Page 1: Configuration Guide
Switch 7700 Configuration Guide http://www.3com.com/ Published October 2003...
Page 2 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change. 3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose.
Page 3: Table Of Contents
BOUT UIDE Conventions YSTEM CCESS Product Overview Function Features Configuring the Switch 7700 Setting Terminal Parameters Configuring Through Telnet Configuring Through a Dial-up the Modem Configuring the User Interface Command Line Interface Command Line View Feature and Functions of the Command Line...
Page 4 Configure IP Address Displaying and Debugging an IP Address Troubleshooting an IP Address Configuration ARP Configuration Configure Static ARP DHCP Relay Configuring DHCP Relay Displaying and Debugging DHCP Relay Troubleshooting a DHCP Relay Configuration IP Performance Displaying and Debugging IP Performance Troubleshooting IP Performance OUTING ROTOCOL...
Page 5 Configure IGMP Snooping Display and debug IGMP Snooping IGMP Snooping Configuration Example TroubleshootinIGMP Snooping Common Multicast Configuration Common Multicast Configuration Display and Debug Common Multicast Configuration IGMP Configuration IGMP Configuration Display and Debug IGMP PIM-DM Configuration PIM-DM Configuration Display and Debug PIM-DM PIM-DM Configuration Example PIM-SM Configuration PIM-SM Operating Principle...
Page 6 Configuring the BPDU Forwarding Mechanism Implementing STP on the Switch 7700 Configuring RSTP Displaying and Debugging RSTP RADIUS O PERATION IEEE 802.1x 802.1x System Architecture Configuring 802.1x Displaying and Debugging 802.1x Configuring the AAA and RADIUS Protocols Configuring AAA Configuring the RADIUS Protocol...
Page 7 Display the State and Information of the System System Debugging Testing Tools for Network Connection Logging Function SNMP SNMP Versions and Supported MIB Configure SNMP Display and Debug SNMP RMON Configure RMON Display and Debug RMON...
Page 9: About This Guide
BOUT UIDE This guide describes the 3Com ® Switch 7700 and how to configure it. Conventions Table 1 and Table 2 list conventions that are used throughout this guide. Table 1 Notice Icons Icon Notice Type Description Information note Information that describes important features or instructions.
Page 10 BOUT UIDE...
Page 11: System
Layer 2/Layer 3 Ethernet switch. It is designed for IP metropolitan area networks (MAN), large-sized enterprise network and campus network users. The Switch 7700 has an integrated chassis structure. The chassis contains a card area, fan area, power supply area, and a power distribution area. In the card area, there are seven slots.
Page 12: Configuring The Switch 7700
PING and Tracert Remote maintenance via Telnet and Modem Configuring the On the Switch 7700, you can set up the configuration environment through the Switch 7700 console port. To set up the the local configuration environment: 1 Plug the DB-9 or DB-25 female plug of the console cable into the serial port of the PC or the terminal where the switch is to be configured.
Page 13: Setting Terminal Parameters
Setting Terminal Parameters Setting Terminal To set terminal parameters: Parameters 1 Start the PC and select Start > Programs > Accessories > Communications > HyperTerminal. 2 The HyperTerminal window displays the Connection Description dialog box, as shown in Figure 2. Figure 2 Set up the New Connection 3 Enter the name of the new connection in the Name field and click OK.
Page 14 1: S HAPTER YSTEM CCESS 5 Click OK. The Port Settings tab, shown in Figure 4, displays and you can set serial port parameters. Set the following parameters: Baud rate = 9600 ■ Databit = 8 ■ Parity check = none ■...
Page 15 Setting Terminal Parameters Figure 5 HyperTerminal Window 8 In the Properties dialog box, select the Settings tab, as shown in Figure 6. 9 Select VT100 in the Emulation dropdown menu. 10 Click OK. Figure 6 Settings Tab...
Page 16: Configuring Through Telnet
Ethernet switch through the console port (using the ip address command in VLAN interface view), and added the port (that connects to a terminal) to this VLAN (using the port command in VLAN view), you can telnet this Switch 7700 and configure it.
Page 17 (that connects to a terminal) to this VLAN (using the port command in VLAN view), you can telnet the Switch 7700 to another Switch 7700 to carry out the configuration, as shown in Figure 10. The local end is the Telnet client and the peer is the Telnet server.
Page 18: Configuring Through A Dial-Up The Modem
Note: By default, the password is required for authenticating the modem user to log in to the Switch 7700. If a user logs in through the modem without a password, the user sees the message, Password required, but none set a Enter system view, return user view with Ctrl+Z.
Page 19 Setting Terminal Parameters Figure 11 Set Up Remote Configuration Environment Modem serial port line Modem Telephone line Modem Remote telephone: Console port 555-5555 3 Dial for a connection to the switch, using the terminal emulator and modem on the remote end. Dial the telephone number of the modem connected to the Ethernet switch.
Page 20: Configuring The User Interface
VTY user interface is used to telnet the Ethernet switch. ■ Note: For the Switch 7700, the AUX port and Console port are the same port. There is only the type of AUX user interface. The user interface is numbered by absolute number or relative number.
Page 21 Setting Terminal Parameters To number the user interface by relative number, represented by interface + number assigned to each type of user interface: AUX user interface = AUX 0. ■ The first VTY interface = VTY 0, the second one = VTY 1, and so on. ■...
Page 22 Enabling and Disabling Terminal Service After the terminal service is disabled on a user interface, you cannot log in to the Switch 7700 through the user interface. However, if a user logged in through the user interface before disabling the terminal service, the user can continue operation.
Page 23 Setting Terminal Parameters Configure idle-timeout By default, idle-timeout is enabled and set to 10 minutes on all the user interfaces. The idle-timeout command is described in Table 5. Table 5 Idle Timeout Operation Command Configure idle-timeout idle-timeout minutes [ seconds ] (idle-timeout 0 means disabling idle-timeout.) Restore the default idle-timeout undo idle-timeout...
Page 24 For detailed information, see “AAA and Radius” Perform username and password authentication when a user logs in through the VTY 0 user interface and set the username and password to zbr and 3Com respectively: [SW7700-ui-vty0] authentication-mode scheme...
Page 25 Setting Terminal Parameters Note: By default, the password is required for authenticating the modem and Telnet users when they log in. If the password has not been set, when a user logs in, the following message displays, Password required, but none set If the authentication-mode none command is used, the modem and Telnet users are not required to enter a password.
Page 26 1: S HAPTER YSTEM CCESS Perform the following configuration in system view. Table 13 Set Command Priority Operation Command Set the command priority in a command-privilege level level view view command specified view. Restore the default command undo command-privilege view view command level in a specified view.
Page 27: Command Line Interface
Local configuration through the console port. ■ Local or remote configuration through Telnet. ■ Remote configuration through a dial-up Modem to log in to the Switch 7700. ■ Hierarchy command protection to prevent unauthorized users from accessing ■ the switch.
Page 28: Command Line View
You can enter the whole keyword or part of it, as long as it is unique and not ambiguous. Command Line View The Switch 7700 provides hierarchy protection for the command lines to prevent unauthorized users from accessing the switch illegally. There are four levels of commands: Visit level —...
Page 29 Command Line Interface The command line provides the following views: User view ■ System view ■ Ethernet Port view ■ VLAN view ■ VLAN interface view ■ Local-user view ■ User interface view ■ FTP client view ■ Cluster view ■...
Page 30 1: S HAPTER YSTEM CCESS Figure 14 Relation Diagram of the Views Ethernet port view User interface viiew VLAN view VLAN interface view RIP view OSPF view OSPF area view Route policy view Basic ACL view System User view view Advanced ACL view Interface-based ACL view Layer-2 ACL view...
Page 31 Command Line Interface Table 18 Function Feature of Command View Command Command to Command to view Function Prompt enter exit VLAN Configure IP Key in interface quit returns to [SW7700-Vlan- interface interface vlan-interface 1 System view interface1] view parameters for a in System view return returns VLAN or a VLAN...
Page 32: Feature And Functions Of The Command Line
1: S HAPTER YSTEM CCESS Table 18 Function Feature of Command View Command Command to Command to view Function Prompt enter exit quit returns to Layer-2 ACL Define the rule of Key in acl [SW7700-acl- System view view layer-2 ACL number 200 in link-200] System view...
Page 33 Command Line Interface -v Verbose output. ICMP packets other than ECHO_RESPONSE that are received are listed STRING<1-20> IP address or hostname of a remote system IP Protocol Enter a command with a , separated by a space. If this position is for ■...
Page 34 1: S HAPTER YSTEM CCESS Table 20 Retrieve History Command Result Operation Retrieve the previous Up cursor key <> or <Ctrl+P> Retrieves the previous history history command command, if there is any. Retrieve the next history Down cursor key <> or Retrieves the next history command <Ctrl+N>...
Page 35: Port Configuration
Ethernet Port Overview ■ Link Aggregation Configuration ■ Ethernet Port A brief description of Switch 7700 I/O modules are listed below: Overview 48-port 10/100Base-T auto-sensing fast Ethernet card ■ 8-port 1000Base-X (Gigabit Interface Converter or GBIC) Gigabit Ethernet card ■...
Page 36 Command Enter Ethernet port view interface {Gigabit | Ethernet} slot/subslot/port Note: In the Switch 7700, the subslot is always 0. Enabling and Disabling Ethernet PortS The following command can be used for disabling or enabling the port. After configuring the related parameters and protocol of the port, you can use the following command to enable the port.
Page 37 Ethernet Port Overview Perform the following configuration in Ethernet port view. Table 4 Set Duplex Attribute for Ethernet Port Operation Command Set duplex attribute for duplex {auto | full | half} Ethernet port. Restore the default duplex undo duplex attribute of Ethernet port. Note: 100M electrical Ethernet port can operate in full-duplex, half-duplex or auto-negotiation mode.
Page 38 Note: The settings only take effect on 10/100Base-T and 10/100/1000Base-T ports. The Switch 7700 only supports auto (auto-sensing). If you set some other type, you will see the prompt “Not support this operation!”. The cable type is auto (auto-recognized) by default. The system will automatically recognize the type of cable connecting to the port.
Page 39 Ethernet Port Overview Setting the Maximum MAC Addresses an Ethernet Port can Learn Use the following command to set an amount limit on MAC addresses learned by the Ethernet port. If the number of MAC address learned by this port exceeds the value set by the user, this port will not learn MAC address.
Page 40 2: P HAPTER ONFIGURATION Adding the Ethernet Port to a VLAN The following commands are used for adding an Ethernet port to a specified VLAN. The access port can only be added to one VLAN, while the hybrid and trunk ports can be added to multiple VLANs.
Page 41: Display And Debug Ethernet Port
Ethernet Port Overview Table 12 Set the Default VLAN ID for the Ethernet Port Operation Command Restore the default VLAN ID of the undo port trunk pvid trunk port to the default value Note: The Trunk port and isolate-user-vlan cannot be configured simultaneously, ■...
Page 42: Ethernet Port Troubleshooting
Link aggregation appears as a single port physically. The Switch 7700 supports 64 link aggregation groups. For the 48-port 10/100BASE-T auto-sensing fast Ethernet interface card, the first 24 ports can be aggregated arbitrarily as long as they are assigned contiguously; meaning port 1 to port 2 to port 3 and so on.
Page 43: Display And Debug Link Aggregation
{master_port_num | all} aggregation Note: The Ethernet ports to be aggregated should be configured with the same speed and duplex otherwise, they cannot be aggregated. The Switch 7700 does not support ingress aggregation mode. Display and Debug Link...
Page 44: Ethernet Link Aggregation Troubleshooting
2: P HAPTER ONFIGURATION Mode: both Ethernet Link When configuring link aggregation, you might see a message that the Aggregation configuration has failed. To address this situation: Troubleshooting Check the input parameter and see whether the starting number of Ethernet ■...
Page 45: Vlan Configuration
VLAN C ONFIGURATION VLAN Overview A virtual local area network (VLAN) groups the devices of a LAN logically, but not physically, into segments to implement the virtual workgroups. Using VLAN technology, network managers can logically divide the physical LAN into different broadcast domains. Every VLAN contains a group of workstations with the same demands.
Page 46 3: VLAN C HAPTER ONFIGURATION Add Ethernet Ports to a VLAN You can use the following command to add Ethernet ports to a VLAN. Perform the following configuration in VLAN view. Table 2 Add Ethernet Ports to a VLAN Operation Command Add Ethernet ports to a VLAN port { interface_type interface_num | interface_name [...
Page 47 VLAN Overview Set or Delete VLAN Description Character String You can use the following command to set or delete VLAN description character string. The description character strings, such as workgroup name and department name, are used to distinguish the different VLANs. Perform the following configuration in VLAN view.
Page 48: Display And Debug Vlan
3: VLAN C HAPTER ONFIGURATION Perform the following configuration in VLAN interface view. Table 7 Shut Down or Enable a VLAN interface Operation Command Shut down the VLAN interface shutdown Enabling the VLAN interface undo shutdown The operation of shutting down or enabling the VLAN interface has no effect on the status of the Ethernet ports on the local VLAN.
Page 49: Garp/Gvrp Configuration
GARP participants and processes them with the corresponding GARP applications (GVRP or GMRP). GARP and GMRP are described in details in the IEEE 802.1p standard (which has been added to the IEEE 802.1D standard). The Switch 7700 fully supports the GARP compliant with the IEEE standards. Note: The value of the GARP timer is used in all the GARP applications, including ■...
Page 50 3: VLAN C HAPTER ONFIGURATION Setting the GARP Timer GARP timers include the hold, join, leave, and leaveall timers. The GARP participant sends join message regularly when join timer times out so that other GARP participants can register its attribute values. When the GARP participant wants to remove some attribute values, it sends a leave message outward.
Page 51: Configuring Gvrp
GVRP is described in details in the IEEE 802.1Q standard. The Switch 7700 fully supports the GARP compliant with the IEEE standards. Main GVRP configuration steps include: Enable or Disable Global GVRP ■...
Page 52 3: VLAN C HAPTER ONFIGURATION Perform the following configurations in Ethernet port view. Table 12 Enable/Disable Port GVRP Operation Command Enable port GVRP gvrp Disable port GVRP undo gvrp GVRP should be enabled globally before it is enabled on the port. GVRP can only be enabled or disabled on a Trunk port.
Page 53 GARP/GVRP Configuration Table 14 Display and Debug GVRP Operation Command Disable GVRP packet or event undo debugging gvrp { packet | event} debugging The network requirement is to dynamically register and update VLAN information Example: GVRP Configuration Example among switches. Figure 2 GVRP Configuration Example E1/01 E2/0/1...
Page 54 3: VLAN C HAPTER ONFIGURATION...
Page 55: Network Protocol Operation
ETWORK ROTOCOL PERATION This chapter covers the following topics: Configure IP Address ■ ARP Configuration ■ DHCP Relay ■ IP Performance ■ Configure IP Address IP address is a 32-bit address represented by four octets. IP addresses are divided into five classes: A, B, C, D and E. The octets are set according to the first a few bits of the first octet.
Page 56: Configure Ip Address
4: N HAPTER ETWORK ROTOCOL PERATION With the rapid development of the Internet, IP addresses are depleting very fast. The traditional IP address allocation method uses up IP addresses with little efficiency. The concept of mask and subnet was proposed to make full use of the available IP addresses.
Page 57: Displaying And Debugging An Ip Address
1 Enter VLAN interface 1. [3Com] interface vlan 1 2 Configure the IP address for VLAN interface 1. [3Com-vlan-interface1] ip address 129.2.2.1 255.255.255.0 Troubleshooting an IP If the Ethernet Switch cannot ping through a certain host in the LAN: Address Configuration 1 Determine which VLAN includes the port connected to the host.
Page 58: Arp Configuration
4: N HAPTER ETWORK ROTOCOL PERATION but not receive the ARP packets, there are probably errors on the Ethernet physical layer. ARP Configuration An IP address cannot be directly used for communication between network devices because devices can only identify MAC addresses. An IP address is only the address of a host in the network layer.
Page 59: Dhcp Relay
DHCP Relay Manually Add/Delete Static ARP Mapping Entries Perform the following configuration in System view. Table 4 Manually Add/Delete Static ARP Mapping Entries Operation Command Manually add a static ARP mapping arp static ip-address mac-address VLANID { interface_type interface_num | interface_name } entry Manually delete a static ARP undo arp static ip-address...
Page 60: Configuring Dhcp Relay
4: N HAPTER ETWORK ROTOCOL PERATION Figure 2 DHCP Relay Schematic Diagram DHCP client DHCP client Intranet Intranet Switch Switch DHCP server DHCP server When the DHCP Client performs initialization, it broadcasts the request packet on the local network segment. If there is a DHCP server on the local network segment (e.g.
Page 61: Displaying And Debugging Dhcp Relay
DHCP Relay Configure Corresponding DHCP Server Group of the VLAN Interface Perform the following configuration in VLAN interface view. Table 7 Configure/Delete the Corresponding DHCP Server Group of VLAN Interface Operation Command Configure Corresponding DHCP dhcp-server groupNo Server Group of the VLAN Interface Delete the corresponding DHCP undo dhcp-server server group of the VLAN interface...
Page 62 VLAN 3 1.88.255.35 1 Configure the IP address corresponding to DHCP Server Group 1. [3Com] dhcp-server 1 ip 1.99.255.36 1.99.255.35 2 Configure the DHCP Server Group 1 corresponding to the VLAN interface 2. [3Com-VLAN-Interface2] dhcp-server 1 3 Configure the IP address corresponding to DHCP Server Group 2.
Page 63: Troubleshooting A Dhcp Relay Configuration
<3Com> display dhcp-server 1 9 Show the DHCP Server Group number corresponding to the VLAN interface in User view. <3Com> display dhcp-server interface vlan-interface 2 <3Com> display dhcp-server interface vlan-interface 3 Troubleshooting a DHCP If a user cannot apply for IP address dynamically, perform the following procedure:...
Page 64: Ip Performance
4: N HAPTER ETWORK ROTOCOL PERATION IP Performance TCP attributes to be configured include: : When sending the syn packets, TCP starts the synwait timer. If ■ synwait timer response packets are not received before synwait timeout, the TCP connection will be terminated.
Page 65: Troubleshooting Ip Performance
Debug and trace the packets of the TCP connection that take this device as one ■ end. Operations include: <3Com> terminal debugging <3Com> debugging tcp packet Then the TCP packets received or sent can be checked in real time. Specific packet formats include: TCP output packet: Source IP address:202.38.160.1 Source port:1024 Destination IP Address 202.38.160.1...
Page 66 4: N HAPTER ETWORK ROTOCOL PERATION...
Page 67: Routing Protocol Operation
OUTING ROTOCOL PERATION This chapter covers the following topics: IP Routing Protocol Overview ■ Static Routes ■ ■ OSPF ■ IP Routing Policy ■ IP Routing Protocol Routers select an appropriate path through a network for an IP packet according Overview to the destination address of the packet.
Page 68: Route Selection Through The Routing Table
5: R HAPTER OUTING ROTOCOL PERATION Figure 1 About Hops Route Segment Networks can have different sizes so the segment lengths connected between two different pairs of routers are also different. If a router in a network is regarded as a node and a route segment in the Internet is regarded as a link, message routing in the Internet works in a similar way as the message routing in a conventional network.
Page 69: Routing Management Policy
12.0.0.3 12.0.0.1 Routing Management The Switch 7700 supports the configuration of a series of dynamic routing Policy protocols such as RIP, OSPF, as well as the static routes. The static routes configured by the user are managed together with the dynamic routes as detected by the routing protocol.
Page 70: Static Routes
As the algorithms of various routing protocols are different, different protocols can generate different routes. This situation creates the problem of how to resolve different routes being generated by different routing protocols. The Switch 7700 supports an operation of importing the routes generated by one routing protocol into another routing protocol.
Page 71: Configuring Static Routes
Static Routes The following routes are static routes: Reachable route — The normal route in which the IP packet is sent to the next ■ hop by the route marked by the destination. It is a common type of static route.
Page 72: Display And Debug Static Route
5: R HAPTER OUTING ROTOCOL PERATION The IP address and mask use a decimal format. Because the 1s in the 32-bit mask must be consecutive, the dotted decimal mask can also be replaced by the mask-length which refers to the digits of the consecutive 1s in the mask. Transmitting interface or next hop address ■...
Page 73 Static Routes Table 4 Display and Debug the Routing Table Operation Command view the route filtered through display ip routing-table acl { acl-number | acl-name } [ specified basic access control verbose ] list (ACL) view the route information display ip routing-table ip-prefix ip-prefix-number [ that through specified ip prefix verbose ] list...
Page 74: Static Route Fault Diagnosis And Troubleshooting
Using this procedure, all the hosts or switches in Figure 3 can be interconnected in pairs. Static Route Fault The Switch 7700 is not configured with the dynamic routing protocol, and both Diagnosis and the physical status and the link layer protocol status of the interface is enabled, Troubleshooting but the IP packets cannot be forwarded normally.
Page 75: Configuring Rip
Route tag — The indication whether the route is generated by an interior ■ routing protocol or by an exterior routing protocol. The whole process of RIP startup and operation can be described as follows: 1 If RIP is enabled on a router for the first time, the router broadcasts a request packet to adjacent routers.
Page 76 5: R HAPTER OUTING ROTOCOL PERATION Enable RIP and Enter the RIP View Perform the following configurations in system view. Table 5 Enable RIP and Enter the RIP View Operation Command Enable RIP and enter the RIP view Disable RIP undo rip By default, RIP is not enabled.
Page 77 Usually, this command is not recommended because the opposite side does not need to receive two of the same messages at a time. It should be noted that the peer command should also be restricted by rip work, rip output, rip input and network commands.
Page 78 5: R HAPTER OUTING ROTOCOL PERATION Perform the following configuration in VLAN interface view. Table 10 Specify the Operating State of the Interface Operation Command Enable the interface to run RIP rip work Disable the interface to run RIP undo rip work Enable the interface to receive RIP rip input update packet...
Page 79 Perform the following configurations in RIP view. Table 12 Route Aggregation Operation Command Activate the automatic summary aggregation function of RIP-2 Disable the automatic undo summary aggregation function of RIP-2 RIP-2 uses the route aggregation function by default. Set RIP-2 Packet Authentication RIP-1 does not support packet authentication.
Page 80 5: R HAPTER OUTING ROTOCOL PERATION Perform the following configuration in VLAN interface view. Table 14 Configure Split Horizon Operation Command Enable split horizon rip split-horizon Disable split horizon undo rip split-horizon By default, split horizon of the interface is enabled. Configure RIP to Import Routes of Other Protocols RIP allows users to import the route information of other protocols into the routing table.
Page 81 Perform the following configurations in RIP view. Table 17 Set the RIP Preference Operation Command Set the RIP Preference preference value Restore the default value of undo preference RIP preference By default, the preference of RIP is 100. Set Additional Routing Metric The additional routing metric is the input or output routing metric added to an RIP route.
Page 82: Display And Debug Rip
5: R HAPTER OUTING ROTOCOL PERATION Table 19 Configure RIP to Filter Routes Operation Command Cancel filtering the received undo filter-policy gateway ip-prefix-name import routing information distributed by the specified address Configure filtering the received filter-policy {acl-number | ip-prefix ip-prefix-name } global routing information import Cancel filtering the received global...
Page 83: Rip Fault Diagnosis And Troubleshooting
[Switch C-rip] network 110.11.2.0 RIP Fault Diagnosis and Troubleshooting 1 The Switch 7700 cannot receive update packets when the physical connection to the peer routing device is normal. RIP does not operate on the corresponding interface (for example, if the ■...
Page 84: Calculating Ospf Routes
5: R HAPTER OUTING ROTOCOL PERATION Scope — Supports networks in various sizes and can support several hundred ■ routers Fast convergence — Transmits the update packets instantly after the network ■ topology changes so the change is synchronized in the AS Loop-free —...
Page 85 OSPF When two routers synchronize their databases, they use the DD packets to describe their own Link State Databases (LSDs), including the digest of each LSA. The digest refers to the HEAD of an LSA, which can be used to uniquely identify the LSA.
Page 86: Ospf Configuration
5: R HAPTER OUTING ROTOCOL PERATION topology becomes more likely to change. Hence, the network is always in “turbulence”, and a large number of OSFP packets are generated and transmitted in the network. This shrinks network bandwidth. In addition, each change causes all the routers on the network to recalculate the routes.
Page 87 OSPF Configure NSSA of OSPF ■ Configure the Route Summarization of OSPF Area ■ Configure OSPF Virtual Link ■ Configure Route Summarization Imported into OSPF ■ Configure the OSPF Area to Support Packet Authentication ■ Configure OSPF Packet Authentication ■ Configure OSPF to Import the Routes of Other Protocols ■...
Page 88 5: R HAPTER OUTING ROTOCOL PERATION Perform the following configuration in OSPF Area view. Table 23 Specify Interface Operation Command Specify an interface to run OSPF network ip-address ip-mask Disable OSPF on the interface undo network ip-address ip-mask You must specify the segment to which the OSPF will be applied after enabling the OSPF tasks.
Page 89 OSPF the sending polling hello packets before the adjacency of the neighboring routers is formed. Configure the interface type to nonbroadcast on a broadcast network without ■ multi-access capability. Configure the interface type to P2MP if not all the routers are directly ■...
Page 90 5: R HAPTER OUTING ROTOCOL PERATION Set the Interface Priority for DR Election The priority of the router interface determines the qualification of the interface for DR election, a router of higher priority is considered first if there is a collision in the election.
Page 91 OSPF broadcasting the Hello packets, you must manually specify an IP address for the adjacent router for the interface, and whether the adjacent router is eligible for election. This can be done by configuring the peer ip-address command. If dr-priority-number is not specified, the adjacent router will be regarded as ineligible.
Page 92 5: R HAPTER OUTING ROTOCOL PERATION Table 30 Set a Dead Timer for the Neighboring Routers Operation Command Restore the default dead interval of undo ospf timer dead the neighboring routers By default, the dead interval for the neighboring routers of P2P or broadcast interfaces is 40 seconds and for the neighboring routers of P2MP or NBMA interfaces is 120 seconds.
Page 93 OSPF Note that a LSA retransmission interval that is too small will cause unnecessary retransmission. Set a Shortest Path First (SPF) Calculation Interval for OSPF Whenever the OSPF LSDB changes, the shortest path requires recalculation. Calculating the shortest path after a change consumes enormous resources and affects the operating efficiency of the router.
Page 94 5: R HAPTER OUTING ROTOCOL PERATION Table 34 Configure an OSPF STUB Area Operation Command Remove the cost of the default undo default-cost route to the STUB area By default, the STUB area is not configured, and the cost of the default route to a STUB area is 1.
Page 95 OSPF Table 35 Configure NSSA of OSPF Operation Command Restore the default cost value undo default-cost of the route to the NSSA area All routers connected to the NSSA must use the nssa command to configure the area with the NSSA attribute. The default-route-advertise parameter is used to generate the default type-7 LSAs.
Page 96 5: R HAPTER OUTING ROTOCOL PERATION Perform the following configuration in OSPF Area view. Table 36 Configure the Route Summarization of an OSPF Area Operation Command Configure the Route abr-summary ip-address mask [ advertise | Summarization of OSPF Area not-advertise ] Cancel route summarization of undo abr-summary ip-address mask OSPF Area...
Page 97 10 seconds, retransmit is 5 seconds, trans-delay is 1 second, and the dead timer is 40 seconds. Configure Route Summarization Imported into OSPF The OSPF implementation in the Switch 7700 supports route summarization of imported routes. Perform the following configurations in OSPF view.
Page 98 5: R HAPTER OUTING ROTOCOL PERATION Perform the following configuration in VLAN interface view. Table 40 Configure OSPF Packet Authentication Operation Command Configure the interface to use ospf authentication-mode simple password simple authentication Disable the interface to use simple undo ospf authentication-mode simple authentication Configure the interface to use MD5 ospf authentication-mode md5 key_id key...
Page 99 OSPF Perform the following configuration in OSPF view. Table 41 Configure OSPF to Import the Routes of Other Protocols Operation Command Configure OSPF to impor import-route protocol [ cost value ] [ type value ] [ tag value routes of other protocols ] [ route-policy route-policy-name ] Cancel importing routing undo import-route protocol...
Page 100 5: R HAPTER OUTING ROTOCOL PERATION Configure OSPF to Import the Default Route The import-route command cannot be used to import the default route. Using the default-route-advertise command, you can import the default route into the routing table. Perform the following configuration in OSPF view. Table 43 Configure OSPF to Import the Default Route Operation Command...
Page 101 OSPF By default, OSPF does not filter the imported and distributed routing information. For detailed description, see “IP Routing Policy”. Configure Filling the MTU Field When an Interface Transmits DD Packets OSPF-running routers use the DD (Database Description) packets to describe their own LSDBs when synchronizing the databases.
Page 102: Display And Debug Ospf
Configuring DR Election Based on OSPF Priority Example: OSPF Configuration In this example, four Switch 7700 routers, Switch A, Switch B, Switch C, and Switch D, which can perform the router functions and run OSPF, are located on the same segment, as shown in Figure 6.
Page 103 OSPF Figure 6 Configuring DR Election Based on OSPF Priority Switch A Switch D 1.1.1.1 4.4.4.4 196.1.1.1/24 196.1.1.4/24 196.1.1.2/24 196.1.1.3/24 3.3.3.3 2.2.2.2 Switch C Switch B The commands listed in the following examples enable Switch A and Switch C to be DR and BDR respectively.
Page 104 5: R HAPTER OUTING ROTOCOL PERATION On Switch A, execute the display ospf peer command to display the OSPF neighbors. Note that Switch A has three neighbors. The state of each neighbor is full, which means that adjacency is set up between Switch A and each neighbor.
Page 105: Ospf Fault Diagnosis And Troubleshooting
OSPF [Switch A] ospf [Switch A-ospf] area 0 [Switch A-ospf-area-0.0.0.0] network 196.1.1.0 0.0.0.255 2 Configure Switch B: [Switch B] interface vlan-interface 7 [Switch B-Vlan-interface7] ip address 196.1.1.2 255.255.255.0 [Switch B] interface vlan-interface 8 [Switch B-Vlan-interface8] ip address 197.1.1.2 255.255.255.0 [Switch B] router id 2.2.2.2 [Switch B] ospf [Switch B-ospf] area 0 [Switch B-ospf-area-0.0.0.0] network 196.1.1.0 0.0.0.255...
Page 106: Ip Routing Policy
5: R HAPTER OUTING ROTOCOL PERATION If the physical link and the lower layer protocol are normal, check the OSPF ■ parameters configured on the interface. The parameters should be the same parameters configured on the router adjacent to the interface. The same area ID should be used, and the networks and the masks should also be consistent.
Page 107: Routing Information Filters
The rules can be set in advance and then used in the routing policy to advertise, receive, and import the route information. Routing Information The Switch 7700 supports four kinds of filters, route-policy, acl, ip-prefix, and Filters community-list. The following sections introduce these filters: Route Policy ■...
Page 108: Configuring An Ip Routing Policy
5: R HAPTER OUTING ROTOCOL PERATION gateway options and require it to receive only the routing information distributed by certain routers. An ip-prefix is identified by the ip-prefix name. Each ip-prefix can include multiple list items, and each list item can independently specify the match range of the network prefix forms and is identified with a index-number.
Page 109 IP Routing Policy The deny argument specifies that the apply clauses are not executed. If a route satisfies all the if-match clauses of the node, the node denies the route and the route does not take the test of the next node. If a route does not satisfy all the if-match clauses of the node, however, the route takes the test of the next node.
Page 110 5: R HAPTER OUTING ROTOCOL PERATION Table 51 Define If-match Conditions Operation Command Match the tag domain of the if-match tag value OSPF routing information Cancel the tag domain of the undo if-match tag matched OSPF routing information By default, no matching is performed. Note that: The if-match clauses for a node in the route policy require that the route ■...
Page 111 IP Routing Policy Table 52 Define Apply Clauses Operation Command Cancel the route origin of the BGP undo apply origin routing information Set the tag domain of the OSPF apply tag value routing information Cancel the tag domain of the OSPF undo apply tag routing information By default, no apply clauses are defined.
Page 112 5: R HAPTER OUTING ROTOCOL PERATION Perform the following configurations in system view. Table 54 Define Prefix-list Operation Command Define a prefix list ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } network len [ greater-equal greater-equal ] [ less-equal less-equal ] Remove a prefix list undo ip ip-prefix ip-prefix-name [ index index-number |...
Page 113: Display And Debug The Routing Policy
IP Routing Policy Perform the following configuration in routing protocol view. Table 56 Configure Filtering of Distributed Routes Operation Command Configure to filter the routes filter-policy { acl-number | ip-prefix ip-prefix-name } distributed by the protocol export [ routing-process ] Cancel the filtering of the routes undo filter-policy { acl-number | ip-prefix distributed by the protocol...
Page 114: Routing Policy Fault Diagnosis And Troubleshooting
5: R HAPTER OUTING ROTOCOL PERATION Figure 9 Filtering Received Routing Information static 20.0.0.1/8 1.1.1.1 2.2.2.2 30.0.0.1/8 area 0 40.0.0.1/8 Switch A Switch B Configure Switch A: 1 Configure the IP address of VLAN interface. [Switch A] interface vlan-interface 100 [Switch A-Vlan-interface100] ip address 10.0.0.1 255.0.0.0 [Switch A] interface vlan-interface 200 [Switch A-Vlan-interface200] ip address 12.0.0.1 255.0.0.0...
Page 115 IP Routing Policy The if-match mode of at least one node of the Route policy should be the ■ permit mode. When a Route-policy is used for the routing information filtering, if a piece of routing information does not pass the filtering of any node, then it means that the route information does not pass the filtering of the Route-policy.
Page 116 5: R HAPTER OUTING ROTOCOL PERATION...
Page 117: Multicast Protocol
ULTICAST ROTOCOL This chapter includes information on the following: IP Multicast Overview ■ GMRP ■ IGMP Snooping ■ Common Multicast Configuration ■ IGMP Configuration ■ PIM-DM Configuration ■ PIM-SM Configuration ■ IP Multicast Overview Many transmission methods can be used when the destination (including data, voice and video) is the secondary use of the network.
Page 118: Multicast Addresses
6: M HAPTER ULTICAST ROTOCOL Figure 1 Comparison Between the Unicast and Multicast Transmission Receiver Unicast Receiver Receiver Server Receiver Multicast Receiver Server Receiver Note: A multicast source does not necessarily belong to a multicast group. It only sends data to the multicast group and it is not necessarily a receiver. Multiple sources can send packets to a multicast group simultaneously.
Page 119 IP Multicast Overview Ranges and meanings of Class D addresses are shown in Table 1. Table 1 Ranges and Meanings of Class D Addresses Class D address range Meaning 224.0.0.0∼224.0.0.255 Reserved multicast addresses (addresses of permanent groups). Address 224.0.0.0 is reserved. The other addresses can be used by routing protocols.
Page 120: Ip Multicast Protocols
6: M HAPTER ULTICAST ROTOCOL Figure 2 Mapping Between the Multicast IP Address and the Ethernet MAC Address 32-bit IP address 5 bits Lower 23 bits directly mapped mapped 48-bit MAC address Only 23 bits of the last 28 bits in the IP multicast address are mapped to the MAC address.
Page 121: Ip Multicast Packet Forwarding
IP Multicast Overview resources related (such as bandwidth and CPU of routers) are consumed. In order to decrease the consumption of these precious network resources, branches that do not have members send Prune messages toward the source to reduce the unwanted/unnecessary traffic. To enable the receivers to receive multicast data streams, the pruned branches can be restored periodically to a forwarding state.
Page 122: Application Of Multicast
6: M HAPTER ULTICAST ROTOCOL Application of Multicast IP multicast technology effectively solves the problem of packet forwarding from single-point to multi-point. It implements high-efficient data transmission from single-point to multi-point in IP networks and can save a large amount of network bandwidth and reduce network loads.
Page 123: Displaying And Debugging Gmrp
GMRP By default, GMRP is disabled. Enabling/Disabling GMRP on the Port Perform the following configuration in Ethernet port view. Table 4 Enabling/Disabling GMRP on the Port Operation Command Enable GMRP on the port gmrp Disable GMRP on the port undo gmrp GMRP should be enabled globally before being enabled on a port.
Page 124: Igmp Snooping
IGMP Snooping runs on the link layer. When receiving the IGMP messages, the Layer 2 Switch 7700 uses IGMP Snooping to analyze the information. If the switch hears IGMP host report message from an IGMP host, it adds the host to the corresponding multicast table.
Page 125 IGMP report message before the timer times out, it will remove the port from the multicast member ports The Switch 7700 runs IGMP Snooping to listen to the IGMP messages and map the host and its ports to the corresponding multicast group address. To implement...
Page 126 Switch 7700 will reset the aging timer of the port. When a port other than a router port receives the IGMP general query message, the Switch 7700 will notify the multicast router that a port is ready to join a multicast group and starts the aging timer for the port.
Page 127: Configure Igmp Snooping
By default, the port aging time is 260s. Configuring Maximum Response Time This task sets the maximum response time. If the Switch 7700 receives no report message from a port in the maximum response time, it will remove the port from...
Page 128: Display And Debug Igmp Snooping
6: M HAPTER ULTICAST ROTOCOL Perform the following configuration in system view. Table 8 Configuring the Maximum Response Time Operation Command Configure the maximum response igmp-snooping max-response-time seconds time Restore the default setting undo IGMP-snooping max-response-time By default, the maximum response time is 10 seconds. Configure Aging Time of Multicast Group Member This task sets the aging time of the multicast group member port.
Page 129: Troubleshootinigmp Snooping
Common Multicast Configuration Figure 7 IGMP Snooping Configuration Network Internet Router Multicast Switch 1 Display the status of GMRP. <SW7700> display gmrp status 2 Display the current status of IGMP Snooping when GMRP is disabled. <SW7700> display igmp-snooping configuration 3 Enable IGMP Snooping if it is disabled. [SW7700] igmp-snooping enable TroubleshootinIGMP If the multicast function cannot be implemented on the switch, check for the...
Page 130: Common Multicast Configuration
6: M HAPTER ULTICAST ROTOCOL Common Multicast Common multicast configuration includes: Configuration Enabling multicast ■ Enabling Multicast Enable multicast first before enabling the multicast routing protocol. Enabling multicast will automatically enable IGMP operation on all interfaces. Perform the following configuration in system view. Table 11 Enabling Multicast Operation Command...
Page 131: Igmp Configuration
IGMP Configuration IGMP Configuration IGMP (Internet Group Management Protocol) is a protocol in the TCP/IP suite responsible for management of IP multicast members. It is used to establish and maintain multicast membership among IP hosts and their connected neighboring routers. IGMP excludes transmitting and maintenance information among multicast routers, which are completed by multicast routing protocols.
Page 132: Igmp Configuration
6: M HAPTER ULTICAST ROTOCOL multicast group. This prevents the hosts of members of other multicast groups from sending response messages. Max response time ■ The Max Response Time is added in IGMP Version 2. It is used to dynamically adjust the allowed maximum time for a host to response to the membership query message.
Page 133 IGMP Configuration Limit ing Access to IP Multicast Groups A multicast router learns whether there are members of a multicast group on the network via the received IGMP membership message. A filter can be set on an interface to limit the range of allowed multicast groups. Perform the following configuration in VLAN-interface view.
Page 134: Display And Debug Igmp
6: M HAPTER ULTICAST ROTOCOL Configuring the IGMP Querier Present Timer The IGMP querier present timer defines the period of time before the router takes over as the querier. Perform the following configuration in VLAN interface view. Table 17 Configure the IGMP Querier Present Timer Operation Command Change the IGMP querier present...
Page 135: Pim-Dm Configuration
PIM-DM Configuration Table 19 Display and Debug IGMP Operation Command Display the IGMP display igmp interface [ interface-type interface-number ] configuration and running information about the interface Enable the IGMP information debugging igmp { all | event | host | packet | timer } debugging Disable the IGMP information undo debugging igmp { all | event | host | packet | timer }...
Page 136: Pim-Dm Configuration
6: M HAPTER ULTICAST ROTOCOL independent of any specified unicast routing protocol such as the routing information learned by RIP and OSPF Assert mechanism ■ As shown in the following figure, both routers A and B on the LAN have their own receiving paths to multicast source S.
Page 137: Display And Debug Pim-Dm
PIM-DM Configuration Perform the following configuration in VLAN interface view. Table 20 Enable PIM-DM Operation Command Enable PIM-DM on an pim dm interface Disable PIM-DM on an undo pim dm interface It’s recommended you configure PIM-DM on all interfaces in non-special cases. This configuration is effective only after the multicast routing is enabled in system view.
Page 138: Pim-Dm Configuration Example
6: M HAPTER ULTICAST ROTOCOL Table 22 Display and Debug PIM-DM Operation Command Display the information about PIM display pim neighbor [ interface interface-type neighboring routers interface-number ] Enable the PIM debugging debugging pim common { all | event | packet | timer Disable the PIM debugging undo debugging pim common { all | event | packet | timer }...
Page 139: Pim-Sm Configuration
PIM-SM Configuration [SW7700-vlan-interface11] ip address 2.2.2.2 255.255.0.0 [SW7700-vlan-interface11] pim dm [SW7700-vlan-interface11] quit [SW7700] interface vlan-interface 12 [SW7700-vlan-interface12] ip address 3.3.3.3 255.255.0.0 [SW7700-vlan-interface12] pim dm PIM-SM Configuration PIM-SM (Protocol Independent Multicast, Sparse Mode) belongs to sparse mode multicast routing protocols. PIM-SM is mainly applicable to large-scale networks with broad scope with few group members.
Page 140: Preparations Before Configuring Pim-Sm
6: M HAPTER ULTICAST ROTOCOL Multicast Source S Receiver join Multicast source registration Figure 10 RPT Schematic Diagram Multicast source S Receiver join Multicast source registration Multicast Source Registration When multicast source S sends a multicast packet to the group G, the PIM-SM multicast router is responsible for encapsulating the packet into a registration packet upon receipt.
Page 141: Pim-Sm Configuration
PIM-SM Configuration calculate the RPs corresponding to multicast groups according to the same algorithm after receiving the C-RP messages that the BSR advertises. It should be noted that one RP can serve multiple multicast groups or all multicast groups. Each multicast group can only be uniquely correspondent to one RP at a time rather than multiple RPs.
Page 142 6: M HAPTER ULTICAST ROTOCOL Once enabled , PIM-DM cannot be enabled on the same interface. Configure the Interface Hello Message Interval Generally, PIM-SM advertises Hello messages periodically on the interface enabled with it to detect PIM neighbors and discover which router is the Designated Router (DR).
Page 143 PIM-SM Configuration Using undo pim command, you can clear the configuration in PIM view, and back to system view. Configure Candidate-BSRs In a PIM domain, one or more candidate BSRs should be configured. A BSR (Bootstrap Router) is elected among candidate BSRs. The BSR takes charge of collecting and advertising RP information.
Page 144: Display And Debug Pim-Sm
6: M HAPTER ULTICAST ROTOCOL multicast group in the specified range. It is suggested to configure Candidate RP on the backbone router. Configure RP to Filter the Register Messages Sent by DR In the PIM-SM network, the register message filtering mechanism can control which sources to send messages to which groups on the RP, i.e., RP can filter the register messages sent by DR to accept specified messages only.
Page 145 PIM-SM Configuration Table 31 Display and Debug PIM-SM Operation Command Display the RP information display pim rp-info [ group-address ] Enable the PIM-SM debugging debugging pim sm { all | mbr | register-proxy | mrt | timer | warning | { recv | send } { assert | graft | graft-ack | join | prune } } Disable the PIM-SM undo debugging pim sm { all | mbr | register-proxy | mrt |...
Page 146 6: M HAPTER ULTICAST ROTOCOL [SW7700] vlan 12 [SW7700-vlan12] port Ethernet 1/0/6 to Ethernet 1/0/7 [SW7700-vlan12] quit [SW7700] pim [SW7700-pim] interface vlan-interface 12 [SW7700-vlan-interface12] pim sm [SW7700-vlan-interface12] quit 2 Configure the threshold for multicast group to switch from shared tree to the STP as 10kbps.
Page 147 PIM-SM Configuration Configure LS_C: 1 Enable PIM-SM. [SW7700] multicast routing-enable [SW7700] vlan 10 [SW7700-vlan10] port Ethernet 1/0/2 to Ethernet 1/0/3 [SW7700-vlan10] quit [SW7700] pim [SW7700-pim] interface vlan-interface 10 [SW7700-vlan-interface10] pim sm [SW7700-vlan-interface10] quit [SW7700] vlan 11 [SW7700-vlan11] port Ethernet 1/0/4 to Ethernet 1/0/5 [SW7700-vlan11] quit [SW7700] pim [SW7700-pim] interface vlan-interface 11...
Page 148 6: M HAPTER ULTICAST ROTOCOL...
Page 149: Q O S/Acl Operation
S/ACL O PERATION ACL Overview A series of matching rules are required for the network devices to identify the packets to be filtered. After identifying the packets, the switch can permit or deny them to pass through according to the defined policy. The Access Control List (ACL) is used to implement these functions.
Page 150: Acl Supported By Ethernet Switch
If the port numbers are in the same range, the configuration sequence is used. ACL Supported by For the Switch 7700, ACLs are divided into the following categories: Ethernet Switch Numbered basic ACL ■...
Page 151: Configuring The Time Range
The end time must be later than the start time. Selecting the ACL Mode The Switch 7700 can only have one of two modes, ip-based or link-based. In link-based mode, only L2 ACL can be defined, activated, and cited by other applications.
Page 152 7: Q S/ACL O HAPTER PERATION Note: If a specific time range is not defined, the ACL always functions after it is activated. During the process of defining the ACL, you can use the rule command several times to define multiple rules for an ACL. If ACL is used to filter or classify the data transmitted by the hardware of the switch, the match order defined in the acl command is not effective.
Page 153 The numbered interface ACLs can be identified with numbers ranging from 1000 to 1999. Notes: The Switch 7700 does not have any Layer-3 physical interface but has Layer-3 VLAN virtual interface. Therefore when the command line prompts for the input interface type, you can only select Vlan-interface. Otherwise, the system will display a failure message.
Page 154: Activating Acl
CPU. The matched information of the transmitted data by the switch can be displayed with the display qos-info traffic-statistic command. For a description of the syntax of these commands, see the “3Com Router Command Reference Guide”.
Page 155: Qos Overview
Define the work time range: 1 Set the time range from 8:00 to 18:00. [SW7700] time-range 3com 8:00 to 18:00 Define the ACL to access the payment server: 1 Enter the name of the advanced ACL. [SW7700] acl name traffic-of-payserver advanced match-order config 2 Set the rules for other department to access the payment server.
Page 156: Traffic
7: Q S/ACL O HAPTER PERATION out (FIFO) policy. Switches and routers make their best effort to transmit the packets to the destination, not making any commitment or guarantee of the transmission reliability, delay, or to satisfy other performance requirements. Ethernet technology is currently the most widely used network technology.
Page 157 The port rate limit is the port-based rate limit used for limiting the general speed of packet output on the port. Traffic Priority The Switch 7700 can deliver priority tag service for special packets. The tags include TOS, DSCP and 802.1p, etc., which can be used and defined in different QoS modules.
Page 158: Configuring Qos
With flow-based traffic counting, you can request a traffic count to count and analyze the packets. When the congestion reaches a certain degree, the Switch 7700 selects some frames to drop, using the RED algorithm. The RED alogrithm can alleviate the excessive congestion.
Page 159 } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] } The Switch 7700 supports a function to tag the packets with IP precedence (specified by ip-precedence in the traffic-priority command), or DSCP (specified by dscp in the traffic-priority command).
Page 160 } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] } For details about the command, refer to the “3Com Command Reference Guide”. Configure Bandwidth Assurance Bandwidth Assurance guarantees bandwidth for specified traffic.
Page 161: Display And Debug Qos
{ acl-number | acl-name } [ rule rule ] } Display the statistics information display qos-info traffic-statistic For details about the command, refer to the “3Com Command Reference Guide”. Display and Debug QoS After you configure QoS, execute the display command in all views to display the running of the QoS configuration, and to verify the effect of the configuration.
Page 162: User Logonacl Control Configuration
} [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] } For output and description of the related commands, refer to the “3Com Command Reference Guide”. The interconnection between different departments on a company network is...
Page 163: Configure Acl Control Over The Telnet User
User LogonACL Control Configuration At the first level, the user connection is controlled with an ACL filter and only legal users can be connected to the switch. At the second level, a connected user can log on to the device only if the user can pass the password authentication. This chapter introduces how to configure the first level security control to filter the logon users with ACL.
Page 164: Configure Acl Control Over Snmp Users
Call an ACL (from acl acl-number { inbound | outbound } user-interface view) For more information about the command, refer to the “3Com Command Reference Guide”. Note: Only the numbered basic ACL can be called for TELNET user control. Figure 4 illustrates a configuration that controls TELNET user with ACL.
Page 165: Example: Controlling Snmp Users With Acl
Note: You can call different ACLs for these commands. Only the numbered basic ACL can be called for network management user control. For more about the commands, refer to the “3Com Command Reference Guide”. Example: Controlling Figure 5 illustrates a configuration that controls SNMP users with ACL.
Page 166 7: Q S/ACL O HAPTER PERATION [SW7700-acl-basic-21] quit [SW7700] acl number 22 match-order config [SW7700-acl-basic-22] rule 1 permit source 10.110.100.55 0 [SW7700-acl-basic-22] quit 2 Call the basic ACLs. [SW7700] snmp-agent community public read acl 20 [SW7700] snmp-agent group v2c 3comgroup acl 21 [SW7700] snmp-agent usm-user v2c 3comuser 3comgroup acl 22...
Page 167: Stp Operation
STP O PERATION STP Overview Spanning Tree Protocol (STP) is applied in a loop network to block some undesirable redundant paths with certain algorithms and prune the network into a loop-free tree, thereby avoiding the proliferation and infinite cycling of a packet in the loop network.
Page 168: Calculating The Stp Algorithm
Switch B E1/0/4 E1/0/1 Calculating the STP The following example illustrates the calculation process of STP. Algorithm The figure1-2 below illustrates the network. Figure 2 Switch 7700 Networking Switch A with priority 0 E1/0/1 E1/0/2 E1/0/7 Switch B with priority 1...
Page 169: Selecting The Optimum Configuration Bpdu
Implementing STP Configuration BPDU of Ethernet 1/0/7: {1, 0, 1, e1/0/7} Configuration BPDU of Ethernet 1/0/4: {1, 0, 1, e1/0/4} Switch C ■ Configuration BPDU of Ethernet 1/0/1: {2, 0, 2, e1/0/1} Configuration BPDU of Ethernet 1/0/5: {2, 0, 2, e1/0/5} Selecting the Optimum Every switch transmits its configuration BPDU to others.
Page 170 8: STP O HAPTER PERATION Configuration BPDU of Ethernet 1/0/1: {0, 0, 0, e1/0/1} Configuration BPDU of Ethernet 1/0/2: {0, 0, 0, e1/0/2} Switch B ■ Ethernet 1/0/7 receives the configuration BPDU from Switch A and finds that the received BPDU has a higher priority than the local one, so it updates its configuration BPDU.
Page 171: Configuring The Bpdu Forwarding Mechanism
Forward Delay before they enter the forwarding state. Implementing STP on The Switch 7700 implements the Rapid Spanning Tree Protocol (RSTP), an the Switch 7700 enhancement to STP. The Forward Delay for the root ports and designated ports to enter forwarding state is greatly reduced in certain conditions, thereby shortening the time period for stabilizing the network topology.
Page 172: Configuring Rstp
8: STP O HAPTER PERATION To achieve the rapid transition of the root port state, the following requirement should be met: The old root port on this switch has stopped data forwarding and the designated port in the upstream has begun forwarding data. The conditions for rapid state transition of the designated port are: The port is an Edge port that does not connect with any switch directly or ■...
Page 173 Implementing STP on the Switch 7700 Among the above-mentioned tasks, only the steps of enabling STP on the switch and enabling STP on the port are required. For other tasks, if you do not configure them, the system will use the default settings.
Page 174 8: STP O HAPTER PERATION Perform the following configurations in system view. Table 3 Setting the Diameter of a Switching Network Operation Command Set diameter of a switching stp bridge-diameter bridgenum network Restore a default diameter of the undo stp bridge-diameter switching network The diameter of the switching network should not exceed 7.
Page 175 Implementing STP on the Switch 7700 is enabled, an assignment of a priority to the bridge will lead to recalculation of the spanning tree. By default, the priority of the bridge is 32768. Specifying the Switch as a Primary or Secondary Root Switch RSTP can determine the spanning tree root through calculation.
Page 176 8: STP O HAPTER PERATION state and resume data frame forwarding. This delay ensures that the new configuration BPDU has been propagated throughout the network before the data frame forwarding is resumed. Perform the following configurations in system view. Table 7 Set the Forward Delay for a Bridge Operation Command Set forward delay of a specified...
Page 177 Implementing STP on the Switch 7700 Table 9 Set Max Age for a Bridge Operation Command Restore the default Max Age undo stp timer max-age of the specified bridge If the Max Age is too short, it results in frequent calculation of spanning tree or misjudging the network congestion as a link fault.
Page 178 8: STP O HAPTER PERATION bridge is configured as an edge port, RSTP will automatically detect and reconfigure it as a non-EdgePort. After the network topology changes, if a configured non-EdgePort changes to an EdgePort and is not connected to any other port, you should configure it as an EdgePort manually because RSTP cannot configure a non-EdgePort as an EdgePort automatically.
Page 179 Implementing STP on the Switch 7700 tree. If all the Ethernet ports of the bridge adopt the same priority parameter value, then the priority of these ports depends on the Ethernet port index number. Note that changing the priority of an Ethernet port causes recalculation of the spanning tree.
Page 180 8: STP O HAPTER PERATION Perform the following configurations in Ethernet port view. Table 15 Set mCheck for the Port Operation Command Set mCheck for the port stp mcheck This command can be used when the bridge runs RSTP in RSTP mode, but it cannot be used when the bridge runs RSTP in STP-compatible mode.
Page 181: Displaying And Debugging Rstp
By default, the switch does not enable loop protection, BPDU protection or root protection. For more information about the configuration commands, refer to the “3Com Command Reference Guide”. Displaying and...
Page 182 8: STP O HAPTER PERATION Figure 4 RSTP Configuration Example Switch A GE1/0/1 GE1/0/2 GE1/M GE1/M E0/23 E0/23 Switch C E0/24 E0/24 Switch B E0/3 E0/1 E0/3 E0/2 E0/1 E0/2 E2/1 E1/1 E1/1 E2/1 E2/1 E1/1 Switch D Switch E Switch F Only the configurations related to RSTP are listed in the following procedure.
Page 183 Implementing STP on the Switch 7700 and do not disable those involved. (The following configuration takes Ethernet 0/4 as an example.) [SW7700] interface ethernet 0/4 [SW7700-Ethernet0/4] stp disable 3 Configure Switch C and Switch B to serve as standby of each other and sets the Bridge priority of Switch B to 4069.
Page 184 8: STP O HAPTER PERATION 3 Configure the ports (Ethernet 0/1 through Ethernet 0/24) directly connected to users as edge ports and enable BPDU PROTECTION function. (Take Ethernet 0/1 as an example.) [SW7700] interface ethernet 0/1 [SW7700-Ethernet0/1] stp edged-port enable [SW7700] stp bpdu-protection 4 RSTP operating mode, time parameters, and port parameters take default values.
Page 185: Aaa And Radius Operation
RADIUS O PERATION This chapter covers the following topics: IEEE 802.1x ■ Configuring the AAA and RADIUS Protocols ■ IEEE 802.1x IEEE 802.1x (hereinafter simplified as 802.1x) is a port-based network access control protocol that is used as the standard for LAN user access authentication. In LANs that comply with IEEE 802 standards, the user can access devices and share resources in the LAN by connecting a device such as the LAN Switch.
Page 186 9: AAA RADIUS O HAPTER PERATION There are two types of ports for the Authenticator. One is the Uncontrolled Port, and the other is the Controlled Port. The Uncontrolled Port is always in a bi-directional connection state. The user can access and share the network resources any time through the ports.
Page 187: Configuring 802.1X
IEEE 802.1x Implement 802.1x on Ethernet Switch The 3Com Switch 7700 not only supports the port access authentication method regulated by 802.1x, but also extends and optimizes it in the following way: Support to connect several End Stations in the downstream via a physical port.
Page 188 9: AAA RADIUS O HAPTER PERATION By default, 802.1x authentication has not been enabled globally and on any port. Setting the Port Access Control Mode The following commands can be used for setting 802.1x access control mode on the specified port. When no port is specified, the access control mode of all ports is configured.
Page 189 [interface interface-list] of users on the port to the default value By default, 802.1x allows up to 1024 supplicants on each port for Switch 7700 Enabling DHCP to Launch Authentication Use the following commands for setting whether 802.1x enables the Ethernet switch to launch the user ID authentication when the user runs DHCP and applies for dynamic IP addresses.
Page 190 9: AAA RADIUS O HAPTER PERATION Perform the following configurations in system view. Table 8 Set the Maximum Retransmission Times Operation Command Set the maximum dot1x retry max-retry-value retransmission times Restore the default maximum undo dot1x retry retransmission times By default, the max-retry-value is 3. That is, the switch can retransmit the authentication request frame to a supplicant for 3 times at most.
Page 191: Displaying And Debugging 802.1X
Enabling/Disabling Quiet-Period Timer You can use the following commands to enable/disable a quiet-period timer of the Switch 7700. If an 802.1x user has not passed authentication, the Authenticator will keep quiet (specified by quiet-period) before launching the authentication again. During the quiet period, the Authenticator does not do anything related to 802.1x authentication.
Page 192 9: AAA RADIUS O HAPTER PERATION A server group, consisting of two RADIUS servers at 10.11.1.1 and 10.11.1.2 respectively, is connected to the switch. The former one acts as the primary-authentication/second-accounting server. The latter one acts as the secondary-authentication/primary-accounting server. Set the encryption key as “name”...
Page 193: Configuring The Aaa And Radius Protocols
Configuring the AAA and RADIUS Protocols [SW7700-radius-radius1] key authentication name 7 Set the encryption key when the system exchanges packets with the accounting RADIUS server. [SW7700-radius-radius1] key accounting money 8 Set the timeouts and times for the system to retransmit packets to the RADIUS server.
Page 194 Implementing AAA/RADIUS on Ethernet Switch By now, we understand that in the Switch 7700, serving as the user access device or NAS, is the client end of RADIUS. In other words, the AAA/RADIUS concerning...
Page 195: Configuring Aaa
(i.e. 3com163.net) following the @ is the ISP domain name. When the Switch 7700 control user access, as for an ISP user whose username is in userid@isp-name format, the system will take userid part as username for identification and take isp-name part as domain name.
Page 196 HAPTER PERATION For the Switch 7700, each supplicant belongs to an ISP domain. Up to 16 domains can be configured in the system. If a user has not reported its ISP domain name, the system will put it into the default domain.
Page 197 Configuring the AAA and RADIUS Protocols Creating a Local User A local user is a group of users set on NAS. The username is the unique identifier of a user. A supplicant requesting network service may use local authentication only if its corresponding local user has been added onto NAS. Perform the following configurations in system view.
Page 198: Configuring The Radius Protocol
| ucibindex ucib-index | user-name user-name } By default, no online user will be disconnected by force. Configuring the RADIUS On the Switch 7700, the RADIUS protocol is configured per RADIUS server group Protocol basis. In real networking environment, a RADIUS server group can be an independent RADIUS server or a set of primary/second RADIUS servers with the same configuration but two different IP addresses.
Page 199 Configuring the AAA and RADIUS Protocols Setting Username Format Transmitted to RADIUS Server ■ Setting the Unit of Data Flow that Transmitted to RADIUS Server ■ Configuring a Local RADIUS Server Group ■ Among the above tasks, creating RADIUS server group and setting IP address of RADIUS server are required, while other takes are optional and can be performed as per your requirements.
Page 200 (Especially for some earlier RADIUS Servers, authentication/authorization port number is often set to 1645 and accounting port number is 1646.) The RADIUS service port settings on The Switch 7700 need to be consistent with the port settings on RADIUS server. Normally, RADIUS accounting service port is 1813 and the authentication/authorization service port is 1812.
Page 201 Configuring the AAA and RADIUS Protocols encryption key. Only when the keys are identical can both ends to accept the packets from each other end and give response. Perform the following configurations in RADIUS server group view. Table 20 Set RADIUS Packet Encryption Key Operation Command Set RADIUS...
Page 202 Accordingly, it may be necessary to disconnect the user at NAS end and on RADIUS server when some unpredictable failure exists. The Switch 7700 supports setting the maximum times of real-time accounting request failing to be responded. NAS disconnects the user if it has not received real-time accounting response from RADIUS server for some specified times.
Page 203 NAS makes its best effort to send the message to RADIUS accounting server. Accordingly, if the message from the Switch 7700 to RADIUS accounting server has not been responded, the switch saves it in the local buffer and retransmits until the server responds or discards the messages.
Page 204 Setting Username Format Transmitted to RADIUS Server As mentioned above, the supplicants are generally named in userid@isp-name format. The part following “@” is the ISP domain name. The Switch 7700 will put users into different ISP domains according to the domain names. However, some earlier RADIUS servers reject the username including ISP domain name.
Page 205: Displaying And Debugging The Aaa And Radius Protocols
By default, the IP address of local RADIUS server group is 127.0.0.1 and the password is 3com. When using local RADIUS server function of the Switch 7700, remember the number of UDP port used for authentication is 1812 and that for accounting is 1813.
Page 206: Aaa And Radius Protocol Fault Diagnosis And Troubleshooting
9: AAA RADIUS O HAPTER PERATION configuration. Execute the debugging command in user view to debug AAA and RADIUS. Table 33 Display and Debug AAA and RADIUS Protocol Operation Command Display the configuration display domain [isp-name] information of the specified or all the ISP domains.
Page 207 Configuring the AAA and RADIUS Protocols 5 There might be some communication fault between NAS and RADIUS server, which can be discovered through pinging RADIUS from NAS. Ensure the normal communication between NAS and RADIUS. RADIUS packet cannot be transmitted to RADIUS server. 1 The communication lines (on physical layer or link layer) connecting NAS and RADIUS server may not work well.
Page 208 9: AAA RADIUS O HAPTER PERATION...
Page 209: Reliability
ELIABILITY This chapter covers the following topics: VRRP Overview ■ Configuring VRRP ■ VRRP Overview Virtual Router Redundancy Protocol (VRRP) is a fault-tolerant protocol. In general, a default route, for example, 10.100.10.1 in Figure 1, is configured for every host on a network, so that packets destined for another network segment go through the default route to the Layer 3 Switch1, implementing communication between the host and the external network.
Page 210: Configuring Vrrp
10: R HAPTER ELIABILITY Figure 2 Virtual Router Network Actual IP address 10.100.10.3 Actual IP address 10.100.10.2 Backup Master Virtual IP address 10.100.10.1 Ethernet Virtual IP address 10.100.10.1 10.100.10.7 10.100.10.8 10.100.10.9 Host 1 Host 2 Host 3 This virtual router has its own IP address: 10.100.10.1, which can be the interface address of a switch within the virtual router.
Page 211: Configuring The Priority Of Switches
Configuring VRRP The following command is used for assigning an IP address of the local segment to a virtual router or removing an assigned virtual IP address of a virtual router from the virtual address list. Perform the following configuration in VLAN interface view. Table 1 Add/Delete a Virtual IP Address Operation Command...
Page 212: Configuring Authentication Type And Authentication Key
10: R HAPTER ELIABILITY Perform the following configuration in VLAN interface view. Table 3 Configure Preemption and Delay for a Switch Operation Command Enable the preemption mode and vrrp vrid virtual-router-ID preempt-mode [ timer configure a period of delay. delay delay-value ] Disable the preemption mode.
Page 213: Configuring A Switch To Track An Interface
Configuring VRRP backup switch’s master-down-interval is three times the duration of the adver-interval. Excessive network traffic or the differences between different switch timers results in master-down-interval timing out and state changing abnormally. Such problems can be solved through prolonging the adver-interval and setting delay time.
Page 214 10: R HAPTER ELIABILITY Host A uses the VRRP virtual router which combines switch A and switch B as its Example: VRRP Single Virtual Router default gateway to visit host B on the Internet. VRRP virtual router information includes virtual router ID1, virtual IP address 202.38.160.111, switch A as the Master and switch B as the backup allowed preemption.
Page 215 Configuring VRRP Configure switch A 1 Create a virtual router. [LSW_A-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 2 Set the priority for the virtual router. [LSW_A-vlan-interface2] vrrp vrid 1 priority 110 3 Set the authentication key for the virtual router. [LSW_A-vlan-interface2] vrrp authentication-mode md5 lanswitch 4 Set Master to send VRRP packets every 5 seconds.
Page 216: Troubleshooting Vrrp
10: R HAPTER ELIABILITY Configure switch B: 1 Create virtual router 1. [LSW_B-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 2 Create virtual router 2. [LSW_B-vlan-interface2] vrrp vrid 2 virtual-ip 202.38.160.112 3 Set the priority for the virtual router. [LSW_B-vlan-interface2] vrrp vrid 2 priority 110 Troubleshooting VRRP The configuration of VRRP is simple so almost all troubleshooting can be done by viewing the configuration and debugging information.
Page 217: System Management
YSTEM ANAGEMENT This chapter includes the following information: File System Management ■ MAC Address Table Management ■ Device Management ■ System Maintenance and Debugging ■ SNMP ■ RMON ■ File System The Ethernet switch provides a file system module for efficient management with Management storage devices such as flash memory.
Page 218: File Operation
11: S HAPTER YSTEM ANAGEMENT Table 1 Directory Operation Operation Command Change the current directory cd directory File Operation The file system can be used to delete or undelete a file or permanently delete a file. It can also be used to display file contents, rename, copy and move a file and display the information about a specified file.
Page 219: Configuring File Management
File System Management 2 Display the working directory in the flash. <SW7700> cd flash:/ <SW7700> pwd flash:/ 3 Create a directory named test. <SW7700> mkdir test 4 Display the flash directory information after creating the test directory. <SW7700> dir Directory of * drw- Mar 09 2002 12:01:44 test...
Page 220: Ftp
11: S HAPTER YSTEM ANAGEMENT Perform the following configuration in all views. Table 5 Display the Configurations of the Ethernet Switch Operation Command Display the display saved-configuration saved-configuration of the Ethernet switch Display the display current-configuration current-configuration of the Ethernet switch The configuration files are displayed in their corresponding saving formats.
Page 221 File System Management The Ethernet switch provides the following FTP services: FTP server: You can run FTP client program to log in the server and access the ■ files on it. FTP client: After connected to the server through running the terminal emulator ■...
Page 222: Tftp
11: S HAPTER YSTEM ANAGEMENT Perform the following configuration in system view. Table 10 Configure FTP Server Connection Timeout Operation Command Configure FTP server connection ftp timeout minute timeouts Restoring the default FTP server undo ftp timeout connection timeouts By default, the FTP server connection timeout is 30 minutes. Display and debug FTP Server After the above configuration, execute display command in all views to display the FTP Server configuration, and to verify the effect of the configuration.
Page 223: Mac Address Table Management
Upload files by means of TFTP tftp put mmm.nnn //A.A.A.A/xxx.yyy MAC Address Table The Switch 7700 maintains a MAC address table for fast forwarding packets. A Management table entry includes the MAC address of a device and the port ID of the Ethernet switch connected to it.
Page 224 MACD MACA Port 2 The Switch 7700 also provides the function of MAC address aging. If the switch receives no packet for a period of time, it will delete the related entry from the MAC address table. However, this function has no effect on the static MAC addresses.
Page 225 MAC Address Table Management Perform the following configuration in system view. Table 15 Set MAC Address Table Entries Operation Command Add/Modify an address entry mac-address { static | dynamic } hw-addr interface { interface-name | interface-type interface-num } Delete an address entry undo mac-address [ static | dynamic ] [ [ hw-addr ] interface [interface-name | interface-type interface-num When deleting the dynamic address table entries, the learned entries will be...
Page 226: Display And Debug Mac Address Table
11: S HAPTER YSTEM ANAGEMENT Set MAC Address Aging Time Setting an appropriate aging time implements MAC address aging. Too long or too short an aging time set by subscribers will cause the Ethernet switch to broadcast a large amount of data packets without MAC addresses. This affects the switch operation performance.
Page 227 Learned Ethernet1/0/2 Device Management With device management, the Switch 7700 displays the current running state and event debugging information about the slots and physical devices. In addition, there is a command for rebooting the system, when a function failure occurs.
Page 228: Designate The App Adopted When Booting The Ethernet Switch Next Time
Operation Command Upgrade BootROM boot BootROM file-url Reset a slot The Switch 7700 allows the administrator to reset a slot in the system. Perform the following configuration in user view. Table 23 Reset a Slot Operation Command Reset a slot reboot [ slot slot-num ] The parameter slot-num ranges from 0 to 6.
Page 229: Display And Debug Device Management
Set backboard view The backboard view command determines the backplane bandwidth allocated to each slot in the Switch 7700. Currently, the Switch Fabric has the capability of 32Gbpos full duplex yet the chassis has a maximum capability of 48 Gbps full duplex.
Page 230: Display The State And Information Of The System
} ] [ module-name ] System Debugging Enable/disable the terminal debugging The Switch 7700 provides various ways for debugging most of the supported protocols and functions, which can help you diagnose errors. The following switches control the outputs of debugging information: Protocol debugging switch controls debugging output of a protocol.
Page 231 System Maintenance and Debugging Figure 3 Debug Output Debugging information Protocol debugging switch Screen output switch You can use the following commands to control the above-mentioned debugging. Perform the following operations in user view. Table 29 Enable/Disable the Debugging Operation Command Enable the protocol debugging debugging { all | module-name [ debugging-option ] }...
Page 232: Testing Tools For Network Connection
] [ -w timeout ] host Logging Function The Syslog is an indispensable part of the Switch 7700. It serves as an information center of the system software modules. The logging system is responsible for most of the information outputs, and it also makes detailed classification to filter...
Page 233 R&D personnel to monitor the operating state of networks and diagnose network failures. The syslog of the Switch 7700 has the following features: Support to output log in six directions, i.e., Console, monitor to Telnet terminal, ■...
Page 234 11: S HAPTER YSTEM ANAGEMENT Perform the following configuration in system view. Table 34 Log Output Operation Command info-center console channel { channel-number | Configure to output the information to the Console channel-name } Configure to output the info-center monitor channel { channel-number | information to the Telnet terminal channel-name } or monitor...
Page 235 System Maintenance and Debugging Table 36 Syslog-Defined Severity Severity Description alerts The errors that need to be corrected immediately. critical Critical errors errors The errors that need to be concerned but not critical warnings Warning, there might exist some kinds of errors. notifications The information should be concerned.
Page 236 11: S HAPTER YSTEM ANAGEMENT Local4.crit /var/log/SW7700/config SW7700 security messages: local5.notice /var/log/SW7700/security Pay attention to the following points when editing the file “/etc/syslog.conf”: The description must start from a fresh line and begin with a pound key #. ■ Use tab character to separate the selectors/action pairs instead of space. ■...
Page 237: Snmp
SNMP SNMP The Simple Network Management Protocol (SNMP) has gained the most extensive application in the computer networks. SNMP has been put into use and widely accepted as the industry standard. It is used for transmitting management information between any two nodes. In this way, network administrators can easily search and modify the information on any node on the network.
Page 238: Configure Snmp
11: S HAPTER YSTEM ANAGEMENT The current SNMP Agent of Ethernet switch supports SNMP V1, V2C and V3. The MIBs supported are listed in the following table. Table 38 MIBs Supported by the Ethernet Switch attribute MIB content References Public MIB MIB II based on TCP/IP network RFC1213 device...
Page 239 SNMP You can use the following commands to set the community name. Perform the following configuration in system view. Table 39 Set Community Name Operation Command Set the community name and the snmp-agent community { read | write } access authority community-name [ [ mib-view view-name ] [ acl acl-list ] Remove the community name and undo snmp-agent community community-name...
Page 240 11: S HAPTER YSTEM ANAGEMENT Perform the following configuration in system view. Table 42 Set the Destination Address of Trap Operation Command Set the destination address of trap snmp-agent target-host trap adress udp-domain host-addr [ udp-port udp-port-number ] params securityname community-string [ v1 | v2c | v3 { authentication | privacy } ] Delete the destination address of undo snmp-agent target-host host-addr...
Page 241 SNMP By default, the engine ID is expressed as enterprise No. + device information. The device information can be IP address, MAC address, or user-defined text. Set/Delete an SNMP Group You can use the following commands to set or delete an SNMP group. Perform the following configuration in system view.
Page 242: Display And Debug Snmp
11: S HAPTER YSTEM ANAGEMENT Create/Update View Information or Deleting a View You can use the following commands to create, update the information of views or delete a view. Perform the following configuration in system view. Table 49 Create/Update View Information or Deleting a View Operation Command Create/Update view information...
Page 243 SNMP Table 52 Display and Debug SNMP Operation Command Display the group name, the display snmp-agent group security mode, the states for all types of views, and the storage mode of each group of the switch. Display the names of all users in the display snmp-agent usm-user [ { local | { engineid group user table engineid } } | username groupname ]...
Page 244: Rmon
11: S HAPTER YSTEM ANAGEMENT RMON Remote Network Monitoring (RMON) is a type of IETF-defined MIB. It is the most important enhancement to the MIB II standard. It is used for monitoring the data traffic on a segment and even on a whole network. It is one of the widely used Network Management standards by far.
Page 245 RMON defined in event management. The alarm management includes browsing, adding and deleting alarm entries. You can use the following commands to add/delete an entry to/from the alarm table. Perform the following configuration in system view. Table 53 Add/Delete an Entry to/from the Alarm Table Operation Command Add an entry to the alarm table.
Page 246: Display And Debug Rmon
11: S HAPTER YSTEM ANAGEMENT Add/Delete an Entry to/from the Extended RMON Alarm Table You can use the command to add/delete an entry to/from the extended RMON alarm table. Perform the following configuration in system view. Table 56 Add/Delete an Entry to/from the Extended RMON AlarmTable Operation Command Add an entry to the extended...
Page 247 1 Configure RMON. [SW7700-Ethernet2/0/1] rmon statistics 1 owner 3com-rmon 2 View the configurations in user view. <SW7700> display rmon statistics Ethernet2/0/1 Statistics entry 1 owned by 3com-rmon is VALID. Gathers statistics of interface Ethernet2/0/1. Received: octets : 270149,packets : 1954...
Page 248 11: S HAPTER YSTEM ANAGEMENT...

3Com 7700 Configuration Manual

About this Guide

System

Ccess

Port Configuration

Vlan Configuration

Network Protocol Operation

Routing Protocol Operation

Multicast Protocol

Q O S/Acl Operation

Stp Operation

Aaa and Radius Operation

Reliability

System Management

Quick Links

Configuration Guide

Troubleshooting

Related Manuals for 3Com 7700

Summary of Contents for 3Com 7700

Table of Contents