H3C S3100-52P Operation Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Network Router
  5. S3100-52P
  6. Operation manual

H3C S3100-52P Operation Manual

Hide thumbs Also See for S3100-52P:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
Table of Contents

Advertisement

Quick Links

Download this manual See also: Command Manual, Installation Manual
H3C S3100-52P Ethernet Switch
Operation Manual
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Manual Version: 20080724-C-1.01
Product Version: Release 1602

Advertisement

Table of Contents
loading

Related Manuals for H3C S3100-52P

Summary of Contents for H3C S3100-52P

  • Page 1 H3C S3100-52P Ethernet Switch Operation Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: 20080724-C-1.01 Product Version: Release 1602...
  • Page 2 Copyright © 2007-2008, Hangzhou H3C Technologies Co., Ltd. and its licensors All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.

  • Page 3: About This Manual

    About This Manual Organization H3C S3100-52P Ethernet Switch Operation Manual is organized as follows: Part Contents Introduces the characteristics, services, and network 0 Product Overview implementations of S3100-52P Ethernet Switches. Introduces the command hierarchy, command view, 1 CLI and CLI features of the Ethernet switch.
  • Page 4 Part Contents Introduces Web Authentication and the related 19 Web Authentication configuration. Address Introduces MAC address authentication and the Authentication related configuration. 21 ARP Introduces ARP and the related configuration. Introduces DHCP, DHCP-Snooping, and the related 22 DHCP configurations. 23 ACL Introduces ACL and the related configuration.
  • Page 5 Conventions The manual uses the following conventions: I. Command conventions Convention Description Boldface The keywords of a command line are in Boldface. italic Command arguments are in italic. Items (keywords or arguments) in square brackets [ ] are optional. Alternative items are grouped in braces and separated { x | y | ...
  • Page 6 Caution data loss or damage to equipment. Note Means a complementary description. Related Documentation In addition to this manual, each H3C S3100-52P Ethernet Switch documentation set includes the following: Manual Description H3C S3100-52P Ethernet Switch It provides information for the system Installation Manual installation and setup.

  • Page 7: Table Of Contents

    Operation Manual – Product Overview H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 Obtaining the Documentation ..................1-1 1.1 CD-ROM ..........................1-1 1.2 H3C Website........................1-1 1.3 Software Release Notes ....................1-2 Chapter 2 Correspondence Between Documentation and Software ........2-1 2.1 Software Version........................

  • Page 8: Chapter 1 Obtaining The Documentation

    Software release notes 1.1 CD-ROM H3C delivers a CD-ROM together with each device. The CD-ROM contains a complete set of electronic documents of the product, including operation manuals and command manuals. After installing the reader program provided by the CD-ROM, you can search for the desired contents in a convenient way through the reader interface.

  • Page 9: Software Release Notes

    Operation Manual – Product Overview H3C S3100-52P Ethernet Switch Chapter 1 Obtaining the Documentation 1.3 Software Release Notes With software upgrade, new software features may be added. You can acquire the information about the newly added software features through software release notes.

  • Page 10: Software Version

    2.1 Software Version H3C S3100-52P Ethernet Switch Operation Manual-Release 1602 and H3C S3100-52P Ethernet Switch Command Manual-Release 1602 are for the software version of Release1602 of the S3100-52P product. Compared with Release 1500, many new features are added in Release 1602. For...
  • Page 11 Operation Manual – Product Overview Chapter 2 Correspondence Between Documentation H3C S3100-52P Ethernet Switch and Software Added feature in Release 1602 Manual STP maintainability 14-MSTP 802.1d-compliant traps Support of IGMPv3 Snooping Support of IGMPv3 Snooping simulated joining Support of suppressing flooding of unknown multicast...
  • Page 12 Operation Manual – Product Overview Chapter 2 Correspondence Between Documentation H3C S3100-52P Ethernet Switch and Software Added feature in Release 1602 Manual VLAN mapping Configuration of burst traffic for port rate limiting and traffic policing Configuration of priority remarking in VLANs...

  • Page 13: Manual List

    24 characters Sequence of selecting Web files 30-File System Management 2.2 Manual List Manual name H3C S3100-52P Ethernet Switch Installation Manual H3C S3100-52P Ethernet Switch Operation Manual-Release 1602 H3C S3100-52P Ethernet Switch Command Manual-Release 1602...

  • Page 14: Chapter 3 Product Overview

    Chapter 3 Product Overview 3.1 Preface H3C S3100-52P Ethernet switch is a Layer 2 wire speed Ethernet switch developed by H3C independently. It is the intelligent and manageable switch designed for network environments where high performance, high port density, and ease of installation are required.
  • Page 15 Operation Manual – Product Overview H3C S3100-52P Ethernet Switch Chapter 3 Product Overview Part Features 3 Configuration Saving, restoring, and deleting the configuration file File Management IEEE 802.1Q-compliant VLAN 4 VLAN Port-based VLAN Protocol-based VLAN Configuring an IP address for a switch...
  • Page 16 Operation Manual – Product Overview H3C S3100-52P Ethernet Switch Chapter 3 Product Overview Part Features Authentication, authorization, and accounting (AAA) Remote authentication dial-In user service (RADIUS) 18 AAA Huawei terminal access controller access control system (HWTACACS) Endpoint admission defense (EAD)
  • Page 17 Operation Manual – Product Overview H3C S3100-52P Ethernet Switch Chapter 3 Product Overview Part Features System logs 32 Information Hierarchical alarms Center Debugging information output Loading Boot ROM and software in multiple ways 33 System Basic system configuration and debugging...

  • Page 18: Chapter 4 Networking Applications

    H3C S3100-52P Ethernet Switch Chapter 4 Networking Applications Chapter 4 Networking Applications You can deploy S3100-52P Ethernet switch on many types of networks, such as enterprise networks and broadband access networks. Following are several typical networking applications. 4.1 Broadband Ethernet Access for Residential Communities On the broadband access network of a residential community, an S3100-52P Ethernet switch is located in the center.

  • Page 19: Application For Connecting Branches Or Small- To Medium-Sized Enterprises

    4.3 Application in Large Enterprise and Campus Networks In a large enterprise or campus network, the S3100-52P Ethernet switch can operate on the access layer. They are uplinked to layer 3 switches, S3600 Series or S5600 Series for example; and uplinked to a layer 3 switch. These switches together provide a...
  • Page 20 Operation Manual – Product Overview H3C S3100-52P Ethernet Switch Chapter 4 Networking Applications Figure 4-3 S3100-52P Ethernet switch application in large enterprise and campus network...
  • Page 21 Operation Manual – CLI H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 CLI Configuration ......................1-1 1.1 Introduction to the CLI ....................... 1-1 1.2 Command Hierarchy......................1-2 1.2.1 Command Level and User Privilege Level.............. 1-2 1.2.2 Modifying the Command Level................1-3 1.2.3 Switching User Level....................

  • Page 22: Chapter 1 Cli Configuration

    CLI and a set of configuration commands for the convenience of the user to configure and manage the switch. The CLI on S3100-52P Ethernet switches provides the following features, and so has good manageability and operability. Hierarchical command protection: After users of different levels log in, they can only use commands at their own, or lower, levels.

  • Page 23: Command Hierarchy

    1.2 Command Hierarchy 1.2.1 Command Level and User Privilege Level I. Command level The S3100-52P Ethernet switches use hierarchical command protection for command lines, so as to inhibit users at lower levels from using higher-level commands to configure the switches.

  • Page 24: Modifying The Command Level

    Operation Manual – CLI H3C S3100-52P Ethernet Switch Chapter 1 CLI Configuration Note: If a user logs in using AAA authentication, the user privilege level depends on the configuration of the AAA scheme. For details, refer to AAA Operation. 1.2.2 Modifying the Command Level I.

  • Page 25: Switching User Level

    Operation Manual – CLI H3C S3100-52P Ethernet Switch Chapter 1 CLI Configuration [Sysname] command-privilege level view shell tftp 192.168.0.1 bootrom.btm After the above configuration, general Telnet users can use the tftp get command to download file bootrom.btm and other files from TFTP server 192.168.0.1 and other TFTP servers.
  • Page 26 Operation Manual – CLI H3C S3100-52P Ethernet Switch Chapter 1 CLI Configuration To do… Use the command… Remarks super Super password authentication-mode authentication super-password super HWTACACS authentication-mode authentication scheme Optional Super password By default, Specify the authentication preferred super super...
  • Page 27 Operation Manual – CLI H3C S3100-52P Ethernet Switch Chapter 1 CLI Configuration Follow these steps to set a password for use level switching: To do… Use the command… Remarks Enter system view system-view — Required super password [ level Set the super password...
  • Page 28 Operation Manual – CLI H3C S3100-52P Ethernet Switch Chapter 1 CLI Configuration Use the To do… Remarks command… Required Switch to a specified user super [ level ] level Execute this command in user view. Note: If no user level is specified in the super password command or the super command, level 3 is used by default.

  • Page 29: Cli Views

    Table 1-1 lists the CLI views provided by S3100-52P Ethernet switches, operations that can be performed in different CLI views and the commands used to enter specific CLI views.
  • Page 30 Operation Manual – CLI H3C S3100-52P Ethernet Switch Chapter 1 CLI Configuration Available Prompt View Enter method Quit method operation example 100 Mbps Execute the Execute the Ethernet port quit command interface view: to return to ethernet system view. command in [Sysname-Eth system view.
  • Page 31 Operation Manual – CLI H3C S3100-52P Ethernet Switch Chapter 1 CLI Configuration Available Prompt View Enter method Quit method operation example Configure FTP Execute the FTP client client [ftp] ftp command view parameters in user view. Execute the Configure SFTP client...
  • Page 32 Operation Manual – CLI H3C S3100-52P Ethernet Switch Chapter 1 CLI Configuration Available Prompt View Enter method Quit method operation example Define rules Execute the for an layer 2 [Sysname-acl- Layer 2 ACL acl number ACL (with ID ethernetframe view...

  • Page 33: Cli Features

    Operation Manual – CLI H3C S3100-52P Ethernet Switch Chapter 1 CLI Configuration Available Prompt View Enter method Quit method operation example Execute the Execute the vlan-vpn vid quit command command in to return to Ethernet port Ethernet port Configure [Sysname-Eth view.

  • Page 34: Terminal Display

    Operation Manual – CLI H3C S3100-52P Ethernet Switch Chapter 1 CLI Configuration If the question mark “?” is at a keyword position in the command, all available keywords at the position and their descriptions will be displayed on your terminal.

  • Page 35: Command History

    Operation Manual – CLI H3C S3100-52P Ethernet Switch Chapter 1 CLI Configuration Table 1-2 Display-related operations Operation Function Stop the display output and execution of Press <Ctrl+C> the command. Press any character except <Space>, <Enter>, /, +, and - when the display Stop the display output.

  • Page 36: Error Prompts

    Operation Manual – CLI H3C S3100-52P Ethernet Switch Chapter 1 CLI Configuration 1.4.4 Error Prompts If a command passes the syntax check, it will be successfully executed; otherwise, an error message will be displayed. Table 1-3 lists the common error messages.
  • Page 37 Operation Manual – CLI H3C S3100-52P Ethernet Switch Chapter 1 CLI Configuration Press… To… Use the partial online help. That is, when you input an incomplete keyword and press <Tab>, if the input parameter uniquely identifies a complete keyword, the system substitutes the complete keyword for the input parameter;...
  • Page 38 Operation Manual – Login H3C S3100-52P Ethernet switch Table of Contents Table of Contents Chapter 1 Logging In to an Ethernet Switch ................1-1 1.1 Logging In to an Ethernet Switch..................1-1 1.2 Introduction to the User Interface ..................1-1 1.2.1 Supported User Interfaces ..................
  • Page 39 Operation Manual – Login H3C S3100-52P Ethernet switch Table of Contents Chapter 4 Logging In Using a Modem..................4-1 4.1 Introduction ........................4-1 4.2 Configuration on the Switch Side..................4-1 4.2.1 Modem Configuration....................4-1 4.2.2 Switch Configuration ....................4-2 4.3 Modem Connection Establishment ..................4-3 Chapter 5 Logging In Through the Web-based Network Management System......

  • Page 40: Chapter 1 Logging In To An Ethernet Switch

    Banner. 1.1 Logging In to an Ethernet Switch You can log in to an S3100-52P Ethernet switch in one of the following ways: Logging in locally through the console port Logging in locally or remotely through an Ethernet port by means of Telnet or SSH...

  • Page 41: User Interface Index

    Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 1 Logging In to an Ethernet Switch AUX user interface: A view when you log in through the AUX port. AUX port is a line device port. Virtual type terminal (VTY) user interface: A view when you log in through VTY.
  • Page 42 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 1 Logging In to an Ethernet Switch To do… Use the command… Remarks Optional free user-interface [ type ] Free a user interface number Available in user view Enter system view system-view —...

  • Page 43: Chapter 2 Logging In Through The Console Port

    To log in through the console port is the most common way to log in to a switch. It is also the prerequisite to configure other login methods. By default, you can locally log in to an S3100-52P Ethernet switch through its console port only. Table 2-1 lists the default settings of a console port.
  • Page 44 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 2 Logging In Through the Console Port Figure 2-1 Diagram for connecting to the console port of a switch If you use a PC to connect to the console port, launch a terminal emulation utility (such as Terminal in Windows 3.X or HyperTerminal in Windows 9X/Windows...
  • Page 45 Figure 2-4 Set port parameters Turn on the switch. You will be prompted to press the Enter key if the switch successfully completes POST (power-on self test). The prompt (such as <H3C>) appears after you press the Enter key, as shown in Figure 2-5.

  • Page 46: Console Port Login Configuration

    Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 2 Logging In Through the Console Port 2.3 Console Port Login Configuration 2.3.1 Common Configuration Table 2-2 Common configuration of console port login Configuration Remarks Optional Baud rate The default baud rate is 9,600 bps.

  • Page 47: Console Port Login Configurations For Different Authentication Modes

    Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 2 Logging In Through the Console Port Caution: The change to console port configuration takes effect immediately, so the connection may be disconnected when you log in through a console port and then configure this console port.

  • Page 48: Console Port Login Configuration With Authentication Mode Being None

    Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 2 Logging In Through the Console Port Authentication Console port login configuration Remarks mode Specify to Optional AAA configuration perform local specifies whether to Local authentication authenticatio perform local is performed by...
  • Page 49 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 2 Logging In Through the Console Port To do… Use the command… Remarks Required By default, users logging in Configure not to authentication-mode through the console port (AUX authenticate users none user interface) are not authenticated.

  • Page 50: Configuration Example

    Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 2 Logging In Through the Console Port To do… Use the command… Remarks Optional The default timeout time of a user interface is 10 minutes. With the timeout time being 10...

  • Page 51: Console Port Login Configuration With Authentication Mode Being Password

    Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 2 Logging In Through the Console Port III. Configuration procedure # Enter system view. <Sysname> system-view # Enter AUX user interface view. [Sysname] user-interface aux 0 # Specify not to authenticate users logging in through the console port.
  • Page 52 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 2 Logging In Through the Console Port To do… Use the command… Remarks Required Configure to By default, users logging in to a authenticate users authentication-mod switch through the console port...
  • Page 53 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 2 Logging In Through the Console Port To do… Use the command… Remarks Optional The default timeout time of a user interface is 10 minutes. With the timeout time being 10...
  • Page 54 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 2 Logging In Through the Console Port III. Configuration procedure # Enter system view. <Sysname> system-view # Enter AUX user interface view. [Sysname] user-interface aux 0 # Specify to authenticate users logging in through the console port using the local password.

  • Page 55: Console Port Login Configuration With Authentication Mode Being Scheme

    Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 2 Logging In Through the Console Port 2.6 Console Port Login Configuration with Authentication Mode Being Scheme 2.6.1 Configuration Procedure Follow these steps to configure console port login with the authentication mode being scheme: To do…...
  • Page 56 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 2 Logging In Through the Console Port To do… Use the command… Remarks Required The specified AAA scheme determines whether to authentication-mode authenticate users locally or Configure to authenticate remotely. scheme [ command-...
  • Page 57 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 2 Logging In Through the Console Port To do… Use the command… Remarks Optional The default history Set history command history-command command buffer size is 10. buffer size max-size value That is, a history command buffer can store up to 10 commands by default.
  • Page 58 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 2 Logging In Through the Console Port II. Network diagram Ethernet1/0/1 Ethernet User PC running Telnet Figure 2-8 Network diagram for AUX user interface configuration (with the authentication mode being scheme) III.
  • Page 59 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 2 Logging In Through the Console Port [Sysname-ui-aux0] idle-timeout 6 After the above configuration, you need to modify the configuration of the terminal emulation utility running on the PC accordingly in the dialog box shown in Figure 2-4 log in to the switch successfully.

  • Page 60: Chapter 3 Logging In Through Telnet

    Telnet Configuration with Authentication Mode Being Password 3.1 Introduction S3100-52P Ethernet switch support Telnet. You can manage and maintain a switch remotely by Telnetting to the switch. To log in to a switch through Telnet, the corresponding configuration is required on both the switch and the Telnet terminal.

  • Page 61: Telnet Configurations For Different Authentication Modes

    Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 3 Logging In Through Telnet 3.1.1 Common Configuration Table 3-2 Common Telnet configuration Configuration Description Optional Configure the command level available to users By default, commands of level 0 are logging in to the VTY...
  • Page 62 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 3 Logging In Through Telnet Authentication Telnet configuration Description mode Specify to AAA configuration Optional perform local specifies whether Local authentication is authentication to perform local performed by default. or remote...

  • Page 63: Telnet Configuration With Authentication Mode Being None

    Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 3 Logging In Through Telnet 3.2 Telnet Configuration with Authentication Mode Being None 3.2.1 Configuration Procedure Follow these steps to configure Telnet with the authentication mode being none: To do… Use the command…...
  • Page 64 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 3 Logging In Through Telnet To do… Use the command… Remarks Optional The default history Set the history command history-command command buffer size is 10. buffer size max-size value That is, a history command buffer can store up to 10 commands by default.

  • Page 65: Telnet Configuration With Authentication Mode Being Password

    Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 3 Logging In Through Telnet III. Configuration procedure # Enter system view. <Sysname> system-view # Enter VTY 0 user interface view. [Sysname] user-interface vty 0 # Configure not to authenticate Telnet users logging in to VTY 0.
  • Page 66 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 3 Logging In Through Telnet To do… Use the command… Remarks Configure the Optional command level user privilege level By default, commands of level available to users level 0 are available to users logging logging in to the user in to VTY user interface.
  • Page 67 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 3 Logging In Through Telnet 3.3.2 Configuration Example I. Network requirements Assume current user logins through the console port and the current user level is set to the administrator level (level 3). Perform the following configurations for users logging in to VTY 0 using Telnet.

  • Page 68: Telnet Configuration With Authentication Mode Being Scheme

    Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 3 Logging In Through Telnet [Sysname-ui-vty0] history-command max-size 20 # Set the timeout time to 6 minutes. [Sysname-ui-vty0] idle-timeout 6 3.4 Telnet Configuration with Authentication Mode Being Scheme 3.4.1 Configuration Procedure Follow these steps to configure Telnet with the authentication mode being scheme: To do…...
  • Page 69 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 3 Logging In Through Telnet To do… Use the command… Remarks Required The specified AAA scheme Configure to authentication-mode determines whether to authenticate users scheme [ command- authenticate users locally or...
  • Page 70 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 3 Logging In Through Telnet Note that if you configure to authenticate the users in the scheme mode, the command level available to the users logging in to the switch depends on the user privilege level...
  • Page 71 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 3 Logging In Through Telnet Scenario Command Authenticati level User type Command on mode The user privilege level level command is not executed, and the service-type command does Level 0 not specify the available command level.

  • Page 72: Telnetting To A Switch

    Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 3 Logging In Through Telnet II. Network diagram Figure 3-3 Network diagram for Telnet configuration (with the authentication mode being scheme) III. Configuration procedure # Enter system view. <Sysname> system-view # Create a local user named guest and enter local user view.
  • Page 73 XP) on the PC terminal, with the baud rate set to 9,600 bps, data bits set to 8, parity check set to none, and flow control set to none. Turn on the switch and press Enter as prompted. The prompt (such as <H3C>) appears, as shown in the following figure.
  • Page 74 VTY user interfaces of the switch are in use, you will fail to establish the connection and receive the message that says “All user interfaces are used, please try later!”. A H3C series Ethernet switch can accommodate up to five Telnet connections at same time.

  • Page 75: Telnetting To Another Switch From The Current Switch

    Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 3 Logging In Through Telnet Note: A Telnet connection is terminated if you delete or modify the IP address of the VLAN interface in the Telnet session. By default, commands of level 0 are available to Telnet users authenticated by password.

  • Page 76: Chapter 4 Logging In Using A Modem

    Operation Manual – Login Chapter 5 Logging In Through the Web-based H3C S3100-52P Ethernet switch Network Management System Chapter 4 Logging In Using a Modem Go to these sections for information you are interested in: Introduction Configuration on the Switch Side Modem Connection Establishment 4.1 Introduction...

  • Page 77: Switch Configuration

    Operation Manual – Login Chapter 5 Logging In Through the Web-based H3C S3100-52P Ethernet switch Network Management System AT&K0 ----------------------- Disable flow control AT&R1 ----------------------- Ignore RTS signal AT&S0 ----------------------- Set DSR to high level by force ATEQ1&W ----------------------- Disable the Modem from returning command response and the result, save the changes You can verify your configuration by executing the AT&V command.

  • Page 78: Modem Connection Establishment

    Operation Manual – Login Chapter 5 Logging In Through the Web-based H3C S3100-52P Ethernet switch Network Management System 4.3 Modem Connection Establishment Before using Modem to log in the switch, perform corresponding configuration for different authentication modes on the switch. Refer to...
  • Page 79 Operation Manual – Login Chapter 5 Logging In Through the Web-based H3C S3100-52P Ethernet switch Network Management System Figure 4-2 Create a connection Figure 4-3 Set the telephone number Figure 4-4 Call the modem...
  • Page 80 Operation Manual – Login Chapter 5 Logging In Through the Web-based H3C S3100-52P Ethernet switch Network Management System If the password authentication mode is specified, enter the password when prompted. If the password is correct, the prompt (such as <Sysname>) appears.

  • Page 81: Establishing An Http Connection

    Enabling/Disabling the WEB Server 5.1 Introduction An S3100-52P Ethernet switch has a Web server built in. It enables you to log in to an S3100-52P Ethernet switch through a Web browser and then manage and maintain the switch intuitively by interacting with the built-in Web server.

  • Page 82: Configuring The Login Banner

    Operation Manual – Login Chapter 5 Logging In Through the Web-based H3C S3100-52P Ethernet switch Network Management System Configure the user name and the password on the switch for the Web network management user to log in. # Create a Web user account, setting both the user name and the password to admin and the user level to 3.
  • Page 83 Operation Manual – Login Chapter 5 Logging In Through the Web-based H3C S3100-52P Ethernet switch Network Management System enter the user login authentication page, and enter the main page of the Web-based network management system after passing the authentication. If no login banner is configured by the header command, a user logging in through Web directly enters the user login authentication page.

  • Page 84: Enabling/Disabling The Web Server

    Operation Manual – Login Chapter 5 Logging In Through the Web-based H3C S3100-52P Ethernet switch Network Management System Figure 5-4 Banner page displayed when a user logs in to the switch through Web Click <Continue> to enter user login authentication page. You will enter the main page of the Web-based network management system if the authentication succeeds.

  • Page 85: Chapter 6 Logging In Through Nms

    Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 6 Logging In Through NMS Chapter 6 Logging In Through NMS Go to these sections for information you are interested in: Introduction Connection Establishment Using NMS 6.1 Introduction You can also log in to a switch through a network management station (NMS), and then configure and manage the switch through the agent module on the switch.

  • Page 86: Configuring Source Ip Address For Telnet Service Packets

    Displaying Source IP Address Configuration 7.1 Overview You can configure the source IP address for Telnet service packets for an S3100-52P switch operating as a Telnet client. The IP address can only be the IP address of a Layer 3 interface on the switch.

  • Page 87: Displaying Source Ip Address Configuration

    Operation Manual – Login Chapter 7 Configuring Source IP Address for Telnet H3C S3100-52P Ethernet switch Service Packets To do… Use the command… Remarks telnet { hostname | ip-address } [ service-port ] Specify a source { source-ip ip-address | source-interface...

  • Page 88: Chapter 8 User Control

    Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 8 User Control Chapter 8 User Control Go to these sections for information you are interested in: Introduction Controlling Telnet Users Controlling Network Management Users by Source IP Addresses Controlling Web Users by Source IP Address Note: Refer to the ACL part for information about ACL.

  • Page 89: Controlling Telnet Users

    Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 8 User Control 8.2 Controlling Telnet Users 8.2.1 Prerequisites The controlling policy against Telnet users is determined, including the source IP addresses, destination IP addresses and source MAC addresses to be controlled and the controlling actions (permitting or denying).

  • Page 90: Controlling Telnet Users By Source Mac Addresses

    Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 8 User Control To do… Use the command… Remarks Enter system view system-view — As for the acl number Create an advanced acl number acl-number command, the config ACL or enter...

  • Page 91: Controlling Network Management Users By Source Ip Addresses

    # Apply the ACL. [Sysname] user-interface vty 0 4 [Sysname-ui-vty0-4] acl 2000 inbound 8.3 Controlling Network Management Users by Source IP Addresses You can manage an S3100-52P Ethernet switch through network management software. Network management users can access switches through SNMP.
  • Page 92 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 8 User Control You need to perform the following two operations to control network management users by source IP addresses. Defining an ACL Applying the ACL to control users accessing the switch through SNMP 8.3.1 Prerequisites...
  • Page 93 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 8 User Control To do… Use the command… Remarks Apply the ACL while snmp-agent community { read | configuring the write } community-name [ acl SNMP community acl-number | mib-view view-name ]*...

  • Page 94: Controlling Web Users By Source Ip Address

    [Sysname] snmp-agent usm-user v2c usera groupa acl 2000 8.4 Controlling Web Users by Source IP Address You can manage an S3100-52P Ethernet switch remotely through Web. Web users can access a switch through HTTP connections. You need to perform the following two operations to control Web users by source IP addresses.

  • Page 95: Disconnecting A Web User By Force

    Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 8 User Control To do… Use the command… Remarks Optional Apply the ACL to ip http acl acl-number By default, no ACL is control Web users applied for Web users. 8.4.3 Disconnecting a Web User by Force The administrator can disconnect a Web user by force using the related commands.
  • Page 96 Operation Manual – Login H3C S3100-52P Ethernet switch Chapter 8 User Control # Apply ACL 2030 to only permit the Web users sourced from the IP address of 10.110.100.52 to access the switch. [Sysname] ip http acl 2030...
  • Page 97 Operation Manual – Configuration File Management H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 Configuration File Management ................. 1-1 1.1 Introduction to Configuration File..................1-1 1.2 Configuration Task List ...................... 1-2 1.2.1 Saving the Current Configuration................1-3 1.2.2 Erasing the Startup Configuration File ..............

  • Page 98: Chapter 1 Configuration File Management

    Operation Manual – Configuration File Management H3C S3100-52P Ethernet Switch Chapter 1 Configuration File Management Chapter 1 Configuration File Management When configuring configuration file management, go to these sections for information you are interested in: Introduction to Configuration File Configuration Task List 1.1 Introduction to Configuration File...

  • Page 99: Configuration Task List

    Operation Manual – Configuration File Management H3C S3100-52P Ethernet Switch Chapter 1 Configuration File Management can be used instead. This increases the safety and reliability of the file system compared with the switch that only support one configuration file. You can configure a file to have both main and backup attribute, but only one file of either main or backup attribute is allowed on a switch.

  • Page 100: Saving The Current Configuration

    Operation Manual – Configuration File Management H3C S3100-52P Ethernet Switch Chapter 1 Configuration File Management 1.2.1 Saving the Current Configuration You can modify the configuration on your switch at the command line interface (CLI). To use the modified configuration for your subsequent startups, you must save it (using the save command) as a configuration file.

  • Page 101: Erasing The Startup Configuration File

    Operation Manual – Configuration File Management H3C S3100-52P Ethernet Switch Chapter 1 Configuration File Management Backup attribute. When you use the save [ safely ] backup command to save the current configuration, the configuration file you get has backup attribute. If this configuration file already exists and has main attribute, the file will have both main and backup attributes after execution of this command.

  • Page 102: Specifying A Configuration File For Next Startup

    Operation Manual – Configuration File Management H3C S3100-52P Ethernet Switch Chapter 1 Configuration File Management Caution: This command will permanently delete the configuration file from the switch. 1.2.3 Specifying a Configuration File for Next Startup Use the following command to specify a configuration file for next startup: To do…...

  • Page 103: Displaying Switch Configuration

    Operation Manual – Configuration File Management H3C S3100-52P Ethernet Switch Chapter 1 Configuration File Management 1.2.4 Displaying Switch Configuration To do… Use the command… Remarks Display the initial display saved-configuration configuration file saved in [ unit unit-id ] [ by-linenum ]...
  • Page 104 Operation Manual – VLAN H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 VLAN Overview ......................1-1 1.1 VLAN Overview........................1-1 1.1.1 Introduction to VLAN ....................1-1 1.1.2 Advantages of VLANs ..................... 1-2 1.1.3 VLAN Fundamentals ....................1-2 1.1.4 VLAN Interface ......................

  • Page 105: Chapter 1 Vlan Overview

    Operation Manual – VLAN H3C S3100-52P Ethernet Switch Chapter 1 VLAN Overview Chapter 1 VLAN Overview This chapter covers these topics: VLAN Overview Port-Based VLAN Protocol-Based VLAN 1.1 VLAN Overview 1.1.1 Introduction to VLAN The traditional Ethernet is a broadcast network, where all hosts are in the same broadcast domain and connected with each other through hubs or switches.

  • Page 106: Advantages Of Vlans

    Operation Manual – VLAN H3C S3100-52P Ethernet Switch Chapter 1 VLAN Overview communicate with each other directly but need the help of network layer devices, such as routers and Layer 3 switches. Figure 1-1 illustrates a VLAN implementation. Figure 1-1 A VLAN implementation 1.1.2 Advantages of VLANs...
  • Page 107 The 16-bit TPID field with a value of 0x8100 indicates that the frame is VLAN tagged. On the H3C series Ethernet switches, the default TPID is 0x8100. The 3-bit priority field indicates the 802.1p priority of the frame. Refer to the “QoS-QoS profile”...

  • Page 108: Vlan Interface

    1.1.4 VLAN Interface Hosts in different VLANs cannot communicate with each other directly unless routers or Layer 3 switches are used to do Layer 3 forwarding. The S3100-52P Ethernet switch supports VLAN interfaces configuration to forward packets in Layer 3.

  • Page 109: Vlan Classification

    1.2.1 Link Types of Ethernet Ports The link type of an Ethernet port on the S3100-52P can be one of the following: Access: An access port can belong to only one VLAN, and is generally connected to a user PC.

  • Page 110: Assigning An Ethernet Port To Specified Vlans

    Operation Manual – VLAN H3C S3100-52P Ethernet Switch Chapter 1 VLAN Overview 1.2.2 Assigning an Ethernet Port to Specified VLANs You can assign an Ethernet port to a VLAN to forward packets for the VLAN, thus allowing the VLAN on the current switch to communicate with the same VLAN on the peer switch.

  • Page 111: Protocol-Based Vlan

    Operation Manual – VLAN H3C S3100-52P Ethernet Switch Chapter 1 VLAN Overview Table 1-2 Packet processing of a trunk port Processing of an incoming packet Processing of an outgoing packet For an untagged packet For a tagged packet If the port has already...

  • Page 112: Encapsulation Format Of Ethernet Data

    The switch identifies whether a packet is an Ethernet II packet or an 802.2/802.3 packet according to the ranges of the two fields. Note: The H3C S3100-52P switch recognizes packets with the value of the type field being in the range 0x05DD to 0x05FF as 802.2/802.3 encapsulated packets.
  • Page 113 Operation Manual – VLAN H3C S3100-52P Ethernet Switch Chapter 1 VLAN Overview II. Extended encapsulation formats of 802.2/802.3 packets 802.2/802.3 packets have the following three extended encapsulation formats: 802.3 raw encapsulation: only the length field is encapsulated after the source and destination address field, followed by the upper layer data.

  • Page 114: Procedure For The Switch To Judge Packet Protocol

    Operation Manual – VLAN H3C S3100-52P Ethernet Switch Chapter 1 VLAN Overview Note: When the OUI is 00-00-00 in 802.2 SNAP encapsulation, the PID field has the same meaning as the type field in Ethernet II encapsulation, which both refer to globally unique protocol number.

  • Page 115: Implementation Of Protocol-Based Vlan

    Supported (0x809B) 1.3.5 Implementation of Protocol-Based VLAN S3100-52P Ethernet switch assigns the packet to the specific VLAN by matching the packet with the protocol template. The protocol template is the standard to determine the protocol to which a packet belongs. Protocol templates include standard templates and user-defined templates: The standard template adopts the RFC-defined packet encapsulation formats and values of some specific fields as the matching criteria.

  • Page 116: Chapter 2 Vlan Configuration

    Operation Manual – VLAN H3C S3100-52P Ethernet Switch Chapter 2 VLAN Configuration Chapter 2 VLAN Configuration When configuring a VLAN, go to these sections for information you are interested in: VLAN Configuration Configuring a Port-Based VLAN Configuring a Protocol-Based VLAN 2.1 VLAN Configuration...

  • Page 117: Basic Vlan Interface Configuration

    Operation Manual – VLAN H3C S3100-52P Ethernet Switch Chapter 2 VLAN Configuration Caution: VLAN 1 is the system default VLAN, which needs not to be created and cannot be removed, either. The VLAN you created in the way described above is a static VLAN. On the switch, there are dynamic VLANs which are registered through GVRP.

  • Page 118: Displaying Vlan Configuration

    The operation of enabling/disabling a VLAN’s VLAN interface does not influence the physical status of the Ethernet ports belonging to this VLAN. An S3100-52P switch can be configured with a single VLAN interface only, and the VLAN must be the management VLAN. For details about the management VLAN, refer to the “Stack-Cluster Configuration”...

  • Page 119: Configuring The Link Type Of An Ethernet Port

    Operation Manual – VLAN H3C S3100-52P Ethernet Switch Chapter 2 VLAN Configuration Task Remarks Configuring the Default VLAN for a Port Optional 2.2.2 Configuring the Link Type of an Ethernet Port Follow these steps to configure the link type of an Ethernet port: To do…...

  • Page 120: Configuring The Default Vlan For A Port

    Operation Manual – VLAN H3C S3100-52P Ethernet Switch Chapter 2 VLAN Configuration Note: When assigning an access or hybrid port to a VLAN, make sure the VLAN already exists. In VLAN view Follow these steps to assign one or multiple access ports to a VLAN in VLAN view: Use the To do…...

  • Page 121: Displaying And Maintaining Port-Based Vlan

    Operation Manual – VLAN H3C S3100-52P Ethernet Switch Chapter 2 VLAN Configuration Caution: After configuring the default VLAN for a trunk or hybrid port, you need to use the port trunk permit command or the port hybrid vlan command to configure the port to allow traffic of the default VLAN to pass through.
  • Page 122 Operation Manual – VLAN H3C S3100-52P Ethernet Switch Chapter 2 VLAN Configuration II. Network diagram Server2 Server1 SwitchA Eth1/0/12 Eth1/0/13 Eth1/0/2 Eth1/0/10 Eth1/0/11 SwitchB Eth1/0/1 Figure 2-1 Network diagram for VLAN configuration III. Configuration procedure Configure Switch A. # Create VLAN 100, specify its descriptive string as Dept1, and add Ethernet 1/0/1 to VLAN 100.

  • Page 123: Configuring A Protocol-Based Vlan

    Operation Manual – VLAN H3C S3100-52P Ethernet Switch Chapter 2 VLAN Configuration [SwitchB] vlan 100 [SwitchB-vlan100] description Dept1 [SwitchB-vlan100] port Ethernet 1/0/13 [SwitchB-vlan103] quit # Create VLAN 200, specify its descriptive string as Dept2 and add Ethernet 1/0/11 and Ethernet 1/0/12 to VLAN 200.
  • Page 124 Operation Manual – VLAN H3C S3100-52P Ethernet Switch Chapter 2 VLAN Configuration II. Configuration procedure Follow these steps to configure the protocol template for a VLAN: To do... Use the command... Remarks Enter system view system-view — Enter VLAN view vlan vlan-id —...

  • Page 125: Associating A Port With A Protocol-Based Vlan

    Operation Manual – VLAN H3C S3100-52P Ethernet Switch Chapter 2 VLAN Configuration Caution: Because the IP protocol is closely associated with the ARP protocol, you are recommended to configure the ARP protocol type when configuring the IP protocol type and associate the two protocol types with the same port to avoid that ARP packets and IP packets are not assigned to the same VLAN, which will cause IP address resolution failure.

  • Page 126: Displaying Protocol-Based Vlan Configuration

    1/0/10 on the S3100-52P switch. IP network and AppleTalk network workstations (hosts) coexist in the Workroom. The S3100-52P switch connects to VLAN 100 (using IP network) through Ethernet 1/0/11 and to VLAN 200 (using AppleTalk network) through Ethernet 1/0/12. Configure the switch to automatically assign the IP and AppleTalk packets to proper VLANs for transmission, so as to ensure the normal communication between the workstations and servers.
  • Page 127 Operation Manual – VLAN H3C S3100-52P Ethernet Switch Chapter 2 VLAN Configuration II. Network diagram Figure 2-2 Network diagram for protocol-based VLAN configuration III. Configuration procedure # Create VLAN 100 and VLAN 200, and add Ethernet 1/0/11 and Ethernet 1/0/12 to VLAN 100 and VLAN 200 respectively.
  • Page 128 Operation Manual – VLAN H3C S3100-52P Ethernet Switch Chapter 2 VLAN Configuration VLAN Type: Protocol-based VLAN Protocol Index Protocol Type ethernetii etype 0x0806 VLAN ID: 200 VLAN Type: Protocol-based VLAN Protocol Index Protocol Type # Configure Ethernet 1/0/10 as a hybrid port, which removes the VLAN tag of the packets of VLAN 100 and VLAN 200 before forwarding the packets.
  • Page 129 Operation Manual – IP Address and Performance H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 IP Addressing Configuration ..................1-1 1.1 IP Addressing Overview ....................1-1 1.1.1 IP Address Classes....................1-1 1.1.2 Special Case IP Addresses..................1-2 1.1.3 Subnetting and Masking..................

  • Page 130: Chapter 1 Ip Addressing Configuration

    Operation Manual – IP Address and Performance H3C S3100-52P Ethernet Switch Chapter 1 IP Addressing Configuration Chapter 1 IP Addressing Configuration When configuring IP addressing, go to these sections for information you are interested IP Addressing Overview Configuring IP Addresses...

  • Page 131: Special Case Ip Addresses

    Operation Manual – IP Address and Performance H3C S3100-52P Ethernet Switch Chapter 1 IP Addressing Configuration Table 1-1 IP address classes and ranges Class Address range Description Address 0.0.0.0 means this host no this network. This address is used by a host at bootstrap when it does not know its IP address.

  • Page 132: Configuring Ip Addresses

    255.0.0.0, 255.255.0.0, and 255.255.255.0 respectively. 1.2 Configuring IP Addresses An S3100-52P Ethernet Switch supports assigning IP addresses to VLAN interfaces and loopback interfaces. Besides directly assigning an IP address to a VLAN interface, you may configure a VLAN interface to obtain an IP address through BOOTP or DHCP as alternatives.

  • Page 133: Displaying Ip Addressing Configuration

    Operation Manual – IP Address and Performance H3C S3100-52P Ethernet Switch Chapter 1 IP Addressing Configuration Note: This chapter only covers how to assign an IP address manually. For the other two approaches to IP address assignment, refer to the part discussing DHCP in this manual.

  • Page 134: Ip Address Configuration Examples

    Operation Manual – IP Address and Performance H3C S3100-52P Ethernet Switch Chapter 1 IP Addressing Configuration 1.4 IP Address Configuration Examples 1.4.1 IP Address Configuration Example I I. Network requirement Assign IP address 129.2.2.1 with mask 255.255.255.0 to VLAN-interface 1 of the switch.
  • Page 135 Operation Manual – IP Address and Performance H3C S3100-52P Ethernet Switch Chapter 1 IP Addressing Configuration II. Network diagram Figure 1-4 Network diagram for IP address configuration III. Configuration procedure # Assign a primary IP address and a secondary IP address to VLAN-interface 1.
  • Page 136 Operation Manual – IP Address and Performance H3C S3100-52P Ethernet Switch Chapter 1 IP Addressing Configuration The output information shows the switch can communicate with the hosts on the subnet 172.16.1.0/24. # Ping a host on the subnet 172.16.2.0/24 from the switch to check the connectivity.

  • Page 137: Chapter 2 Ip Performance Configuration

    2.1 IP Performance Overview 2.1.1 Introduction to IP Performance Configuration In some network environments, you need to adjust the IP parameters to achieve best network performance. The IP performance configuration supported by an S3100-52P Ethernet Switch includes: Configuring TCP attributes...

  • Page 138: Configuring Tcp Attributes

    Operation Manual – IP Address and Performance H3C S3100-52P Ethernet Switch Chapter 2 IP Performance Configuration 2.2.2 Configuring TCP Attributes TCP optional parameters that can be configured include: synwait timer: When sending a SYN packet, TCP starts the synwait timer. If no response packets are received before the synwait timer times out, the TCP connection is not successfully created.

  • Page 139: Displaying And Maintaining Ip Performance Configuration

    Operation Manual – IP Address and Performance H3C S3100-52P Ethernet Switch Chapter 2 IP Performance Configuration Follow these steps to disable sending ICMP error packets: To do… Use the command… Remarks Enter system view system-view — Required undo icmp redirect...
  • Page 140 1.1 Voice VLAN Overview ....................... 1-1 1.1.1 How an IP Phone Works ..................1-1 1.1.2 How S3100-52P Switch Identifies Voice Traffic............1-3 1.1.3 Setting the Voice Traffic Transmission Priority ............1-4 1.1.4 Configuring Voice VLAN Assignment Mode of a Port..........1-4 1.1.5 Support for Voice VLAN on Various Ports ..............

  • Page 141: Chapter 1 Voice Vlan Configuration

    Operation Manual – Voice VLAN H3C S3100-52P Ethernet Switch Chapter 1 Voice VLAN Configuration Chapter 1 Voice VLAN Configuration When configuring voice VLAN, go to these sections for information you are interested Voice VLAN Overview Voice VLAN Configuration Displaying and Maintaining Voice VLAN Voice VLAN Configuration Example 1.1 Voice VLAN Overview...
  • Page 142 Operation Manual – Voice VLAN H3C S3100-52P Ethernet Switch Chapter 1 Voice VLAN Configuration Figure 1-1 Network diagram for IP phones As shown in Figure 1-1, the IP phone needs to work in conjunction with the DHCP server and the NCP to establish a path for voice data transmission. An IP phone goes through the following three phases to become capable of transmitting voice data.

  • Page 143: How S3100-52P Switch Identifies Voice Traffic

    OUI address which forms the first 24 bits of a MAC address. S3100-52P Ethernet switch supports OUI address mask configuration. You can adjust the matching depth of MAC address by setting different OUI address masks.

  • Page 144: Setting The Voice Traffic Transmission Priority

    I. Processing mode of untagged packets sent by IP voice devices Automatic voice VLAN assignment mode. An S3100-52P Ethernet switch automatically adds a port connecting an IP voice device to the voice VLAN by learning the source MAC address in the untagged packet sent by the IP voice device when it is powered on.

  • Page 145: Support For Voice Vlan On Various Ports

    Operation Manual – Voice VLAN H3C S3100-52P Ethernet Switch Chapter 1 Voice VLAN Configuration Caution: If the voice traffic transmitted by an IP voice device carries VLAN tags, and 802.1x authentication and guest VLAN is enabled on the port which the IP voice device is connected to, assign different VLAN IDs for the voice VLAN, the default VLAN of the port, and the 802.1x guest VLAN to ensure the effective operation of these...
  • Page 146 Operation Manual – Voice VLAN H3C S3100-52P Ethernet Switch Chapter 1 Voice VLAN Configuration Table 1-2 Matching relationship between port types and voice devices capable of acquiring IP address and voice VLAN automatically Voice VLAN Voice Port assignment traffic Supported or not...

  • Page 147: Security Mode Of Voice Vlan

    1.1.6 Security Mode of Voice VLAN On S3100-52P Ethernet switch, a voice VLAN can operate in the security mode. Voice VLANs operating in this mode only permit voice data, enabling you to perform voice traffic-specific priority configuration.

  • Page 148: Configuring The Voice Vlan To Operate In Automatic Voice Vlan Assignment Mode

    Operation Manual – Voice VLAN H3C S3100-52P Ethernet Switch Chapter 1 Voice VLAN Configuration 1.2.2 Configuring the Voice VLAN to Operate in Automatic Voice VLAN Assignment Mode Follow these steps to configure a voice VLAN to operate in automatic voice VLAN assignment mode: To do…...

  • Page 149: Configuring The Voice Vlan To Operate In Manual Voice Vlan Assignment Mode

    Operation Manual – Voice VLAN H3C S3100-52P Ethernet Switch Chapter 1 Voice VLAN Configuration Caution: A port working in automatic voice VLAN assignment mode cannot be assigned to the voice VLAN manually. Therefore, if a VLAN is configured as the voice VLAN and a protocol-based VLAN at the same time, the protocol-based VLAN function cannot be bound with the port.
  • Page 150 Operation Manual – Voice VLAN H3C S3100-52P Ethernet Switch Chapter 1 Voice VLAN Configuration To do… Use the command… Remarks Enable the voice VLAN function voice vlan vlan-id Required globally enable interface interface-type Enter port view Required interface-number Required By default, voice...

  • Page 151: Displaying And Maintaining Voice Vlan

    VLAN does not operate in security mode. The voice VLAN legacy feature realizes the communication between H3C device and other vendor's voice device by automatically adding the voice VLAN tag to the voice data coming from other vendors’...

  • Page 152: Voice Vlan Configuration Example (Automatic Voice Vlan Assignment Mode)

    Operation Manual – Voice VLAN H3C S3100-52P Ethernet Switch Chapter 1 Voice VLAN Configuration 1.4 Voice VLAN Configuration Example 1.4.1 Voice VLAN Configuration Example (Automatic Voice VLAN Assignment Mode) I. Network requirements Create a voice VLAN and configure it to operate in automatic voice VLAN assignment mode to enable the port to which an IP phone is connected to join or exit the voice VLAN automatically and voice traffic to be transmitted within the voice VLAN.

  • Page 153: Voice Vlan Configuration Example (Manual Voice Vlan Assignment Mode)

    Operation Manual – Voice VLAN H3C S3100-52P Ethernet Switch Chapter 1 Voice VLAN Configuration # Add a user-defined OUI address 0011-2200-000 and set the description string to “test”. [DeviceA] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000 description test # Enable the voice VLAN function globally.
  • Page 154 Operation Manual – Voice VLAN H3C S3100-52P Ethernet Switch Chapter 1 Voice VLAN Configuration II. Network diagram Figure 1-3 Network diagram for voice VLAN configuration (manual voice VLAN assignment mode) III. Configuration procedure # Enable the security mode for the voice VLAN so that the ports in the voice VLAN permit valid voice packets only.
  • Page 155 Operation Manual – Voice VLAN H3C S3100-52P Ethernet Switch Chapter 1 Voice VLAN Configuration [DeviceA-Ethernet1/0/1] voice vlan enable IV. Verification # Display the OUI addresses, the corresponding OUI address masks and the corresponding description strings that the system supports. <DeviceA> display voice vlan oui...
  • Page 156 Operation Manual – GVRP H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 GVRP Configuration ....................1-1 1.1 Introduction to GVRP......................1-1 1.1.1 GARP ........................1-1 1.1.2 GVRP ........................1-4 1.1.3 Protocol Specifications.................... 1-5 1.2 GVRP Configuration ......................1-5 1.2.1 GVRP Configuration Tasks ..................

  • Page 157: Chapter 1 Gvrp Configuration

    Operation Manual – GVRP H3C S3100-52P Ethernet Switch Chapter 1 GVRP Configuration Chapter 1 GVRP Configuration When configuring GVRP, go to these sections for information you are interested in: Introduction to GVRP GVRP Configuration Displaying and Maintaining GVRP GVRP Configuration Example 1.1 Introduction to GVRP...
  • Page 158 Operation Manual – GVRP H3C S3100-52P Ethernet Switch Chapter 1 GVRP Configuration messages deregister all the attributes, through which the attribute information of the entity can be registered again on the other GARP entities. Leave messages, LeaveAll messages, together with Join messages ensure attribute information can be deregistered and re-registered.
  • Page 159 Operation Manual – GVRP H3C S3100-52P Ethernet Switch Chapter 1 GVRP Configuration workstation or a bridge; it instructs other GARP members to register/deregister its attribute information by declaration/recant, and register/deregister other GARP member's attribute information according to other member's declaration/recant. When a port receives an attribute declaration, the port will register this attribute.
  • Page 160 Operation Manual – GVRP H3C S3100-52P Ethernet Switch Chapter 1 GVRP Configuration Field Description Value Each general attribute consists of three parts: Attribute Length, Attribute Event, and Attribute Value. Attribute — Each LeaveAll attribute consists of two parts: Attribute Length and LeaveAll Event.

  • Page 161: Protocol Specifications

    Operation Manual – GVRP H3C S3100-52P Ethernet Switch Chapter 1 GVRP Configuration Normal. A port in this mode can dynamically register/deregister VLANs and propagate dynamic/static VLAN information. Fixed. A port in this mode cannot register/deregister VLANs dynamically. It only propagates static VLAN information. Besides, the port permits only static VLANs, that is, it propagates only static VLAN information to the other GARP members.

  • Page 162: Configuring Gvrp Timers

    Operation Manual – GVRP H3C S3100-52P Ethernet Switch Chapter 1 GVRP Configuration To do ... Use the command ... Remarks Required Enable GVRP on the port gvrp By default, GVRP is disabled on the port. Notes After you enable GVRP on a trunk port, you cannot change the port to a different type.

  • Page 163: Configuring Gvrp Port Registration Mode

    Operation Manual – GVRP H3C S3100-52P Ethernet Switch Chapter 1 GVRP Configuration Table 1-2 Relations between the timers Timer Lower threshold Upper threshold This upper threshold is less than or equal to one-half of the timeout Hold 10 centiseconds time of the Join timer. You...

  • Page 164: Displaying And Maintaining Gvrp

    Operation Manual – GVRP H3C S3100-52P Ethernet Switch Chapter 1 GVRP Configuration To do ... Use the command ... Remarks interface interface-type Enter Ethernet port view — interface-number Optional Configure GVRP port gvrp registration { fixed | By default, GVRP port...
  • Page 165 Operation Manual – GVRP H3C S3100-52P Ethernet Switch Chapter 1 GVRP Configuration II. Network diagram Switch B Switch A Eth1/0/1 Eth1/0/1 Eth1/0/2 Eth1/0/3 Eth1/0/2 Eth1/0/1 Eth1/0/1 Eth1/0/1 Switch E Switch C Switch D VLAN 5 VLAN 5 VLAN 8 VLAN 7 Figure 1-2 Network diagram for GVRP configuration III.
  • Page 166 Operation Manual – GVRP H3C S3100-52P Ethernet Switch Chapter 1 GVRP Configuration Configure Switch B # The configuration procedure of Switch B is similar to that of Switch A and is thus omitted. Configure Switch C # Enable GVRP on Switch C, which is similar to that of Switch A and is thus omitted.
  • Page 167 Operation Manual – GVRP H3C S3100-52P Ethernet Switch Chapter 1 GVRP Configuration Configure Ethernet1/0/1 on Switch E to operate in fixed GVRP registration mode and display the VLAN information dynamically registered on Switch A, Switch B, and Switch E. # Configure Ethernet1/0/1 on Switch E to operate in fixed GVRP registration mode.
  • Page 168 Operation Manual – Port Basic Configuration H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 Port Basic Configuration .................... 1-1 1.1 Ethernet Port Configuration ....................1-1 1.1.1 Initially Configuring a Port ..................1-1 1.1.2 Configuring Port Auto-Negotiation Speed............... 1-2 1.1.3 Limiting Traffic on individual Ports ................

  • Page 169: Chapter 1 Port Basic Configuration

    Operation Manual – Port Basic Configuration H3C S3100-52P Ethernet Switch Chapter 1 Port Basic Configuration Chapter 1 Port Basic Configuration When performing port basic configuration, go to these sections for information you are interested in: Ethernet Port Configuration Ethernet Port Configuration Example...

  • Page 170: Configuring Port Auto-Negotiation Speed

    Operation Manual – Port Basic Configuration H3C S3100-52P Ethernet Switch Chapter 1 Port Basic Configuration To do... Use the command... Remarks Optional Set the description By default, the description string for the Ethernet description text string of an Ethernet port is port null.

  • Page 171: Limiting Traffic On Individual Ports

    Operation Manual – Port Basic Configuration H3C S3100-52P Ethernet Switch Chapter 1 Port Basic Configuration To do... Use the command... Remarks Enter system view system-view — Enter Ethernet interface interface interface-type — view interface-number Optional By default, the port speed is determined...

  • Page 172: Enabling Flow Control On A Port

    Operation Manual – Port Basic Configuration H3C S3100-52P Ethernet Switch Chapter 1 Port Basic Configuration To do... Use the command... Remarks interface interface-type Enter Ethernet port view — interface-number Optional Limit broadcast traffic broadcast-suppression By default, the switch received on the current...

  • Page 173: Configuring Loopback Detection For An Ethernet Port

    Operation Manual – Port Basic Configuration H3C S3100-52P Ethernet Switch Chapter 1 Port Basic Configuration configuration, QoS configuration, GARP configuration, STP configuration and initial port configuration. Refer to the command manual for the configurations that can be duplicated. Follow these steps to duplicate the configuration of a port to specific ports: To do...

  • Page 174: Enabling Loopback Test

    Operation Manual – Port Basic Configuration H3C S3100-52P Ethernet Switch Chapter 1 Port Basic Configuration Follow these steps to configure loopback detection for an Ethernet port: To do... Use the command... Remarks Enter system view system-view — Required Enable loopback...

  • Page 175: Enabling The System To Test Connected Cable

    Operation Manual – Port Basic Configuration H3C S3100-52P Ethernet Switch Chapter 1 Port Basic Configuration To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter Ethernet port view — interface-number Enable loopback test loopback { external | internal }...

  • Page 176: Configuring The Interval To Perform Statistical Analysis On Port Traffic

    Operation Manual – Port Basic Configuration H3C S3100-52P Ethernet Switch Chapter 1 Port Basic Configuration 1.1.9 Configuring the Interval to Perform Statistical Analysis on Port Traffic By performing the following configuration, you can set the interval to perform statistical analysis on the traffic of a port.

  • Page 177: Configuring Storm Control On A Port

    Operation Manual – Port Basic Configuration H3C S3100-52P Ethernet Switch Chapter 1 Port Basic Configuration When the physical link status of an Ethernet port changes between Up and Down or Up and Administratively Down, the switch will generate Up/Down log and send the log information to the terminal automatically by default.

  • Page 178: Setting The Port State Change Delay

    Operation Manual – Port Basic Configuration H3C S3100-52P Ethernet Switch Chapter 1 Port Basic Configuration To do... Use the command... Remarks Optional Set the action to be taken when a type of traffic By default, no action is storm-constrain control...
  • Page 179 Operation Manual – Port Basic Configuration H3C S3100-52P Ethernet Switch Chapter 1 Port Basic Configuration Caution: The port state change delay takes effect when the port goes down but not when the port goes up. Follow these steps to set the port state change delay: To do …...

  • Page 180: Displaying And Maintaining Basic Port Configuration

    Operation Manual – Port Basic Configuration H3C S3100-52P Ethernet Switch Chapter 1 Port Basic Configuration 1.1.14 Displaying and Maintaining Basic Port Configuration To do... Use the command... Remarks Display port display interface [ interface-type configuration | interface-type interface-number ] information...

  • Page 181: Troubleshooting Ethernet Port Configuration

    Operation Manual – Port Basic Configuration H3C S3100-52P Ethernet Switch Chapter 1 Port Basic Configuration Configure the default VLAN ID of both Ethernet 1/0/1 to 100. Allow the packets of VLAN 2, VLAN 6 through VLAN 50 and VLAN 100 to pass both Ethernet 1/0/1.
  • Page 182 Operation Manual – Link Aggregation H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 Link Aggregation Configuration ................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to Link Aggregation ................1-1 1.1.2 Introduction to LACP ....................1-1 1.1.3 Requirements on Ports for Link Aggregation ............1-2 1.2 Link Aggregation Classification..................

  • Page 183: Chapter 1 Link Aggregation Configuration

    Operation Manual – Link Aggregation H3C S3100-52P Ethernet Switch Chapter 1 Link Aggregation Configuration Chapter 1 Link Aggregation Configuration When configuring link aggregation, go to these sections for information you are interested in: Overview Link Aggregation Classification Aggregation Group Categories...

  • Page 184: Requirements On Ports For Link Aggregation

    Operation Manual – Link Aggregation H3C S3100-52P Ethernet Switch Chapter 1 Link Aggregation Configuration 1.1.3 Requirements on Ports for Link Aggregation To achieve load sharing in an aggregation group, the member ports to perform load balancing must have the same speed, duplex mode, and basic configurations, which...

  • Page 185: Static Lacp Aggregation Group

    Operation Manual – Link Aggregation H3C S3100-52P Ethernet Switch Chapter 1 Link Aggregation Configuration Among the ports in an aggregation group that are in up state, the system determines the mater port with one of the following settings being the highest (in descending order) as the master port: full duplex/high speed, full duplex/low speed, half duplex/high speed, half duplex/low speed.

  • Page 186: Dynamic Lacp Aggregation Group

    Operation Manual – Link Aggregation H3C S3100-52P Ethernet Switch Chapter 1 Link Aggregation Configuration descending order) as the master port: full duplex/high speed, full duplex/low speed, half duplex/high speed, half duplex/low speed. The ports with their rate, duplex mode and link type being the same as that of the master port are selected port, and the rest are unselected ports.

  • Page 187: Aggregation Group Categories

    Operation Manual – Link Aggregation H3C S3100-52P Ethernet Switch Chapter 1 Link Aggregation Configuration the port IDs of the preferred device (that is, the device with smaller system ID). The following is the negotiation procedure: Compare device IDs (system priority + system MAC address) between the two parties.
  • Page 188 Operation Manual – Link Aggregation H3C S3100-52P Ethernet Switch Chapter 1 Link Aggregation Configuration An aggregation group containing special ports which require hardware aggregation resources has higher priority than any aggregation group containing no special port. A manual or static aggregation group has higher priority than a dynamic aggregation group (unless the latter contains special ports while the former does not).

  • Page 189: Link Aggregation Configuration

    Operation Manual – Link Aggregation H3C S3100-52P Ethernet Switch Chapter 1 Link Aggregation Configuration 1.4 Link Aggregation Configuration Caution: The commands of link aggregation cannot be configured with the commands of port loopback detection feature at the same time. The ports where the mac-address max-mac-count command is configured cannot be added to an aggregation group.

  • Page 190: Configuring A Static Lacp Aggregation Group

    Operation Manual – Link Aggregation H3C S3100-52P Ethernet Switch Chapter 1 Link Aggregation Configuration Follow these steps to configure a manual aggregation group: To do… Use the command… Remarks Enter system view system-view — Create a manual link-aggregation group agg-id...

  • Page 191: Configuring A Dynamic Lacp Aggregation Group

    Operation Manual – Link Aggregation H3C S3100-52P Ethernet Switch Chapter 1 Link Aggregation Configuration Follow these steps to configure a static LACP aggregation group: To do… Use the command… Remarks Enter system view system-view — Create a static link-aggregation group agg-id...

  • Page 192: Configuring A Description For An Aggregation Group

    Operation Manual – Link Aggregation H3C S3100-52P Ethernet Switch Chapter 1 Link Aggregation Configuration To do… Use the command… Remarks Optional Configure the lacp system-priority By default, the system priority is system priority system-priority 32,768. Enter Ethernet interface interface-type —...

  • Page 193: Displaying And Maintaining Link Aggregation Configuration

    Operation Manual – Link Aggregation H3C S3100-52P Ethernet Switch Chapter 1 Link Aggregation Configuration 1.5 Displaying and Maintaining Link Aggregation Configuration To do… Use the command… Remarks Display summary display link-aggregation information of all summary aggregation groups Display detailed information of a specific...
  • Page 194 Operation Manual – Link Aggregation H3C S3100-52P Ethernet Switch Chapter 1 Link Aggregation Configuration III. Configuration procedure Note: The following only lists the configuration on Switch A; you must perform the similar configuration on Switch B to implement link aggregation.
  • Page 195 Operation Manual – Link Aggregation H3C S3100-52P Ethernet Switch Chapter 1 Link Aggregation Configuration [Sysname-Ethernet1/0/1] quit [Sysname] interface Ethernet 1/0/2 [Sysname-Ethernet1/0/2] lacp enable [Sysname-Ethernet1/0/2] quit [Sysname] interface Ethernet1/0/3 [Sysname-Ethernet1/0/3] lacp enable Caution: The three LACP-enabled ports can be aggregated into one dynamic aggregation group to implement load sharing only when they have the same basic configuration (such as rate, duplex mode, and so on).
  • Page 196 Operation Manual – Port Isolation H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 Port Isolation Configuration ..................1-1 1.1 Port Isolation Overview...................... 1-1 1.2 Port Isolation Configuration ....................1-1 1.3 Displaying and Maintaining Port Isolation Configuration ........... 1-2...

  • Page 197: Chapter 1 Port Isolation Configuration

    Thus, you can construct your network in a more flexible way and improve your network security. Currently, you can create only one isolation group on an S3100-52P Ethernet switch. The number of Ethernet ports in an isolation group is not limited.

  • Page 198: Displaying And Maintaining Port Isolation Configuration

    Operation Manual – Port Isolation H3C S3100-52P Ethernet Switch Chapter 1 Port Isolation Configuration Note: When a member port of an aggregation group joins/leaves an isolation group, the other ports in the same aggregation group on the local unit will join/leave the isolation group at the same time.
  • Page 199 Operation Manual – Port Isolation H3C S3100-52P Ethernet Switch Chapter 1 Port Isolation Configuration II. Network diagram Figure 1-1 Network diagram for port isolation configuration III. Configuration procedure # Add Ethernet1/0/2, Ethernet1/0/3, and Ethernet1/0/4 to the isolation group. <Sysname> system-view System View: return to User View with Ctrl+Z.
  • Page 200 Operation Manual – Port Security-Port Binding H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 Port Security Configuration..................1-1 1.1 Port Security Overview ...................... 1-1 1.1.1 Introduction......................1-1 1.1.2 Port Security Features .................... 1-1 1.1.3 Port Security Modes....................1-2 1.2 Port Security Configuration Task List ................

  • Page 201: Chapter 1 Port Security Configuration

    Operation Manual – Port Security-Port Binding H3C S3100-52P Ethernet Switch Chapter 1 Port Security Configuration Chapter 1 Port Security Configuration When configuring port security, go to these sections for information you are interested Port Security Overview Port Security Configuration Task List...

  • Page 202: Port Security Modes

    Operation Manual – Port Security-Port Binding H3C S3100-52P Ethernet Switch Chapter 1 Port Security Configuration Intrusion protection feature: By checking the source MAC addresses in inbound data frames or the username and password in 802.1x authentication requests on the port, intrusion protection detects illegal packets or events and takes a pre-set action accordingly.
  • Page 203 Operation Manual – Port Security-Port Binding H3C S3100-52P Ethernet Switch Chapter 1 Port Security Configuration Security mode Description Feature In this mode, neither In this mode, port-based 802.1x NTK nor intrusion userlogin authentication is performed for access protection will be users.
  • Page 204 Operation Manual – Port Security-Port Binding H3C S3100-52P Ethernet Switch Chapter 1 Port Security Configuration Security mode Description Feature In this mode, both MAC authentication and 802.1x authentication can be performed, but 802.1x authentication has a higher priority. 802.1x authentication can still be performed on an access user who has passed MAC authentication.

  • Page 205: Port Security Configuration Task List

    Operation Manual – Port Security-Port Binding H3C S3100-52P Ethernet Switch Chapter 1 Port Security Configuration Note: When the port operates in the userlogin-withoui mode, Intrusion Protection will not be triggered even if the OUI address does not match. On a port operating in either the macAddressElseUserLoginSecure mode or the macAddressElseUserLoginSecureExt mode, Intrusion Protection is triggered only after both MAC-based authentication and 802.1x authentication on the same...

  • Page 206: Setting The Maximum Number Of Mac Addresses Allowed On A Port

    Operation Manual – Port Security-Port Binding H3C S3100-52P Ethernet Switch Chapter 1 Port Security Configuration To do... Use the command... Remarks Enter system view system-view — Required Enable port security port-security enable Disabled by default Caution: Enabling port security resets the following configurations on the ports to the defaults (shown in parentheses below): 802.1x (disabled), port access control method (macbased), and port access control...

  • Page 207: Setting The Port Security Mode

    Operation Manual – Port Security-Port Binding H3C S3100-52P Ethernet Switch Chapter 1 Port Security Configuration Follow these steps to set the maximum number of MAC addresses allowed on a port: To do... Use the command... Remarks Enter system view system-view —...

  • Page 208: Configuring Port Security Features

    Operation Manual – Port Security-Port Binding H3C S3100-52P Ethernet Switch Chapter 1 Port Security Configuration Note: Before setting the port security mode to autolearn, you need to set the maximum number of MAC addresses allowed on the port with the port-security max-mac-count command.
  • Page 209 Operation Manual – Port Security-Port Binding H3C S3100-52P Ethernet Switch Chapter 1 Port Security Configuration II. Configuring intrusion protection Follow these steps to configure the intrusion protection feature: To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter Ethernet port view —...

  • Page 210: Ignoring The Authorization Information From The Radius Server

    Operation Manual – Port Security-Port Binding H3C S3100-52P Ethernet Switch Chapter 1 Port Security Configuration III. Configuring the Trap feature Follow these steps to configure port security trapping: To do... Use the command... Remarks Enter system view system-view — port-security trap { addresslearned...

  • Page 211: Displaying And Maintaining Port Security Configuration

    Operation Manual – Port Security-Port Binding H3C S3100-52P Ethernet Switch Chapter 1 Port Security Configuration If the amount of security MAC addresses has not yet reach the maximum number, the port will learn new MAC addresses and turn them to security MAC addresses;...

  • Page 212: Port Security Configuration Example

    Operation Manual – Port Security-Port Binding H3C S3100-52P Ethernet Switch Chapter 1 Port Security Configuration 1.4 Port Security Configuration Example 1.4.1 Port Security Configuration Example I. Network requirements Implement access user restrictions through the following configuration on Ethernet 1/0/1 of the switch.
  • Page 213 Operation Manual – Port Security-Port Binding H3C S3100-52P Ethernet Switch Chapter 1 Port Security Configuration [Switch-Ethernet1/0/1] port-security intrusion-mode disableport-temporarily [Switch-Ethernet1/0/1] quit [Switch] port-security timer disableport 30 1-13...

  • Page 214: Chapter 2 Port Binding Configuration

    Operation Manual – Port Security-Port Binding H3C S3100-52P Ethernet Switch Chapter 2 Port Binding Configuration Chapter 2 Port Binding Configuration When configuring port binding, go to these sections for information you are interested Port Binding Overview Displaying and Maintaining Port Binding Configuration Port Binding Configuration Example 2.1 Port Binding Overview...

  • Page 215: Displaying And Maintaining Port Binding Configuration

    Operation Manual – Port Security-Port Binding H3C S3100-52P Ethernet Switch Chapter 2 Port Binding Configuration 2.2 Displaying and Maintaining Port Binding Configuration To do... Use the command... Remarks Display port display am user-bind [ interface Available in any binding interface-type interface-number | ip-addr...
  • Page 216 Operation Manual – Port Security-Port Binding H3C S3100-52P Ethernet Switch Chapter 2 Port Binding Configuration [SwitchA-Ethernet1/0/1] user-bind mac-addr 0001-0002-0003 ip-addr 10.12.1.1...
  • Page 217 Operation Manual – DLDP H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 DLDP Configuration ....................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction......................1-1 1.2 DLDP Fundamentals ......................1-2 1.2.1 DLDP Implementation ..................... 1-2 1.2.2 DLDP Status......................1-6 1.2.3 DLDP Timers......................

  • Page 218: Chapter 1 Dldp Configuration

    Operation Manual – DLDP H3C S3100-52P Ethernet Switch Chapter 1 DLDP Configuration Chapter 1 DLDP Configuration When configuring DLDP, go to these sections for information you are interested in: Overview DLDP Configuration DLDP Configuration Example 1.1 Overview 1.1.1 Introduction A special kind of links, namely, unidirectional links, may occur in a network. When a unidirectional link appears, the local device can receive packets from the peer device through the link layer, but the peer device cannot receive packets from the local device.

  • Page 219: Dldp Fundamentals

    Operation Manual – DLDP H3C S3100-52P Ethernet Switch Chapter 1 DLDP Configuration Figure 1-2 Fiber broken or not connected DLDP provides the following features: As a link layer protocol, it works together with the physical layer protocols to monitor the link status of a device.
  • Page 220 Operation Manual – DLDP H3C S3100-52P Ethernet Switch Chapter 1 DLDP Configuration DLDP packet type Function RSY-Advertisement Advertisement packet with the RSY flag set to 1. RSY packets (referred to advertisement packets are sent to request synchronizing the as RSY packets...
  • Page 221 Operation Manual – DLDP H3C S3100-52P Ethernet Switch Chapter 1 DLDP Configuration DLDP packet type Function Linkdown packets are used to notify unidirectional link emergencies (a unidirectional link emergency occurs when the local port is down and the peer port is up). Linkdown packets carry only the local port information instead of the neighbor information.
  • Page 222 Operation Manual – DLDP H3C S3100-52P Ethernet Switch Chapter 1 DLDP Configuration A DLDP packet received is processed as follows: In authentication mode, the DLDP packet is authenticated and is then dropped if it fails the authentication. The packet is further processed, as described in Table 1-3.

  • Page 223: Dldp Status

    Operation Manual – DLDP H3C S3100-52P Ethernet Switch Chapter 1 DLDP Configuration Table 1-4 Processing procedure when no echo packet is received from the neighbor No echo packet received from the Processing procedure neighbor In normal mode, no echo packet is...

  • Page 224: Dldp Timers

    Operation Manual – DLDP H3C S3100-52P Ethernet Switch Chapter 1 DLDP Configuration 1.2.3 DLDP Timers Table 1-6 DLDP timers Timer Description Interval between sending advertisement packets, which can Advertisement be configured on a command line interface. sending timer By default, the timer length is 5 seconds.

  • Page 225: Dldp Operating Mode

    Operation Manual – DLDP H3C S3100-52P Ethernet Switch Chapter 1 DLDP Configuration Timer Description In the enhanced mode, if no packet is received from the neighbor when the entry aging timer expires, DLDP enables the enhanced timer for the neighbor. The enhanced timer...

  • Page 226: Dldp Neighbor State

    Operation Manual – DLDP H3C S3100-52P Ethernet Switch Chapter 1 DLDP Configuration DLDP detects The entry aging The enhanced whether neighbors timer is enabled timer is enabled DLDP operating exist or not when or not during or not when the...

  • Page 227: Dldp Configuration

    Operation Manual – DLDP H3C S3100-52P Ethernet Switch Chapter 1 DLDP Configuration recovered to bidirectional, the port changes from the disable state to the active state, and neighboring relationship is reestablished between the local port and the neighbor. Note: Only ports in the DLDP down state can send and process recover probe packets and recover echo packets.

  • Page 228: Resetting Dldp State

    Operation Manual – DLDP H3C S3100-52P Ethernet Switch Chapter 1 DLDP Configuration To do … Use the command … Remarks Optional. dldp work-mode { enhance By default, Set the DLDP operating mode | normal } DLDP works in normal mode.

  • Page 229: Displaying And Maintaining Dldp

    Operation Manual – DLDP H3C S3100-52P Ethernet Switch Chapter 1 DLDP Configuration Note: This function is only applicable to ports that are in DLDP down state. Follow these steps to reset DLDP state: To do … Use the command …...
  • Page 230 Operation Manual – DLDP H3C S3100-52P Ethernet Switch Chapter 1 DLDP Configuration II. Network diagram Figure 1-3 Network diagram for DLDP configuration III. Configuration procedure Configure Switch A # Configure the ports to work in mandatory full duplex mode at a rate of 1,000 Mbps.
  • Page 231 Operation Manual – DLDP H3C S3100-52P Ethernet Switch Chapter 1 DLDP Configuration Note: When two switches are connected through fibers in a crossed way, two or three ports may be in the disable state, and the rest in the inactive state.
  • Page 232 Operation Manual – MAC Address Table Management H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 MAC Address Table Management................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to MAC Address Table ................ 1-1 1.1.2 Introduction to MAC Address Learning ..............1-2 1.1.3 Managing MAC Address Table ................

  • Page 233: Chapter 1 Mac Address Table Management

    Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table H3C S3100-52P Ethernet Switch Management Chapter 1 MAC Address Table Management When configuring MAC address table management, go to these sections for information you are interested in: Overview...

  • Page 234: Introduction To Mac Address Learning

    Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table H3C S3100-52P Ethernet Switch Management Broadcast forwarding: If the destination MAC address carried in the packet is not included in the MAC address table, the switch broadcasts the packet to all ports except the one receiving the packet.
  • Page 235 Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table H3C S3100-52P Ethernet Switch Management After learning the MAC address of User A, the switch starts to forward the packet. Because there is no MAC address and port information of User B in the existing MAC address table, the switch forwards the packet to all ports except Ethernet 1/0/1 to ensure that User B can receive the packet.

  • Page 236: Managing Mac Address Table

    Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table H3C S3100-52P Ethernet Switch Management At this time, the MAC address table of the switch includes two forwarding entries shown in Figure 1-5. When forwarding the response packet, the switch unicasts the packet instead of broadcasting it to User A through Ethernet 1/0/1, because MAC-A is already in the MAC address table.

  • Page 237: Configuring Mac Address Table Management

    Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table H3C S3100-52P Ethernet Switch Management II. Entries in a MAC address table Entries in a MAC address table fall into the following categories according to their characteristics and configuration methods: Static MAC address entry: Also known as permanent MAC address entry.

  • Page 238: Configuring A Mac Address Entry

    Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table H3C S3100-52P Ethernet Switch Management Task Remarks Enabling Destination MAC Address Triggered Update Optional Assigning MAC Addresses for Ethernet Ports Optional 1.2.2 Configuring a MAC Address Entry You can add, modify, or remove a MAC address entry, remove all MAC address entries concerning a specific port, or remove specific type of MAC address entries (dynamic or static MAC address entries).

  • Page 239: Setting The Mac Address Aging Timer

    Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table H3C S3100-52P Ethernet Switch Management To do… Use the command… Remarks mac-address { static | Add a MAC address entry dynamic | blackhole } Required mac-address vlan vlan-id...

  • Page 240: Setting The Maximum Number Of Mac Addresses A Port Can Learn

    Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table H3C S3100-52P Ethernet Switch Management 1.2.4 Setting the Maximum Number of MAC Addresses a Port Can Learn The MAC address learning mechanism enables an Ethernet switch to acquire the MAC addresses of the network devices on the segment connected to the ports of the switch.

  • Page 241: Assigning Mac Addresses For Ethernet Ports

    To avoid the problem, you are allowed to assign MAC addresses to the Ethernet ports on an S3100-52P switch. The idea is to assign a MAC address (called the start port MAC address) for the start Ethernet port, that is, Ethernet 1/0/1, and each of the following ports uses the MAC address of the preceding port plus 1 as its MAC address.

  • Page 242: Displaying Mac Address Table Information

    Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table H3C S3100-52P Ethernet Switch Management Port MAC address configuration does not affect service packet forwarding. 1.3 Displaying MAC Address Table Information To do… Use the command… Remarks Display information about the MAC...
  • Page 243 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 MSTP Configuration ....................1-1 1.1 STP Overview ........................1-1 1.2 MSTP Overview ....................... 1-11 1.2.1 Background of MSTP .................... 1-11 1.2.2 Basic MSTP Terminologies................... 1-12 1.2.3 Principle of MSTP....................
  • Page 244 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Table of Contents 1.6 Configuring Guard Functions................... 1-42 1.6.1 Introduction......................1-42 1.6.2 Configuration Prerequisites................... 1-44 1.6.3 Configuring BPDU Guard..................1-44 1.6.4 Configuring Root Guard ..................1-45 1.6.5 Configuring Loop Guard..................1-46 1.6.6 Configuring TC-BPDU Attack Guard..............1-46 1.6.7 Configuring BPDU Dropping .................

  • Page 245: Chapter 1 Mstp Configuration

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration Chapter 1 MSTP Configuration Go to these sections for information you are interested in: MSTP Overview Configuring Root Bridge Configuring Leaf Nodes Performing mCheck Operation Configuring Guard Functions...
  • Page 246 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration II. Protocol packets of STP STP uses bridge protocol data units (BPDUs), also known as configuration messages, as its protocol packets. STP identifies the network topology by transmitting BPDUs between STP compliant network devices.
  • Page 247 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration Classification Designated bridge Designated port The port through which A designated bridge is a device the designated bridge For a LAN responsible for forwarding forwards BPDUs to this BPDUs to this LAN segment.
  • Page 248 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration IV. How STP works STP identifies the network topology by transmitting configuration BPDUs between network devices. Configuration BPDUs contain sufficient information for network devices to complete the spanning tree calculation. Important fields in a configuration BPDU include: Root bridge ID, consisting of root bridge priority and MAC address.
  • Page 249 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration Table 1-2 Selection of the optimum configuration BPDU Step Description Upon receiving a configuration BPDU on a port, the device performs the following processing: If the received configuration BPDU has a lower priority than...
  • Page 250 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration Table 1-3 Selection of the root port and designated ports Step Description A non-root-bridge device takes the port on which the optimum configuration BPDU was received as the root port.
  • Page 251 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration Figure 1-2 Network diagram for STP algorithm Initial state of each device The following table shows the initial state of each device. Table 1-4 Initial state of each device...
  • Page 252 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration Table 1-5 Comparison process and result on each device BPDU of port Device Comparison process after comparison Port AP1 receives the configuration BPDU of Device B {1, 0, 1, BP1}. Device A finds that the...
  • Page 253 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration BPDU of port after Device Comparison process comparison Port CP1 receives the configuration BPDU of Device A {0, 0, 0, AP2}. Device C finds that the received configuration BPDU is superior to the...
  • Page 254 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration Figure 1-3 The final calculated spanning tree Note: To facilitate description, the spanning tree calculation process in this example is simplified, while the actual process is more complicated.

  • Page 255: Mstp Overview

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration root port and designated port begin to forward data as soon as they are elected, a temporary loop may occur. STP timers The following three time parameters are important for STP calculation: Forward delay, the period a device waits before state transition.

  • Page 256: Basic Mstp Terminologies

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration Note: In RSTP, the state of a root port can transit fast under the following conditions: the old root port on the device has stopped forwarding data and the upstream designated port has started forwarding data.
  • Page 257 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration Region A0: VLAN 1 mapped to MSTI 1 VLAN 2 mapped to MSTI 2 Other VLANs mapped to CIST BPDU BPDU BPDU Region B0: VLAN 1 mapped to MSTI 1...
  • Page 258 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration III. VLAN-to-MSTI mapping table A VLAN-to-MSTI mapping table is maintained for each MST region. The table is a collection of mappings between VLANs and MSTIs. For example, in...
  • Page 259 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration A designated port is used to forward packets to a downstream network segment or switch. A master port connects an MST region to the common root. The path from the master port to the common root is the shortest path between the MST region and the common root.
  • Page 260 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration Connecting to the common root bridge Region boundary ports Port 2 MST region Port 1 Master port Alternate port Port 6 Port 5 Backup port Designated port Port 3...

  • Page 261: Principle Of Mstp

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration 1.2.3 Principle of MSTP MSTP divides a Layer 2 network into multiple MST regions. The CSTs are generated between these MST regions, and multiple spanning trees (also called MSTIs) can be generated in each MST region.

  • Page 262: Mstp Implementation On Switches

    MSTP is compatible with both STP and RSTP. That is, MSTP-enabled switches can recognize the protocol packets of STP and RSTP and use them for spanning tree calculation. In addition to the basic MSTP functions, H3C series switches also provide the following functions for users to manage their switches.

  • Page 263: Configuring Root Bridge

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration 1.3 Configuring Root Bridge Complete the following tasks to configure the root bridge: Task Remarks Required To prevent network topology jitter caused by other related configurations, you are...

  • Page 264: Configuring An Mst Region

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration 1.3.1 Configuration Prerequisites The role (root, branch, or leaf) of each switch in each MSTI is determined. 1.3.2 Configuring an MST Region I. Configuration procedure Follow these steps to configure an MST region: To do...
  • Page 265 (a 802.1s-defined protocol selector, which is 0 by default and cannot be configured), MST region name, VLAN-to-MSTI mapping table, and revision level. The H3C series support only the MST region name, VLAN-to-MSTI mapping table, and revision level. Switches with the settings of these parameters being the same are assigned to the same MST region.

  • Page 266: Specifying The Current Switch As A Root Bridge/Secondary Root Bridge

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration 20 to 30 1.3.3 Specifying the Current Switch as a Root Bridge/Secondary Root Bridge MSTP can automatically choose a switch as a root bridge through calculation. You can also manually specify the current switch as a root bridge by using the corresponding commands.

  • Page 267: Configuring The Bridge Priority Of The Current Switch

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration You can specify the network diameter and the hello time parameters while configuring a root bridge/secondary root bridge. Refer to Configuring the Network Diameter of the Switched Network...
  • Page 268 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration Caution: Once you specify a switch as the root bridge or a secondary root bridge by using the stp root primary or stp root secondary command, the bridge priority of the switch cannot be configured any more.
  • Page 269 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration If packets in legacy format are received, the port turns to discarding state to prevent network storm. I. Configuration procedure Follow these steps to configure how a port recognizes and sends MSTP packets (in system view): To do...

  • Page 270: Configuring The Mstp Operation Mode

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration 1.3.6 Configuring the MSTP Operation Mode To make an MSTP-enabled switch compatible with STP/RSTP, MSTP provides the following three operation modes: STP-compatible mode, where the ports of a switch send STP BPDUs to neighboring devices.

  • Page 271: Configuring The Network Diameter Of The Switched Network

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration mechanism disables the switches that are beyond the maximum hop count from participating in spanning tree calculation, and thus limits the size of an MST region. With such a mechanism, the maximum hop count configured on the switch operating as the root bridge of the CIST or an MSTI in an MST region becomes the network diameter of the spanning tree, which limits the size of the spanning tree in the current MST region.

  • Page 272: Configuring The Mstp Time-Related Parameters

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration The network diameter parameter indicates the size of a network. The bigger the network diameter is, the larger the network size is. After you configure the network diameter of a switched network, an MSTP-enabled switch adjusts its hello time, forward delay, and max age settings accordingly to better values.
  • Page 273 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration Caution: The forward delay parameter and the network diameter are correlated. Normally, a large network diameter corresponds to a large forward delay. A too small forward delay parameter may result in temporary redundant paths. And a too large forward delay parameter may cause a network unable to resume the normal state in time after changes occurred to the network.
  • Page 274 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration by the hello time parameter to check for link failures. Normally, a switch regards its upstream switch faulty if the former does not receive any BPDU from the latter in a period three times of the hello time and then initiates the spanning tree recalculation process.

  • Page 275: Configuring The Current Port As An Edge Port

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration To do... Use the command... Remarks Enter system view — system-view Required Configure the maximum The maximum stp interface interface-list transmitting rate for transmitting rate of all transmit-limit packetnum...
  • Page 276 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration port changes from the blocking state to the forwarding state, it does not have to wait for a delay. You can configure a port as an edge port in one of the following two ways.

  • Page 277: Specifying Whether The Link Connected To A Port Is Point-To-Point Link

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration <Sysname> system-view [Sysname] stp interface Ethernet 1/0/1 edged-port enable Configure Ethernet 1/0/1 as an edge port in Ethernet port view <Sysname> system-view [Sysname] interface Ethernet 1/0/1 [Sysname-Ethernet1/0/1] stp edged-port enable 1.3.13 Specifying Whether the Link Connected to a Port Is Point-to-point...
  • Page 278 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration Note: If you configure the link connected to a port in an aggregation group as a point-to-point link, the configuration will be synchronized to the rest ports in the same aggregation group.

  • Page 279: Configuring Leaf Nodes

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration Follow these steps to enable MSTP in Ethernet port view: To do... Use the command... Remarks Enter system view — system-view Required Enable MSTP stp enable MSTP is disabled by default.

  • Page 280: Configuring The Mst Region

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration Task Remarks Configuring an MST Region Required Configuring How a Port Recognizes and Optional Sends MSTP Packets Configuring the Timeout Time Factor Optional Optional Configuring the Maximum Transmitting Rate on the Current Port The default value is recommended.

  • Page 281: Configuring A Port As An Edge Port

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration 1.4.6 Configuring a Port as an Edge Port Refer to Configuring the Current Port as an Edge Port. 1.4.7 Configuring the Path Cost for a Port The path cost parameter reflects the rate of the link connected to the port. For a port on an MSTP-enabled switch, the path cost may be different in different MSTIs.
  • Page 282 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration Operation mode Latency Rate 802.1D-1998 IEEE 802.1t (half-/full-duplex) standard Half-duplex/Full-duplex 200,000 Aggregated link 2 ports 100,000 100 Mbps Aggregated link 3 ports 66,666 Aggregated link 4 ports 50,000...
  • Page 283 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration Follow these steps to configure the path cost for a port in Ethernet port view: To do... Use the command... Remarks Enter system view — System-view interface interface-type Enter Ethernet port view —...

  • Page 284: Configuring Port Priority

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration 1.4.8 Configuring Port Priority Port priority is an important criterion on determining the root port. In the same condition, the port with the smallest port priority value becomes the root port.

  • Page 285: Specifying Whether The Link Connected To A Port Is A Point-To-Point Link

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration <Sysname> system-view [Sysname] stp interface Ethernet 1/0/1 instance 1 port priority 16 Perform this configuration in Ethernet port view <Sysname> system-view [Sysname] interface Ethernet 1/0/1 [Sysname-Ethernet1/0/1] stp instance 1 port priority 16 1.4.9 Specifying Whether the Link Connected to a Port Is a Point-to-point...

  • Page 286: Configuring Guard Functions

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration To do... Use the command... Remarks Enter system view — system-view Perform the mCheck stp [ interface Required operation interface-list ] mcheck II. Perform the mCheck operation in Ethernet port view Follow these steps to perform the mCheck operation in Ethernet port view: To do...
  • Page 287 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration Normally, no configuration BPDU will reach edge ports. But malicious users can attack a network by sending configuration BPDUs deliberately to edge ports to cause network jitter. You can prevent this type of attacks by utilizing the BPDU guard function. With this function enabled on a switch, the switch shuts down the edge ports that receive configuration BPDUs and then reports these cases to the administrator.

  • Page 288: Configuration Prerequisites

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration IV. TC-BPDU attack guard Normally, a switch removes its MAC address table and ARP entries upon receiving TC-BPDUs. If a malicious user sends a large amount of TC-BPDUs to a switch in a...

  • Page 289: Configuring Root Guard

    [Sysname] stp bpdu-protection Caution: As Gigabit ports of an S3100-52P Ethernet switch cannot be shut down, the BPDU guard function is not applicable to these ports even if you enable the BPDU guard function and specify these ports to be MSTP edge ports.

  • Page 290: Configuring Loop Guard

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration To do... Use the command... Remarks Required Enable the root guard function on the current stp root-protection The root guard function is port disabled by default. II. Configuration example # Enable the root guard function on Ethernet 1/0/1.

  • Page 291: Configuring Bpdu Dropping

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration II. Configuration procedure Follow these steps to configure the TC-BPDU attack guard function: To do... Use the command... Remarks Enter system view — system-view Required Enable the TC-BPDU...

  • Page 292: Configuring Digest Snooping

    This problem can be overcome by implementing the digest snooping feature. If a port on an S3100-52P Ethernet switch is connected to another manufacturer's switch that has the same MST region-related configuration as its own but adopts a proprietary spanning tree protocol, you can enable digest snooping on the port.
  • Page 293 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration To do... Use the command... Remarks Enter system view — system-view interface interface-type Enter Ethernet port view — interface-number Required Enable the digest The digest snooping snooping feature...

  • Page 294: Configuring Rapid Transition

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration 1.8 Configuring Rapid Transition 1.8.1 Introduction Designated ports of RSTP-enabled or MSTP-enabled switches use the following two types of packets to implement rapid transition: Proposal packets: Packets sent by designated ports to request rapid transition...

  • Page 295: Configuring Rapid Transition

    RSTP in the way to implement rapid transition on designated ports. When a switch of this kind operating as the upstream switch connects with a H3C series switch running MSTP, the upstream designated port fails to change its state rapidly.
  • Page 296 RSTP in the way to implement rapid transition on designated ports. Port 1 is the designated port. The downstream H3C switch is running MSTP. Port 2 is the root port. Figure 1-8 Network diagram for rapid transition configuration II. Configuration procedure...

  • Page 297: Configuring Vlan-Vpn Tunnel

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration Note: The rapid transition feature can be enabled on only root ports or alternate ports. If you configure the rapid transition feature on a designated port, the feature does not take effect on the port.

  • Page 298: Stp Maintenance Configuration

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration To do... Use the command... Remarks Enter system view — system-view Enable MSTP globally — stp enable Required Enable the VLAN-VPN vlan-vpn tunnel The VLAN-VPN tunnel function tunnel function globally is disabled by default.

  • Page 299: Configuration Example

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration To do... Use the command... Remarks Required Enable log/trap output for By default, log/trap output stp portlog all the ports of all instances is disabled for the ports of all instances.

  • Page 300: Displaying And Maintaining Mstp

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration 1.12 Displaying and Maintaining MSTP To do... Use the command... Remarks display stp [ instance Display the state and statistics instance-id ] [ interface information about spanning interface-list | slot slot-number ]...
  • Page 301 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration II. Network diagram Figure 1-10 Network diagram for MSTP configuration Note: The word “permit” shown in Figure 1-10 means the corresponding link permits packets of specific VLANs. III. Configuration procedure Configure Switch A # Enter MST region view.
  • Page 302 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration # Configure the region name, VLAN-to-MSTI mapping table, and revision level for the MST region. [Sysname-mst-region] region-name example [Sysname-mst-region] instance 1 vlan 10 [Sysname-mst-region] instance 3 vlan 30...

  • Page 303: Vlan-Vpn Tunnel Configuration Example

    Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration 1.14 VLAN-VPN tunnel Configuration Example I. Network requirements Switch C and Switch D are the access devices for the service provider network. Switch A and Switch B are the access devices for the customer networks.
  • Page 304 Operation Manual – MSTP H3C S3100-52P Ethernet Switch Chapter 1 MSTP Configuration <Sysname> system-view [Sysname] stp enable # Enable the VLAN-VPN tunnel function. [Sysname] vlan-vpn tunnel # Add Ethernet 1/0/1 to VLAN 10. [Sysname] vlan 10 [Sysname-Vlan10] port Ethernet 1/0/1 [Sysname-Vlan10] quit # Disable STP on Ethernet 1/0/1 and then enable the VLAN VPN function on it.
  • Page 305 Operation Manual – Static Route H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 IP Routing Protocol Overview ..................1-1 1.1 Introduction to IP Route and Routing Table ..............1-1 1.1.1 IP Route ........................1-1 1.1.2 Routing Table ......................1-1 1.1.3 Routing Protocols and Routing Priority ..............

  • Page 306: Chapter 1 Ip Routing Protocol Overview

    Operation Manual – Static Route H3C S3100-52P Ethernet Switch Chapter 1 IP Routing Protocol Overview Chapter 1 IP Routing Protocol Overview Go to these sections for information you are interested in: Introduction to IP Route and Routing Table Displaying and Maintaining a Routing Table...
  • Page 307 Operation Manual – Static Route H3C S3100-52P Ethernet Switch Chapter 1 IP Routing Protocol Overview Mask: Along with the destination address, it identifies the address of the network segment where the destination host or router resides. By performing a logical AND operation between destination address and network mask, you can get the address of the network segment where the destination host or router resides.

  • Page 308: Routing Protocols And Routing Priority

    Operation Manual – Static Route H3C S3100-52P Ethernet Switch Chapter 1 IP Routing Protocol Overview Router A Router F 13.0.0.1 13.0.0.2 13.0.0.0 16.0.0.1 11.0.0.1 13.0.0.3 Router D 11.0.0.0 16.0.0.0 14.0.0.2 11.0.0.2 16.0.0.2 14.0.0.1 14.0.0.3 Router B Router G 14.0.0.0 17.0.0.1 12.0.0.1...

  • Page 309: Route Backup

    Operation Manual – Static Route H3C S3100-52P Ethernet Switch Chapter 1 IP Routing Protocol Overview Note: The smaller the priority value, the higher the priority. The priority for a direct route is always 0, which you cannot change. Any other type of routes can have their priorities manually configured.
  • Page 310 Operation Manual – Static Route H3C S3100-52P Ethernet Switch Chapter 1 IP Routing Protocol Overview To do… Use the command… Remarks Clear statistics about a reset ip routing-table statistics Available in routing table protocol { all | protocol } user view...

  • Page 311: Chapter 2 Static Route Configuration

    Operation Manual – Static Route H3C S3100-52P Ethernet Switch Chapter 2 Static Route Configuration Chapter 2 Static Route Configuration When configuring a static route, go to these sections for information you are interested Introduction to Static Route Static Route Configuration...

  • Page 312: Default Route

    Operation Manual – Static Route H3C S3100-52P Ethernet Switch Chapter 2 Static Route Configuration Blackhole route: route with blackhole attribute. If a static route destined for a destination has the blackhole attribute, the outgoing interface of this route is the Null 0 interface regardless of the next hop address, and all the IP packets addressed to this destination will be dropped without notifying the source hosts.

  • Page 313: Displaying And Maintaining Static Routes

    Operation Manual – Static Route H3C S3100-52P Ethernet Switch Chapter 2 Static Route Configuration Note: Use the ip route-static command to configure a default route by setting the destination IP address and the mask to 0.0.0.0. Avoid configuring the next hop address of a static route to the address of an interface on the local switch.
  • Page 314 Operation Manual – Static Route H3C S3100-52P Ethernet Switch Chapter 2 Static Route Configuration Figure 2-1 Network diagram for static route configuration III. Configuration procedure Note: When only one interface of the device is interconnected with another network segment, you can implement network communication by configuring either a static route or default route.

  • Page 315: Troubleshooting A Static Route

    Operation Manual – Static Route H3C S3100-52P Ethernet Switch Chapter 2 Static Route Configuration [SwitchB] ip route-static 0.0.0.0 0.0.0.0 1.1.3.1 # Configure static routes on Switch C. <SwitchC> system-view [SwitchC] ip route-static 1.1.1.0 255.255.255.0 1.1.2.1 [SwitchC] ip route-static 1.1.4.0 255.255.255.0 1.1.3.2 Perform the following configurations on the host.
  • Page 316 Operation Manual – Multicast H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 Multicast Overview ...................... 1-1 1.1 Multicast Overview......................1-1 1.1.1 Information Transmission in the Unicast Mode............1-1 1.1.2 Information Transmission in the Broadcast Mode........... 1-2 1.1.3 Information Transmission in the Multicast Mode.............
  • Page 317 Operation Manual – Multicast H3C S3100-52P Ethernet Switch Table of Contents 3.2.13 Configuring Multicast VLAN ................3-16 3.3 Displaying and Maintaining IGMP Snooping ..............3-18 3.4 IGMP Snooping Configuration Examples ................ 3-19 3.4.1 Configuring IGMP Snooping ................. 3-19 3.4.2 Configuring Multicast VLAN .................. 3-21...

  • Page 318: Chapter 1 Multicast Overview

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 1 Multicast Overview Chapter 1 Multicast Overview Note: In this manual, the term “router” refers to a router in the generic sense and a Layer 3 Ethernet switch running an IP multicast protocol.

  • Page 319: Information Transmission In The Broadcast Mode

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 1 Multicast Overview Host A Receiver Host B Source Host C Server Receiver Host D Receiver Packets for Host B Packets for Host D Host E Packets for Host E Figure 1-1 Information transmission in the unicast mode Assume that Hosts B, D and E need this information.

  • Page 320: Information Transmission In The Multicast Mode

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 1 Multicast Overview Host A Receiver Host B Source Host C Server Receiver Host D Receiver Packets for all the network Host E Figure 1-2 Information transmission in the broadcast mode Assume that Hosts B, D, and E need the information.

  • Page 321: Roles In Multicast

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 1 Multicast Overview Host A Receiver Host B Source Host C Server Receiver Host D Receiver Packets for the multicast group Host E Figure 1-3 Information transmission in the multicast mode Assume that Hosts B, D and E need the information.

  • Page 322: Advantages And Applications Of Multicast

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 1 Multicast Overview A router that supports Layer 3 multicast is called multicast router or Layer 3 multicast device. In addition to providing multicast routing, a multicast router can also manage multicast group members.

  • Page 323: Multicast Models

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 1 Multicast Overview Multicast provides the following applications: Applications of multimedia and flow media, such as Web TV, Web radio, and real-time video/audio conferencing. Communication for training and cooperative operations, such as remote education.

  • Page 324: Multicast Architecture

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 1 Multicast Overview 1.3 Multicast Architecture The purpose of IP multicast is to transmit information from a multicast source to receivers in the multicast mode and to satisfy information requirements of receivers.
  • Page 325 Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 1 Multicast Overview packets. Class D address must not appear in the IP address field of a source IP address of IP packets. Class E IP addresses are reserved for future use.
  • Page 326 Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 1 Multicast Overview Table 1-3 Reserved IP multicast addresses Class D address range Description 224.0.0.1 Address of all hosts 224.0.0.2 Address of all multicast routers 224.0.0.3 Unassigned Distance Vector Multicast Routing Protocol 224.0.0.4...

  • Page 327: Multicast Protocols

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 1 Multicast Overview II. Ethernet multicast MAC address When a unicast IP packet is transported in an Ethernet network, the destination MAC address is the MAC address of the receiver. When a multicast packet is transported in an Ethernet network, a multicast MAC address is used as the destination address because the destination is a group with an uncertain number of members.
  • Page 328 Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 1 Multicast Overview I. Layer 3 multicast protocols Layer 3 multicast protocols include multicast group management protocols and multicast routing protocols. Figure 1-5 describes where these multicast protocols are in a network.

  • Page 329: Multicast Packet Forwarding Mechanism

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 1 Multicast Overview For the SSM model, multicast routes are not divided into inter-domain routes and intra-domain routes. Since receivers know the position of the multicast source, channels established through PIM-SM are sufficient for multicast information transport.

  • Page 330: Implementation Of The Rpf Mechanism

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 1 Multicast Overview To process the same multicast information from different peers received on different interfaces of the same device, every multicast packet is subject to a Reverse Path Forwarding (RPF) check on the incoming interface. The result of the RPF check determines whether the packet will be forwarded or discarded.
  • Page 331 Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 1 Multicast Overview independently maintain any type of unicast route; instead, it relies on the existing unicast routing information in creating multicast routing entries. When performing an RPF check, a router searches its unicast routing table. The specific process is as follows: The router automatically chooses an optimal unicast route by searching its unicast routing table, using the IP address of the “packet source”...

  • Page 332: Chapter 2 Common Multicast Configuration

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 2 Common Multicast Configuration Chapter 2 Common Multicast Configuration Note: In this manual, the term “router” refers to a router in the generic sense and a Layer 3 Ethernet switch running an IP multicast protocol.

  • Page 333: Configuring A Multicast Mac Address Entry

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 2 Common Multicast Configuration II. Configuring multicast source port suppression in Ethernet port view Follow these steps to configure multicast source port suppression in Ethernet port view: To do... Use the command...

  • Page 334: Configuring Dropping Unknown Multicast Packets

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 2 Common Multicast Configuration Note: If the multicast MAC address entry to be created already exists, the system gives you a prompt. If you want to add a port to a multicast MAC address entry created through the mac-address multicast command, you need to remove the entry first, create this entry again, and then add the specified port to the forwarding ports of this entry.

  • Page 335: Displaying Common Multicast Configuration

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 2 Common Multicast Configuration 2.2 Displaying Common Multicast Configuration Follow these commands to display common multicast configuration: To do... Use the command... Remarks Display the statistics display multicast-source-deny Available in information about multicast...

  • Page 336: Chapter 3 Igmp Snooping Configuration

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration Chapter 3 IGMP Snooping Configuration When configuring IGMP snooping, go to these sections for information you are interested in: IGMP Snooping Overview IGMP Snooping Configuration Task List...

  • Page 337: Basic Concepts In Igmp Snooping

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration Multicast packet transmission Multicast packet transmission without IGMP Snooping when IGMP Snooping runs Multicast router Multicast router Source Source Layer 2 switch Layer 2 switch Host A...

  • Page 338: Work Mechanism Of Igmp Snooping

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration Router port: A router port is a port on the Layer 3 multicast device (DR or IGMP querier) side of the Ethernet switch. In the figure, Ethernet 1/0/1 of Switch A and Ethernet 1/0/1 of Switch B are router ports.
  • Page 339 Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration Upon receiving an IGMP query, a multicast group member host responds with an IGMP report. When intended to join a multicast group, a host sends an IGMP report to the multicast router to announce that it is interested in the multicast information addressed to that group.

  • Page 340: Igmp Snooping Configuration Task List

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration through all the router ports in the VLAN and all member ports of that multicast group, and performs the following to the receiving port: If any IGMP report in response to the group-specific query arrives to the member...

  • Page 341: Enabling Igmp Snooping

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration Task Remarks Configuring Multicast VLAN Optional 3.2.1 Enabling IGMP Snooping Follow these steps to enable IGMP Snooping: To do... Use the command... Remarks Enter system view system-view —...

  • Page 342: Configuring Timers

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration To do... Use the command... Remarks Enter system view system-view — Enter VLAN view vlan vlan-id — Optional Configure the igmp-snooping version version of IGMP The default IGMP Snooping...

  • Page 343: Configuring Fast Leave Processing

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration 3.2.4 Configuring Fast Leave Processing With fast leave processing enabled, when the switch receives an IGMP leave message on a port, the switch directly removes that port from the forwarding table entry for the specific group.

  • Page 344: Configuring A Multicast Group Filter

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration Note: The fast leave processing function works for a port only if the host attached to the port runs IGMPv2 or IGMPv3. The configuration performed in system view takes effect on all ports of the switch if no VLAN is specified;...

  • Page 345: Configuring The Maximum Number Of Multicast Groups On A Port

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration II. Configuring a multicast group filter in Ethernet port view Follow these steps to configure a multicast group filter in Ethernet port view: To do... Use the command...

  • Page 346: Configuring Igmp Snooping Querier

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration To do... Use the command... Remarks Required igmp-snooping group-limit Limit the number of The maximum number of limit [ vlan vlan-list multicast groups on a port multicast groups on a port [ overflow-replace ] ] is 256 by default.

  • Page 347: Suppressing Flooding Of Unknown Multicast Traffic In A Vlan

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration To do... Use the command... Remarks Enable IGMP Snooping igmp-snooping enable Required Required Enable IGMP Snooping By default, IGMP igmp-snooping querier querier Snooping querier is disabled. Optional...

  • Page 348: Configuring Static Member Port For A Multicast Group

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration Note: If the function of dropping unknown multicast packets function is enabled, you cannot enable unknown multicast flooding suppression. Unknown multicast flooding suppression and multicast source port suppression cannot take effect at the same time.

  • Page 349: Configuring A Static Router Port

    H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration Caution: You can configure up to 200 static member ports on an S3100-52P switch. If a port has been configured as a reflect port, it cannot be configured as a static member port.
  • Page 350 Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration there is no member of the multicast group on the local subnet and remove the corresponding path. To avoid this from happening, you can configure a port of the VLAN of the switch as a multicast group member.

  • Page 351: Configuring A Vlan Tag For Query Messages

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration 3.2.12 Configuring a VLAN Tag for Query Messages By configuring the VLAN tag carried in IGMP general and group-specific queries forwarded and sent by IGMP Snooping switches, you can enable multicast packet forwarding between different VLANs In a Layer-2 multicast network environment.
  • Page 352 Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration To do... Use the command... Remarks interface Vlan-interface Enter VLAN interface view — vlan-id Required Enable IGMP igmp enable By default, the IGMP feature is disabled. Return to system view quit —...

  • Page 353: Displaying And Maintaining Igmp Snooping

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration To do... Use the command... Remarks Enter Ethernet port view interface interface-type — for a user device interface-number Define the port as a hybrid port link-type hybrid...

  • Page 354: Igmp Snooping Configuration Examples

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration 3.4 IGMP Snooping Configuration Examples 3.4.1 Configuring IGMP Snooping I. Network requirements To prevent multicast traffic from being flooded at Layer 2, enable IGMP snooping on Layer 2 switches.
  • Page 355 Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration [RouterA-Ethernet1/0/1] igmp enable [RouterA-Ethernet1/0/1] pim dm [RouterA-Ethernet1/0/1] quit [RouterA] interface Ethernet 1/0/2 [RouterA-Ethernet1/0/2] pim dm [RouterA-Ethernet1/0/2] quit Configure Switch A # Enable IGMP Snooping globally. <SwitchA> system-view [SwitchA] igmp-snooping enable Enable IGMP-Snooping ok.

  • Page 356: Configuring Multicast Vlan

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration 3.4.2 Configuring Multicast VLAN I. Network requirements As shown in Figure 3-4, Workstation is a multicast source. Switch A forwards multicast data from the multicast source. A Layer 2 switch, Switch B forwards the multicast data to the end users Host A and Host B.
  • Page 357 Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration II. Network diagram Vlan-int10 Vlan-int20 HostA Eth1/0/10 168.10.2.1 168.10.1.1 Eth1/0/10 Vlan10 Eth1/0/1 WorkStation SwitchA SwitchB HostB Figure 3-4 Network diagram for multicast VLAN configuration III. Configuration procedure The following configuration is based on the prerequisite that the devices are properly connected and all the required IP addresses are already configured.
  • Page 358 Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration [SwitchA-Vlan-interface10] igmp enable [SwitchA-Vlan-interface10] pim dm Configure Switch B: # Enable the IGMP Snooping feature on Switch B. <SwitchB> system-view [SwitchB] igmp-snooping enable # Create VLAN 2, VLAN 3 and VLAN 10, configure VLAN 10 as the multicast VLAN, and then enable IGMP Snooping on it.

  • Page 359: Troubleshooting Igmp Snooping

    Operation Manual – Multicast H3C S3100-52P Ethernet Switch Chapter 3 IGMP Snooping Configuration 3.5 Troubleshooting IGMP Snooping Symptom: Multicast function does not work on the switch. Solution: Possible reasons are: IGMP Snooping is not enabled. Use the display current-configuration command to check the status of IGMP Snooping.
  • Page 360 1.1.3 Encapsulation of EAPoL Messages ................ 1-4 1.1.4 802.1x Authentication Procedure ................1-7 1.1.5 Timers Used in 802.1x ..................1-10 1.1.6 802.1x Implementation on an S3100-52P Switch ..........1-11 1.2 Introduction to 802.1x Configuration................1-15 1.3 Basic 802.1x Configuration....................1-16 1.3.1 Configuration Prerequisites...................
  • Page 361 Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Table of Contents 3.4 Displaying and Maintaining HABP Configuration .............. 3-2 Chapter 4 System Guard Configuration..................4-1 4.1 System Guard Overview....................4-1 4.1.1 Guard Against IP Attacks ..................4-1 4.1.2 Guard Against TCN Attacks ..................

  • Page 362: Chapter 1 802.1X Configuration

    Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration Chapter 1 802.1x Configuration Note: The online user handshaking function is added. See Configuring Basic 802.1x Functions. The configuration of 802.1x re-authentication is added. See Configuring 802.1x...

  • Page 363: Architecture Of 802.1X Authentication

    The authenticator system is another entity residing at one end of a LAN segment. It authenticates the connected supplicant systems. The authenticator system is usually an 802.1x-supported network device (such as a H3C series switch). It provides the port (physical or logical) for the supplicant system to access the LAN.

  • Page 364: The Mechanism Of An 802.1X Authentication System

    By default, a controlled port is a unidirectional port. IV. The way a port is controlled A port of a H3C series switch can be controlled in the following two ways. Port-based authentication. When a port is controlled in this way, all the supplicant systems connected to the port can access the network without being authenticated after one supplicant system among them passes the authentication.

  • Page 365: Encapsulation Of Eapol Messages

    Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration Figure 1-2 The mechanism of an 802.1x authentication system EAP protocol packets transmitted between the supplicant system PAE and the authenticator system PAE are encapsulated as EAPoL packets.
  • Page 366 Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration 00: Indicates that the packet is an EAP-packet, which carries authentication information. 01: Indicates that the packet is an EAPoL-start packet, which initiates the authentication.
  • Page 367 Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration Figure 1-5 shows the format of the Data field of a Request packet or a Response packet. Figure 1-5 The format of the Data field of a Request packet or a Response packet The Type field indicates the EAP authentication type.

  • Page 368: Authentication Procedure

    H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration 1.1.4 802.1x Authentication Procedure A H3C S3100-52P Ethernet switch can authenticate supplicant systems in EAP terminating mode or EAP relay mode. I. EAP relay mode This mode is defined in 802.1x. In this mode, EAP packets are encapsulated in higher level protocol (such as EAPoR) packets to enable them to successfully reach the authentication server.
  • Page 369 Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration EAPOL EAPOR Authenticator system RADUIS Supplicant system server EAPOL - Start EAP- Request / Identity RADIUS Access - Request EAP- Response / Identity (EAP- Response / Identity)
  • Page 370 Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration Upon receiving the key (encapsulated in an EAP-request/MD5 challenge packet) from the switch, the client program encrypts the password of the supplicant system with the key and sends the encrypted password (contained in an EAP-response/MD5 challenge packet) to the RADIUS server through the switch.

  • Page 371: Timers Used In 802.1X

    Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration Supplicant RADIUS EAPOL Authenticator system RADIUS server system PAE EAPOL- Start EAP- Request /Identity EAP- Response/Identity EAP- Request/ MD5 Challenge EAP- Response/MD5 Challenge RADIUS Access-Request...

  • Page 372: Implementation On An S3100-52P Switch

    1.1.6 802.1x Implementation on an S3100-52P Switch In addition to the earlier mentioned 802.1x features, an S3100-52P switch is also capable of the following: Checking supplicant systems for proxies, multiple network adapters, and so on (This function needs the cooperation of a CAMS server.)
  • Page 373 Chapter 1 802.1x Configuration Note: H3C's CAMS Server is a service management system used to manage networks and to secure networks and user information. With the cooperation of other networking devices (such as switches) in the network, a CAMS server can implement the AAA functions and rights management.
  • Page 374 Note: The 802.1x client version-checking function needs the support of H3C’s 802.1x client program. III. The guest VLAN function The guest VLAN function enables supplicant systems that are not authenticated to access network resources in a restrained way.
  • Page 375 Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration to the user. To connect to the switch again, the user needs to initiate 802.1x authentication with the client software again. Note: When re-authenticating a user, a switch goes through the complete authentication process.

  • Page 376: Introduction To 802.1X Configuration

    Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration Note: 802.1x re-authentication will fail if a CAMS server is used and configured to perform authentication but not accounting. This is because a CAMS server establishes a user session after it begins to perform accounting.

  • Page 377: Basic 802.1X Configuration

    Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration 1.3 Basic 802.1x Configuration 1.3.1 Configuration Prerequisites Configure ISP domain and the AAA scheme to be adopted. You can specify a RADIUS scheme or a local scheme.
  • Page 378 Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration To do… Use the command… Remarks dot1x port-method { macbased | portbased } quit Optional Set authentication dot1x By default, a switch performs method for 802.1x...

  • Page 379: Timer And Maximum User Number Configuration

    With the support of the H3C proprietary client, handshake packets are used to test whether or not a user is online. As clients that are not of H3C do not support the online user handshaking function, switches cannot receive handshake acknowledgement packets from them in handshaking periods.
  • Page 380 Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration To do… Use the command... Remarks Optional By default, the maximum retry times to send a Set the maximum retry request packet is 2. That...

  • Page 381: Advanced 802.1X Configuration

    Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration Note: As for the dot1x max-user command, if you execute it in system view without specifying the interface-list argument, the command applies to all ports. You can also use this command in port view.

  • Page 382: Configuring Client Version Checking

    Remarks quit Note: The proxy checking function needs the cooperation of H3C's 802.1x client (iNode) program. The proxy checking function depends on the online user handshaking function. To enable the proxy detecting function, you need to enable the online user handshaking function first.

  • Page 383: Enabling Dhcp-Triggered Authentication

    Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration Note: As for the dot1x version-user command, if you execute it in system view without specifying the interface-list argument, the command applies to all ports. You can also execute this command in port view.

  • Page 384: Configuring 802.1X Re-Authentication

    Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration Caution: The guest VLAN function is available only when the switch operates in the port-based authentication mode. Only one guest VLAN can be configured for each switch.

  • Page 385: Displaying And Maintaining 802.1X Configuration

    Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration The switch uses the value of the Session-timeout attribute field of the Access-Accept packet sent by the RADIUS server as the re-authentication interval. The switch uses the value configured with the dot1x timer reauth-period command as the re-authentication interval for access users.
  • Page 386 Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration All supplicant systems that pass the authentication belong to the default domain named “aabbcc.net”. The domain can accommodate up to 30 users. As for authentication, a supplicant system is authenticated locally if the RADIUS server fails.
  • Page 387 Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration Note: Following configuration covers the major AAA/RADIUS configuration commands. Refer to AAA Operation for the information about these commands. Configuration on the client and the RADIUS servers is omitted.
  • Page 388 Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 1 802.1x Configuration # Configure to send the user name to the RADIUS server with the domain name truncated. [Sysname-radius-radius1] user-name-format without-domain [Sysname-radius-radius1] quit # Create the domain named “aabbcc.net” and enter its view.

  • Page 389: Chapter 2 Quick Ead Deployment Configuration

    In real applications, however, deploying EAD clients proves to be time consuming and inconvenient. To address the issue, the H3C S3100-52P provides the forcible deployment of EAD clients with 802.1x authentication, easing the work of EAD client deployment.

  • Page 390: Configuring Quick Ead Deployment

    Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 2 Quick EAD Deployment Configuration Note: The quick EAD deployment feature takes effect only when the access control mode of an 802.1x-enabled port is set to auto. 2.2 Configuring Quick EAD Deployment 2.2.1 Configuration Prerequisites...
  • Page 391 Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 2 Quick EAD Deployment Configuration Caution: You must configure the URL for HTTP redirection before configuring a free IP range. A URL must start with http:// and the segment where the URL resides must be in the free IP range.

  • Page 392: Displaying And Maintaining Quick Ead Deployment

    Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 2 Quick EAD Deployment Configuration 2.2.3 Displaying and Maintaining Quick EAD Deployment To do... Use the command... Remarks Display configuration display dot1x [ sessions information about quick | statistics ] [ interface...

  • Page 393: Troubleshooting

    Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 2 Quick EAD Deployment Configuration The Web server is configured properly. The default gateway of the user’s PC is configured as the IP address of the connected VLAN interface on the switch.

  • Page 394: Chapter 3 Habp Configuration

    Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 3 HABP Configuration Chapter 3 HABP Configuration When configuring HABP, go to these sections for information you are interested in: Introduction to HABP HABP Server Configuration HABP Client Configuration Displaying and Maintaining HABP Configuration 3.1 Introduction to HABP...

  • Page 395: Habp Client Configuration

    Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 3 HABP Configuration To do... Use the command... Remarks Optional Enable HABP habp enable By default, HABP is enabled. Required By default, a switch operates as an HABP...
  • Page 396 Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 3 HABP Configuration To do... Use the command... Remarks Display statistics on HABP Available in any view display habp traffic packets...

  • Page 397: Chapter 4 System Guard Configuration

    Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 4 System Guard Configuration Chapter 4 System Guard Configuration When configuring System Guard, go to these sections for information you are interested in: System Guard Overview Configuring System Guard Displaying and Maintaining System Guard Configuration 4.1 System Guard Overview...

  • Page 398: Configuring System Guard Against Tcn Attacks

    Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 4 System Guard Configuration Configuring parameters related to MAC address learning Follow these steps to configure System Guard against IP attacks: To do... Use the command... Remarks Enter system view system-view —...

  • Page 399: Enabling Layer 3 Error Control

    Operation Manual – 802.1x and System Guard H3C S3100-52P Ethernet switch Chapter 4 System Guard Configuration To do... Use the command... Remarks Required Enable System Guard system-guard tcn against TCN attacks enable Disabled by default Set the threshold of system-guard tcn...
  • Page 400 Operation Manual – AAA H3C S3100-52P Ethernet switch Table of Contents Table of Contents Chapter 1 AAA Overview ......................1-1 1.1 Introduction to AAA ......................1-1 1.1.1 Authentication......................1-1 1.1.2 Authorization ......................1-2 1.1.3 Accounting....................... 1-2 1.1.4 Introduction to ISP Domain ..................1-2 1.2 Introduction to AAA Services .....................
  • Page 401 Operation Manual – AAA H3C S3100-52P Ethernet switch Table of Contents 2.4 Displaying and Maintaining AAA Configuration ............... 2-32 2.4.1 Displaying and Maintaining AAA Configuration ............ 2-32 2.4.2 Displaying and Maintaining RADIUS Protocol Configuration........ 2-32 2.4.3 Displaying and Maintaining HWTACACS Protocol Configuration......2-33 2.5 AAA Configuration Examples ..................

  • Page 402: Chapter 1 Aaa Overview

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 1 AAA Overview Chapter 1 AAA Overview Note: The configuration of ISP domain delimiter is added. See Creating an ISP Domain and Configuring Its Attributes. The configuration of HWTACACS authentication scheme for user level switching is added.

  • Page 403: Authorization

    Chapter 1 AAA Overview Remote authentication: Users are authenticated remotely through RADIUS or HWTACACS protocol. This device (for example, a H3C series switch) acts as the client to communicate with the RADIUS or TACACS server. You can use standard or extended RADIUS protocols in conjunction with such systems as iTELLIN/CAMS for user authentication.

  • Page 404: Introduction To Aaa Services

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 1 AAA Overview 1.2 Introduction to AAA Services 1.2.1 Introduction to RADIUS AAA is a management framework. It can be implemented by not only one protocol. But in practice, the most commonly used service for AAA is RADIUS.
  • Page 405 Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 1 AAA Overview In addition, a RADIUS server can act as a client of some other AAA server to provide authentication or accounting proxy service. II. Basic message exchange procedure in RADIUS The messages exchanged between a RADIUS client (a switch, for example) and a RADIUS server are verified through a shared key.
  • Page 406 Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 1 AAA Overview The RADIUS server returns a start-accounting response (Accounting-Response). The user starts to access network resources. The RADIUS client sends a stop-accounting request (Accounting-Request, with the Status-Type attribute value = stop) to the RADIUS server.
  • Page 407 Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 1 AAA Overview Code Message type Message description Direction: server->client. The server transmits this message to the Access-Reject client if any attribute value carried in the Access-Request message is unacceptable (that is, the user fails the authentication).
  • Page 408 Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 1 AAA Overview Table 1-2 RADIUS attributes Type field Type field Attribute type Attribute type value value User-Name Framed-IPX-Network User-Password State CHAP-Password Class NAS-IP-Address Vendor-Specific NAS-Port Session-Timeout Service-Type Idle-Timeout Framed-Protocol Termination-Action...

  • Page 409: Introduction To Hwtacacs

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 1 AAA Overview Type Length Vendor-ID Vendor-ID Type (specified) Length (specified) Specified attribute value…… …… Figure 1-4 Vendor-specific attribute format 1.2.2 Introduction to HWTACACS I. What is HWTACACS Huawei Terminal Access Controller Access Control System (HWTACACS) is an enhanced security protocol based on TACACS (RFC 1492).
  • Page 410 Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 1 AAA Overview HWTACACS server HWTACACS client Host HWTACACS server Figure 1-5 Network diagram for a typical HWTACACS application II. Basic message exchange procedure in HWTACACS The following text takes telnet user as an example to describe how HWTACACS implements authentication, authorization, and accounting for a user.
  • Page 411 Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 1 AAA Overview Figure 1-6 AAA implementation procedure for a telnet user The basic message exchange procedure is as follows: A user sends a login request to the switch acting as a TACACS client, which then sends an authentication start request to the TACACS server.
  • Page 412 Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 1 AAA Overview After receiving the password, the TACACS client sends an authentication continuance message carrying the password to the TACACS server. The TACACS server returns an authentication response, indicating that the user has passed the authentication.

  • Page 413: Chapter 2 Aaa Configuration

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration Chapter 2 AAA Configuration 2.1 AAA Configuration Task List You need to configure AAA to provide network access services for legal users while protecting network devices and preventing unauthorized access and repudiation behavior.

  • Page 414: Creating An Isp Domain And Configuring Its Attributes

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration Task Remarks Creating an ISP Domain and Required Configuring Its Attributes Configuring separate AAA schemes Required Required With separate AAA schemes, you can specify authentication, authorization and accounting schemes Configuring an AAA Scheme for an respectively.
  • Page 415 Note that: On an S3100-52P switch, each access user belongs to an ISP domain. You can configure up to 16 ISP domains on the switch. When a user logs in, if no ISP domain name is carried in the username, the switch assumes that the user belongs to the default ISP domain.

  • Page 416: Configuring An Aaa Scheme For An Isp Domain

    Note: H3C's CAMS Server is a service management system used to manage networks and ensure network and user information security. With the cooperation of other networking devices (such as switches) in a network, a CAMS server can implement the AAA functions and right management.
  • Page 417 Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration Caution: You can execute the scheme radius-scheme radius-scheme-name command to adopt an already configured RADIUS scheme to implement all the three AAA functions. If you adopt the local scheme, only the authentication and authorization functions are implemented, the accounting function cannot be implemented.
  • Page 418 RADIUS or local scheme still takes effect even if the authorization none command is executed. The S3100-52P Ethernet switch adopt hierarchical protection for command lines so as to inhibit users at lower levels from using higher level commands to configure the switches.

  • Page 419: Configuring Dynamic Vlan Assignment

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration III. Configuration guidelines Suppose a combined AAA scheme is available. The system selects AAA schemes according to the following principles: If authentication, authorization, accounting each have a separate scheme, the separate schemes are used.

  • Page 420: Configuring The Attributes Of A Local User

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration To do… Use the command… Remarks Enter system view system-view — Create an ISP domain domain isp-name — and enter its view Optional Set the VLAN vlan-assignment-mode By default, the VLAN...
  • Page 421 Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration To do… Use the command… Remarks Enter system view system-view — Optional By default, the password display mode of all access local-user Set the password display users is auto, indicating...

  • Page 422: Cutting Down User Connections Forcibly

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration Caution: The following characters are not allowed in the user-name string: /:*?<>. And you cannot input more than one “@” in the string. After the local-user password-display-mode cipher-force command is executed, any password will be displayed in cipher mode even though you specify to display a user password in plain text by using the password command.

  • Page 423: Radius Configuration Task List

    2.2 RADIUS Configuration Task List H3C’s Ethernet switches can function not only as RADIUS clients but also as local RADIUS servers. Complete the following tasks to configure RADIUS (the switch functions as a RADIUS...
  • Page 424 Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration Complete the following tasks to configure RADIUS (the switch functions as a local RADIUS server): Task Remarks Creating a RADIUS Scheme Required Configuring RADIUS Required Authentication/Authorization Servers Configuring RADIUS Accounting Servers...

  • Page 425: Creating A Radius Scheme

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration Note: Actually, the RADIUS service configuration only defines the parameters for information exchange between switch and RADIUS server. To make these parameters take effect, you must reference the RADIUS scheme configured with these parameters in an ISP domain view (refer to Configuration).

  • Page 426: Configuring Radius Accounting Servers

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration To do… Use the command… Remarks Required Set the IP address and By default, the IP address port number of the and UDP port number of primary authentication...
  • Page 427 Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration To do… Use the command… Remarks Optional Set the IP address By default, the IP address and and port number of secondary UDP port number of the the secondary...

  • Page 428: Configuring Shared Keys For Radius Messages

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration Note: In an actual network environment, you can specify one server as both the primary and secondary accounting servers, as well as specifying two RADIUS servers as the primary and secondary accounting servers respectively. In addition, because...

  • Page 429: Configuring The Maximum Number Of Radius Request Transmission Attempts

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration To do… Use the command… Remarks Required Set a shared key for RADIUS accounting key accounting string By default, no shared key messages is created. Caution: The authentication/authorization shared key and the accounting shared key you set on the switch must be respectively consistent with the shared key on the authentication/authorization server and the shared key on the accounting server.

  • Page 430: Configuring The Status Of Radius Servers

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration To do… Use the command… Remarks Enter system view system-view — Required By default, a RADIUS Create a RADIUS scheme radius scheme scheme named "system" and enter its view...

  • Page 431: Configuring The Attributes Of Data To Be Sent To Radius Servers

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration Follow these steps to set the status of RADIUS servers: To do… Use the command… Remarks Enter system view system-view — Required By default, a RADIUS Create a RADIUS scheme radius scheme scheme named "system"...
  • Page 432 Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration To do… Use the command… Remarks Optional data-flow-format data By default, in a RADIUS { byte | giga-byte | scheme, the data unit and Set the units of data flows...

  • Page 433: Configuring The Local Radius Server

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration Note: Generally, the access users are named in the userid@isp-name or userid.isp-name format. Here, isp-name after the “@” or “.” character represents the ISP domain name, by which the device determines which ISP domain a user belongs to.

  • Page 434: Configuring Timers For Radius Servers

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration Follow these steps to configure the local RADIUS server function: To do… Use the command… Remarks Enter system view system-view — Optional Enable UDP ports for By default, the UDP ports...

  • Page 435: Enabling Sending Trap Message When A Radius Server Goes Down

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration For the primary and secondary servers (authentication/authorization servers, or accounting servers) in a RADIUS scheme: When the switch fails to communicate with the primary server due to some server trouble, the switch will turn to the secondary server and exchange messages with the secondary server.

  • Page 436: Enabling The User Re-Authentication At Restart Function

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration To do… Use the command… Remarks Enter system view system-view — Optional Enable the sending of radius trap By default, the switch trap message when a { authentication-server-do...
  • Page 437 Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration Once the CAMS receives the Accounting-On message, it sends a response to the switch. At the same time it finds and deletes the original online information of the...

  • Page 438: Hwtacacs Configuration Task List

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration 2.3 HWTACACS Configuration Task List Complete the following tasks to configure HWTACACS: Task Remarks Creating a HWTACACS Scheme Required Configuring TACACS Authentication Servers Required Configuring TACACS Authorization Servers...

  • Page 439: Configuring Tacacs Authentication Servers

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration 2.3.2 Configuring TACACS Authentication Servers Follow these steps to configure TACACS authentication servers: To do… Use the command… Remarks Enter system view system-view — Required Create a HWTACACS...

  • Page 440: Configuring Tacacs Accounting Servers

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration To do… Use the command… Remarks Required Set the IP address and By default, the IP address port number of the primary authorization of the primary primary TACACS...

  • Page 441: Configuring Shared Keys For Hwtacacs Messages

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration To do… Use the command… Remarks Optional Enable the By default, the stop-accounting message stop-accounting retransmission function retry stop-accounting messages retransmission and set the maximum retry-times function is enabled and...

  • Page 442: Configuring The Attributes Of Data To Be Sent To Tacacs Servers

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration 2.3.6 Configuring the Attributes of Data to be Sent to TACACS Servers Follow these steps to configure the attributes for data to be sent to TACACS servers: To do…...
  • Page 443 Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration To do… Use the command… Remarks Enter system view system-view — Required Create a HWTACACS hwtacacs scheme By default, no scheme and enter its view hwtacacs-scheme-name HWTACACS scheme exists.

  • Page 444: Displaying And Maintaining Aaa Configuration

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration 2.4 Displaying and Maintaining AAA Configuration 2.4.1 Displaying and Maintaining AAA Configuration To do… Use the command… Remarks Display configuration information about one display domain [ isp-name ]...

  • Page 445: Displaying And Maintaining Hwtacacs Protocol Configuration

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration To do… Use the command… Remarks reset stop-accounting-buffer Delete buffered { radius-scheme non-response radius-scheme-name | session-id Available in stop-accounting requests session-id | time-range start-time user view stop-time | user-name user-name }...
  • Page 446 Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration I. Network requirements In the network environment shown in Figure 2-1, you are required to configure the switch so that the Telnet users logging into the switch are authenticated by the RADIUS server.

  • Page 447: Local Authentication Of Ftp/Telnet Users

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration [Sysname-isp-cams] quit # Configure a RADIUS scheme. [Sysname] radius scheme cams [Sysname-radius-cams] accounting optional [Sysname-radius-cams] primary authentication 10.110.91.164 1812 [Sysname-radius-cams] key authentication aabbcc [Sysname-radius-cams] server-type Extended [Sysname-radius-cams] user-name-format with-domain [Sysname-radius-cams] quit # Associate the ISP domain with the RADIUS scheme.

  • Page 448: Hwtacacs Authentication And Authorization Of Telnet Users

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration <Sysname> system-view # Adopt AAA authentication for Telnet users. [Sysname] user-interface vty 0 4 [Sysname-ui-vty0-4] authentication-mode scheme [Sysname-ui-vty0-4] quit # Create and configure a local user named telnet.

  • Page 449: Troubleshooting Aaa

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration II. Network diagram Authentication server 10.110.91.164/16 Internet Telnet user Figure 2-3 Remote HWTACACS authentication and authorization of Telnet users III. Configuration procedure # Add a Telnet user. (Omitted here) # Configure a HWTACACS scheme.

  • Page 450: Troubleshooting Hwtacacs Configuration

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 2 AAA Configuration The user is not configured in the database of the RADIUS server — Check the database of the RADIUS server, make sure that the configuration information about the user exists.

  • Page 451: Chapter 3 Ead Configuration

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 3 EAD Configuration Chapter 3 EAD Configuration 3.1 Introduction to EAD Endpoint Admission Defense (EAD) is an attack defense solution. Using this solution, you can enhance the active defense capability of network endpoints, prevents viruses and worms from spreading on the network, and protects the entire network by limiting the access rights of insecure endpoints.

  • Page 452: Ead Configuration

    Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 3 EAD Configuration After a client passes the authentication, the security Client (software installed on the client PC) interacts with the security policy server to check the security status of the client.
  • Page 453 Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 3 EAD Configuration A user is connected to Ethernet 1/0/1 on the switch. The user adopts 802.1x client supporting EAD extended function. You are required to configure the switch to use RADIUS server for remote user authentication and use security policy server for EAD control on users.
  • Page 454 Operation Manual – AAA H3C S3100-52P Ethernet switch Chapter 3 EAD Configuration [Sysname-radius-cams] server-type extended # Configure the IP address of the security policy server. [Sysname-radius-cams] security-policy-server 10.110.91.166 # Associate the domain with the RADIUS scheme. [Sysname-radius-cams] quit [Sysname] domain system...
  • Page 455 Operation Manual – Web Authentication H3C S3100-52P Ethernet switch Table of Contents Table of Contents Chapter 1 Web Authentication Configuration ................1-1 1.1 Introduction to Web Authentication..................1-1 1.2 Web Authentication Configuration ..................1-1 1.2.1 Configuration Prerequisites..................1-1 1.2.2 Configuring Web Authentication................1-1 1.3 Displaying and Maintaining Web Authentication ...............

  • Page 456: Chapter 1 Web Authentication Configuration

    Operation Manual – Web Authentication H3C S3100-52P Ethernet switch Chapter 1 Web Authentication Configuration Chapter 1 Web Authentication Configuration When configuring Web authentication, go to these sections for information you are interested in: Introduction to Web Authentication Web Authentication Configuration...
  • Page 457 Operation Manual – Web Authentication H3C S3100-52P Ethernet switch Chapter 1 Web Authentication Configuration To do… Use the command… Remarks Enter system view system-view — Required If no port number is Set the IP address and web-authentication specified, port 80 will be...

  • Page 458: Displaying And Maintaining Web Authentication

    Operation Manual – Web Authentication H3C S3100-52P Ethernet switch Chapter 1 Web Authentication Configuration Caution: Before enabling global Web authentication, you should first set the IP address of a Web authentication server. Web authentication cannot be enabled when one of the following features is enabled, and vice versa: 802.1x, MAC authentication, port security and port...
  • Page 459 Operation Manual – Web Authentication H3C S3100-52P Ethernet switch Chapter 1 Web Authentication Configuration Configure a free IP address range, which can be accessed by the user before it passes the Web authentication. II. Network diagram Figure 1-1 Web authentication for user III.
  • Page 460 Operation Manual – Web Authentication H3C S3100-52P Ethernet switch Chapter 1 Web Authentication Configuration # Set the password that will be used to encrypt the messages exchanged between the switch and the RADIUS authentication server. [Sysname -radius-radius1] key authentication expert # Configure the system to strip domain name off a user name before transmitting the user name to the RADIUS server.
  • Page 461 Operation Manual – MAC Address Authentication H3C S3100-52P Ethernet switch Table of Contents Table of Contents Chapter 1 MAC Address Authentication Configuration ............1-1 1.1 MAC Address Authentication Overview................1-1 1.1.1 Performing MAC Address Authentication on a RADIUS Server ......1-2 1.1.2 Performing MAC Address Authentication Locally ...........

  • Page 462: Chapter 1 Mac Address Authentication Configuration

    Once detecting a new MAC address, it initiates the authentication process. During authentication, the user does not need to enter username or password manually. For S3100-52P Ethernet switch, MAC address authentication can be implemented locally or on a RADIUS server.

  • Page 463: Performing Mac Address Authentication On A Radius Server

    Operation Manual – MAC Address Authentication Chapter 1 MAC Address Authentication H3C S3100-52P Ethernet switch Configuration 1.1.1 Performing MAC Address Authentication on a RADIUS Server When authentications are performed on a RADIUS server, the switch serves as a RADIUS client and completes MAC address authentication in combination of the RADIUS server.

  • Page 464: Quiet Mac Address

    Operation Manual – MAC Address Authentication Chapter 1 MAC Address Authentication H3C S3100-52P Ethernet switch Configuration 1.2.2 Quiet MAC Address When a user fails MAC address authentication, the MAC address becomes a quiet MAC address, which means that any packets from the MAC address will be discarded simply by the switch until the quiet timer expires.
  • Page 465 Operation Manual – MAC Address Authentication Chapter 1 MAC Address Authentication H3C S3100-52P Ethernet switch Configuration To do... Use the command... Remarks Set the user name in fixed mac-authentication mode for MAC authmode address usernamefixed Optional authentication Set the user name...

  • Page 466: Mac Address Authentication Enhanced Function Configuration

    Operation Manual – MAC Address Authentication Chapter 1 MAC Address Authentication H3C S3100-52P Ethernet switch Configuration 1.4 MAC Address Authentication Enhanced Function Configuration 1.4.1 MAC Address Authentication Enhanced Function Configuration Task List Complete the following tasks to configure MAC address authentication enhanced...
  • Page 467 Operation Manual – MAC Address Authentication Chapter 1 MAC Address Authentication H3C S3100-52P Ethernet switch Configuration After a port is added to a Guest VLAN, the switch will re-authenticate the first access user of this port (namely, the first user whose unicast MAC address is learned by the switch) periodically.

  • Page 468: Configuring The Maximum Number Of Mac Address Authentication Users Allowed To Access A Port

    Operation Manual – MAC Address Authentication Chapter 1 MAC Address Authentication H3C S3100-52P Ethernet switch Configuration Caution: If more than one client are connected to a port, you cannot configure a Guest VLAN for this port. When a Guest VLAN is configured for a port, only one MAC address authentication user can access the port.

  • Page 469: Displaying And Maintaining Mac Address Authentication Configuration

    Operation Manual – MAC Address Authentication Chapter 1 MAC Address Authentication H3C S3100-52P Ethernet switch Configuration Caution: If both the limit on the number of MAC address authentication users and the limit on the number of users configured in the port security function are configured for a port, the smaller value of the two configured limits is adopted as the maximum number of MAC address authentication users allowed to access this port.
  • Page 470 Operation Manual – MAC Address Authentication Chapter 1 MAC Address Authentication H3C S3100-52P Ethernet switch Configuration III. Configuration Procedure # Enable MAC address authentication on port Ethernet 1/0/2. <Sysname> system-view [Sysname] mac-authentication interface Ethernet 1/0/2 # Set the user name in MAC address mode for MAC address authentication, requiring hyphened lowercase MAC addresses as the usernames and passwords.
  • Page 471 Operation Manual – ARP H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 ARP Configuration....................... 1-1 1.1 Introduction to ARP......................1-1 1.1.1 ARP Function ......................1-1 1.1.2 ARP Message Format..................... 1-1 1.1.3 ARP Table ....................... 1-3 1.1.4 ARP Process ......................1-4 1.1.5 Introduction to ARP Attack Detection..............

  • Page 472: Chapter 1 Arp Configuration

    Operation Manual – ARP H3C S3100-52P Ethernet Switch Chapter 1 ARP Configuration Chapter 1 ARP Configuration When configuring ARP, go to these sections for information you are interested in: Introduction to ARP Configuring ARP Configuring Gratuitous ARP Displaying and Debugging ARP...
  • Page 473 Operation Manual – ARP H3C S3100-52P Ethernet Switch Chapter 1 ARP Configuration As for an ARP request, all the fields except the hardware address of the receiver field are set. The hardware address of the receiver is what the sender requests for.

  • Page 474: Arp Table

    IP address-to-MAC address mapping entries are stored. An S3100-52P Ethernet switch provides the display arp command to display the information about ARP mapping entries. ARP entries in an S3100-52P Ethernet switch can either be static entries or dynamic entries, as described in Table 1-3.

  • Page 475: Arp Process

    Operation Manual – ARP H3C S3100-52P Ethernet Switch Chapter 1 ARP Configuration 1.1.4 ARP Process Figure 1-2 ARP process Suppose that Host A and Host B are on the same subnet and that Host A sends a message to Host B. The resolution process is as follows: Host A looks in its ARP mapping table to see whether there is an ARP entry for Host B.
  • Page 476 II. ARP attack detection To guard against the man-in-the-middle attacks launched by hackers or attackers, an S3100-52P Ethernet switch supports the ARP attack detection function. All ARP (both request and response) packets passing through the switch are redirected to the CPU, which checks the validity of all the ARP packets by using the DHCP snooping table or the manually configured IP binding table.

  • Page 477: Introduction To Arp Packet Rate Limit

    CPU will get overloaded, causing other functions to fail, and even the whole device to break down. To guard against such attacks, an S3100-52P Ethernet switch supports the ARP packets rate limit function, which will shut down the attacked port, thus preventing serious impact on the CPU.

  • Page 478: Configuring Arp

    Operation Manual – ARP H3C S3100-52P Ethernet Switch Chapter 1 ARP Configuration 1.2 Configuring ARP 1.2.1 Configuring ARP Basic Functions Follow these steps to configure ARP basic functions: To do… Use the command… Remarks Enter system view system-view — Optional...
  • Page 479 Operation Manual – ARP H3C S3100-52P Ethernet Switch Chapter 1 ARP Configuration To do… Use the command… Remarks interface interface-type Enter Ethernet port view — interface-number Required By default, after DHCP Specify the current port as dhcp-snooping trust snooping is enabled, all...

  • Page 480: Configuring The Arp Packet Rate Limit Function

    Currently, the VLAN ID of an IP-to-MAC binding configured on a port of an S3100-52P Ethernet switch is the same as the default VLAN ID of the port. If the VLAN tag of an ARP packet is different from the default VLAN ID of the receiving port, the ARP packet cannot pass the ARP attack detection based on the IP-to-MAC bindings.

  • Page 481: Configuring Gratuitous Arp

    Note: The sending of gratuitous ARP packets is enabled as long as an S3100-52P switch operates. No command is needed for enabling this function. That is, the device sends gratuitous ARP packets whenever a VLAN interface is enabled (such as when a link is enabled or an IP address is configured for the VLAN interface) or whenever the IP address of a VLAN interface is changed.

  • Page 482: Displaying And Debugging Arp

    Operation Manual – ARP H3C S3100-52P Ethernet Switch Chapter 1 ARP Configuration 1.4 Displaying and Debugging ARP To do… Use the command… Remarks Display specific ARP mapping display arp [ static | dynamic | table entries ip-address ] Display the ARP mapping...

  • Page 483: Arp Attack Detection And Packet Rate Limit Configuration Example

    Operation Manual – ARP H3C S3100-52P Ethernet Switch Chapter 1 ARP Configuration 1.5.2 ARP Attack Detection and Packet Rate Limit Configuration Example I. Network requirements As shown in Figure 1-4, Ethernet 1/0/1 of Switch A connects to DHCP Server; Ethernet 1/0/2 connects to Client A, Ethernet 1/0/3 connects to Client B.
  • Page 484 Operation Manual – ARP H3C S3100-52P Ethernet Switch Chapter 1 ARP Configuration # Enable ARP attack detection on all ports in VLAN 1. [SwitchA] vlan 1 [SwitchA-vlan1] arp detection enable # Enable the ARP packet rate limit function on Ethernet 1/0/2, and set the maximum ARP packet rate allowed on the port to 20 pps.
  • Page 485 Operation Manual – DHCP H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 DHCP Overview......................1-1 1.1 Introduction to DHCP......................1-1 1.2 DHCP IP Address Assignment ..................1-2 1.2.1 IP Address Assignment Policy ................1-2 1.2.2 Obtaining IP Addresses Dynamically ..............1-2 1.2.3 Updating IP Address Lease ..................
  • Page 486 Operation Manual – DHCP H3C S3100-52P Ethernet Switch Table of Contents...

  • Page 487: Chapter 1 Dhcp Overview

    Operation Manual – DHCP H3C S3100-52P Ethernet Switch Chapter 1 DHCP Overview Chapter 1 DHCP Overview When configuring DHCP, go to these sections for information you are interested in: Introduction to DHCP DHCP IP Address Assignment DHCP Packet Format Protocol Specification Note: Support for DHCP Snooping Option 82 is added in this manual.

  • Page 488: Dhcp Ip Address Assignment

    Operation Manual – DHCP H3C S3100-52P Ethernet Switch Chapter 1 DHCP Overview Figure 1-1 Typical DHCP application 1.2 DHCP IP Address Assignment 1.2.1 IP Address Assignment Policy Currently, DHCP provides the following three IP address assignment policies to meet the requirements of different clients: Manual assignment.

  • Page 489: Updating Ip Address Lease

    Operation Manual – DHCP H3C S3100-52P Ethernet Switch Chapter 1 DHCP Overview Select: In this phase, the DHCP client selects an IP address. If more than one DHCP server sends DHCP-OFFER packets to the DHCP client, the DHCP client only accepts the DHCP-OFFER packet that first arrives, and then broadcasts a DHCP-REQUEST packet containing the assigned IP address carried in the DHCP-OFFER packet.

  • Page 490: Dhcp Packet Format

    Operation Manual – DHCP H3C S3100-52P Ethernet Switch Chapter 1 DHCP Overview 1.3 DHCP Packet Format DHCP has eight types of packets. They have the same format, but the values of some fields in the packets are different. The DHCP packet format is based on that of the BOOTP packets.

  • Page 491: Protocol Specification

    Operation Manual – DHCP H3C S3100-52P Ethernet Switch Chapter 1 DHCP Overview file: Path and name of the boot configuration file that the DHCP server specifies for the DHCP client. option: Optional variable-length fields, including packet type, valid lease time, IP address of a DNS server, and IP address of the WINS server.

  • Page 492: Chapter 2 Dhcp Snooping Configuration

    Untrusted: An untrusted port is connected to an unauthorized DHCP server. The DHCP-ACK or DHCP-OFFER packets received from the port are discarded, preventing DHCP clients from receiving invalid IP addresses. Figure 2-1 illustrates a typical network diagram for DHCP snooping application, where Switch A is an S3100-52P Ethernet switch.

  • Page 493: Introduction To Dhcp-Snooping Option 82

    II. Padding content and frame format of Option 82 There is no specification for what should be padded in Option 82. Manufacturers can pad it as required. By default, the sub-options of Option 82 for an S3100-52P Ethernet Switch (enabled with DHCP snooping) is padded as follows:...
  • Page 494 Figure 2-3 Extended format of the remote ID sub-option In practice, some network devices do not support the type and length identifiers of the Circuit ID and Remote ID sub-options. To interwork with these devices, an S3100-52P Ethernet Switch supports Option 82 in the standard format. Refer to...
  • Page 495 Operation Manual – DHCP H3C S3100-52P Ethernet Switch Chapter 2 DHCP Snooping Configuration Figure 2-5 Standard format of the remote ID sub-option III. Mechanism of DHCP-snooping Option 82 With DHCP snooping and DHCP-snooping Option 82 support enabled, when the DHCP snooping device receives a DHCP client’s request containing Option 82, it will handle the packet according to the handling policy and the configured contents in sub-options.

  • Page 496: Introduction To Ip Filtering

    Operation Manual – DHCP H3C S3100-52P Ethernet Switch Chapter 2 DHCP Snooping Configuration Table 2-2 Ways of handling a DHCP packet without Option 82 Sub-option configuration The DHCP-Snooping device will … Forward the packet after adding Option 82 with the default contents.

  • Page 497: Configuring Dhcp Snooping

    Operation Manual – DHCP H3C S3100-52P Ethernet Switch Chapter 2 DHCP Snooping Configuration device, and the number of the VLAN to which the port belongs to. These records are saved as entries in the DHCP-snooping table. II. IP static binding table The DHCP-snooping table only records information about clients that obtains IP address dynamically through DHCP.

  • Page 498: Configuring Dhcp Snooping To Support Option

    Note: If an S3100-52P Ethernet switch is enabled with DHCP snooping, the clients connected to it cannot dynamically obtain IP addresses through BOOTP. You need to specify the ports connected to the valid DHCP servers as trusted to ensure that DHCP clients can obtain valid IP addresses.
  • Page 499 III. Configuring the storage format of Option 82 An S3100-52P Ethernet Switch supports the HEX or ASCII format for the Option 82 field. Follow these steps to configure a storage format for the Option 82 field: To do…...
  • Page 500 Operation Manual – DHCP H3C S3100-52P Ethernet Switch Chapter 2 DHCP Snooping Configuration To do… Use the command… Remarks Configure a storage dhcp-snooping Optional format for the Option information format { hex | By default, the format is hex. 82 field...
  • Page 501 Operation Manual – DHCP H3C S3100-52P Ethernet Switch Chapter 2 DHCP Snooping Configuration V. Configuring the remote ID sub-option You can configure the remote ID sub-option in system view or Ethernet port view: In system view, the remote ID takes effect on all interfaces. You can configure Option 82 as the system name (sysname) of the device or any customized character string in the ASCII format.

  • Page 502: Configuring Ip Filtering

    Operation Manual – DHCP H3C S3100-52P Ethernet Switch Chapter 2 DHCP Snooping Configuration Note: If you configure a remote ID sub-option in both system view and on a port, the remote ID sub-option configured on the port applies when the port receives a packet, and the global remote ID applies to other interfaces that have no remote ID sub-option configured.

  • Page 503: Dhcp Snooping Configuration Examples

    Operation Manual – DHCP H3C S3100-52P Ethernet Switch Chapter 2 DHCP Snooping Configuration Note: Enable DHCP snooping and specify trusted ports on the switch before configuring IP filtering. You are not recommended to configure IP filtering on the ports of an aggregation group.
  • Page 504 Operation Manual – DHCP H3C S3100-52P Ethernet Switch Chapter 2 DHCP Snooping Configuration II. Network diagram Figure 2-6 Network diagram for DHCP-snooping Option 82 support configuration III. Configuration procedure # Enable DHCP snooping on the switch. <Switch> system-view [Switch] dhcp-snooping # Specify Ethernet 1/0/5 as the trusted port.

  • Page 505: Ip Filtering Configuration Example

    As shown in Figure 2-7, Ethernet 1/0/1 of the S3100-52P switch is connected to the DHCP server and Ethernet 1/0/2 is connected to Host A. The IP address and MAC address of Host A are 1.1.1.1 and 0001-0001-0001 respectively. Ethernet 1/0/3 and Ethernet 1/0/4 are connected to DHCP Client B and Client C.

  • Page 506: Displaying Dhcp Snooping Configuration

    Operation Manual – DHCP H3C S3100-52P Ethernet Switch Chapter 2 DHCP Snooping Configuration packets based on the source IP addresses/MAC addresses. [Switch] interface Ethernet1/0/2 [Switch-Ethernet1/0/2] ip check source ip-address mac-address [Switch-Ethernet1/0/2] quit [Switch] interface Ethernet1/0/3 [Switch-Ethernet1/0/3] ip check source ip-address mac-address...

  • Page 507: Chapter 3 Dhcp Packet Rate Limit Configuration

    As a result, the switch cannot work normally and even goes down. An S3100-52P Ethernet switch supports ARP and DHCP packet rate limit on a port and shut down the port under attack to prevent hazardous impact on the device CPU.

  • Page 508: Configuring Dhcp Packet Rate Limit

    Operation Manual – DHCP H3C S3100-52P Ethernet Switch Chapter 3 DHCP Packet Rate Limit Configuration 3.2 Configuring DHCP Packet Rate Limit 3.2.1 Configuring DHCP Packet Rate Limit Follow these steps to configure rate limit of DHCP packets: To do… Use the command…...

  • Page 509: Rate Limit Configuration Example

    I. Network requirements As shown in Figure 3-1, Ethernet 1/0/1 of the S3100-52P switch is connected to the DHCP server. Ethernet 1/0/2 is connected to client B and Ethernet 1/0/11 is connected to client A. Enable DHCP snooping on the switch, and specify Ethernet 1/0/1 as the DHCP snooping trusted port.
  • Page 510 Operation Manual – DHCP H3C S3100-52P Ethernet Switch Chapter 3 DHCP Packet Rate Limit Configuration [Switch-Ethernet1/0/1] quit # Enable auto recovery. [Sysname] dhcp protective-down recover enable # Set the port state auto-recovery interval to 30 seconds. [Sysname] dhcp protective-down recover interval 30 # Enter port view.

  • Page 511: Chapter 4 Dhcp/Bootp Client Configuration

    4.2 Introduction to Automatic Configuration 4.2.1 Application Background Automatic configuration enables an S3100-52P ethernet switch to automatically obtain and execute the configuration files when it starts up with neither the main nor the backup configuration file exists. Since the devices of an enterprise network may be deployed in a wide geographical area, the task of manually configuring each device is huge.

  • Page 512: How Automatic Configuration Works

    4.2.2 How Automatic Configuration Works Figure 4-1 Network diagram for automatic configuration The S3100-52P switch supports automatic configuration. The working process is as follows: As shown in the above figure, when the switch starts up, and neither the main nor the backup configuration file exists, it automatically configures the VLAN interface of the default VLAN (in UP state) as a DHCP client.
  • Page 513 Operation Manual – DHCP H3C S3100-52P Ethernet Switch Chapter 4 DHCP/BOOTP Client Configuration Note: An intermediate file maintains the IP address-to-host name mappings which are created using the ip host hostname ip-address command. When you use this command: You are recommended to type a space before the keyword ip or host.

  • Page 514: Introduction To Bootp Client

    Operation Manual – DHCP H3C S3100-52P Ethernet Switch Chapter 4 DHCP/BOOTP Client Configuration 4.3 Introduction to BOOTP Client After you specify an interface as a Bootstrap Protocol (BOOTP) client, the interface can use BOOTP to get information (such as IP address) from the BOOTP server, which simplifies your configuration.

  • Page 515: Dhcp Client Configuration Example

    Chapter 4 DHCP/BOOTP Client Configuration Note: Currently, an S3100-52P Ethernet switch functioning as the DHCP client can use an IP address for 24 days at most. That is, the DHCP client can obtain an address lease for no more than 24 days even though the DHCP server offers a longer lease period.

  • Page 516: Bootp Client Configuration Example

    Operation Manual – DHCP H3C S3100-52P Ethernet Switch Chapter 4 DHCP/BOOTP Client Configuration III. Configuration procedure The following describes only the configuration on Switch A serving as a DHCP client. # Configure VLAN-interface 1 to dynamically obtain an IP address by using DHCP.
  • Page 517 1.1 ACL Overview ........................1-1 1.1.1 ACL Matching Order ....................1-2 1.1.2 Ways to Apply an ACL on a Switch................. 1-3 1.1.3 Types of ACLs Supported by S3100-52P Ethernet Switch........1-4 1.2 ACL Configuration Task List ....................1-4 1.2.1 Configuring Time Range ..................1-4 1.2.2 Configuring Basic ACL ....................

  • Page 518: Chapter 1 Acl Configuration

    Operation Manual – ACL H3C S3100-52P Ethernet Switch Chapter 1 ACL Configuration Chapter 1 ACL Configuration When configuring ACL, go to these sections for information you are interested in: ACL Overview ACL Configuration Task List Displaying and Maintaining ACL Configuration...

  • Page 519: Acl Matching Order

    Operation Manual – ACL H3C S3100-52P Ethernet Switch Chapter 1 ACL Configuration Layer 2 ACL. Rules are created based on the Layer 2 information such as source and destination MAC addresses, VLAN priorities, type of Layer 2 protocol, and so User-defined ACL.

  • Page 520: Ways To Apply An Acl On A Switch

    In the switch, an ACL can be directly applied to hardware for packet filtering and traffic classification. In this case, the rules in an ACL are matched in the order determined by the hardware instead of that defined in the ACL. For S3100-52P Ethernet Switch, the later the rule applies, the higher the match priority.

  • Page 521: Types Of Acls Supported By S3100-52P Ethernet Switch

    Periodic time range, which recurs periodically on the day or days of the week. Absolute time range, which takes effect only in a period of time and does not recur. Note: An absolute time range on an H3C S3100-52P Ethernet Switch can be within the range 1970/1/1 00:00 to 2100/12/31 24:00.
  • Page 522 Operation Manual – ACL H3C S3100-52P Ethernet Switch Chapter 1 ACL Configuration I. Configuration procedure Follow these steps to configure a time range: To do... Use the command... Remarks Enter system view system-view — time-range time-name { start-time to end-time days-of-the-week [ from start-time...

  • Page 523: Configuring Basic Acl

    Operation Manual – ACL H3C S3100-52P Ethernet Switch Chapter 1 ACL Configuration <Sysname> system-view [Sysname] time-range test from 15:00 1/28/2006 to 15:00 1/28/2008 [Sysname] display time-range test Current time is 13:30:32 Apr/16/2005 Saturday Time-range : test ( Inactive ) From 15:00 Jan/28/2006 to 15:00 Jan/28/2008 1.2.2 Configuring Basic ACL...

  • Page 524: Configuring Advanced Acl

    Operation Manual – ACL H3C S3100-52P Ethernet Switch Chapter 1 ACL Configuration current greatest rule number is 65534, however, the system will display an error message and you need to specify a number for the rule.. The content of a modified or created rule cannot be identical with the content of any existing rule;...
  • Page 525 Operation Manual – ACL H3C S3100-52P Ethernet Switch Chapter 1 ACL Configuration II. Configuration procedure Follow these steps to define an advanced ACL rule: To do... Use the command... Remarks Enter system view system-view — Create an advanced ACL acl number acl-number...

  • Page 526: Configuring Layer 2 Acl

    Operation Manual – ACL H3C S3100-52P Ethernet Switch Chapter 1 ACL Configuration [Sysname-acl-adv-3000] rule permit source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.0.255 destination-port eq 80 # Display the configuration information of ACL 3000. [Sysname-acl-adv-3000] display acl 3000 Advanced ACL 3000, 1 rule Acl's step is 1 rule 0 permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0...

  • Page 527: Configuring User-Defined Acl

    Operation Manual – ACL H3C S3100-52P Ethernet Switch Chapter 1 ACL Configuration If you do not specify the rule-id argument when creating an ACL rule, the rule will be numbered automatically. If the ACL has no rules, the rule is numbered 0;...
  • Page 528 Operation Manual – ACL H3C S3100-52P Ethernet Switch Chapter 1 ACL Configuration To do... Use the command... Remarks Required rule [ rule-id ] { permit | deny } [ rule-string rule-mask For information about Define an ACL rule offset ] &<1-8> [ time-range...

  • Page 529: Applying Acls On Ports

    Operation Manual – ACL H3C S3100-52P Ethernet Switch Chapter 1 ACL Configuration # Display the configuration information of ACL 5000. [Sysname-acl-user-5000] display acl 5000 User defined ACL 5000, 1 rule Acl's step is 1 rule 0 deny 06 ff 27 1.2.6 Applying ACLs on Ports...

  • Page 530: Displaying And Maintaining Acl Configuration

    Operation Manual – ACL H3C S3100-52P Ethernet Switch Chapter 1 ACL Configuration II. Configuration procedure Follow these steps to apply ACL rules to a VLAN: To do... Use the command... Remarks — Enter system view system-view Required packet-filter vlan vlan-id...

  • Page 531: Example For Controlling Web Login Users By Source Ip

    Operation Manual – ACL H3C S3100-52P Ethernet Switch Chapter 1 ACL Configuration II. Network diagram Internet Switch 10.110.100.52 Figure 1-1 Network diagram for controlling Telnet login users by source IP III. Configuration procedure # Define ACL 2000. <Sysname> system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0...

  • Page 532: Examples For Applying Acls To Hardware

    Operation Manual – ACL H3C S3100-52P Ethernet Switch Chapter 1 ACL Configuration [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule 1 permit source 10.110.100.46 0 [Sysname-acl-basic-2001] quit # Reference ACL 2001 to control users logging in to the Web server. [Sysname] ip http acl 2001 1.5 Examples for Applying ACLs to Hardware...

  • Page 533: Advanced Acl Configuration Example

    Operation Manual – ACL H3C S3100-52P Ethernet Switch Chapter 1 ACL Configuration 1.5.2 Advanced ACL Configuration Example I. Network requirements Different departments of an enterprise are interconnected through a switch. The IP address of the wage query server is 192.168.1.2. The R&D department is connected to Ethernet 1/0/1 of the switch.

  • Page 534: User-Defined Acl Configuration Example

    Operation Manual – ACL H3C S3100-52P Ethernet Switch Chapter 1 ACL Configuration II. Network diagram PC 1 Eth1/0/1 0011-0011-0011 To the router Switch PC 2 Figure 1-5 Network diagram for Layer 2 ACL III. Configuration procedure # Define a periodic time range that is active from 8:00 to 18:00 everyday.

  • Page 535: Example For Applying An Acl To A Vlan

    Operation Manual – ACL H3C S3100-52P Ethernet Switch Chapter 1 ACL Configuration II. Network diagram Figure 1-6 Network diagram for user-defined ACL III. Configuration procedure # Define a periodic time range that is active from 8:00 to 18:00 everyday. <Sysname> system-view [Sysname] time-range test 8:00 to 18:00 daily # Define ACL 5000 to deny any ARP packet whose source IP address is 192.168.0.1...
  • Page 536 Operation Manual – ACL H3C S3100-52P Ethernet Switch Chapter 1 ACL Configuration II. Network diagram Database server 192.168.1.2 Eth1/0/1 Eth1/0/3 Eth1/0/2 VLAN 10 PC 1 PC 2 PC 3 Figure 1-7 Network diagram for applying an ACL to a VLAN III.
  • Page 537 1.1.2 Traditional Packet Forwarding Service ..............1-2 1.1.3 New Applications and New Requirements.............. 1-2 1.1.4 Major Traffic Control Techniques ................1-3 1.2 QoS Supported By S3100-52P Ethernet Switch ............... 1-4 1.3 Introduction to QoS Functions ................... 1-5 1.3.1 Traffic Classification ....................1-5 1.3.2 Priority Trust Mode....................
  • Page 538 Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Table of Contents 1.6.2 Configuration Example of Priority Marking and Queue Scheduling...... 1-34 1.6.3 VLAN Mapping Configuration Example ..............1-35 1.6.4 Configuring Traffic Mirroring and Redirecting Traffic to a Port ......1-38 Chapter 2 QoS Profile Configuration...................

  • Page 539: Chapter 1 Qos Configuration

    H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration Chapter 1 QoS Configuration When configuring QoS, go to these sections for information you are interested in: Overview QoS Supported By S3100-52P Ethernet Switch QoS Configuration Displaying and Maintaining QoS QoS Configuration Examples Note: The following features are added: VLAN mapping.

  • Page 540: Traditional Packet Forwarding Service

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration 1.1.2 Traditional Packet Forwarding Service In traditional IP networks, packets are treated equally. That is, the FIFO (first in first out) policy is adopted for packet processing. Network resources required for packet forwarding is determined by the order in which packets arrive.

  • Page 541: Major Traffic Control Techniques

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration 1.1.4 Major Traffic Control Techniques Figure 1-1 End-to-end QoS model As shown in the figure above, traffic classification, traffic policing, traffic shaping, congestion management, and congestion avoidance are the foundations for a network to provide differentiated services.

  • Page 542: Qos Supported By S3100-52P Ethernet Switch

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration 1.2 QoS Supported By S3100-52P Ethernet Switch The S3100-52P Ethernet Switch supports the QoS features listed in Table 1-1: Table 1-1 QoS features supported by S3100-52P Ethernet Switch...

  • Page 543: Introduction To Qos Functions

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration QoS Feature Description Refer to … The S3100-52P supports SP, WFQ, and WRR queue scheduling algorithms and supports the following five queue Congestion For information about SP, WFQ, and...

  • Page 544: Priority Trust Mode

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration 1.3.2 Priority Trust Mode I. Introduction to precedence types IP precedence, ToS precedence, and DSCP precedence Figure 1-2 DS field and ToS byte The ToS field in an IP header contains eight bits numbered 0 through 7, among which, The first three bits indicate IP precedence in the range 0 to 7.
  • Page 545 Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration Assured forwarding (AF) class: This class is further divided into four subclasses (AF1/2/3/4) and a subclass is further divided into three drop priorities, so the AF service level can be segmented. The QoS rank of the AF class is lower than that of the EF class;...
  • Page 546 Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration 802.1p priority 802.1p priority lies in Layer 2 packet headers and is applicable to occasions where the Layer 3 packet header does not need analysis but QoS must be assured at Layer 2.
  • Page 547 Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration Local precedence Local precedence is a locally significant precedence that the device assigns to a packet. A local precedence value corresponds to one of the eight hardware output queues.

  • Page 548: Protocol Priority

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration 802.1p priority Local precedence 1.3.3 Protocol Priority Protocol packets generated by a switch carry their own priority. You can set a new IP precedence or DSCP precedence for the specific type of protocol packets to implement QoS.
  • Page 549 Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration I. Token bucket The token bucket can be considered as a container with a certain capacity to hold tokens. The system puts tokens into the bucket at the set rate. When the token bucket is full, the extra tokens will overflow and the number of tokens in the bucket stops increasing.

  • Page 550: Line Rate

    When the network is congested, the problem that many packets compete for resources must be solved, usually through queue scheduling. The S3100-52P Switch supports three queue scheduling algorithms: Strict Priority (SP) queuing, Weighted Fair Queuing (WFQ), and Weighted Round Robin (WRR) queuing.
  • Page 551 Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration SP queuing Figure 1-6 Diagram for SP queuing SP queue-scheduling algorithm is specially designed for critical service applications. An important feature of critical services is that they demand preferential service in congestion in order to reduce the response delay.
  • Page 552 Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration Figure 1-7 Diagram for WFQ queuing Before WFQ is introduced, you must understand fair queuing (FQ) first. FQ is designed for the purpose of sharing network resources fairly and optimizing the delays and delay jitters of all the flows.

  • Page 553: Congestion Avoidance

    In a typical H3C switch there are eight output queues on each port. WRR configures a weight value for each queue, for example: w7, w6, w5, w4, w3, w2, w1, and w0 respectively for queue 7 through queue 0.

  • Page 554: Flow-Based Traffic Accounting

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration packets of multiple TCP connections simultaneously, the TCP connections will turn to the state of congestion avoidance and slow startup for the traffics to be regulated. The traffic peak will then occur in a certain future time.

  • Page 555: Traffic Mirroring

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration Although the burst function helps reduce the packet loss ratio and improve packet processing capability in the networks mentioned above, it may affect QoS performance. So, use this function with caution.

  • Page 556: Configuring The Mapping Between 802.1P Priority And Local Precedence

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration II. Configuration procedure Follow these steps to configure to trust port priority: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet port view —...

  • Page 557: Setting The Priority Of Protocol Packets

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration between 802.1p priority and the output queues and assigning packets with different priorities to the corresponding output queues. Note that, this is a global setting, not a per port setting. This is only recommended for advanced network environments.

  • Page 558: Marking Packet Priority

    | dscp corresponding protocol dscp-value } packets. Note: On an S3100-52P switch, you can set the priority for protocol packets of Telnet, SNMP, and ICMP. III. Configuration example Set the IP precedence of ICMP packets to 3. Display the configuration.
  • Page 559 Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration I. Configuration prerequisites The following items are defined or determined before the configuration: The ACL rules used for traffic classification have been specified. Refer to the ACL module of this manual for related information.

  • Page 560: Configuring Traffic Policing

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 10.1.1.0 0.0.0.255 [Sysname-acl-basic-2000] quit [Sysname] interface Ethernet1/0/1 [Sysname-Ethernet1/0/1] traffic-priority inbound ip-group 2000 dscp 56 Method II <Sysname> system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 10.1.1.0 0.0.0.255...

  • Page 561: Configuring Line Rate

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration Note: The granularity of traffic policing is 64 Kbps. If the number you input is in the range of N*64 to (N+1)*64 (N is a natural number), it will be rounded off to (N+1)*64.

  • Page 562: Configuring Traffic Redirecting

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration To do… Use the command… Remarks Required Specify a committed information rate (CIR) for the line-rate { inbound | target-rate argument, and outbound } target-rate Configure line rate...

  • Page 563: Configuring Vlan Mapping

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration Note: Packets redirected to the CPU are not forwarded. If the traffic is redirected to a Combo port in down state, the system automatically redirects the traffic to the port corresponding to the Combo port in up state. Refer to the Port Basic Configuration module of this manual for information about Combo ports.

  • Page 564: Configuring Queue Scheduling

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration To do… Use the command… Remarks Enter system view system-view — Enter Ethernet port interface interface-type — view interface-number Required traffic-remark-vlanid Configure VLAN inbound acl-rule By default, VLAN mapping...
  • Page 565 0 through queue 7). queue7-weight } A port of an S3100-52P Ethernet switch supports eight output queues. These queue scheduling algorithms are available: SP, WRR, and WFQ. With WRR (or WFQ) adopted, if you set the weight or the bandwidth of one or multiple queues to 0, the switch will add the queue or these queues to the SP group, where SP is adopted.

  • Page 566: Configuring Wred

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration Note: The queue scheduling algorithm specified by using the queue-scheduler command in system view takes effect on all the ports. The queue scheduling algorithm configured in port view must be the same as that configured in system view.

  • Page 567: Configuring Traffic Accounting

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration I. Configuration prerequisites The indexes of queues to be dropped at random, the queue length that starts the drop action, and the drop probability have been determined.

  • Page 568: Enabling The Burst Function

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration To do… Use the command… Remarks Required Configure traffic traffic-statistic inbound By default, traffic accounting acl-rule accounting is disabled. reset traffic-statistic Clear the traffic statistics Required inbound acl-rule III.
  • Page 569 Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration I. Configuration prerequisites The ACL rules for traffic classification have been defined. Refer to the ACL module of this manual for information about defining ACL rules. The source mirroring ports and mirroring direction have been determined.

  • Page 570: Displaying And Maintaining Qos

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration <Sysname> system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 10.1.1.0 0.0.0.255 [Sysname-acl-basic-2000] quit [Sysname] interface Ethernet1/0/4 [Sysname-Ethernet1/0/4] monitor-port [Sysname-Ethernet1/0/4] quit [Sysname] interface Ethernet1/0/1 [Sysname-Ethernet1/0/1] mirrored-to inbound ip-group 2000 monitor-interface 1.5 Displaying and Maintaining QoS...

  • Page 571: Qos Configuration Examples

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration 1.6 QoS Configuration Examples 1.6.1 Configuration Example of Traffic policing and Line Rate I. Network requirement An enterprise network connects all the departments through an Ethernet switch. PC 1, with the IP address 192.168.0.1 belongs to the R&D department and is connected to...

  • Page 572: Configuration Example Of Priority Marking And Queue Scheduling

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration [Sysname-Ethernet1/0/2] line-rate inbound 64 [Sysname-Ethernet1/0/2] quit # Set the maximum rate of outbound IP packets sent by PC 1 in the R&D department to 640 kbps. [Sysname] interface Ethernet1/0/1 [Sysname-Ethernet1/0/1] traffic-limit inbound ip-group 2000 640 exceed drop 1.6.2 Configuration Example of Priority Marking and Queue Scheduling...

  • Page 573: Vlan Mapping Configuration Example

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration <Sysname> system-view [Sysname] acl number 3000 # Define ACL rules for identifying packets based on destination IP addresses. [Sysname-acl-adv-3000] rule 0 permit ip destination 192.168.0.1 0 [Sysname-acl-adv-3000] rule 1 permit ip destination 192.168.0.2 0 [Sysname-acl-adv-3000] rule 2 permit ip destination 192.168.0.3 0...
  • Page 574 Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration II. Network diagram VLAN100 VLAN200 SwitchB Eth1/0/15 Eth1/0/16 Eth1/0/17 Public Network VLAN500/600 Eth1/0/10 Eth1/0/11 Eth1/0/12 SwitchA VLAN100 VLAN200 Figure 1-11 Network diagram for VLAN mapping configuration III. Configuration procedure # Create customer VLANs VLAN 100 and VLAN 200 and service VLANs VLAN 500 and VLAN 600 on Switch A.
  • Page 575 Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration [SwitchA-Ethernet1/0/11] port trunk permit vlan 100 500 [SwitchA-Ethernet1/0/11] quit [SwitchA] interface Ethernet 1/0/12 [SwitchA-Ethernet1/0/12] port link-type trunk [SwitchA-Ethernet1/0/12] port trunk pvid vlan 200 [SwitchA-Ethernet1/0/12] port trunk permit vlan 200 600...

  • Page 576: Configuring Traffic Mirroring And Redirecting Traffic To A Port

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration # Configure VLAN mapping on Ethernet 1/0/10 to replace VLAN tag 500 with VLAN tag 100 and replace VLAN tag 600 with VLAN tag 200. [SwitchA] interface Ethernet 1/0/10...
  • Page 577 Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration II. Network diagram Figure 1-12 Network diagram for traffic redirecting and traffic mirroring configuration III. Configuration procedure Define a time range for working days # Create a time range trname covering the period from 8:00 to 18:00 during working days.
  • Page 578 Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 1 QoS Configuration [Switch-acl-basic-2001] rule permit source 192.168.2.0 0.0.0.127 time-range trname [Switch-acl-basic-2001] quit # Configure to redirect traffic matching ACL 2001 to Ethernet 1/0/3. [Switch] interface ethernet 1/0/2 [Switch-Ethernet1/0/2] traffic-redirect inbound ip-group 2001 interface...

  • Page 579: Chapter 2 Qos Profile Configuration

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 2 QoS Profile Configuration Chapter 2 QoS Profile Configuration When configuring QoS profile, go to these sections for information you are interested Overview QoS Profile Configuration Task List Displaying and Maintaining QoS Profile Configuration Configuration Example 2.1 Overview...

  • Page 580: Qos Profile Configuration Task List

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 2 QoS Profile Configuration The switch directly applies the QoS profile to the port the user is connected to. Note: A user-based QoS profile application fails if the traffic classification rule defined in the QoS profile contains source address information (including source MAC address information, source IP address information, and VLAN information).

  • Page 581: Applying A Qos Profile

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 2 QoS Profile Configuration To do… Use the command… Remarks traffic-limit inbound acl-rule [ union-effect ] [ egress-port Configure traffic interface-type interface-number ] Optional policing target-rate [ burst-bucket burst-bucket-size ] [ exceed...

  • Page 582: Displaying And Maintaining Qos Profile Configuration

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 2 QoS Profile Configuration To do… Use the command… Remarks Configure the Optional mode to apply a qos-profile By default, the mode to QoS profile as port-based apply a QoS profile is port-based user-based.

  • Page 583: Configuration Example

    Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 2 QoS Profile Configuration 2.4 Configuration Example 2.4.1 QoS Profile Configuration Example I. Network requirements All departments of a company are interconnected through a switch. The 802.1x protocol is used to authenticate users and control their access to network resources. A user name is someone, and the authentication password is hello.
  • Page 584 Operation Manual – QoS-QoS Profile H3C S3100-52P Ethernet Switch Chapter 2 QoS Profile Configuration [Sysname-radius-radius1] secondary accounting 10.11.1.1 # Set the encryption passwords for the switch to exchange packets with the authentication RADIUS servers and accounting RADIUS servers. [Sysname-radius-radius1] key authentication money...
  • Page 585 Operation Manual – Mirroring H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 Mirroring Configuration ....................1-1 1.1 Mirroring Overview......................1-1 1.1.1 Local Port Mirroring....................1-1 1.1.2 Remote Port Mirroring..................... 1-2 1.1.3 Traffic Mirroring ....................... 1-3 1.2 Mirroring Configuration ...................... 1-4 1.2.1 Configuring Local Port Mirroring ................

  • Page 586: Chapter 1 Mirroring Configuration

    Destination mirroring port Source mirroring port Data detection device Figure 1-1 Mirroring S3100-52P Ethernet switch supports three types of port mirroring: Local Port Mirroring Remote Port Mirroring Traffic Mirroring They are described in the following sections. 1.1.1 Local Port Mirroring...

  • Page 587: Remote Port Mirroring

    Operation Manual – Mirroring H3C S3100-52P Ethernet Switch Chapter 1 Mirroring Configuration monitoring. In this case, the source ports and the destination port must be located on the same device. 1.1.2 Remote Port Mirroring Remote port mirroring does not require the source and destination ports to be on the same device.

  • Page 588: Traffic Mirroring

    Operation Manual – Mirroring H3C S3100-52P Ethernet Switch Chapter 1 Mirroring Configuration Table 1-1 describes how the ports on various switches are involved in the mirroring operation. Table 1-1 Ports involved in the mirroring operation Switch Ports involved Function Port monitored. It copies packets to the Source port reflector port through local port mirroring.

  • Page 589: Mirroring Configuration

    Configuring Remote Port Mirroring Optional Note: On an S3100-52P Ethernet switch, only one destination port for local port mirroring and only one reflector port can be configured, and the two types of ports cannot both exist. 1.2.1 Configuring Local Port Mirroring I.

  • Page 590: Configuring Remote Port Mirroring

    1.2.2 Configuring Remote Port Mirroring Note: An S3100-52P Ethernet switch can serve as a source switch, an intermediate switch, or a destination switch in a remote port mirroring networking environment. I. Configuration on a switch acting as a source switch Configuration prerequisites The source port, the reflector port, and the remote-probe VLAN are determined.
  • Page 591 Operation Manual – Mirroring H3C S3100-52P Ethernet Switch Chapter 1 Mirroring Configuration To do… Use the command… Remarks Return to system view quit — Enter the view of the Ethernet port that interface interface-type connects to the — interface-number intermediate switch or...
  • Page 592 Required remote-probe-vlan-id remote-probe VLAN Note that an S3100-52P Ethernet switch acting as the intermediate switch in remote port mirroring networking does not support bidirectional packet mirroring (the both keyword). III. Configuration on a switch acting as a destination switch Configuration prerequisites The destination port and the remote-probe VLAN are determined.
  • Page 593 When configuring a destination switch, note that: An S3100-52P Ethernet switch acting as the destination switch in remote port mirroring networking does not support bidirectional packet mirroring (the both keyword). The destination port of remote port mirroring cannot be a member port of an existing mirroring group, a member port of an aggregation group, or a port enabled with LACP or STP.

  • Page 594: Displaying And Maintaining Port Mirroring

    } 1.4 Mirroring Configuration Examples 1.4.1 Local Port Mirroring Configuration Example I. Network requirements The departments of a company connect to each other through S3100-52P Ethernet switch: Research and Development (R&D) department is connected to Switch C through Ethernet 1/0/1.

  • Page 595: Remote Port Mirroring Configuration Example

    R&D department and the marketing department on the data detection device. 1.4.2 Remote Port Mirroring Configuration Example I. Network requirements The departments of a company connect to each other through S3100-52P Ethernet switch: Switch A, Switch B, and Switch C are S3100-52P switch.
  • Page 596 Operation Manual – Mirroring H3C S3100-52P Ethernet Switch Chapter 1 Mirroring Configuration On Switch A, create a remote source mirroring group, configure VLAN 10 as the remote-probe VLAN, ports Ethernet 1/0/1 and Ethernet 1/0/2 as the source ports, and port Ethernet 1/0/4 as the reflector port.
  • Page 597 Operation Manual – Mirroring H3C S3100-52P Ethernet Switch Chapter 1 Mirroring Configuration [Sysname] interface Ethernet 1/0/3 [Sysname-Ethernet1/0/3] port link-type trunk [Sysname-Ethernet1/0/3] port trunk permit vlan 10 [Sysname-Ethernet1/0/3] quit # Display configuration information about remote source mirroring group 1. [Sysname] display mirroring-group 1...
  • Page 598 Operation Manual – Mirroring H3C S3100-52P Ethernet Switch Chapter 1 Mirroring Configuration [Sysname] mirroring-group 1 monitor-port Ethernet 1/0/2 [Sysname] mirroring-group 1 remote-probe vlan 10 # Configure Ethernet 1/0/1 as the trunk port, allowing packets of VLAN 10 to pass. [Sysname] interface Ethernet 1/0/1...
  • Page 599 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 Stack ..........................1-1 1.1 Stack Function Overview ....................1-1 1.1.1 The Main Switch of a Stack..................1-1 1.1.2 The Slave Switches of a Stack................1-1 1.1.3 Creating a Stack......................

  • Page 600: Chapter 1 Stack

    The following are the phases undergone when a stack is created. Connect the intended main switch and slave switches through stack modules and dedicated stack cables. (Refer to H3C S3100-52P Ethernet Switch Installation Manual for the information about stack modules and stack cables.) Configure the IP address pool for the stack and enable the stack function.

  • Page 601: Main Switch Configuration

    Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 1 Stack When adding a switch joins in a stack, the main switch automatically assigns an IP address to it. The main switch automatically adds any switches that are newly connected to the stack through their stack ports to the stack.

  • Page 602: Switching To Slave Switch View

    IP address. Since both stack and cluster use the management VLAN and only one VLAN interface is available on the S3100-52P switch, stack and cluster must share the same management VLAN if you want to configure stack within a cluster.

  • Page 603: Slave Switch Configuration

    Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 1 Stack join-in requests to the connected stack ports of all the switches connected with the device. This may cause switches not expecting to join in the stack to join in the stack automatically, affecting network stability.

  • Page 604: Stack Configuration Example

    Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 1 Stack Table 1-4 Display and maintain stack configurations Operation Command Description Optional The display command can be executed in any view. When being executed with the members keyword not specified, this command...
  • Page 605 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 1 Stack II. Network diagram Figure 1-1 Network diagram for stack configuration III. Configuration procedure # Configure the IP address pool for the stack on Switch A. <Sysname> system-view [Sysname] stacking ip-pool 129.10.1.15 3 # Create the stack on switch A.
  • Page 606 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 1 Stack Member number: 1 Name:stack_1.Sysname Device: S3100-52P MAC Address: 000f-e200-3130 Member status:Up IP: 129.10.1.16/16 Member number: 2 Name:stack_2.Sysname Device: S3100-52P MAC Address: 000f-e200-3135 Member status:Up IP: 129.10.1.17/16 # Switch to Switch B (a slave switch).

  • Page 607: Chapter 2 Cluster

    Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster Chapter 2 Cluster When configuring cluster, go to these sections for information you are interested in: Cluster Overview Cluster Configuration Task List Displaying and Maintaining Cluster Configuration Cluster Configuration Examples 2.1 Cluster Overview...

  • Page 608: Roles In A Cluster

    Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster Figure 2-1 A cluster implementation HGMP V2 has the following advantages: It eases the configuration and management of multiple switches: You just need to configure a public IP address for the management device instead of for all the devices in the cluster;...
  • Page 609 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster Table 2-1 Description on cluster roles Role Configuration Function Provides an interface for managing all the switches in a cluster Manages member devices through command redirection, that is, it forwards the commands intended for specific member devices.

  • Page 610: How A Cluster Works

    Note: After you create a cluster on an S3100-52P switch, the switch collects the network topology information periodically and adds the candidate switches it finds to the cluster. The interval for a management device to collect network topology information is determined by the NTDP timer.
  • Page 611 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster neighbor information: device type, software/hardware version, and connecting port. In addition, it may provide the following neighbor information: device ID, port full/half duplex mode, product version, the Boot ROM version and so on.
  • Page 612 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster When an NTDP topology collection request is propagated in the network, it is received and forwarded by large numbers of network devices, which may cause network congestion and the management device busy processing of the NTDP topology collection responses.
  • Page 613 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster Before performing any cluster-related configuration task, you need to enable the cluster function first. Note: On the management device, you need to enable the cluster function and configure cluster parameters. On the member/candidate devices, however, you only need to enable the cluster function so that they can be managed by the management device.
  • Page 614 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster The management device and the member devices exchange handshake packets periodically. Note that the handshake packets exchanged keep the states of the member devices to be Active and are not responded.
  • Page 615 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster Cluster management requires the packets of the management VLAN be permitted on ports connecting the management device and the member/candidate devices. Therefore: If the packets of management VLAN are not permitted on a candidate device port connecting to the management device, the candidate device cannot be added to the cluster.

  • Page 616: Cluster Configuration Task List

    Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster If you specify a destination IP address in the tracemac command, the switch will query its local ARP address table according to the IP address to find out the corresponding MAC address and VLAN ID.

  • Page 617: Configuring The Management Device

    Note: To reduce the risk of being attacked by malicious users against opened socket and enhance switch security, the S3100-52P Ethernet switch provide the following functions, so that a cluster socket is opened only when it is needed: Opening UDP port 40000 (used for cluster) only when the cluster function is implemented, Closing UDP port 40000 at the same time when the cluster function is closed.
  • Page 618 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster II. Enabling NDP globally and on specific ports Follow these steps to enable NDP globally and on specific ports: To do… Use the command… Remarks Enter system view system-view —...
  • Page 619 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster To do… Use the command… Remarks Required Enable NTDP on the ntdp enable Ethernet port Enabled by default V. Configuring NTDP-related parameters Follow these steps to configure NTDP-related parameters: To do…...
  • Page 620 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster VII. Configuring cluster parameters The establishment of a cluster and the related configuration can be accomplished in manual mode or automatic mode, as described below. Establishing a cluster and configuring cluster parameters in manual mode...
  • Page 621 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster To do… Use the command… Remarks ip-pool Configure the IP address administrator-ip-address Required range for the cluster { ip-mask | ip-mask-length } Required Start automatic cluster auto-build [ recover ]...

  • Page 622: Configuring Member Devices

    Note: To reduce the risk of being attacked by malicious users against opened socket and enhance switch security, the S3100-52P Ethernet switch provides the following functions, so that a cluster socket is opened only when it is needed: Opening UDP port 40000 (used for cluster) only when the cluster function is implemented, Closing UDP port 40000 at the same time when the cluster function is closed.
  • Page 623 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster To do… Use the command… Remarks Enter system view system-view — Enable NDP globally ndp enable Required In system view ndp enable interface port-list Enter Enable interface interface-type Required...

  • Page 624: Managing A Cluster Through The Management Device

    Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster V. Accessing the shared FTP/TFTP server from a member device Follow these steps to access the shared FTP/TFTP server from a member device: To do… Use the command… Remarks...

  • Page 625: Configuring The Enhanced Cluster Features

    Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster To do… Use the command… Remarks Optional Configure the MAC administrator-address address of the By default, a switch does mac-address name name management device not belong to any cluster.
  • Page 626 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster II. Configuring the enhanced cluster features Complete the following tasks to configure the enhanced cluster feature: Task Remarks Configuring cluster topology management function Required Configuring cluster device blacklist Required III.
  • Page 627 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster To do… Use the command… Remarks Display the detailed display ntdp single-device information about a single mac-address mac-address device display cluster current-topology [ mac-address mac-address1 Display the topology of...

  • Page 628: Displaying And Maintaining Cluster Configuration

    2.4 Cluster Configuration Examples 2.4.1 Basic Cluster Configuration Example I. Network requirements Three switches compose a cluster, where: An S3100-52P switch serves as the management device. The rest are member devices. 2-22...
  • Page 629 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster Serving as the management device, the S3100-52P switch manages the two member devices. The configuration for the cluster is as follows: The two member devices connect to the management device through Ethernet 1/0/2 and Ethernet 1/0/3.
  • Page 630 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster [Sysname-Ethernet1/0/1] quit # Enable the cluster function. [Sysname] cluster enable Configure the management device # Add port Ethernet 1/0/1 to VLAN 2. <Sysname> system-view [Sysname] vlan 2 [Sysname-vlan2] port Ethernet 1/0/1 [Sysname-vlan2] quit # Disable NDP and NTDP on the uplink port Ethernet 1/0/1.
  • Page 631 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster [Sysname-Ethernet1/0/3] ntdp enable [Sysname-Ethernet1/0/3] quit # Set the topology collection range to 2 hops. [Sysname] ntdp hop 2 # Set the delay for a member device to forward topology collection requests to 150 ms.

  • Page 632: Enhanced Cluster Feature Configuration Example

    Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster Perform the following operations on the member devices (taking one member as an example) After adding the devices under the management device to the cluster, perform the following operations on a member device.
  • Page 633 Operation Manual – Stack-Cluster H3C S3100-52P Ethernet Switch Chapter 2 Cluster II. Network diagram Figure 2-5 Network diagram for the enhanced cluster feature configuration III. Configuration procedure # Enter cluster view. <aaa_0.Sysname> system-view [aaa_0.Sysname] cluster # Add the MAC address 0001-2034-a0e5 to the cluster blacklist.
  • Page 634 Operation Manual – SNMP-RMON H3C S3100-52P Ethernet switch Table of Contents Table of Contents Chapter 1 SNMP Configuration....................1-1 1.1 SNMP Overview......................... 1-1 1.1.1 SNMP Operation Mechanism.................. 1-1 1.1.2 SNMP Versions ....................... 1-2 1.1.3 Supported MIBs....................... 1-2 1.2 Configuring Basic SNMP Functions................... 1-3 1.3 Configuring Trap-Related Functions..................

  • Page 635: Chapter 1 Snmp Configuration

    Operation Manual – SNMP-RMON H3C S3100-52P Ethernet switch Chapter 1 SNMP Configuration Chapter 1 SNMP Configuration When configuring SNMP, go to these sections for information you are interested in: SNMP Overview Configuring Basic SNMP Functions Configuring Trap-Related Functions Enabling Logging for Network Management...

  • Page 636: Snmp Versions

    Operation Manual – SNMP-RMON H3C S3100-52P Ethernet switch Chapter 1 SNMP Configuration An NMS can send GetRequest, GetNextRequest and SetRequest messages to the agents. Upon receiving the requests from the NMS, an agent performs Read or Write operation on the managed object (MIB, Management Information Base) according to the message types, generates the corresponding Response packets and returns them to the NMS.

  • Page 637: Configuring Basic Snmp Functions

    Operation Manual – SNMP-RMON H3C S3100-52P Ethernet switch Chapter 1 SNMP Configuration MIB describes the hierarchical architecture of the tree and it is the set defined by the standard variables of the monitored network devices. In the above figure, the managed object B can be uniquely identified by a string of numbers {1.2.1.1}.
  • Page 638 Operation Manual – SNMP-RMON H3C S3100-52P Ethernet switch Chapter 1 SNMP Configuration To do… Use the command… Remarks Enter system view system-view — Optional Disabled by default. You can enable SNMP agent by executing Enable SNMP agent snmp-agent this command or any...
  • Page 639 Operation Manual – SNMP-RMON H3C S3100-52P Ethernet switch Chapter 1 SNMP Configuration To do… Use the command… Remarks Optional snmp-agent mib-view Create/Update the view { included | excluded } By default, the view information view-name oid-tree name is ViewDefault [ mask mask-value ] and OID is 1.

  • Page 640: Configuring Trap-Related Functions

    ViewDefault and OID is 1. mask-value ] Note: An S3100-52P Ethernet switch provides the following functions to prevent attacks through unused UDP ports. Executing the snmp-agent command or any of the commands used to configure SNMP agent enables the SNMP agent, and at the same opens UDP port 161 used by SNMP agents and the UDP port used by SNMP trap respectively.

  • Page 641: Configuring Extended Trap Function

    Operation Manual – SNMP-RMON H3C S3100-52P Ethernet switch Chapter 1 SNMP Configuration Follow these steps to configure basic trap function: To do… Use the command… Remarks Enter system view system-view — snmp-agent trap enable [ configuration | flash | standard [...

  • Page 642: Enabling Logging For Network Management

    Operation Manual – SNMP-RMON H3C S3100-52P Ethernet switch Chapter 1 SNMP Configuration Follow these steps to configure extended trap function: To do… Use the command… Remarks Enter system view system-view — Optional By default, the Configure the extended snmp-agent trap...

  • Page 643: Displaying Snmp

    Operation Manual – SNMP-RMON H3C S3100-52P Ethernet switch Chapter 1 SNMP Configuration 1.5 Displaying SNMP To do… Use the command… Remarks Display the SNMP display snmp-agent sys-info information about the [ contact | location | version ]* current device Display SNMP packet...
  • Page 644 Operation Manual – SNMP-RMON H3C S3100-52P Ethernet switch Chapter 1 SNMP Configuration II. Network diagram Figure 1-2 Network diagram for SNMP configuration III. Network procedure # Enable SNMP agent, and set the SNMPv1 and SNMPv2c community names. <Sysname> system-view [Sysname] snmp-agent...
  • Page 645 IV. Configuring the NMS The S3100-52P Ethernet switch support H3C’s QuidView NMS. SNMPv3 adopts user name and password authentication. When you use H3C’s QuidView NMS, you need to set user names and choose the security level in [Quidview Authentication Parameter].

  • Page 646: Chapter 2 Rmon Configuration

    Operation Manual – SNMP-RMON H3C S3100-52P Ethernet switch Chapter 2 RMON Configuration Chapter 2 RMON Configuration When configuring RMON, go to these sections for information you are interested in: Introduction to RMON RMON Configuration Displaying RMON RMON Configuration Example 2.1 Introduction to RMON Remote Monitoring (RMON) is a kind of MIB defined by Internet Engineering Task Force (IETF).

  • Page 647: Commonly Used Rmon Groups

    (instead of all the information in the RMON MIB): alarm group, event group, history group, and statistics group. An H3C S3100-52P Ethernet switch implements RMON in the second way. With an RMON agent embedded in, an S3100-52P Ethernet switch can serve as a network device with the RMON probe function.

  • Page 648: Rmon Configuration

    Operation Manual – SNMP-RMON H3C S3100-52P Ethernet switch Chapter 2 RMON Configuration III. Extended alarm group With extended alarm entry, you can perform operations on the samples of alarm variables and then compare the operation results with the thresholds, thus implement more flexible alarm functions.
  • Page 649 Operation Manual – SNMP-RMON H3C S3100-52P Ethernet switch Chapter 2 RMON Configuration Follow these steps to configure RMON: To do… Use the command… Remarks Enter system system-view — view rmon event event-entry [ description string ] { log | trap...

  • Page 650: Displaying Rmon

    Operation Manual – SNMP-RMON H3C S3100-52P Ethernet switch Chapter 2 RMON Configuration 2.3 Displaying RMON To do… Use the command… Remarks display rmon statistics [ interface-type Display RMON statistics interface-number | unit unit-number ] Display RMON history display rmon history [ interface-type...
  • Page 651 Operation Manual – SNMP-RMON H3C S3100-52P Ethernet switch Chapter 2 RMON Configuration [Sysname] rmon event 1 log [Sysname] rmon event 2 trap 10.21.30.55 # Add an entry numbered 2 to the extended alarm table to allow the system to calculate the alarm variables with the (.1.3.6.1.2.1.16.1.1.1.9.1+.1.3.6.1.2.1.16.1.1.1.10.1)
  • Page 652 Operation Manual – NTP H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 NTP Configuration ....................... 1-1 1.1 Introduction to NTP......................1-1 1.1.1 Applications of NTP....................1-1 1.1.2 Implementation Principle of NTP................1-2 1.1.3 NTP Implementation Modes..................1-4 1.2 NTP Configuration Task List....................

  • Page 653: Chapter 1 Ntp Configuration

    Operation Manual – NTP H3C S3100-52P Ethernet Switch Chapter 1 NTP Configuration Chapter 1 NTP Configuration When configuring NTP, go to these sections for information you are interested in: Introduction to NTP NTP Configuration Task List Configuring NTP Implementation Modes...

  • Page 654: Implementation Principle Of Ntp

    A stratum 16 clock is in the unsynchronized state and cannot serve as a reference clock. The local clock of an S3100-52P Ethernet switch cannot be set as a reference clock. It can serve as a reference clock source to synchronize the clock of other devices only after it is synchronized.
  • Page 655 Operation Manual – NTP H3C S3100-52P Ethernet Switch Chapter 1 NTP Configuration NTP message 10:00:00 am IP network Device A Device B NTP message 10:00:00 am 11:00:01 am IP network Device B Device A NTP message 10:00:00 am 11:00:01 am...

  • Page 656: Ntp Implementation Modes

    Synchronize each other Figure 1-3 Symmetric peer mode In the symmetric peer mode, the local S3100-52P Ethernet switch serves as the symmetric-active peer and sends clock synchronization request first, while the remote server serves as the symmetric-passive peer automatically. If both of the peers have reference clocks, the one with a smaller stratum number is...
  • Page 657 Figure 1-4 Broadcast mode IV. Multicast mode Figure 1-5 Multicast mode Table 1-1 describes how the above mentioned NTP modes are implemented on an H3C S3100-52P Ethernet Switch. Table 1-1 NTP implementation modes on an H3C S3100-52P Ethernet Switch NTP implementation...

  • Page 658: Ntp Configuration Task List

    The NTP server mode, NTP broadcast mode, or NTP multicast mode takes effect only after the local clock of the H3C S3100-52P Ethernet switch has been synchronized. When symmetric peer mode is configured on two Ethernet switches, to synchronize the clock of the two switches, make sure at least one switch’s clock has been...

  • Page 659: Configuring Ntp Implementation Modes

    H3C S3100-52P Ethernet Switch Chapter 1 NTP Configuration 1.3 Configuring NTP Implementation Modes An S3100-52P Ethernet switch can work in one of the following NTP modes: Configuring NTP Server/Client Mode Configuring the NTP Symmetric Peer Mode Configuring NTP Broadcast Mode...

  • Page 660: Configuring The Ntp Symmetric Peer Mode

    Operation Manual – NTP H3C S3100-52P Ethernet Switch Chapter 1 NTP Configuration Note: The remote server specified by remote-ip or server-name serves as the NTP server, and the local switch serves as the NTP client. The clock of the NTP client will be synchronized by but will not synchronize that of the NTP server.

  • Page 661: Configuring Ntp Broadcast Mode

    255.255.255.255. The switches working in the NTP broadcast client mode will respond to the NTP messages, so as to start the clock synchronization. An H3C S3100-52P Ethernet switch can work as a broadcast server or a broadcast client.

  • Page 662: Configuring Ntp Multicast Mode

    The switches working in the NTP multicast client mode will respond to the NTP messages, so as to start the clock synchronization. An H3C S3100-52P Ethernet switch can work as a multicast server or a multicast client. Refer to for configuring a switch to work in the NTP multicast server mode.

  • Page 663: Configuring Access Control Right

    A multicast server can synchronize multicast clients only after its clock has been synchronized. An S3100-52P switch working in the multicast server mode supports up to 1,024 multicast clients. I. Configuring a switch to work in the multicast server mode Follow these steps to configure a switch to work in the NTP multicast server mode: To do…...

  • Page 664: Configuration Prerequisites

    Operation Manual – NTP H3C S3100-52P Ethernet Switch Chapter 1 NTP Configuration synchronization: Synchronization right. This level of right permits the peer device to synchronize its clock to the local switch but does not permit the peer device to perform control query.

  • Page 665: Configuration Prerequisites

    Operation Manual – NTP H3C S3100-52P Ethernet Switch Chapter 1 NTP Configuration authentication. This improves network security. Table 1-2 shows the roles of devices in the NTP authentication function. Table 1-2 Description on the roles of devices in NTP authentication function...

  • Page 666: Configuration Procedure

    Operation Manual – NTP H3C S3100-52P Ethernet Switch Chapter 1 NTP Configuration 1.5.2 Configuration Procedure I. Configuring NTP authentication on the client Follow these steps to configure NTP authentication on the client: To do… Use the command… Remarks Enter system view system-view —...

  • Page 667: Configuring Optional Ntp Parameters

    Operation Manual – NTP H3C S3100-52P Ethernet Switch Chapter 1 NTP Configuration To do… Use the command… Remarks ntp-service Required authentication-keyid Configure an NTP By default, no NTP key-id authentication key authentication key is authentication-mode md5 configured. value Required ntp-service reliable...

  • Page 668: Configuring An Interface On The Local Switch To Send Ntp Messages

    Operation Manual – NTP H3C S3100-52P Ethernet Switch Chapter 1 NTP Configuration Task Remarks Configuring an Interface on the Local Switch to Send NTP Optional Messages Configuring the Number of Dynamic Sessions Allowed on the Local Optional Switch Disabling an Interface from Receiving NTP Messages Optional 1.6.1 Configuring an Interface on the Local Switch to Send NTP Messages...

  • Page 669: Disabling An Interface From Receiving Ntp Messages

    Operation Manual – NTP H3C S3100-52P Ethernet Switch Chapter 1 NTP Configuration Follow these steps to configure the number of dynamic sessions allowed on the local switch: To do… Use the command… Remarks Enter system view — system-view Configure the maximum...

  • Page 670: Configuration Examples

    The local clock of Device A (a switch) is to be used as a master clock, with the stratum level of 2. Device A is used as the NTP server of Device B (an S3100-52P Ethernet switch) Configure Device B to work in the client mode, and then Device A will automatically work in the server mode.

  • Page 671: Configuring Ntp Symmetric Peer Mode

    The local clock of Device A is set as the NTP master clock, with the clock stratum level of 2. Device C (an S3100-52P Ethernet switch) uses Device A as the NTP server, and Device A works in server mode automatically.
  • Page 672 Operation Manual – NTP H3C S3100-52P Ethernet Switch Chapter 1 NTP Configuration II. Network diagram Device A 3.0.1.31/24 3.0.1.32/24 3.0.1.33/24 Device B Device C Figure 1-7 Network diagram for NTP peer mode configuration III. Configuration procedure Configure Device C. # Set Device A as the NTP server.

  • Page 673: Configuring Ntp Broadcast Mode

    2. Configure Device C to work in the NTP broadcast server mode and send NTP broadcast messages through VLAN-interface 2. Device A and Device D are two S3100-52P Ethernet switches. Configure Device A and Device D to work in the NTP broadcast client mode and listen to broadcast messages through their own VLAN-interface 2.
  • Page 674 Operation Manual – NTP H3C S3100-52P Ethernet Switch Chapter 1 NTP Configuration # Enter system view. <DeviceC> system-view # Set Device C as the broadcast server, which sends broadcast messages through VLAN-interface 2. [DeviceC] interface Vlan-interface 2 [DeviceC-Vlan-interface2] ntp-service broadcast-server Configure Device A.

  • Page 675: Configuring Ntp Multicast Mode

    2. Configure Device C to work in the NTP multicast server mode and advertise multicast NTP messages through VLAN-interface 2. Device A and Device D are two S3100-52P Ethernet switches. Configure Device A and Device D to work in the NTP multicast client mode and listen to multicast messages through their own VLAN-interface 2.

  • Page 676: Configuring Ntp Server/Client Mode With Authentication

    Operation Manual – NTP H3C S3100-52P Ethernet Switch Chapter 1 NTP Configuration # Set Device A as a multicast client to listen to multicast messages through VLAN-interface 2. [DeviceA] interface Vlan-interface 2 [DeviceA-Vlan-interface2] ntp-service multicast-client After the above configurations, Device A and Device D respectively listen to multicast messages through their own VLAN-interface 2, and Device C advertises multicast messages through VLAN-interface 2.
  • Page 677 H3C S3100-52P Ethernet Switch Chapter 1 NTP Configuration Device B is an S3100-52P Ethernet switch and uses Device A as the NTP server. Device B is set to work in client mode, while Device A works in server mode automatically.
  • Page 678 Operation Manual – NTP H3C S3100-52P Ethernet Switch Chapter 1 NTP Configuration # Specify the key 42 as a trusted key. [DeviceA] ntp-service reliable authentication-keyid 42 (After the above configurations, the clock of Device B can be synchronized to that of Device A.) View the status of Device B after synchronization.
  • Page 679 Operation Manual – SSH H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 SSH Configuration....................... 1-1 1.1 SSH Overview........................1-1 1.1.1 Introduction to SSH ....................1-1 1.1.2 Algorithm and Key....................1-2 1.1.3 Asymmetric Key Algorithm ..................1-2 1.1.4 SSH Operating Process ..................

  • Page 680: Chapter 1 Ssh Configuration

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Chapter 1 SSH Configuration Note: The DSA algorithm is newly added in SSH configuration. Click the following links for related information: Generating/Destroying Key Pairs Creating an SSH User and Specifying an Authentication Type...

  • Page 681: Algorithm And Key

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Caution: Currently, the device that serves as an SSH server supports two SSH versions: SSH2 and SSH1, and the device that serves as an SSH client supports only SSH2.

  • Page 682: Ssh Operating Process

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Note: Currently, SSH supports both RSA and DSA. 1.1.4 SSH Operating Process The session establishment between an SSH client and the SSH server involves the following five stages:...
  • Page 683 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Note: All the packets above are transferred in plain text. II. Key negotiation The server and the client send algorithm negotiation packets to each other, which contain public key algorithm lists supported by the server and the client, encrypted algorithm list, message authentication code (MAC) algorithm list, and compressed algorithm list.

  • Page 684: Ssh Server And Client Configuration Task List

    The H3C switch acts as the SSH server to cooperate with software that supports the SSH client functions. The H3C switch acts as the SSH server to cooperate with another H3C switch that acts as an SSH client. Complete the following tasks to configure the SSH server and clients:...

  • Page 685: Configuring The Ssh Server

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration 1.3 Configuring the SSH Server The session establishment between an SSH client and the SSH server involves five stages. Similarly, SSH server configuration involves five aspects, as shown in the following table.

  • Page 686: Configuring The User Interfaces For Ssh Clients

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Note: The SSH server needs to cooperate with an SSH client to complete the interactions between them. For SSH client configuration, refer to Configuring the SSH Client. 1.3.1 Configuring the User Interfaces for SSH Clients An SSH client accesses the device through a VTY user interface.

  • Page 687: Configuring The Ssh Management Functions

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration 1.3.2 Configuring the SSH Management Functions The SSH server provides a number of management functions. Some functions can prevent illegal operations such as malicious password guess, further guaranteeing the security of SSH connections.

  • Page 688: Configuring The Ssh Server To Be Compatible With Ssh1 Clients

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration 1.3.3 Configuring the SSH Server to Be Compatible with SSH1 Clients Follow these steps to configure the SSH server to be compatible with SSH1 clients: To do... Use the command...

  • Page 689: Creating An Ssh User And Specifying An Authentication Type

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Note: The SSH server’s key pairs are for generating session keys and for SSH clients to authenticate the server. As different clients may support different public key algorithms, the server may use different key pair for negotiation with different clients.

  • Page 690: Specifying A Service Type For An Ssh User

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Caution: For password authentication type, the username argument must be consistent with the valid user name defined in AAA; for publickey authentication, the username argument is the SSH local user name, so that there is no need to configure a local user in AAA.

  • Page 691: Configuring The Public Key Of A Client On The Server

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Caution: If the ssh user service-type command is executed with a username that does not exist, the system will automatically create the SSH user. However, the user cannot log in unless you specify an authentication type for it.

  • Page 692: Assigning A Public Key To An Ssh User

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration To do... Use the command... Remarks Return to public key view — public-key-code end from public key edit view Exit public key view and peer-public-key end — return to system view Table 1-9 Follow these steps to import the RSA public key from a public key file: To do...

  • Page 693: Configuring The Ssh Client

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Table 1-11 Follow these steps to export the RSA public key: To do... Use the command... Remarks Enter system view system-view — Display the RSA key on the...

  • Page 694: Configuring An Ssh Client That Runs Ssh Client Software

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration SSH client configuration task Scenario For a client running For a client assumed by an SSH client software SSH2-capable switch Whether Configuring an SSH Client first-authentication — Assumed by an SSH2-Capable...
  • Page 695 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration The following takes the client software of PuTTY Version 0.58 as an example to illustrate how to configure the SSH client: I. Generating a client key To generate a client key, run PuTTYGen.exe, and select from the Parameters area the type of key you want to generate, either SSH-2 RSA or SSH-2 DSA, then click Generate.
  • Page 696 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Figure 1-3 Generate the client keys (2) After the key pair is generated, click Save public key and enter the name of the file for saving the public key (public in this case) to save the public key.
  • Page 697 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Figure 1-4 Generate the client keys (3) Likewise, to save the private key, click Save private key. A warning window pops up to prompt you whether to save the private key without any precaution. Click Yes and enter the name of the file for saving the private key (“private”...
  • Page 698 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Figure 1-6 Generate the client keys (5) II. Specifying the IP address of the Server Launch PuTTY.exe. The following window appears. 1-19...
  • Page 699 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Figure 1-7 SSH client configuration interface 1 In the Host Name (or IP address) text box, enter the IP address of the server. Note that there must be a route available between the IP address of the server and the client.
  • Page 700 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Figure 1-8 SSH client configuration interface 2 Under Protocol options, select 2 from Preferred SSH protocol version. Note: Some SSH client software, for example, Tectia client software, supports the DES algorithm only when the ssh1 version is selected.

  • Page 701: Configuring An Ssh Client Assumed By An Ssh2-Capable Switch

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration From the category on the left of the window, select Connection/SSH/Auth. The following window appears. Figure 1-9 SSH client configuration interface 3 Click Browse… to bring up the file selection window, navigate to the private key file and click Open.
  • Page 702 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Task Remarks Establishing the connection between the Required SSH client and server I. Configuring the SSH client for publickey authentication When the authentication mode is publickey, you need to configure the RSA or DSA...
  • Page 703 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Table 1-16 Follow these steps to disable first-time authentication support: To do... Use the command... Remarks — Enter system view system-view Required Disable first-time undo ssh client By default, the client is...
  • Page 704 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Table 1-18 Follow these steps to establish an SSH connection: To do... Use the command... Remarks — Enter system view system-view Required In this command, you can also...

  • Page 705: Displaying And Maintaining Ssh Configuration

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration 1.5 Displaying and Maintaining SSH Configuration To do... Use the command... Remarks Display the public key part of the display public-key local { dsa current switch’s key pairs...

  • Page 706: Ssh Configuration Examples

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Operation Original commands Current commands rsa peer-public-key Import RSA public key public-key peer keyname keyname import sshkey from public key file import sshkey filename filename Specify publickey authentication as the...
  • Page 707 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration II. Network diagram Figure 1-10 Switch acts as server for local password authentication III. Configuration procedure Configure the SSH server # Create a VLAN interface on the switch and assign an IP address, which the SSH client will use as the destination for SSH connection.
  • Page 708 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Configure the SSH client # Configure an IP address (192.168.0.2 in this case) for the SSH client. This IP address and that of the VLAN interface on the switch must be in the same network segment.

  • Page 709: When Switch Acts As Server For Password And Radius Authentication

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Figure 1-12 SSH client configuration interface 2 Under Protocol options, select 2 from Preferred SSH protocol version. As shown in Figure 1-12, click Open. If the connection is normal, you will be prompted to enter the user name client001 and password abc.
  • Page 710 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration II. Network diagram Figure 1-13 Switch acts as server for password and RADIUS authentication III. Configuration procedure Configure the RADIUS server Note: This document takes CAMS Version 2.10 as an example to show the basic RADIUS server configurations required.
  • Page 711 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Figure 1-14 Add an access device # Add a user for device management. From the navigation tree, select User Management > User for Device Management, and then in the right pane, click Add to enter the Add Account window and perform the following configurations: Add a user named hello, and specify the password.
  • Page 712 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit Caution: Generating the RSA and DSA key pairs on the server is prerequisite to SSH login. # Generate RSA and DSA key pairs.
  • Page 713 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Run PuTTY.exe to enter the following configuration interface. Figure 1-16 SSH client configuration interface (1) In the Host Name (or IP address) text box, enter the IP address of the SSH server.

  • Page 714: When Switch Acts As Server For Password And Hwtacacs Authentication

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Figure 1-17 SSH client configuration interface (2) Under Protocol options, select 2 from Preferred SSH protocol version. Then, click Open. If the connection is normal, you will be prompted to enter the user name hello and the password.
  • Page 715 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration II. Network diagram HWTACACS server 10.1.1.1/24 Vlan-int2 192.168.1.70/24 Internet SSH user Switch Figure 1-18 Switch acts as server for password and HWTACACS authentication III. Configuration procedure Configure the SSH server # Create a VLAN interface on the switch and assign it an IP address.
  • Page 716 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration [Switch-hwtacacs-hwtac] primary authorization 10.1.1.1 49 [Switch-hwtacacs-hwtac] key authentication expert [Switch-hwtacacs-hwtac] key authorization expert [Switch-hwtacacs-hwtac] user-name-format without-domain [Switch-hwtacacs-hwtac] quit # Apply the scheme to the ISP domain. [Switch] domain bbb...

  • Page 717: When Switch Acts As Server For Publickey Authentication

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Figure 1-20 SSH client configuration interface (2) Under Protocol options, select 2 from Preferred SSH protocol version. Then, click Open. If the connection is normal, you will be prompted to enter the user name client001 and the password.
  • Page 718 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration III. Configuration procedure Note: Under the publickey authentication mode, either the RSA or DSA public key can be generated for the server to authenticate the client. Here takes the RSA public key as an example.
  • Page 719 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Note: Before performing the following steps, you must generate an RSA public key pair (using the client software) on the client, save the key pair in a file named public, and then upload the file to the SSH server through FTP or TFTP.
  • Page 720 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Note: While generating the key pair, you must move the mouse continuously and keep the mouse off the green process bar shown in Figure 1-23. Otherwise, the process bar stops moving and the key pair generating process is stopped.
  • Page 721 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Figure 1-24 Generate a client key pair (3) Likewise, to save the private key, click Save private key. A warning window pops up to prompt you whether to save the private key without any protection. Click Yes and enter the name of the file for saving the private key (private.ppk in this case).
  • Page 722 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration # Establish a connection with the SSH server Launch PuTTY.exe to enter the following interface. Figure 1-26 SSH client configuration interface 1 In the Host Name (or IP address) text box, enter the IP address of the server.
  • Page 723 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Figure 1-27 SSH client configuration interface 2 Under Protocol options, select 2 from Preferred SSH protocol version. Select Connection/SSH/Auth. The following window appears. 1-44...

  • Page 724: When Switch Acts As Client For Password Authentication

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Figure 1-28 SSH client configuration interface (2) Click Browse… to bring up the file selection window, navigate to the private key file and click OK. From the window shown in Figure 1-28, click Open.
  • Page 725 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration III. Configuration procedure Configure Switch B # Create a VLAN interface on the switch and assign an IP address, which the SSH client will use as the destination for SSH connection.

  • Page 726: When Switch Acts As Client For Publickey Authentication

    The Server is not authenticated. Do you continue to access it?(Y/N):y Do you want to save the server's public key?(Y/N):n Enter password: ************************************************************************** * Copyright(c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ************************************************************************** <SwitchB>...
  • Page 727 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration Configure Switch B # Create a VLAN interface on the switch and assign an IP address, which the SSH client will use as the destination for SSH connection.
  • Page 728 The Server is not authenticated. Do you continue to access it?(Y/N):y Do you want to save the server's public key?(Y/N):n ************************************************************************** * Copyright(c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.

  • Page 729: When Switch Acts As Client And First-Time Authentication Is Not Supported

    Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration 1.7.7 When Switch Acts as Client and First-Time Authentication is not Supported I. Network requirements As shown in Figure 1-31, establish an SSH connection between Switch A (SSH Client) and Switch B (SSH Server) for secure data exchange.
  • Page 730 Operation Manual – SSH H3C S3100-52P Ethernet Switch Chapter 1 SSH Configuration [SwitchB-ui-vty0-4] user privilege level 3 [SwitchB-ui-vty0-4] quit # Specify the authentication type for user client001 as publickey. [SwitchB] ssh user client001 authentication-type publickey Note: Before doing the following steps, you must first generate a DSA key pair on the client and save the key pair in a file named Switch001, and then upload the file to the SSH server through FTP or TFTP.
  • Page 731 Trying 10.165.87.136 ... Press CTRL+K to abort Connected to 10.165.87.136 ... ************************************************************************** * Copyright(c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ************************************************************************** <SwitchB>...
  • Page 732 Operation Manual – File System Management H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 File System Management Configuration ..............1-1 1.1 File System Configuration....................1-1 1.1.1 Introduction to File System..................1-1 1.1.2 File System Configuration Tasks ................1-1 1.1.3 Directory Operations ....................

  • Page 733: Chapter 1 File System Management Configuration

    1.1 File System Configuration 1.1.1 Introduction to File System To facilitate management on the switch memory, S3100-52P Ethernet switches provide the file system function, allowing you to access and manage the files and directories. You can create, remove, copy or delete a file through command lines, and you can manage files using directories.

  • Page 734: Directory Operations

    H3C S3100-52P Ethernet Switch Chapter 1 File System Management Configuration Note: S3100-52P Ethernet switches allow you to input a file path and file name in one of the following ways: In universal resource locator (URL) format and starting with “unit1>flash:/”. or “flash:/”...
  • Page 735 Operation Manual – File System Management H3C S3100-52P Ethernet Switch Chapter 1 File System Management Configuration Perform the following configuration in user view. Note that the execute command should be executed in system view. Table 1-3 File operations To do…...

  • Page 736: Flash Memory Operations

    Operation Manual – File System Management H3C S3100-52P Ethernet Switch Chapter 1 File System Management Configuration Caution: For deleted files whose names are the same, only the latest deleted file is kept in the recycle bin and can be restored.

  • Page 737: File System Configuration Example

    Operation Manual – File System Management H3C S3100-52P Ethernet Switch Chapter 1 File System Management Configuration Table 1-5 Configuration on prompt mode of file system To do… Use the command… Remarks Enter system view system-view — Required Configure the prompt...

  • Page 738: File Attribute Configuration

    Operation Manual – File System Management H3C S3100-52P Ethernet Switch Chapter 1 File System Management Configuration drw- Apr 04 2000 23:04:21 test 7239 KB total (3585 KB free) (*) -with main attribute (b) -with backup attribute (*b) -with both main and backup attribute <Sysname>...

  • Page 739: Booting With The Startup File

    The device selects the main startup file as the preferred startup file. If the device fails to boot with the main startup file, it boots with the backup startup file. For the Web file and configuration file, Hangzhou H3C Technologies Co., Ltd (referred to as H3C hereinafter) may provide corresponding default file when releasing software versions.

  • Page 740: Configuring File Attributes

    Operation Manual – File System Management H3C S3100-52P Ethernet Switch Chapter 1 File System Management Configuration 1.2.3 Configuring File Attributes You can configure and view the main attribute or backup attribute of the startup file used for the next startup of a switch, and change the main or backup attribute of the file.
  • Page 741 Operation Manual – File System Management H3C S3100-52P Ethernet Switch Chapter 1 File System Management Configuration Caution: The configuration of the main or backup attribute of a Web file takes effect immediately without restarting the switch. After upgrading a Web file, you need to specify the new Web file in the Boot menu after restarting the switch or specify a new Web file by using the boot web-package command.
  • Page 742 Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 FTP and SFTP Configuration..................1-1 1.1 Introduction to FTP and SFTP ................... 1-1 1.1.1 Introduction to FTP....................1-1 1.1.2 Introduction to SFTP ....................1-2 1.2 FTP Configuration......................

  • Page 743: Chapter 1 Ftp And Sftp Configuration

    FTP-based file transmission is performed in the following two modes: Binary mode for program file transfer ASCII mode for text file transfer An H3C S3100-52P Ethernet switch can act as an FTP client or the FTP server in FTP-employed data transmission:...

  • Page 744: Introduction To Sftp

    Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 1 FTP and SFTP Configuration Table 1-1 Roles that an H3C S3100-52P Ethernet switch acts as in FTP Item Description Remarks An Ethernet switch can operate as an FTP server to provide file transmission services for FTP clients.

  • Page 745: Ftp Configuration: A Switch Operating As An Ftp Server

    Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 1 FTP and SFTP Configuration Task Remarks Creating an FTP user Required Enabling an FTP server Required Configuring connection idle time Optional FTP Configuration: A Specifying the source interface and Optional...
  • Page 746 Disabled by default. Note: Only one user can access an H3C S3100-52P Ethernet switch at a given time when the latter operates as an FTP server. Operating as an FTP server, an H3C S3100-52P Ethernet switch cannot receive a file whose size exceeds its storage space.
  • Page 747 Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 1 FTP and SFTP Configuration IV. Specifying the source interface and source IP address for an FTP server You can specify the source interface and source IP address for an FTP server to enhance server security.
  • Page 748 FTP server Note: With an H3C S3100-52P Ethernet switch acting as the FTP server, if a network administrator attempts to disconnect a user that is uploading/downloading data to/from the FTP server the S3100-52P Ethernet switch will disconnect the user after the data transmission is completed.
  • Page 749 Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 1 FTP and SFTP Configuration Figure 1-3 Process of displaying a shell banner Follow these steps to configure the banner display for an FTP server: To do… Use the command… Remarks...

  • Page 750: Ftp Configuration: A Switch Operating As An Ftp Client

    Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 1 FTP and SFTP Configuration 1.2.2 FTP Configuration: A Switch Operating as an FTP Client I. Basic configurations on an FTP client By default a switch can operate as an FTP client. In this case, you can connect the switch to the FTP server to perform FTP-related operations (such as creating/removing a directory) by executing commands on the switch.
  • Page 751 Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 1 FTP and SFTP Configuration To do… Use the command… Remarks dir [ remotefile ] [ localfile ] Optional If no file name is specified, all the files in the current directory are displayed.
  • Page 752 Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 1 FTP and SFTP Configuration To do… Use the command… Remarks ftp { cluster | Specify the source remote-server } interface used for the source-interface Optional current connection interface-type interface-number Specify the source IP...

  • Page 753: Configuration Example: A Switch Operating As An Ftp Server

    Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 1 FTP and SFTP Configuration 1.2.3 Configuration Example: A Switch Operating as an FTP Server I. Network requirements A switch operates as an FTP server and a remote PC as an FTP client. The application switch.bin of the switch is stored on the PC.
  • Page 754 Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 1 FTP and SFTP Configuration server, and download the configuration file named config.cfg from the FTP server. The following takes the command line window tool provided by Windows as an example: # Enter the command line window and switch to the directory where the file switch.bin...

  • Page 755: Ftp Banner Display Configuration Example

    Boot ROM menu. H3C series switch is not shipped with FTP client application software. You need to purchase and install it by yourself.

  • Page 756: Ftp Configuration: A Switch Operating As An Ftp Client

    Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 1 FTP and SFTP Configuration II. Network diagram Figure 1-5 Network diagram for FTP banner display configuration III. Configuration procedure Configure the switch (FTP server) # Configure the login banner of the switch as “login banner appears” and the shell banner as “shell banner appears”.
  • Page 757 Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 1 FTP and SFTP Configuration the switch configuration file named config.cfg to directory switch of the PC to back up the configuration file. Create a user account on the FTP server with the username switch and password hello, and grant the user switch read and write permissions for the directory switch on the PC.

  • Page 758: Sftp Configuration

    Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 1 FTP and SFTP Configuration Trying ... Press CTRL+K to abort Connected. 220 FTP service ready. User(none):admin 331 Password required for admin. Password: 230 User logged in. [ftp] # Enter the authorized directory on the FTP server.

  • Page 759: Sftp Configuration: A Switch Operating As An Sftp Server

    Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 1 FTP and SFTP Configuration Task Remarks Enabling an SFTP server Required SFTP Configuration: A Configuring connection Optional idle time Switch Operating as an SFTP Server Supported SFTP client — software Basic configurations on an —...

  • Page 760: Sftp Configuration: A Switch Operating As An Sftp Client

    Chapter 1 FTP and SFTP Configuration III. Supported SFTP client software An H3C S3100-52P Ethernet switch operating as an SFTP server can interoperate with SFTP client software, including SSH Tectia Client v4.2.0 (SFTP), v5.0, and WINSCP. SFTP client software supports the following operations: logging in to a device;...
  • Page 761 Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 1 FTP and SFTP Configuration To do… Use the command… Remarks sftp { host-ip | host-name } [ port-num ] [ identity-key { dsa | rsa } | prefer_kex Required { dh_group1 |...
  • Page 762 Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 1 FTP and SFTP Configuration To do… Use the command… Remarks Upload a local file to the put localfile [ remotefile ] remote SFTP server Rename a file on the rename remote-source...

  • Page 763: Sftp Configuration Example

    Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 1 FTP and SFTP Configuration 1.3.3 SFTP Configuration Example I. Network requirements As shown in Figure 1-7, establish an SSH connection between the SFTP client (switch A) and the SFTP server (switch B). Log in to switch B through switch A to manage and transmit files.
  • Page 764 Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 1 FTP and SFTP Configuration [Sysname] ssh user client001 authentication-type password # Specify the service type as SFTP. [Sysname] ssh user client001 service-type sftp # Enable the SFTP server. [Sysname] sftp server enable Configure the SFTP client (switch A) # Configure the IP address of the VLAN interface on switch A.
  • Page 765 Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 1 FTP and SFTP Configuration This operation may take a long time.Please wait... Received status: Success File successfully Removed sftp-client> dir -rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg -rwxrwxrwx...
  • Page 766 Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 1 FTP and SFTP Configuration Remote file:/pubkey2 ---> Local file: public.. Received status: End of file Received status: Success Downloading file successfully ended # Upload file pu to the server and rename it as puk, and then verify the result.

  • Page 767: Chapter 2 Tftp Configuration

    An H3C S3100-52P Ethernet switch can act as a TFTP client only. When an S3100-52P Ethernet switch serving as a TFTP client downloads files from the TFTP server, the seven-segment digital LED on the front panel of the switch rotates...

  • Page 768: Tftp Configuration

    Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 2 TFTP Configuration Note: Before performing TFTP-related configurations, you need to configure IP addresses for the TFTP client and the TFTP server, and make sure a route exists between the two.
  • Page 769 Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 2 TFTP Configuration II. Specifying the source interface or source IP address for an FTP client You can specify the source interface and source IP address for a switch operating as a TFTP client, so that it can connect with a remote TFTP server through the IP address of the specified interface or the specified IP address.

  • Page 770: Tftp Configuration Example

    Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 2 TFTP Configuration Note: The specified interface must be an existing one; otherwise a prompt appears to show that the configuration fails. The value of the ip-address argument must be an IP address on the device where the configuration is performed, and otherwise a prompt appears to show that the configuration fails.
  • Page 771 Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 2 TFTP Configuration Start the TFTP server and configure the working directory on the PC. Configure the TFTP client (switch). # Log in to the switch. (You can log in to a switch through the Console port or by telnetting the switch.
  • Page 772 Operation Manual – FTP-SFTP-TFTP H3C S3100-52P Ethernet Switch Chapter 2 TFTP Configuration Note: For information about the boot boot-loader command and how to specify the startup file for a switch, refer to the System Maintenance and Debugging module of this...
  • Page 773 Operation Manual – Information Center H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 Information Center....................... 1-1 1.1 Information Center Overview ..................... 1-1 1.1.1 Introduction to Information Center................1-1 1.1.2 System Information Format..................1-5 1.2 Information Center Configuration..................1-8 1.2.1 Information Center Configuration Task List ............

  • Page 774: Chapter 1 Information Center

    Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center Chapter 1 Information Center When configuring information center, go to these sections for information you are interested in: Information Center Overview Information Center Configuration Displaying and Maintaining Information Center...
  • Page 775 Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center Severity Severity value Description Information that demands prompt alerts reaction critical Critical information errors Error information warnings Warnings Normal information that needs to notifications be noticed Informational information to be...
  • Page 776 Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center Information channel Default channel Default output direction number name Trap buffer (Receives trap trapbuffer information, a buffer inside the device for recording information.) Log buffer (Receives log...
  • Page 777 Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center Module name Description Ethernet module Forwarding module FTPS FTP server module High availability module HTTPD HTTP server module IFNET Interface management module IGSP IGMP snooping module Internet protocol module...

  • Page 778: System Information Format

    Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center To sum up, the major task of the information center is to output the three types of information of the modules onto the ten channels in terms of the eight severity levels and according to the user’s settings, and then redirect the system information from the...
  • Page 779 Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center What follows is a detailed explanation of the information fields involved: I. Int_16 (Priority) The priority is calculated using the following formula: facility*8+severity-1, in which facility (the device name) defaults to local7 with the value being 23 (the value of local6 is 22, that of local5 is 21, and so on).
  • Page 780 VTY(1.1.0.2) in unit1 login III. Sysname Sysname is the system name of the local switch and defaults to “H3C”. You can use the sysname command to modify the system name. Refer to the System Maintenance and Debugging part of this manual for details) Note that there is a space between the sysname and module fields.

  • Page 781: Information Center Configuration

    Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center If the character string ends with (l), it indicates the log information If the character string ends with (t), it indicates the trap information If the character string ends with (d), it indicates the debugging information IX.

  • Page 782: Configuring To Display The Time Stamp With The Utc Time Zone

    Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center To do… Use the command… Remarks Enter system view system-view — Required Enable synchronous info-center information output synchronous Disabled by default Note: If the system information is output before you input any information following the current command line prompt, the system does not echo any command line prompt after the system information output.

  • Page 783: Setting To Output System Information To The Console

    Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center 1.2.4 Setting to Output System Information to the Console I. Setting to output system information to the console Follow these steps to set to output system information to the console: To do…...
  • Page 784 Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center Table 1-4 Default output rules for different output directions TRAP DEBUG Output Modules Enabl Enable Enable Severi Severit Severit direction allowed ed/dis d/disab d/disab abled default Enabl...

  • Page 785: Setting To Output System Information To A Monitor Terminal

    Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center Note: Make sure that the debugging/log/trap information terminal display function is enabled (use the terminal monitor command) before you enable the corresponding terminal display function by using the terminal debugging, terminal logging, or terminal trapping command.

  • Page 786: Setting To Output System Information To A Log Host

    Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center Note: When there are multiple Telnet users or dumb terminal users, they share some configuration parameters including module filter, language and severity level threshold. In this case, change to any such parameter made by one user will also be reflected on all other user terminals.

  • Page 787: Setting To Output System Information To The Trap Buffer

    Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center To do… Use the command… Remarks Enter system view system-view — Optional Enable the information info-center enable center Enabled by default. Required By default, the switch does...

  • Page 788: Setting To Output System Information To The Log Buffer

    Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center To do… Use the command… Remarks Optional Enable the information info-center enable center Enabled by default. Optional info-center trapbuffer By default, the switch [channel Enable system uses information channel...

  • Page 789: Setting To Output System Information To The Snmp Nms

    Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center To do… Use the command… Remarks Optional Set the format of time info-center timestamp By default, the time stamp stamp in the output { log | trap | debugging }...

  • Page 790: Information Center Configuration Examples

    Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center To do… Use the command… Remarks Display the operation status of information display info-center [ unit center, the configuration unit-id ] of information channels, the format of time stamp...
  • Page 791 Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center [Switch] info-center enable # Disable the function of outputting information to log host channels. [Switch] undo info-center source default channel loghost # Configure the host whose IP address is 202.38.1.10 as the log host. Permit ARP and IP modules to output information with severity level higher than informational to the log host.

  • Page 792: Log Output To A Linux Log Host

    Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center After all the above operations, the switch can make records in the corresponding log file. Note: Through combined configuration of the device name (facility), information severity level threshold (severity), module name (filter) and the file “syslog.conf”, you can sort...

  • Page 793: Log Output To The Console

    Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center # Switch configuration messages local7.info /var/log/Switch/information Note: Note the following items when you edit file “/etc/syslog.conf”. A note must start in a new line, starting with a “#" sign.

  • Page 794: Configuration Example

    Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center II. Network diagram Figure 1-3 Network diagram for log output to the console III. Configuration procedure # Enable the information center. <Switch> system-view [Switch] info-center enable # Disable the function of outputting information to the console channels.
  • Page 795 Operation Manual – Information Center H3C S3100-52P Ethernet Switch Chapter 1 Information Center III. Configuration procedure # Name the local time zone z8 and configure it to be eight hours ahead of UTC time. <Switch> clock timezone z8 add 08:00:00 # Set the time stamp format of the log information to be output to the log host to date.
  • Page 796 Operation Manual – System Maintenance and Debugging H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 Boot ROM and Host Software Loading ..............1-1 1.1 Introduction to Loading Approaches .................. 1-1 1.2 Local Boot ROM and Software Loading ................1-1 1.2.1 BOOT Menu ......................

  • Page 797: Chapter 1 Boot Rom And Host Software Loading

    Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100-52P Ethernet Switch Loading Chapter 1 Boot ROM and Host Software Loading Traditionally, switch software is loaded through a serial port. This approach is slow, time-consuming and cannot be used for remote loading.

  • Page 798: Boot Menu

    Boot ROM loading process. 1.2.1 BOOT Menu Starting..*********************************************************** H3C S3100-52P BOOTROM, Version 101 *********************************************************** Copyright(c) 2004-2007 Hangzhou H3C Technologies Co., Ltd. Creation date : Jul 6 2007, 08:59:35 CPU Clock Speed : 200MHz BUS Clock Speed : 33MHz...

  • Page 799: Loading By Xmodem Through Console Port

    Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100-52P Ethernet Switch Loading Enter the correct Boot ROM password (no password is set by default). The system enters the BOOT Menu: BOOT MENU 1. Download application file to flash 2.
  • Page 800 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100-52P Ethernet Switch Loading 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3): Step 2: Press 3 in the above menu to download the Boot ROM using XMODEM. The...
  • Page 801 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100-52P Ethernet Switch Loading Figure 1-1 Properties dialog box Figure 1-2 Console port configuration dialog box...
  • Page 802 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100-52P Ethernet Switch Loading Step 5: Click the <Disconnect> button to disconnect the HyperTerminal from the switch and then click the <Connect> button to reconnect the HyperTerminal to the switch, as...
  • Page 803 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100-52P Ethernet Switch Loading Figure 1-5 Sending file page Step 9: After the sending process completes, the system displays the following information: Loading ...CCCCCCCCCC done! Step 10: Reset HyperTerminal’s baudrate to 9600 bps (refer to Step 4 and 5).

  • Page 804: Loading By Tftp Through Ethernet Port

    Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100-52P Ethernet Switch Loading 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3): Step 2: Enter 3 in the above menu to load the host software by using XMODEM.
  • Page 805 Step 2: Run the TFTP server program on the TFTP server, and specify the path of the program to be downloaded. Caution: TFTP server program is not provided with the H3C Series Ethernet Switches. Step 3: Run the HyperTerminal program on the configuration PC. Start the switch. Then enter the BOOT Menu.

  • Page 806: Loading By Ftp Through Ethernet Port

    Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100-52P Ethernet Switch Loading Step 1: Select <1> in BOOT Menu and press <Enter>. The system displays the following information: 1. Set TFTP protocol parameter 2.
  • Page 807 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100-52P Ethernet Switch Loading Note: You can use one computer as both configuration device and FTP server. Step 2: Run the FTP server program on the FTP server, configure an FTP user name and password, and copy the program file to the specified FTP directory.

  • Page 808: Remote Boot Rom And Software Loading

    Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100-52P Ethernet Switch Loading Enter your choice(0-3): Enter 2 in the above menu to download the host software using FTP. The subsequent steps are the same as those for loading the Boot ROM, except for that the system gives the prompt for host software loading instead of Boot ROM loading.
  • Page 809 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100-52P Ethernet Switch Loading Password: 230 Logged in successfully [ftp] get switch.btm [ftp] bye Note: When using different FTP server software on PC, different information will be output to the switch.
  • Page 810 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100-52P Ethernet Switch Loading II. Loading Procedure Using FTP Server As shown in Figure 1-9, the switch is used as the FTP server. You can telnet to the switch, and then execute the FTP commands to upload the Boot ROM switch.btm to the...
  • Page 811 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100-52P Ethernet Switch Loading Figure 1-10 Command line interface Step 5: Use the cd command on the interface to enter the path that the Boot ROM upgrade file is to be stored.
  • Page 812 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100-52P Ethernet Switch Loading Figure 1-12 Log on to the FTP server Step 7: Use the put command to upload the file switch.btm to the switch, as shown in Figure 1-13.

  • Page 813: Remote Loading Using Tftp

    Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S3100-52P Ethernet Switch Loading <Sysname> boot bootrom switch.btm This will update Bootrom on unit 1. Continue? [Y/N] y Upgrading Bootrom, please wait... Upgrade Bootrom succeeded! <Sysname>...

  • Page 814: Chapter 2 Basic System Configuration And Debugging

    Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration H3C S3100-52P Ethernet Switch and Debugging Chapter 2 Basic System Configuration and Debugging When configuring basic system configuration and debugging, go to these sections for information you are interested in:...

  • Page 815: Displaying The System Status

    Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration H3C S3100-52P Ethernet Switch and Debugging To do… Use the command… Remarks Optional Execute this command in user view. When system reaches the specified start time, automatically adds the...

  • Page 816: Debugging The System

    Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration H3C S3100-52P Ethernet Switch and Debugging 2.3 Debugging the System 2.3.1 Enabling/Disabling System Debugging The device provides various debugging functions. For the majority of protocols and features supported, the system provides corresponding debugging information to help users diagnose errors.

  • Page 817: Displaying Debugging Status

    Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration H3C S3100-52P Ethernet Switch and Debugging Perform the following configuration to enable debugging and terminal display for a specific module: To do… Use the command… Remarks Required Enable system debugging...

  • Page 818: Chapter 3 Network Connectivity Test

    Operation Manual – System Maintenance and Debugging H3C S3100-52P Ethernet Switch Chapter 3 Network Connectivity Test Chapter 3 Network Connectivity Test When configuring network connectivity test, go to these sections for information you are interested in: ping tracert 3.1 Network Connectivity Test 3.1.1 ping...
  • Page 819 Operation Manual – System Maintenance and Debugging H3C S3100-52P Ethernet Switch Chapter 3 Network Connectivity Test each ICMP TTL timeout message in order to offer the path that the packet passed through to the destination. To do… Use the command…...

  • Page 820: Chapter 4 Device Management

    Operation Manual – System Maintenance and Debugging H3C S3100-52P Ethernet Switch Chapter 4 Device Management Chapter 4 Device Management When configuring device management, go to these sections for information you are interested in: Introduction to Device Management Device Management Configuration...

  • Page 821: Rebooting The Ethernet Switch

    Operation Manual – System Maintenance and Debugging H3C S3100-52P Ethernet Switch Chapter 4 Device Management 4.2.2 Rebooting the Ethernet Switch You can perform the following operation in user view when the switch is faulty or needs to be rebooted. Note: Before rebooting, the system checks whether there is any configuration change.

  • Page 822: Configuring Real-Time Monitoring Of The Running Status Of The System

    Operation Manual – System Maintenance and Debugging H3C S3100-52P Ethernet Switch Chapter 4 Device Management 4.2.4 Configuring Real-time Monitoring of the Running Status of the System This function enables you to dynamically record the system running status, such as CPU, thus facilitating analysis and solution of the problems of the device.

  • Page 823: Loading Hot Patch

    Operation Manual – System Maintenance and Debugging H3C S3100-52P Ethernet Switch Chapter 4 Device Management To do… Use the command… Remarks Upgrade the Boot ROM boot bootrom { file-url | device-name } Required 4.2.7 Loading Hot Patch A patch is a standalone software unit that is released to fix errors found in a system.

  • Page 824: Displaying Pluggable Transceiver Information

    You are not encouraged to perform any operation on this file. 4.2.8 Displaying Pluggable Transceiver Information At present, three types of pluggable transceivers are commonly used on H3C series Ethernet switches: SFP (Small Form-factor Pluggable): generally used for 100M or 1000M Ethernet interfaces.
  • Page 825 S3100-52P Ethernet Switch Installation Manual. Transceivers customized by H3C refer to the pluggable transceivers with the Vendor Name field being H3C in the prompt information of the display transceiver interface command. Transceivers customized by H3C support display of electrical label information.

  • Page 826: Displaying The Device Management Configuration

    Operation Manual – System Maintenance and Debugging H3C S3100-52P Ethernet Switch Chapter 4 Device Management To do… Use the command… Remarks Display the currently measured value of the display transceiver Available for pluggable digital diagnosis diagnosis interface optical transceivers parameters of the optical...
  • Page 827 Operation Manual – System Maintenance and Debugging H3C S3100-52P Ethernet Switch Chapter 4 Device Management The switch acts as the FTP client, and the remote PC serves as both the configuration PC and the FTP server. Perform the following configuration on the FTP server.
  • Page 828 Operation Manual – System Maintenance and Debugging H3C S3100-52P Ethernet Switch Chapter 4 Device Management Caution: If the Flash memory of the switch is not sufficient, delete the original applications before downloading the new ones. Initiate an FTP connection with the following command in user view. Enter the correct user name and password to log into the FTP server.
  • Page 829 Operation Manual – System Maintenance and Debugging H3C S3100-52P Ethernet Switch Chapter 4 Device Management # Reboot the switch to upgrade the Boot ROM and host software of the switch. <Sysname> reboot Start to check configuration with next startup configuration file, please wait..
  • Page 830 Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 VLAN-VPN Configuration.................... 1-1 1.1 VLAN-VPN Overview......................1-1 1.1.1 Introduction to VLAN-VPN ..................1-1 1.1.2 Implementation of VLAN-VPN................. 1-2 1.1.3 Configuring the TPID for VLAN-VPN Packets ............1-2 1.1.4 Inner-to-Outer Tag Priority Replicating and Mapping ..........

  • Page 831: Chapter 1 Vlan-Vpn Configuration

    Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Chapter 1 VLAN-VPN Configuration Chapter 1 VLAN-VPN Configuration When configuring VLAN-VPN, go to these sections for information you are interested VLAN-VPN Overview VLAN-VPN Configuration Displaying and Maintaining VLAN-VPN Configuration VLAN-VPN Configuration Example 1.1 VLAN-VPN Overview...

  • Page 832: Implementation Of Vlan-Vpn

    Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Chapter 1 VLAN-VPN Configuration Destination MAC address Source MAC address Outer VLAN Tag Inner VLAN Tag Data Figure 1-2 Structure of packets with double-layer VLAN tags Compared with MPLS-based Layer 2 VPN, VLAN-VPN has the following features: It provides Layer 2 VPN tunnels that are simpler.

  • Page 833: Inner-To-Outer Tag Priority Replicating And Mapping

    TPID values such as 0x9100. For compatibility with these systems, the S3100-52P switch allow you to change the TPID that a port uses when tagging a received VLAN-VPN frame as needed. When doing that, you should set the same TPID on both the customer-side port and the service provider-side port.

  • Page 834: Enabling The Vlan-Vpn Feature For A Port

    Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Chapter 1 VLAN-VPN Configuration Task Remarks Enabling the VLAN-VPN Feature for a Port Required Configuring the TPID Value for VLAN-VPN Packets on a Port Optional Configuring the Inner-to-Outer Tag Priority Replicating and...

  • Page 835: Configuring The Inner-To-Outer Tag Priority Replicating And Mapping Feature

    Besides the default TPID 0x8100, you can configure only one TPID value on an S3100-52P switch. For the S3100-52P to exchange packets with the public network device properly, you should configure the TPID value used by the public network device on both the customer-side port and the service provider-side port.

  • Page 836: Displaying And Maintaining Vlan-Vpn Configuration

    As shown in Figure 1-4, Switch A and Switch B are both S3100-52P switch. They connect the users to the servers through the public network. PC users and PC servers are in VLAN 100 created in the private network, while terminal users and terminal servers are in VLAN 200, which is also created in the private network.
  • Page 837 Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Chapter 1 VLAN-VPN Configuration II. Network diagram PC Server VLAN 100 SwitchB Eth1/0/21 Eth1/0/22 VLAN 200 PC User VLAN 100 TPID=0x9200 VLAN 1040 Terminal Server Eth1/0/12 Eth1/0/11 VLAN 200 SwitchA Terminal User Figure 1-4 Network diagram for VLAN-VPN configuration III.
  • Page 838 Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Chapter 1 VLAN-VPN Configuration # Enable the VLAN-VPN feature on Ethernet 1/0/21 of Switch B and tag the packets received on this port with the tag of VLAN 1040 as the outer VLAN tag.
  • Page 839 Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Chapter 1 VLAN-VPN Configuration The TPID value of the outer VLAN tag is set to 0x9200 before the packet is forwarded to the public network through Ethernet1/0/12 of Switch A. The outer VLAN tag of the packet remains unchanged while the packet travels in the public network, till it reaches Ethernet1/0/22 of Switch B.

  • Page 840: Chapter 2 Selective Qinq Configuration

    H3C S3100-52P Ethernet Switch Chapter 2 Selective QinQ Configuration Chapter 2 Selective QinQ Configuration Note: The selective QinQ is new to H3C S3100-52P Ethernet Switch. When configuring selective QinQ, go to these sections for information you are interested in: Selective QinQ Overview...

  • Page 841: Mac Address Replicating

    Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Chapter 2 Selective QinQ Configuration Server VLAN8~100 VIP Server VLAN101~200 Public Network VLAN1001/1002/1003 VoIP Device VLAN 1001~1003 VLAN201~300 SwitchA VLAN 8~300 User IP Phone VLAN8 ~100 VLAN101~200 VLAN201~300 Figure 2-1 Diagram for a selective QinQ implementation In this implementation, Switch A is an access device of the service provider.
  • Page 842 MAC address. As a result, this packet will be broadcast to all the ports in VLAN 4, which wastes the network resources and incurs potential security risks. The S3100-52P Ethernet switch provide the inter-VLAN MAC address replicating feature, which can replicate the entries in the MAC address table of the default VLAN to that of the VLAN corresponding to the outer tag.

  • Page 843: Selective Qinq Configuration

    Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Chapter 2 Selective QinQ Configuration 2.2 Selective QinQ Configuration 2.2.1 Selective QinQ Configuration Task List Complete the following tasks to configure selective QinQ: Task Remarks Enabling the Selective QinQ Feature for a Port...

  • Page 844: Selective Qinq Configuration Example

    Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Chapter 2 Selective QinQ Configuration To do... Use the command... Remarks — Enter system view system-view Required Enable the mac-address-mapping index By default, the inter-VLAN MAC source-vlan source-vlan-id-list inter-VLAN MAC address replicating...
  • Page 845 Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Chapter 2 Selective QinQ Configuration The public network permits packets of VLAN 1000 and VLAN 1200. Apply QoS policies for these packets to reserve bandwidth for packets of VLAN 1200. That is, packets of VLAN 1200 have higher transmission priority over packets of VLAN 1000.
  • Page 846 Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Chapter 2 Selective QinQ Configuration [SwitchA] vlan 5 [SwitchA-vlan5] quit # Configure Ethernet 1/0/5 as a hybrid port and configure it not to remove VLAN tags when forwarding packets of VLAN 5, VLAN 1000, and VLAN 1200.
  • Page 847 Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Chapter 2 Selective QinQ Configuration After the above configuration, packets of VLAN 100 through VLAN 108 (that is, packets of PC users) are tagged with the tag of VLAN 1000 as the outer VLAN tag when they are forwarded to the public network by Switch A;...
  • Page 848 Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Chapter 2 Selective QinQ Configuration To make the packets from the servers be transmitted to the clients in the same way, you need to configure the selective QinQ feature and the inter-VLAN MAC address replicating feature on Ethernet 1/0/12 and Ethernet 1/0/13.

  • Page 849: Chapter 3 Bpdu Tunnel Configuration

    Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Chapter 3 BPDU Tunnel Configuration Chapter 3 BPDU Tunnel Configuration Note: Two features, the BPDU Tunnel support for packets of multiple protocols and adjusting tunnel packet MAC addresses, are newly added. For details, refer to BPDU Tunnel Configuration.
  • Page 850 Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Chapter 3 BPDU Tunnel Configuration MAC address of an STP protocol packet is 0180-c200-0000) and contains a type field. Some proprietary protocols adopt the same packet structure, where a private MAC address is used to identify the corresponding proprietary protocol, and the type field is used to identify the specific protocol type.

  • Page 851: Bpdu Tunnel Configuration

    BPDU tunnel in the service provider network. 3.2 BPDU Tunnel Configuration You can establish BPDU tunnels between S3100-52P Ethernet switch for the packets of the following protocols: LACP (link aggregation control protocol) STP (spanning tree protocol)

  • Page 852: Configuration Prerequisites

    Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Chapter 3 BPDU Tunnel Configuration Proprietary protocols of other vendors, including CDP (CISCO discovery protocol), PAGP (port aggregation protocol), PVST (per-VLAN spanning tree), VTP (VLAN trunk protocol), and UDLD (uni-directional link discovery) 3.2.1 Configuration Prerequisites...

  • Page 853: Displaying And Maintaining Bpdu Tunnel Configuration

    Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Chapter 3 BPDU Tunnel Configuration Note: If BPDU tunnel transparent transmission is enabled for packets of a protocol, the protocol cannot be enabled on the port. For example, if you execute the bpdu-tunnel lacp command, the lacp enable command cannot be executed on the port.
  • Page 854 Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Chapter 3 BPDU Tunnel Configuration Enable the service provider network to transmit STP packets of the customer network through BPDU tunnel. The destination MAC address for tunnel packets is 010f-e233-8b22. Enable the VLAN-VPN feature for the service provider network, and enable the service provider network to use VLAN 100 to transmit data packets of the customer network.
  • Page 855 Operation Manual – VLAN-VPN H3C S3100-52P Ethernet Switch Chapter 3 BPDU Tunnel Configuration Configure Provider2. # Disable STP on Ethernet1/0/4. <Sysname> system-view [Sysname] interface Ethernet 1/0/4 [Sysname-Ethernet1/0/4] stp disable # Enable BPDU tunnel for STP packets. [Sysname-Ethernet1/0/4] bpdu-tunnel stp # Enable VLAN-VPN and use VLAN 100 to transmit user data packets through BPDU tunnels.
  • Page 856 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 HWPing Configuration ....................1-1 1.1 HWPing Overview......................1-1 1.1.1 Introduction to HWPing ................... 1-1 1.1.2 Test Types Supported by HWPing................1-2 1.1.3 HWPing Test Parameters ..................1-2 1.2 HWPing Configuration .......................

  • Page 857: Chapter 1 Hwping Configuration

    Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration Chapter 1 HWPing Configuration When configuring HWPing, go to these sections for information you are interested in: HWPing Overview HWPing Configuration HWPing Configuration Examples 1.1 HWPing Overview 1.1.1 Introduction to HWPing HWPing (pronounced Hua’Wei Ping) is a network diagnostic tool.

  • Page 858: Test Types Supported By Hwping

    Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration Figure 1-1 HWPing illustration 1.1.2 Test Types Supported by HWPing Table 1-1 Test types supported by HWPing Supported test types Description ICMP test DHCP test FTP test For these types of tests, you need to configure HWPing client and corresponding servers.

  • Page 859: Hwping Configuration

    Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration Test parameter Description For DHCP test, you must specify a source interface, which will be used by HWPing client to send DHCP requests. If no source interface is specified for a DHCP test, the test will not succeed.
  • Page 860 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration Test parameter Description Type of service is the value of the ToS field in IP Type of service (tos) header in the test packets. This parameter is used to specify a DNS domain name in a HWPing DNS test group.

  • Page 861: Hwping Server Configuration

    Other types of tests need to configure HWPing client and corresponding different servers. You can enable both the HWPing client and HWPing server functions on an H3C S3100-52P Ethernet switch, that is, the switch can serve as a HWPing client and server simultaneously. 1.2.1 HWPing Server Configuration The following table describes the configuration on HWPing server, which is the same for HWPing test types that need to configure HWPing server.
  • Page 862 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration Different types of HWPing tests are somewhat different in parameters and parameter ranges. The following text describes the configuration on HWPing client for different test types. Configuring ICMP test on HWPing client Follow these steps to configure ICMP test on HWPing client: To do…...
  • Page 863 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration To do… Use the command… Remarks Optional Configure the type of tos value By default, the service service (ToS) type is zero. Start the test test-enable Required display hwping results...
  • Page 864 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration To do… Use the command… Remarks Required display hwping results Display test results [ admin-name You can execute the operation-tag ] command in any view. Configuring FTP test on HWPing client Follow these steps to configure FTP test on HWPing client: To do…...
  • Page 865 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration To do… Use the command… Remarks Optional Configure the probe timeout time By default, a probe times timeout time out in three seconds. Optional Configure the type of...
  • Page 866 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration To do… Use the command… Remarks Required You can configure an IP Configure the destination destination-ip ip-address address or a host name. IP address By default, no destination address is configured.
  • Page 867 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration To do… Use the command… Remarks Required Configure the HTTP By default, HTTP operation string and http-string string version operation string and version in an HTTP test version are not configured.
  • Page 868 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration To do… Use the command… Remarks Optional Configure the source port source-port port-number By default, no source port is configured. Optional Configure the number of count times By default, each test probes per test makes one probe.
  • Page 869 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration To do… Use the command… Remarks Enter system view system-view — Required Enable the HWPing client hwping-agent enable By default, the HWPing function client function is disabled. Required...
  • Page 870 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration To do… Use the command… Remarks Required display hwping results Display test results [ admin-name You can execute the operation-tag ] command in any view. Configuring TCP test on HWPing client Follow these steps to configure TCP test on HWPing client: To do…...
  • Page 871 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration To do… Use the command… Remarks Optional Configure the source IP source-ip ip-address By default, the source IP address address is not specified. Optional Configure the source port...
  • Page 872 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration To do… Use the command… Remarks Required test-type { udpprivate | Configure the test type By default, the test type is udppublic } ICMP. Required This IP address and the...
  • Page 873 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration To do… Use the command… Remarks Optional By default, the automatic Configure the automatic test interval is zero frequency interval test interval seconds, indicating no automatic test will be made.
  • Page 874 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration To do… Use the command… Remarks Optional By default, the automatic Configure the automatic test interval is zero frequency interval test interval seconds, indicating no automatic test will be made.

  • Page 875: Displaying Hwping Configuration

    1.3.1 ICMP Test I. Network requirements An H3C S3100-52P Ethernet switch serves as the HWPing client. A HWPing ICMP test between the switch and another switch uses ICMP to test the round trip time (RTT) for packets generated by the HWPing client to travel to and back from the destination switch.
  • Page 876 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration III. Configuration procedure Configure HWPing Client (Switch A): # Enable HWPing client. <Sysname> system-view [Sysname] hwping-agent enable # Create a HWPing test group, setting the administrator name to administrator and test tag to ICMP.

  • Page 877: Dhcp Test

    1.3.2 DHCP Test I. Network requirements Both the HWPing client and the DHCP server are H3C S3100-52P Ethernet switches. Perform a HWPing DHCP test between the two switches to test the time required for the HWPing client to obtain an IP address from the DHCP server.
  • Page 878 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration # Configure the source interface, which must be a VLAN interface. Make sure the DHCP server resides on the network connected to this interface. [Sysname-hwping-administrator-dhcp] source-interface Vlan-interface 1 # Configure to make 10 probes per test.

  • Page 879: Ftp Test

    1.3.3 FTP Test I. Network requirements Both the HWPing client and the FTP server are H3C S3100-52P Ethernet switches. Perform a HWPing FTP test between the two switches to test the connectivity to the specified FTP server and the time required to upload a file to the server after the connection is established.
  • Page 880 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration [Sysname-hwping-administrator-ftp] destination-ip 10.2.2.2 # Configure the FTP login username. [Sysname-hwping-administrator-ftp] username admin # Configure the FTP login password. [Sysname-hwping-administrator-ftp] password admin # Configure the type of FTP operation.

  • Page 881: Http Test

    1.3.4 HTTP Test I. Network requirements An H3C S3100-52P Ethernet switch serves as the HWPing client, and a PC serves as the HTTP server. Perform a HWPing HTTP test between the switch and the HTTP server to test the connectivity and the time required to download a file from the HTTP server after the connection to the server is established.
  • Page 882 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration # Create a HWPing test group, setting the administrator name to administrator and test tag to HTTP. [Sysname] Hwping administrator http # Configure the test type as http.

  • Page 883: Jitter Test

    1.3.5 Jitter Test I. Network requirements Both the HWPing client and the HWPing server are H3C S3100-52P Ethernet switches. Perform a HWPing jitter test between the two switches to test the delay jitter of the UDP packets exchanged between this end (HWPing client) and the specified destination end (HWPing server).
  • Page 884 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration III. Configuration procedure Configure HWPing Server (Switch B): # Enable the HWPing server and configure the IP address and port to listen on. <Sysname> system-view [Sysname] hwping-server enable [Sysname] hwping-server udpecho 10.2.2.2 9000...

  • Page 885: Snmp Test

    For detailed output description, see the corresponding command manual. 1.3.6 SNMP Test I. Network requirements Both the HWPing client and the SNMP Agent are H3C S3100-52P Ethernet switches. Perform HWPing SNMP tests between the two switches to test the time required from 1-29...
  • Page 886 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration Switch A sends an SNMP query message to Switch B (SNMP Agent) to it receives a response from Switch B. II. Network diagram Figure 1-7 Network diagram for the SNMP test III.
  • Page 887 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration [Sysname-hwping-administrator-snmp] destination-ip 10.2.2.2 # Configure to make 10 probes per test. [Sysname-hwping-administrator-snmp] count 10 # Set the probe timeout time to 30 seconds. [Sysname-hwping-administrator-snmp] timeout 30 # Start the test.

  • Page 888: Tcp Test (Tcpprivate Test) On The Specified Ports

    1.3.7 TCP Test (Tcpprivate Test) on the Specified Ports I. Network requirements Both the HWPing client and the HWPing server are H3C S3100-52P Ethernet switches. Perform a HWPing Tcpprivate test to test time required to establish a TCP connection between this end (Switch A) and the specified destination end (Switch B), with the port number set to 8000.

  • Page 889: Udp Test (Udpprivate Test) On The Specified Ports

    1.3.8 UDP Test (Udpprivate Test) on the Specified Ports I. Network requirements Both the HWPing client and the HWPing server are H3C S3100-52P Ethernet switches. Perform a HWPing Udpprivate test on the specified ports between the two switches to 1-33...
  • Page 890 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration test the RTT of UDP packets between this end (HWPing client) and the specified destination end (HWPing server). II. Network diagram Figure 1-9 Network diagram for the Udpprivate test III.

  • Page 891: Dns Test

    1.3.9 DNS Test I. Network requirements An H3C S3100-52P Ethernet switch serves as the HWPing client, and a PC serves as the DNS server. Perform a HWPing DNS test between the switch and the DNS server to test the time required from the client sends a DNS request to it receives a resolution result from the DNS server.
  • Page 892 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration II. Network diagram Figure 1-10 Network diagram for the DNS test III. Configuration procedure Configure DNS Server: Use Windows 2003 Server as the DNS server. For DNS server configuration, refer to the related instruction on Windows 2003 Server configuration.
  • Page 893 Operation Manual – HWPing H3C S3100-52P Ethernet Switch Chapter 1 HWPing Configuration Min/Max/Average Round Trip Time: 6/10/8 Square-Sum of Round Trip Time: 756 Last complete test time: 2006-11-28 11:50:40.9 Extend result: SD Maximal delay: 0 DS Maximal delay: 0 Packet lost in test: 0%...
  • Page 894 Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 IPv6 Configuration....................... 1-1 1.1 IPv6 Overview........................1-1 1.1.1 IPv6 Features ......................1-1 1.1.2 Introduction to IPv6 Address ................... 1-3 1.1.3 Introduction to IPv6 Neighbor Discovery Protocol ..........1-7 1.1.4 Introduction to IPv6 DNS..................

  • Page 895: Chapter 1 Ipv6 Configuration

    The term “router” in this document refers to a router in a generic sense or an Ethernet switch running a routing protocol. H3C S3100-52P Ethernet Switch supports IPv6 management features, but do not support IPv6 forwarding and related features. 1.1 IPv6 Overview...
  • Page 896 Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration Figure 1-1 Comparison between IPv4 header format and IPv6 header format II. Adequate address space The source IPv6 address and the destination IPv6 address are both 128 bits (16 bytes) long.

  • Page 897: Introduction To Ipv6 Address

    Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration VI. Support for QoS The Flow Label field in the IPv6 header allows the device to label packets in a flow and provide special handling for these packets.
  • Page 898 Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration Caution: The double-colon :: can be used only once in an IPv6 address. Otherwise, the device is unable to determine how many zeros the double-colon represents when converting it to zeros to restore the IPv6 address to a 128-bit address.
  • Page 899 Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration Table 1-1 Mapping between address types and format prefixes Type Format prefix (binary) IPv6 prefix ID Unassigned 00...0 (128 bits) ::/128 address Loopback 00...1 (128 bits) ::1/128...
  • Page 900 Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration IV. Multicast address Multicast addresses listed in Table 1-2 are reserved for special purpose. Table 1-2 Reserved IPv6 multicast addresses Address Application FF01::1 Node-local scope all-nodes multicast address...

  • Page 901: Introduction To Ipv6 Neighbor Discovery Protocol

    Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration Figure 1-2 Convert a MAC address into an EUI-64 address 1.1.3 Introduction to IPv6 Neighbor Discovery Protocol The IPv6 Neighbor Discovery Protocol (NDP) uses five types of ICMPv6 messages to...
  • Page 902 Note: H3C S3100-52P Ethernet Switch does not support the RS, RA, or Redirect message. Of the above mentioned IPv6 NDP functions, H3C S3100-52P Ethernet Switch supports the following three functions: address resolution, neighbor unreachability detection, and duplicate address detection.
  • Page 903 Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration Node A multicasts an NS message. The source address of the NS message is the IPv6 address of the interface of node A and the destination address is the solicited-node multicast address of node B.

  • Page 904: Introduction To Ipv6 Dns

    Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration Node A learns that the IPv6 address is being used by node B after receiving the NA message from node B. Otherwise, node B is not using the IPv6 address and node A can use it.

  • Page 905: Configuring An Ipv6 Unicast Address

    Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration Task Remarks Configuring a Static IPv6 Route Optional Configuring IPv6 TCP Properties Optional Configuring the Maximum Number of IPv6 ICMP Error Optional Packets Sent within a Specified Time...
  • Page 906 Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration To do... Use the command... Remarks Manually ipv6 address { ipv6-address Use either assign an IPv6 prefix-length | command address ipv6-address/prefix-length } By default, no site-local address...

  • Page 907: Configuring Ipv6 Ndp

    Chapter 1 IPv6 Configuration Note: IPv6 unicast addresses can be configured for only one VLAN interface on an H3C S3100-52P Ethernet switch. The total number of global unicast addresses and site-local addresses on the VLAN interface can be up to four.
  • Page 908 Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration Follow these steps to configure a static neighbor entry: To do... Use the command... Remarks Enter system view system-view — ipv6 neighbor ipv6-address Configure a static mac-address { vlan-id port-type...
  • Page 909 Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration Follow these steps to configure the attempts to send an NS message for duplicate address detection: To do… Use the command… Remarks Enter system view — system-view...

  • Page 910: Configuring A Static Ipv6 Route

    Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration To do… Use the command… Remarks Optional Configure the neighbor ipv6 nd nud 30,000 milliseconds by reachable timeout time reachable-time value default. 1.2.3 Configuring a Static IPv6 Route You can configure static IPv6 routes for network interconnection in a small sized IPv6 network.

  • Page 911: Configuring The Maximum Number Of Ipv6 Icmp Error Packets Sent Within A Specified Time

    Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration To do… Use the command… Remarks Configure the size of IPv6 Optional TCP receiving/sending tcp ipv6 window size 8 KB by default. buffer 1.2.5 Configuring the Maximum Number of IPv6 ICMP Error Packets Sent...

  • Page 912: Configuring Ipv6 Dns

    Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration To do… Use the command… Remarks Optional Configure the hop limit of ipv6 nd hop-limit value ICMPv6 reply packets 64 by default. 1.2.7 Configuring IPv6 DNS I. Configuring a static IPv6 DNS entry You can directly use a host name when applying telnet applications and the system will resolve the host name into an IPv6 address.

  • Page 913: Displaying And Maintaining Ipv6

    Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration To do… Use the command… Remarks Required By default, no domain Configure the domain dns domain name suffix is configured, suffix. domain-name that is, the domain name is resolved according to the input information.

  • Page 914: Ipv6 Configuration Example

    Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration To do… Use the command… Remarks Display the statistics of IPv6 packets and IPv6 display ipv6 statistics ICMP packets Display the statistics of display tcp ipv6 statistics...
  • Page 915 Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration II. Network diagram Figure 1-5 Network diagram for IPv6 address configuration III. Configuration procedure Configure Switch A. # Configure an automatically generated link-local address for the interface VLAN-interface 2.
  • Page 916 Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration FF02::1:FF00:1 FF02::1:FF49:8048 FF02::1 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses # Display the brief IPv6 information of the interface on Switch B.
  • Page 917 Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration bytes=56 Sequence=1 hop limit=255 time = 80 ms Reply from FE80::20F:E2FF:FE00:1 bytes=56 Sequence=2 hop limit=255 time = 60 ms Reply from FE80::20F:E2FF:FE00:1 bytes=56 Sequence=3 hop limit=255 time = 60 ms...
  • Page 918 Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 1 IPv6 Configuration bytes=56 Sequence=4 hop limit=255 time = 70 ms Reply from 3001::2 bytes=56 Sequence=5 hop limit=255 time = 60 ms --- 3001::2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss...

  • Page 919: Chapter 2 Ipv6 Application Configuration

    IPv6 Application Configuration Example Troubleshooting IPv6 Application 2.1 Introduction to IPv6 Application IPv6 are supporting more and more applications. Most of IPv6 applications are the same as those of IPv4. The applications supported on H3C S3100-52P Ethernet Switch are: Ping Traceroute...

  • Page 920: Ipv6 Traceroute

    Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 2 IPv6 Application Configuration Caution: When you use the ping ipv6 command to verify the reachability of the destination, you must specify the “–i” keyword if the destination address is a link-local address.

  • Page 921: Ipv6 Tftp

    Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 2 IPv6 Application Configuration Follow these steps to traceroute IPv6: To do… Use the command… Remarks tracert ipv6 [ -f first-ttl | -m Required Traceroute IPv6 max-ttl | -p port | -q packet-num |...

  • Page 922: Ipv6 Application Configuration Example

    I. Network requirements Figure 2-3, SWA, SWB, and SWC are three switches, among which SWA is an H3C S3100-52P Ethernet switch, SWB and SWC are two switches supporting IPv6 forwarding. In a LAN, there is a Telnet server and a TFTP server for providing Telnet...
  • Page 923 Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 2 IPv6 Application Configuration service and TFTP service to the switch respectively. It is required that you telnet to the telnet server from SWA and download files from the TFTP server.

  • Page 924: Troubleshooting Ipv6 Application

    Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 2 IPv6 Application Configuration 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/46/110 ms # On SWA, configure static routes to SWC, the Telnet Server, and the TFTP Server.

  • Page 925: Unable To Run Traceroute

    Operation Manual – IPv6 Management H3C S3100-52P Ethernet Switch Chapter 2 IPv6 Application Configuration Use the display ipv6 route-table command to verify that the destination is reachable. Use the ping ipv6 -t timeout { destination-ipv6-address | hostname } [ -i interface-type interface-number ] command to increase the timeout time limit, so as to determine whether it is due to the timeout limit is too small.
  • Page 926 Operation Manual – DNS H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 DNS Configuration....................... 1-1 1.1 DNS Overview ........................1-1 1.1.1 Static Domain Name Resolution ................1-1 1.1.2 Dynamic Domain Name Resolution ................ 1-1 1.2 Configuring Domain Name Resolution ................1-3 1.2.1 Configuring Static Domain Name Resolution............

  • Page 927: Chapter 1 Dns Configuration

    DNS database. Reduction of the searching time in the dynamic DNS database would increase efficiency. Some frequently used addresses can be put in the static DNS database. Currently, an S3100-52P Ethernet switch supports both static and dynamic DNS clients. 1.1.1 Static Domain Name Resolution The static domain name resolution means manually setting up mappings between domain names and IP addresses.
  • Page 928 Operation Manual – DNS H3C S3100-52P Ethernet Switch Chapter 1 DNS Configuration resolution procedure is as follows: A user program sends a name query to the resolver in the DNS client. The DNS resolver looks up the local domain name cache for a match. If a match is found, it sends the corresponding IP address back.

  • Page 929: Configuring Domain Name Resolution

    Operation Manual – DNS H3C S3100-52P Ethernet Switch Chapter 1 DNS Configuration If there is no dot in the domain name, such as aabbcc, the resolver will consider this as a host name and add a DNS suffix before processing. The original name such as aabbcc is used if all DNS lookups fail.

  • Page 930: Displaying And Maintaining Dns

    Operation Manual – DNS H3C S3100-52P Ethernet Switch Chapter 1 DNS Configuration Note: You may configure up to six DNS servers and ten DNS suffixes. 1.3 Displaying and Maintaining DNS To do… Use the command… Remarks Display static DNS database...

  • Page 931: Dynamic Domain Name Resolution Configuration Example

    Operation Manual – DNS H3C S3100-52P Ethernet Switch Chapter 1 DNS Configuration # Execute the ping host.com command to verify that the device can use static domain name resolution to get the IP address 10.1.1.2 corresponding to host.com. [Sysname] ping host.com PING host.com (10.1.1.2): 56...
  • Page 932 Operation Manual – DNS H3C S3100-52P Ethernet Switch Chapter 1 DNS Configuration III. Configuration procedure Note: Before doing the following configuration, make sure that: The routes between the DNS server, Switch, and Host are reachable. Necessary configurations are done on the devices. For the IP addresses of the interfaces, see the figure above.

  • Page 933: Troubleshooting Dns

    Operation Manual – DNS H3C S3100-52P Ethernet Switch Chapter 1 DNS Configuration 1.5 Troubleshooting DNS I. Symptom After enabling the dynamic domain name resolution, the user cannot get the correct IP address. II. Solution Use the display dns dynamic-host command to check that the specified domain name is in the cache.
  • Page 934 Operation Manual – Smart Link-Monitor Link H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Chapter 1 Smart Link Configuration.................... 1-1 1.1 Smart Link Overview......................1-1 1.1.1 Basic Concepts in Smart Link ................. 1-1 1.1.2 Operating Mechanism of Smart Link............... 1-3 1.2 Configuring Smart Link ......................

  • Page 935: Chapter 1 Smart Link Configuration

    Operation Manual – Smart Link-Monitor Link H3C S3100-52P Ethernet Switch Chapter 1 Smart Link Configuration Chapter 1 Smart Link Configuration When configuring smart link, go to these sections for information you are interested in: Smart Link Overview Configuring Smart Link...
  • Page 936 Operation Manual – Smart Link-Monitor Link H3C S3100-52P Ethernet Switch Chapter 1 Smart Link Configuration II. Master port The master port can be either an Ethernet port or a manually-configured or static LACP aggregation group. For example, you can configure Ethernet 1/0/1 of switch A in Figure as the master port through the command line.

  • Page 937: Operating Mechanism Of Smart Link

    Operation Manual – Smart Link-Monitor Link H3C S3100-52P Ethernet Switch Chapter 1 Smart Link Configuration 1.1.2 Operating Mechanism of Smart Link Eth1/0/12 Eth1/0/11 Switch E Switch C Switch D Eth1/0/1 Eth1/0/1 Eth1/0/2 Eth1/0/2 Eth1/0/3 Eth1/0/1 BLOCK Eth1/0/2 Switch A Switch B...

  • Page 938: Configuring Smart Link

    Operation Manual – Smart Link-Monitor Link H3C S3100-52P Ethernet Switch Chapter 1 Smart Link Configuration 1.2 Configuring Smart Link Note: Before configuring a member port of a Smart Link group, you must: Disable the port to avoid loops, thus preventing broadcast storm.

  • Page 939: Configuring Associated Devices

    Operation Manual – Smart Link-Monitor Link H3C S3100-52P Ethernet Switch Chapter 1 Smart Link Configuration To do… Use the command… Remarks Required Enable the function of By default, no sending flush messages control VLAN for flush enable control-vlan vlan-id in the specified control...

  • Page 940: Precautions

    Operation Manual – Smart Link-Monitor Link H3C S3100-52P Ethernet Switch Chapter 1 Smart Link Configuration However, you do not have to enable all the ports of an associated device to process flush messages received from the specified control VLAN. You need to enable this function only on the ports that are on the active and backup links connecting the Smart Link device and the target device.

  • Page 941: Displaying And Maintaining Smart Link

    I. Network requirements As shown in Figure 1-3, Switch A is an H3C S3100-52P Ethernet switch. Switch C, Switch D and Switch E support Smart Link. Configure Smart Link feature to provide remote PCs with reliable access to the server.
  • Page 942 Operation Manual – Smart Link-Monitor Link H3C S3100-52P Ethernet Switch Chapter 1 Smart Link Configuration II. Network diagram Server Eth1/0/2 Eth1/0/3 Switch E Eth1/0/1 Eth1/0/1 Switch C Switch D Eth1/0/2 Eth1/0/2 Eth1/0/1 Eth1/0/2 Switch A Host Figure 1-3 Network diagram for Smart Link configuration III.
  • Page 943 Operation Manual – Smart Link-Monitor Link H3C S3100-52P Ethernet Switch Chapter 1 Smart Link Configuration # Configure to send flush messages within VLAN 1. [SwitchA-smlk-group1] flush enable control-vlan 1 Enable the function of processing flush messages received from VLAN 1 on Switch C.

  • Page 944: Chapter 2 Monitor Link Configuration

    Operation Manual – Smart Link-Monitor Link H3C S3100-52P Ethernet Switch Chapter 2 Monitor Link Configuration Chapter 2 Monitor Link Configuration When configuring Monitor Link, go to these sections for information you are interested Introduction to Monitor Link Configuring Monitor Link...

  • Page 945: How Monitor Link Works

    Operation Manual – Smart Link-Monitor Link H3C S3100-52P Ethernet Switch Chapter 2 Monitor Link Configuration 2.1.1 How Monitor Link Works Eth1/0/12 Eth1/0/11 Switch E Switch C Switch D Eth1/0/1 Eth1/0/1 Eth1/0/2 Eth1/0/2 Eth1/0/3 Eth1/0/1 BLOCK Eth1/0/2 Switch A Switch B...

  • Page 946: Configuring Monitor Link

    Operation Manual – Smart Link-Monitor Link H3C S3100-52P Ethernet Switch Chapter 2 Monitor Link Configuration Note: Currently, member ports of a Monitor Link group cannot be dynamic link aggregation groups. If the uplink or downlink port in the Monitor Link group is a link aggregation group, you cannot directly delete this aggregation group or change this aggregation group into a dynamic aggregation group.

  • Page 947: Configuring The Uplink Port

    Operation Manual – Smart Link-Monitor Link H3C S3100-52P Ethernet Switch Chapter 2 Monitor Link Configuration 2.2.3 Configuring the Uplink Port Follow these steps to configure the uplink port: To do… Use the command… Remarks Enter system view system-view — Enter the specified Monitor Link monitor-link group —...

  • Page 948: Displaying Monitor Link Configuration

    Operation Manual – Smart Link-Monitor Link H3C S3100-52P Ethernet Switch Chapter 2 Monitor Link Configuration To do… Use the command… Remarks Configure the specified link link-aggregation group aggregation group as group-id downlink a downlink port of the Monitor Link group...

  • Page 949: Monitor Link Configuration Example

    Operation Manual – Smart Link-Monitor Link H3C S3100-52P Ethernet Switch Chapter 2 Monitor Link Configuration 2.4 Monitor Link Configuration Example 2.4.1 Implementing Collaboration Between Smart Link and Monitor Link I. Network requirements As shown in Figure 2-3, the PCs access the server and Internet through the switch.
  • Page 950 Operation Manual – Smart Link-Monitor Link H3C S3100-52P Ethernet Switch Chapter 2 Monitor Link Configuration [SwitchA-Ethernet1/0/1] quit [SwitchA] interface Ethernet 1/0/2 [SwitchA-Ethernet1/0/2] stp disable # Return to system view. [SwitchA-Ethernet1/0/2] quit # Create Smart Link group 1 and enter Smart Link group view.
  • Page 951 Operation Manual – Smart Link-Monitor Link H3C S3100-52P Ethernet Switch Chapter 2 Monitor Link Configuration [SwitchE] smart-link flush enable control-vlan 1 port Ethernet 1/0/10 to Ethernet 1/0/11...
  • Page 952 Operation Manual – Appendix H3C S3100-52P Ethernet Switch Table of Contents Table of Contents Appendix A Acronyms ........................A-1...
  • Page 953 Operation Manual – Appendix H3C S3100-52P Ethernet Switch Appendix A Acronyms Appendix A Acronyms Authentication, Authorization and Accounting Area Border Router Access Control List Address Resolution Protocol Autonomous System ASBR Autonomous System Border Router Backup Designated Router Command Line Interface...
  • Page 954 Operation Manual – Appendix H3C S3100-52P Ethernet Switch Appendix A Acronyms Internet Architecture Board ICMP Internet Control Message Protocol IGMP Internet Group Management Protocol Interior Gateway Protocol Internet Protocol Medium Access Control Management Information Base Network Information Center Network Management System...
  • Page 955 Operation Manual – Appendix H3C S3100-52P Ethernet Switch Appendix A Acronyms TFTP Trivial File Transfer Protocol Type of Service Time To Live User Datagram Protocol VLAN Virtual LAN Video On Demand VRRP Virtual Router Redundancy Protocol Weighted Round Robin...

Table of Contents