestpath compare-confed-aspath environment through these command,...
Page 250 CONFIGURATION GUIDE SS3GR50i/26i SwitchB(config-router-bgp)#network 13.0.0.0 SwitchB(config-router-bgp)#neighbor 11.1.1.1 remote-as 100 SwitchB(config-router-bgp)#neighbor 12.1.1.3 remote-as 200 SwitchB(config-router-bgp)#neighbor 13.1.1.4 remote-as 200 SwitchB(config-router-bgp)#exit The configurations of SwitchC are as following: SwitchC(config)#router bgp 200 SwitchC(config-router-bgp)#network 12.0.0.0 SwitchC(config-router-bgp)#network 13.0.0.0 SwitchC(config-router-bgp)#neighbor 12.1.1.2 remote-as 200 SwitchC(config-router-bgp)#neighbor 13.1.1.4 remote-as 200...
Page 251 CONFIGURATION GUIDE SS3GR50i/26i to all the neighbors. SwitchB(config-router-bgp)#aggregate 193.0.0.0/24 summary-only 29.3.3 Examples 3: configure BGP community attributes In the following sample, “route map set-community” is used for the outgoing update to neighbor 16.1.1.6. By accessing to route in table 1 to configure special community value to “1111”, other can be announced normally.
Page 252 CONFIGURATION GUIDE SS3GR50i/26i Switch(config-route-map)#exit Switch(config)#ip community-list com1 permit 100 200 300 Switch(config)#ip community-list com1 permit 900 901 Switch(config)#ip community-list com2 permit 88 Switch(config)#ip community-list com2 permit 90 Switch(config)#exit Switch#clear ip bgp 16.1.1.6 soft out 29.3.4 Examples 4: configure BGP confederation The following is the configuration of an AS.
Page 253 CONFIGURATION GUIDE SS3GR50i/26i SwitchA(config)#router bgp 100 SwitchA(config-router-bgp)#neighbor 11.1.1.2 remote-as 200 SwitchB: SwitchB(config)#router bgp 10 SwitchB(config-router-bgp)#bgp confederation identifier 200 SwitchB(config-router-bgp)#bgp confederation peers 20 SwitchB(config-router-bgp)#neighbor 12.1.1.3 remote-as 10 SwitchB(config-router-bgp)#neighbor 13.1.1.4 remote-as 20 SwitchB(config-router-bgp)#neighbor 11.1.1.1 remote-as 100 SwitchC: SwitchC(config)#router bgp 10 SwitchC(config-router-bgp)#bgp confederation identifier 200 SwitchC(config-router-bgp)#bgp confederation peers 20 SwitchC(config-router-bgp)#neighbor 12.1.1.2 remote-as 10...
Page 254 CONFIGURATION GUIDE SS3GR50i/26i AS200 SwitchH vlan1:8.8.8.8 SwitchG(RR) AS100 vlan1:7.7.7.7 SwitchD(RR) vlan1:3.3.3.4 vlan1:3.3.3.3 SwitchC(RR) SwitchE vlan1:1.1.1.1 vlan1:6.6.6.6 vlan1:2.2.2.2 vlan1:5.5.5.5 SwitchA SwitchF SwitchB AS300 SwitchI vlan1:9.9.9.9 Fig 7-3 the Topological Map of Route Reflector The configurations are as following: The configurations of SwitchC: SwitchC(config)#router bgp 100 SwitchC(config-router-bgp)#neighbor 1.1.1.1 remote-as 100...
Page 255 CONFIGURATION GUIDE SS3GR50i/26i SwitchD(config-router-bgp)#neighbor 5.5.5.5 route-reflector-client SwitchD(config-router-bgp)#neighbor 6.6.6.6 remote-as 100 SwitchD(config-router-bgp)#neighbor 6.6.6.6 route-reflector-client SwitchD(config-router-bgp)#neighbor 3.3.3.3 remote-as 100 SwitchD(config-router-bgp)#neighbor 7.7.7.7 remote-as 100 The configurations of SwitchA: SwitchA(config)#router bgp 100 SwitchA(config-router-bgp)#neighbor 1.1.1.2 remote-as 100 SwitchA(config-router-bgp)#neighbor 9.9.9.9 remote-as 300 The SwitchA at this time needn’t to create IBGP connection with all the switches in the AS100 and could receive BGP route from other switches in the AS.
Page 256 CONFIGURATION GUIDE SS3GR50i/26i The configurations of SwitchA: SwitchA(config)#router bgp 100 SwitchA(config-router-bgp)#neighbor 2.2.2.1 remote-as 300 SwitchA(config-router-bgp)#neighbor 3.3.3.2 remote-as 300 SwitchA(config-router-bgp)#neighbor 4.4.4.3 remote-as 400 The configurations of SwitchC: SwitchC(config)#router bgp 300 SwitchC (config-router-bgp)#neighbor 2.2.2.2 remote-as 100 SwitchC (config-router-bgp)#neighbor 2.2.2.2 route-map set-metric out SwitchC (config-router-bgp)#neighbor 1.1.1.2 remote-as 300...
Page 257 CONFIGURATION GUIDE SS3GR50i/26i two switches. If the metric comparison between different AS is needed, the command” bgp always-compare-med” will be used. If this command is configured, the routes passed SwitchB are the best to SwitchA. At this time, the following command may be added on SwitchA: “SwitchA (config-router-bgp)# bgp always-compare-med”...
Page 258 CONFIGURATION GUIDE SS3GR50i/26i CE-B1 and CE-B2 are the access switches on the user side. PC1-PC4 indicate the network users. BGP runs at both the public and private network region. For the public network region, VPN routing should be supported and the LOOPBACK interface should be used for connections.
Page 259 CONFIGURATION GUIDE SS3GR50i/26i PE1(config)#ip vrf VRF-A PE1(config-vrf)#rd 100:10 PE1(config-vrf)#route-target both 100:10 PE1(config-vrf)#exit PE1(config)#ip vrf VRF-B PE1(config-vrf)#rd 100:20 PE1(config-vrf)#route-target both 100:20 PE1(config-vrf)#exit PE1(config)#interface vlan 1 PE1(config-if-Vlan1)#ip vrf forwarding VRF-A PE1(config-if-Vlan1)#ip address 192.168.101.1 255.255.255.0 PE1(config-if-Vlan1)#exit PE1(config)#interface vlan 2 PE1(config-if-Vlan2)#ip vrf forwarding VRF-B PE1(config-if-Vlan2)#ip address 192.168.201.1 255.255.255.0...
Page 260: Bgp Troubleshooting
CONFIGURATION GUIDE SS3GR50i/26i PE2(config)#interface loopback 1 PE2(Config-if-Loopback1)# ip address 200.200.1.2 255.255.255.255 PE2(config-if-Vlan3)#exit PE2(config)#router bgp 100 PE2(config-router)#neighbor 200.200.1.1 remote-as 100 PE2(config-router)#address-family vpnv4 unicast PE2(config-router-af)#neighbor 200.200.1.1 activate PE2(config-router-af)#exit-address-family PE2(config-router)#address-family ipv4 vrf VRF-A PE2(config-router-af)# neighbor 192.168.102.2 remote-as 60102 PE2(config-router-af)#exit-address-family PE2(config-router)#address-family ipv4 vrf VRF-B PE2(config-router-af)# neighbor 192.168.202.2 remote-as 60202...
Page 261 CONFIGURATION GUIDE SS3GR50i/26i Chapter 30 MBGP4+ 30.1 MBGP4+ Introduction MBGP4+ is multi-protocol BGP (Multi-protocol Border Gateway Protocol) extension to IPv6, referring to BGP protocol chapter about BGP protocol introduction in this manual. Different from RIPng and OSPFv3, BGP has no corresponging independent protocol for IPv6, instead,it takes extensions to address families on the original BGP.
Page 262 CONFIGURATION GUIDE SS3GR50i/26i 30.3 MBGP4+ Examples SwitchC vlan1:2002::3 vlan2:2003::3 vlan1:2001::2 vlan1:2001::1 vlan2:2002::2 vlan1:2003::4 SwitchB SwitchA SwitchD AS200 AS100 Fig 8-1 BGP Network Topological Map Accordingly SwitchA configuration as follows: SwitchA(config)#router bgp 100 SwitchA(config-router-bgp)#neighbor 2001::2 remote-as 200 SwitchA(config-router-bgp)#address-family IPv6 unicast SwitchA(config-router-af)#neighbor 2001::2 activate...
Page 263 CONFIGURATION GUIDE SS3GR50i/26i SwitchC(config-router-af)#neighbor 2002::2 activate SwitchC(config-router-af)#neighbor 2003::4 activate SwitchC(config-router-af)#exit-address-family SwitchC(config-router-bgp)#exit SwitchD configuration as follows: SwitchD(config)#router bgp 200 SwitchD(config-router-bgp)#neighbor 2003::3 remote-as 200 SwitchD(config-router-bgp)#neighbor 2002::2 remote-as 200 SwitchD(config-router-bgp)#address-family IPv6 unicast SwitchD(config-router-af)#neighbor 2002::2 activate SwitchD(config-router-af)#neighbor 2003::3 activate SwitchD(config-router-af)#exit-address-family SwitchD(config-router-bgp)#exit Here the connection between SwitchB and SwitchA is EBGP, and the connection between SwitchC and SwitchD is IBGP.
Page 264 CONFIGURATION GUIDE SS3GR50i/26i...

This manual is also suitable for:

Ss3gr26i

Amer.com SS3GR50i Configuration Manual

Chapter 1 Switch Management

Chapter 2 Basic Switch Configuration

Chapter 3 Cluster Configuration

Chapter 4 Port Configuration

Chapter 5 Port Isolation Function Configuration

Chapter 6 Port Loopback Detection Function Configuration

Chapter 7 Port Channel Configuration

Chapter 8 Jumbo Configuration

Chapter 9 VLAN Configuration

Chapter 10 MAC Table Configuration

Chapter 11 MSTP Configuration

Chapter 12 Qos Configuration

Chapter 13 PBR Configuration

Chapter 14 Flow-Based Redirection

Chapter 15 L3 Forward Configuration

Chapter 16 ARP Scanning Prevention Function Configuration

Chapter 17 Prevent ARP, ND Spoofing Configuration

Chapter 18 ARP GUARD Configuration

Chapter 19 Arp Local Proxy Configuration

Chapter 20 DHCP Configuration

Chapter 21 DHCP Option 82 Configuration

Chapter 22 DHCP Snooping Configuration