H3C S7500 Series Operation Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Network Router
  5. S7500 Series
  6. Operation manual
H3C S7500 Series Operation Manual

H3C S7500 Series Operation Manual

Hide thumbs Also See for S7500 Series:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
Table of Contents

Advertisement

Quick Links

Download this manual See also: Command Manual
H3C S7500 Series Ethernet Switches
Operation Manual
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Manual Version: T2-08163Y-20070720-C-1.04
Product Version: Release 3100 Series

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S7500 Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C S7500 Series

Summary of Contents for H3C S7500 Series

  • Page 1 H3C S7500 Series Ethernet Switches Operation Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: T2-08163Y-20070720-C-1.04 Product Version: Release 3100 Series...
  • Page 2 Copyright © 2006-2007, Hangzhou H3C Technologies Co., Ltd. All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd. Trademarks H3C,...

  • Page 3: About This Manual

    About This Manual Related Documentation In addition to this manual, each H3C S7500 Series Ethernet Switches documentation set includes the following: Manual Description H3C S7500 Series Ethernet Switches It is used for assisting the users in using Command Manual various commands.

  • Page 4: Table Of Contents

    Part Contents 11 Port Isolation Introduces port isolation and the related configuration. 12 Port Binding Introduces port binding and the related configuration. 13 DLDP Introduces DLDP and the related configuration. Introduces MAC address forwarding table and the 14 MAC Address Table related configuration.
  • Page 5 Part Contents 37 System Maintenance Introduces system maintenance and debugging. and Debugging 38 HWPing Introduces HWPing and the related configuration. 39 RRPP Introduces RRPP and the related configuration. Introduces NAT, Netstream, policy-based routing, and NAT-Netstream-Policy the related configurations. Routing 41 Telnet Protection Introduces Telnet securing and the related configuration.
  • Page 6 II. GUI conventions Convention Description Button names are inside angle brackets. For example, click < > <OK>. Window names, menu items, data table and field names are inside square brackets. For example, pop up the [New User] window. Multi-level menus are separated by forward slashes. For example, [File/Create/Folder].
  • Page 7 Operation Manual – Overview H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Documentation Obtaining................... 1-1 1.1 CD-ROM ..........................1-1 1.2 H3C Website........................1-1 1.3 Software Release Notes ....................1-1 Chapter 2 Related Software Release ................... 2-1 2.1 Related Software Release ....................

  • Page 8: Chapter 1 Documentation Obtaining

    H3C website Software release notes 1.1 CD-ROM H3C delivers a CD-ROM together with each device. The CD-ROM contains a complete product documentation set, including the operation manual, command manual, installation manual, and compatibility manual. After installing the reader program provided by the CD-ROM, you can search for the desired contents in a convenient way through the reader interface.

  • Page 9: Chapter 2 Related Software Release

    2.1 Related Software Release The two manuals, H3C S7500 Series Ethernet Switches Operation Manual Release 3100 and H3C S7500 Series Ethernet Switches Command Manual Release 3100, are corresponding to the software Release 3135 of the S7500 series products. 2.2 Related Documentation...

  • Page 10: Chapter 3 Product Overview

    Six, in slot 2 to 7 engines, in slot 0 and 1 3.3 Switching Engines Switching engines are the cores of the S7500 series. The switching engines you can select depend on the switch model you select. Table 3-2 Table 3-3 list the switching engines available to different S7500 switch models.

  • Page 11: Switching Engines And Available Service Cards

    3.3.1 Switching Engines and Available Service Cards There are various models of switching engines and services cards that you can choose for the S7500 series. But note that the service cards you can select depend on the switching engine you select.
  • Page 12 Operation Manual – Overview H3C S7500 Series Ethernet Switches Chapter 3 Product Overview Switching engine Salience III Salience III Plus Salience III Edge Service card LS82GT20 √ √ √ LS82GT20A √ √ √ LS81GT48 √ √ √ LS81GT48A √ √...

  • Page 13: Switching Engines And Available Switch Chassis

    Operation Manual – Overview H3C S7500 Series Ethernet Switches Chapter 3 Product Overview Switching engine LS81T12 LS81 LS81 LS81 LS81 GT48 LS81P12 Service card LS81GT48 √ — — — — — — LS81GT48A √ — — — — — —...

  • Page 14: Software Features

    : When a Salience III/Salience III Edge engine is used together with an S7506R chassis (with no XGbus silkscreen), the four SFP interfaces on the engine will not work. 3.4 Software Features The S7500 series provide rich software features, thus meeting the requirements of different users. Table 3-7 lists the software features in different modules.

  • Page 15: Port Basic

    Operation Manual – Overview H3C S7500 Series Ethernet Switches Chapter 3 Product Overview Module Features supported Three port states: access, trunk, hybrid Global broadcast suppression on ports 09- Port Basic configuration Loopback detection Cable test 10-Link LACP (link aggregation control protocol)
  • Page 16 Operation Manual – Overview H3C S7500 Series Ethernet Switches Chapter 3 Product Overview Module Features supported Gratuitous ARP ARP source suppression 22-ARP Manual configuration of ARP entries Proxy ARP DHCP Server (DHCP: dynamic host configuration protocol) DHCP Relay 23-DHCP DHCP Snooping...
  • Page 17 Operation Manual – Overview H3C S7500 Series Ethernet Switches Chapter 3 Product Overview Module Features supported 38-HWPing HWPing 39-RRPP RRPP (rapid ring protection protocol) NAT (network address translation) 40-NAT-Netstream NetStream -Policy Routing policy routing 41-Telnet Remote login protection Protection PoE DIMM (dual in-line memory module) memory card...

  • Page 18: Chapter 4 Networking Applications

    4.1 Application in a MAN Typically, an S7500 series switch can be used at the aggregation layer in a MAN. In upstream direction, the switch is connected to a Layer 3 switch (for example, a H3C S9500 series routing switch) or a GSR (Gigabit switching router) in the backbone network through a GE link across long/ultra-long haul dark fiber cable (you can also use multi-GE Trunk to increase upstream bandwidth).

  • Page 19: Application In A Small/Medium-Sized Enterprise Network

    Figure 4-2 Application in a small/medium-sized enterprise network 4.3 Application in a Large-Sized Campus Network Typically, an S7500 series can be used at the aggregation or backbone layer in a large-sized campus network. In this case, it is often deployed in cabling room or center office.

  • Page 20: Poe Application

    Figure 4-3 Application in a large-sized campus network 4.4 PoE Application Through the GE/FE electrical ports on a PoE-supported card, an S7500 series switch can supply power to PoE-supported PDs (powered devices, such as wireless WLAN APs, IP phones and corridor switches) across twisted pairs.
  • Page 21 Operation Manual – CLI H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 CLI Overview ........................ 1-1 1.1 Introduction to the CLI ....................... 1-1 1.2 Command Level/Command View ..................1-1 1.2.1 Switching Between User Levels................1-2 1.2.2 Configuring the Level of a Specific Command in a Specific View ......

  • Page 22: Chapter 1 Cli Overview

    CLI Features 1.1 Introduction to the CLI H3C series Ethernet switches provide command line interfaces (CLI) and commands for you to configure and manage the Ethernet switches. The CLI features the following: Commands are grouped by levels. This prevents unauthorized users from operating the switch with relevant commands.

  • Page 23: Switching Between User Levels

    Operation Manual – CLI H3C S7500 Series Ethernet Switches Chapter 1 CLI Overview Users logging into a switch also fall into four levels, each of which corresponding to one of the above command levels. Users at a specific level can only use the commands of the same level and those of the lower levels.

  • Page 24: Configuring The Level Of A Specific Command In A Specific View

    Operation Manual – CLI H3C S7500 Series Ethernet Switches Chapter 1 CLI Overview 1.2.2 Configuring the Level of a Specific Command in a Specific View You can configure the level of a specific command in a specific view. Commands fall into four command levels: visit, monitor, system, and manage, which are identified as 0, 1, 2, and 3 respectively.
  • Page 25 Operation Manual – CLI H3C S7500 Series Ethernet Switches Chapter 1 CLI Overview HWping view Public key view Public key code view PIM view RIP view OSPF view OSPF area view BGP view BGP IPv4 family multicast view IS-IS view...
  • Page 26 Operation Manual – CLI H3C S7500 Series Ethernet Switches Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Manage Execute the Ethernet port quit command view. to return to Configure system view. Execute the M-Ethernet M-Ethernet...
  • Page 27 Operation Manual – CLI H3C S7500 Series Ethernet Switches Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Execute the quit command to return to Execute the system view. Configure vlan 1 VLAN VLAN view [H3C-vlan1]...
  • Page 28 Operation Manual – CLI H3C S7500 Series Ethernet Switches Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Execute the Execute the Configure SFTP client sftp 10.1.1.1 quit command SFTP client sftp-client> view command in to return to parameters system view.
  • Page 29 Operation Manual – CLI H3C S7500 Series Ethernet Switches Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Execute the quit command to return to Execute the Configure system view. port-isolate Port-isolate-gr port-isolate-gr [H3C-port-isol group 1...
  • Page 30 Operation Manual – CLI H3C S7500 Series Ethernet Switches Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Execute the quit command to return to system view. Execute the Configure RIP rip command RIP view [H3C-rip]...
  • Page 31 Operation Manual – CLI H3C S7500 Series Ethernet Switches Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Execute the quit command to return to Execute the system view. Configure isis command IS-IS IS-IS view [H3C-isis]...
  • Page 32 Operation Manual – CLI H3C S7500 Series Ethernet Switches Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Execute the quit command Define the to return to sub-rules of Execute the system view. Layer 2 ACLs,...

  • Page 33: Cli Features

    Operation Manual – CLI H3C S7500 Series Ethernet Switches Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Execute the quit command to return to Execute the system view. Configure radius RADIUS [H3C-radius-1 RADIUS scheme 1...
  • Page 34 Operation Manual – CLI H3C S7500 Series Ethernet Switches Chapter 1 CLI Overview clock Specify the system clock cluster Run cluster command copy Copy from one file to another debugging Enable system debugging functions delete Delete a file List files on a file system...

  • Page 35: Terminal Display

    Operation Manual – CLI H3C S7500 Series Ethernet Switches Chapter 1 CLI Overview You can use the language-mode command to translate the help into Chinese. 1.3.2 Terminal Display CLI provides the following display features: The online help and prompt information can be displayed in either Chinese or English.

  • Page 36: Error Messages

    Operation Manual – CLI H3C S7500 Series Ethernet Switches Chapter 1 CLI Overview Note: As the Up and Down keys have different meanings in HyperTerminal running on Windows 9x, these two keys can be used to recall history commands only in terminals running Windows 3.x or Telnet running in Windows 3.x.
  • Page 37 Operation Manual – CLI H3C S7500 Series Ethernet Switches Chapter 1 CLI Overview Press… To… Delete the character on the left of the cursor and move The Backspace key the cursor one character to the left. The left arrow key or <Ctrl Move the cursor one character to the left.
  • Page 38 Operation Manual – Login H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Logging into an Ethernet Switch ................1-1 1.1 Logging into an Ethernet Switch ..................1-1 1.2 Introduction to the User Interface ..................1-1 1.2.1 Supported User Interfaces ..................
  • Page 39 Operation Manual – Login H3C S7500 Series Ethernet Switches Table of Contents Chapter 4 Logging in Using Modem.................... 4-1 4.1 Introduction ........................4-1 4.2 Configuration on the Administrator Side................4-1 4.3 Configuration on the Switch Side..................4-2 4.3.1 Modem Configuration....................4-2 4.3.2 Switch Configuration ....................

  • Page 40: Chapter 1 Logging Into An Ethernet Switch

    VTY users. Note: The AUX port and the console port of an H3C series switch are the same port. You will be in the AUX user interface if you log in through this port. 1.2.2 User Interface Number Two kinds of user interface indexes exist: absolute user interface indexes and relative user interface indexes.

  • Page 41: Common User Interface Configuration

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 1 Logging into an Ethernet Switch The absolute user interface indexes are as follows: AUX user interface: 0 VTY user interfaces: Numbered after the AUX user interface. The absolute index...
  • Page 42 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 1 Logging into an Ethernet Switch Caution: The auto-execute command command may cause you unable to perform common configuration in the user interface, so use it with caution. Before configuring the auto-execute command command and saving the configuration, make sure you can log into the switch in other ways to cancel the configuration.

  • Page 43: Chapter 2 Logging In Through The Console Port

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 2 Logging in through the Console Port Chapter 2 Logging in through the Console Port When logging into a switch through its console port, go to these sections for information...
  • Page 44 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 2 Logging in through the Console Port RS-232 onsole port Configuration cable Switch Figure 2-1 Diagram for setting the connection to the console port If you use a PC to connect to the console port, launch a terminal emulation program (such as Terminal in Windows 3.X or HyperTerminal in Windows 9X),...

  • Page 45: Console Port Login Configuration

    Figure 2-4 Set port parameters Power on the switch. You will be prompted to press the Enter key if the switch successfully completes POST (power-on self test). The prompt (such as <H3C>) appears after you press the Enter key. You can then configure the switch or check the information about the switch by executing the corresponding commands.
  • Page 46 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 2 Logging in through the Console Port Table 2-2 Common configuration of console port login Configuration Remarks Optional Baud rate The default baud rate is 9,600 bps. Optional Check mode...

  • Page 47: Console Port Login Configurations For Different Authentication Modes

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 2 Logging in through the Console Port 2.3.2 Console Port Login Configurations for Different Authentication Modes Table 2-3 lists console port login configurations for different authentication modes. Table 2-3 Console port login configurations for different authentication modes...

  • Page 48: Console Port Login Configuration With Authentication Mode Being None

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 2 Logging in through the Console Port 2.4 Console Port Login Configuration with Authentication Mode Being None 2.4.1 Configuration Procedure Follow these steps to perform the console port login configuration with the authentication mode being none: To do…...
  • Page 49 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 2 Logging in through the Console Port To do… Use the command… Remarks Optional By default, the screen can contain up to 24 lines. Set the maximum number of screen-length...

  • Page 50: Configuration Example

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 2 Logging in through the Console Port Table 2-4 Determine the command level Scenario Command Authentication level User type Command configuration mode The user privilege level level Level 3 Users...

  • Page 51: Console Port Login Configuration With Authentication Mode Being Password

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 2 Logging in through the Console Port # Enter AUX user interface view. [H3C] user-interface aux 0 # Specify not to authenticate users logging in through the console port. [H3C-ui-aux0] authentication-mode none # Specify commands of level 2 are available to users logging into the AUX user interface.
  • Page 52 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 2 Logging in through the Console Port To do… Use the command… Remarks Optional Set the The default baud rate of an AUX speed speed-value baud rate port (also the console port) is 9,600 bps.
  • Page 53 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 2 Logging in through the Console Port To do… Use the command… Remarks Optional The default timeout time of a user interface is 10 minutes. With the timeout time being 10...
  • Page 54 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 2 Logging in through the Console Port II. Network diagram Ethernet1/0/1 Ethernet User PC running Telnet Figure 2-6 Network diagram for AUX user interface configuration (with the authentication mode being password) III.

  • Page 55: Console Port Login Configuration With Authentication Mode Being Scheme

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 2 Logging in through the Console Port 2.6 Console Port Login Configuration with Authentication Mode Being Scheme 2.6.1 Configuration Procedure Follow these steps to perform console port login configuration with the authentication mode being scheme: To do…...
  • Page 56 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 2 Logging in through the Console Port To do… Use the command… Remarks Required Configure to The specified AAA scheme authenticate users authentication-mode determines whether to locally or remotely scheme [ command-...
  • Page 57 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 2 Logging in through the Console Port To do… Use the command… Remarks Optional The default history command Set history command history-command buffer size is 10. That is, a buffer size...
  • Page 58 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 2 Logging in through the Console Port Set the service type of the local user to Terminal. Configure to authenticate users logging in through the console port in the scheme mode.
  • Page 59 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 2 Logging in through the Console Port # Set the baud rate of the console port to 19,200 bps. [H3C-ui-aux0] speed 19200 # Set the maximum number of lines the screen can contain to 30.

  • Page 60: Chapter 3 Logging In Through Telnet

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 3 Logging in through Telnet Chapter 3 Logging in through Telnet When logging into a switch through Telnet, go to these sections for information you are interested in: Introduction Telnet Configuration with Authentication Mode Being None...

  • Page 61: Telnet Configurations For Different Authentication Modes

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 3 Logging in through Telnet Configuration Description Optional Make terminal services By default, terminal services are available available in all user interfaces Optional Set the maximum number of lines the screen can...

  • Page 62: Telnet Configuration With Authentication Mode Being None

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 3 Logging in through Telnet Authentication Telnet configuration Description mode Optional AAA configuration Specify to Local authentication is specifies whether perform local performed by default. to perform local authentication Refer to the...
  • Page 63 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 3 Logging in through Telnet To do… Use the command… Remarks Optional Configure the command By default, commands of level level available to users user privilege level 0 are available to users...
  • Page 64 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 3 Logging in through Telnet Table 3-4 Determine the command level when users logging into switches are not authenticated Scenario Command Authentication level User type Command configuration mode The user privilege level level...

  • Page 65: Telnet Configuration With Authentication Mode Being Password

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 3 Logging in through Telnet [H3C-ui-vty0] user privilege level 2 # Configure Telnet protocol is supported. [H3C-ui-vty0] protocol inbound telnet # Set the maximum number of lines the screen can contain to 30.
  • Page 66 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 3 Logging in through Telnet To do… Use the command… Remarks Optional By default, the screen can contain up to 24 lines. Set the maximum number screen-length You can use the...
  • Page 67 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 3 Logging in through Telnet Table 3-5 Determine the command level when users logging into switches are authenticated in the password mode Scenario Command Authentication level User type Command configuration...

  • Page 68: Telnet Configuration With Authentication Mode Being Scheme

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 3 Logging in through Telnet # Set the password to 123456 (in plain text). [H3C-ui-vty0] set authentication password simple 123456 # Specify commands of level 2 are available to users logging into VTY 0.
  • Page 69 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 3 Logging in through Telnet To do… Use the command… Remarks Enter system view system-view — Enter the Optional default ISP By default, the local AAA domain domain-name domain scheme is applied. If you...
  • Page 70 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 3 Logging in through Telnet To do… Use the command… Remarks Optional Configure the supported protocol inbound { all Both Telnet protocol and SSH protocol | ssh | telnet } protocol are supported by default.
  • Page 71 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 3 Logging in through Telnet Table 3-6 Determine the command level when users logging into switches are authenticated in the scheme mode Scenario Command Authenticati level User type Command configuration...
  • Page 72 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 3 Logging in through Telnet Scenario Command Authenticati level User type Command configuration on mode The user privilege level level command is executed, and the Level 0 service-type command does not specify the available command level.

  • Page 73: Telneting To A Switch

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 3 Logging in through Telnet III. Configuration procedure # Enter system view. <H3C> system-view # Create a local user named guest and enter local user view. [H3C] local-user guest # Set the authentication password of the local user to 123456 (in plain text).
  • Page 74 HyperTerminal in Windows 9X) on the PC, with the baud rate set to 9,600 bps, data bits set to 8, parity check set to none, and flow control set to none. Power on the switch and press Enter as prompted. The prompt (such as <H3C>) appears.

  • Page 75: Telneting To Another Switch From The Current Switch

    If all VTY user interfaces of the switch are in use, you will fail to establish the connection and receive the message that says “All user interfaces are used, please try later!”. A H3C series Ethernet switch can accommodate up to five Telnet connections at the same time.
  • Page 76 You can use the ip host to assign a host name to a switch. Enter the password. If the password is correct, the CLI prompt (such as <H3C>) appears. If all VTY user interfaces of the switch are in use, you will fail to establish the connection and receive the message that says “All user interfaces are used,...

  • Page 77: Chapter 4 Logging In Using Modem

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 4 Logging in Using Modem Chapter 4 Logging in Using Modem When logging into a switch using a Modem, go to these sections for information you are interested in: Introduction...

  • Page 78: Configuration On The Switch Side

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 4 Logging in Using Modem 4.3 Configuration on the Switch Side 4.3.1 Modem Configuration Perform the following configuration on the Modem directly connected to the switch: AT&F ----------------------- Restore the factory settings...

  • Page 79: Modem Connection Establishment

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 4 Logging in Using Modem I. Configuration on switch when the authentication mode is none Refer to section Console Port Login Configuration with Authentication Mode Being None. II. Configuration on switch when the authentication mode is password...
  • Page 80 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 4 Logging in Using Modem Modem s erial cable Telephone line Modem PSTN Modem Telephone number of the romote end: 82882285 Console port Figure 4-1 Establish the connection by using Modem...

  • Page 81: Modem Attributes Configuration

    Provide the password on the emulation grogram when prompted. If the password is correct, the prompt (such as <H3C>) appears. You can then configure or manage the switch. You can also enter the character ? at anytime for help. Refer to the following chapters for information about the configuration commands.
  • Page 82 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 4 Logging in Using Modem To do… Use the command… Remarks Enter system view system-view — Enter AUX user interface user-interface aux 0 — view Required Call-in and call-out are...

  • Page 83: Chapter 5 Logging In Through Nms

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 5 Logging in through NMS Chapter 5 Logging in through NMS When logging into a switch through NMS, go to these sections for information you are interested in: Introduction Connection Establishment Using NMS 5.1 Introduction...

  • Page 84: Connection Establishment Using Nms

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 5 Logging in through NMS 5.2 Connection Establishment Using NMS Switch Network Figure 5-1 Network diagram for logging in through an NMS...

  • Page 85: Chapter 6 User Control

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 6 User Control Chapter 6 User Control When configuring user control, go to these sections for information you are interested Introduction Controlling Telnet Users Controlling Network Management Users by Source IP Addresses 6.1 Introduction...

  • Page 86: Controlling Telnet Users By Source And Destination Ip Addresses

    Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 6 User Control To do… Use the command… Remarks Enter system view system-view — acl { number acl-number As for the acl number | name acl-name Create a basic ACL or...

  • Page 87: Controlling Network Management Users By Source Ip Addresses

    6.3 Controlling Network Management Users by Source IP Addresses You can manage a H3C series Ethernet switch through network management software. Network management users can access switches through SNMP. You need to perform the following two operations to control network management users by source IP addresses.
  • Page 88 Operation Manual – Login H3C S7500 Series Ethernet Switches Chapter 6 User Control 6.3.2 Controlling Network Management Users by Source IP Addresses Controlling network management users by source IP addresses is achieved by applying basic ACLs, which are numbered from 2000 to 2999.
  • Page 89 Figure 6-1 Network diagram for controlling SNMP users using ACL III. Configuration procedure # Define a basic ACL. <H3C> system-view [H3C] acl number 2000 match-order config [H3C-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [H3C-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [H3C-acl-basic-2000] rule 3 deny source any [H3C-acl-basic-2000] quit...
  • Page 90 # Apply the ACL to only permit SNMP users sourced from the IP addresses of 10.110.100.52 and 10.110.100.46 to access the switch. [H3C] snmp-agent community read aaa acl 2000 [H3C] snmp-agent group v2c groupa acl 2000 [H3C] snmp-agent usm-user v2c usera groupa acl 2000...
  • Page 91 Operation Manual – Configuration File Management H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Configuration File Management ................. 1-1 1.1 Introduction to Configuration File..................1-1 1.2 Configuration File-Related Operations ................1-1...

  • Page 92: Chapter 1 Configuration File Management

    Operation Manual – Configuration File Management H3C S7500 Series Ethernet Switches Chapter 1 Configuration File Management Chapter 1 Configuration File Management When configuring configuration file management, go to these sections for information you are interested in: Introduction to Configuration File Configuration File-Related Operations 1.1 Introduction to Configuration File...
  • Page 93 Operation Manual – Configuration File Management H3C S7500 Series Ethernet Switches Chapter 1 Configuration File Management To do… Use the command… Remarks Save the current save [ file-name | safely ] Optional configuration into the Flash Remove a specific configuration file from the...
  • Page 94 Operation Manual – Configuration File Management H3C S7500 Series Ethernet Switches Chapter 1 Configuration File Management Safely saving mode: if the safely keyword is provided, the system saves the configuration files in the safely saving mode. In this mode, the configuration files are saved slowly.
  • Page 95 Operation Manual – VLAN H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 VLAN Overview ......................1-1 1.1 VLAN Overview........................1-1 1.1.1 Introduction to VLAN ....................1-1 1.1.2 VLAN Principles ...................... 1-2 1.2 Port-Based VLAN....................... 1-3 1.2.1 Link Types of Ethernet Ports...................

  • Page 96: Chapter 1 Vlan Overview

    Operation Manual – VLAN H3C S7500 Series Ethernet Switches Chapter 1 VLAN Overview Chapter 1 VLAN Overview This chapter covers the following topics: VLAN Overview Port-Based VLAN Protocol-Based VLAN 1.1 VLAN Overview 1.1.1 Introduction to VLAN The traditional Ethernet is a flat network, where all hosts are in the same broadcast domain and connected with each other through hubs or switches.

  • Page 97: Vlan Principles

    Operation Manual – VLAN H3C S7500 Series Ethernet Switches Chapter 1 VLAN Overview Router Switch Switch VLAN A VLANB VLAN A VLANB VLAN A VLAN B Figure 1-1 A VLAN implementation A VLAN can span across multiple switches, or even routers. This enables hosts in a VLAN to be dispersed in a looser way.

  • Page 98: Port-Based Vlan

    VLAN of the inbound port for transmission. For the details about setting the default VLAN of a port, refer to the “Port Basic Configuration” part of the H3C S7500 Series Ethernet Switches – Operation Manual.

  • Page 99: Link Types Of Ethernet Ports

    Operation Manual – VLAN H3C S7500 Series Ethernet Switches Chapter 1 VLAN Overview 1.2.1 Link Types of Ethernet Ports An Ethernet port on an S7500 switch can operate in one of the three link types: Access: An Access port can belong to only one VLAN, and is generally used to connect user PCs.
  • Page 100 Operation Manual – VLAN H3C S7500 Series Ethernet Switches Chapter 1 VLAN Overview Caution: You are recommended to set the default VLAN ID of the local Hybrid or Trunk ports to the same value as that of the Hybrid or Trunk ports on the peer switch. Otherwise, packet forwarding may fail on the ports.

  • Page 101: Protocol-Based Vlan

    Operation Manual – VLAN H3C S7500 Series Ethernet Switches Chapter 1 VLAN Overview Table 1-3 Packet processing of a Hybrid port Processing of an incoming packet Processing of an If the packet does not If the packet carries a outgoing packet...
  • Page 102 Operation Manual – VLAN H3C S7500 Series Ethernet Switches Chapter 1 VLAN Overview DA&SA(12) Length(2) DSAP(1) SSAP(1) Control ( 1) OUI(3) PID(2) Data Figure 1-5 802.2/802.3 encapsulation forma In the two figures, DA and SA refer to the destination MAC address and source MAC address of the packet respectively.

  • Page 103: Procedure For The Switch To Judge Packet Protocol

    Operation Manual – VLAN H3C S7500 Series Ethernet Switches Chapter 1 VLAN Overview DA&SA(12) Length(2) DSAP(1) SSAP(1) Control ( 1) OUI(3) PID(2) Data Figure 1-8 802.2 SNAP encapsulation forma In 802.2 SNAP encapsulation format, the values of the DSAP field and the SSAP field are always AA, and the value of the control field is always 3.

  • Page 104: Encapsulation Formats

    1.3.5 Implementation of Protocol-Based VLAN S7500 series Ethernet switches assign a packet to the specific VLAN by matching the packet with the protocol template. The protocol template is the standard to determine the protocol to which a packet belongs.

  • Page 105: Chapter 2 Vlan Configuration

    Operation Manual – VLAN H3C S7500 Series Ethernet Switches Chapter 2 VLAN Configuration Chapter 2 VLAN Configuration When configuring VLAN, go to these sections for information you are interested in: VLAN Configuration Configuring a Port-Based VLAN Configuring a Protocol-Based VLAN 2.1 VLAN Configuration...

  • Page 106: Basic Vlan Interface Configuration

    A VLAN only supports one broadcast storm suppression mode at one time. If you configure broadcast storm suppression modes multiple times for a VLAN, the latest configuration will overwrite the previous configuration. The cards of S7500 series switches support different broadcast storm suppression modes, as listed in Table 2-1.

  • Page 107: Displaying Vlan Configuration

    Operation Manual – VLAN H3C S7500 Series Ethernet Switches Chapter 2 VLAN Configuration To do… Use the command… Remarks Disable the VLAN Optional shutdown interface Enable the VLAN undo shutdown Optional Interface Note that the operation of enabling/disabling a VLAN interface does not influence the enabling/disabling status of the Ethernet ports belonging to this VLAN.

  • Page 108: Configuring A Trunk-Port-Based Vlan

    Operation Manual – VLAN H3C S7500 Series Ethernet Switches Chapter 2 VLAN Configuration Follow these steps to configure the Access-port-based VLAN in Ethernet port view: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet port view —...

  • Page 109: Configuring A Hybrid-Port-Based Vlan

    Operation Manual – VLAN H3C S7500 Series Ethernet Switches Chapter 2 VLAN Configuration Note: To convert a Trunk port into a Hybrid port (or vice versa), you need to use the Access port as a medium. For example, the Trunk port has to be configured as an Access port first and then a Hybrid port.
  • Page 110 Operation Manual – VLAN H3C S7500 Series Ethernet Switches Chapter 2 VLAN Configuration 2.2.4 Protocol-based VLAN Configuration Example I. Configuration requirements Create VLAN 2 and VLAN 3 and specify the description string of VLAN 2 as home; Add Ethernet 2/0/1 and Ethernet 2/0/2 to VLAN 2 and add Ethernet 2/0/3 and Ethernet 2/0/4 to VLAN 3.
  • Page 111 Operation Manual – VLAN H3C S7500 Series Ethernet Switches Chapter 2 VLAN Configuration To do… Use the command… Remarks protocol-vlan [ protocol-index ] { at | ip [ ip-address [ net-mask ] ] | ipx Create the protocol { ethernetii | llc | raw | snap } | mode...

  • Page 112: Associating A Port With The Protocol-Based Vlan

    Operation Manual – VLAN H3C S7500 Series Ethernet Switches Chapter 2 VLAN Configuration 2.3.2 Associating a Port with the Protocol-Based VLAN I. Configuration prerequisites The protocol template for the protocol-based VLAN is created The port is configured as a Hybrid port, and the port is configured to remove VLAN tags when it forwards the packets of the protocol-based VLANs.
  • Page 113 Operation Manual – VLAN H3C S7500 Series Ethernet Switches Chapter 2 VLAN Configuration To do… Use the command… Remarks Enter system view system-view — protocol-vlan vlan vlan-id Create protocol-based { protocol-index [ to Required VLAN on specific card protocol-end ] | all } { slot...

  • Page 114: Displaying Protocol-Based Vlan Configuration

    Operation Manual – VLAN H3C S7500 Series Ethernet Switches Chapter 2 VLAN Configuration 2.3.4 Displaying Protocol-Based VLAN Configuration To do… Use the command… Remarks Display the information about display vlan [ vlan-id [ to vlan-id ] | the protocol-based VLAN...
  • Page 115 [H3C-vlan7] # Configure index 1 of VLAN 7 according to the network requirement. [H3C-vlan7] protocol-vlan 1 mode llc dsap 01 ssap ac # Configure index 2 of VLAN 7 according to the network requirement. [H3C-vlan7] protocol-vlan 2 mode snap etype abcd # Enter port view of the Ethernet 2/0/7.
  • Page 116 Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Voice VLAN Configuration..................1-1 1.1 Voice VLAN Overview ....................... 1-1 1.2 Voice VLAN Configuration ....................1-4 1.2.1 Configuration Prerequisites..................1-4 1.2.2 Setting Voice VLAN Mode on a Port to Automatic Mode........1-4 1.2.3 Setting Voice VLAN Mode on a Port to Manual Mode ..........
  • Page 117 Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Table of Contents...

  • Page 118: Chapter 1 Voice Vlan Configuration

    (QoS) attributes for voice data, increasing the transmission priority of voice data stream and ensuring voice quality. S7500 series Ethernet switches determine whether a received packet is a voice packet by checking its source MAC address. Packets containing source MAC addresses that comply with the voice device organizationally unique identifier (OUI) addresses are regarded as voice traffic and are transmitted in the voice VLAN.
  • Page 119 Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 1 Voice VLAN Configuration Number OUI Address Vendor 00d0-1e00-0000 Pingtel phone 000f-e200-0000 H3C Aolynk phone There are two voice VLAN modes on a port: automatic and manual. You can configure the voice VLAN mode of a port according to data stream passing through the port.
  • Page 120 Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 1 Voice VLAN Configuration Table 1-2 Matching relationship between port modes and voice stream types Port voice Voice stream Port VLAN Supported or not type type mode Access...

  • Page 121: Voice Vlan Configuration

    Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 1 Voice VLAN Configuration Caution: If the voice traffic sent by an IP voice device is tagged and the access port has 802.1x authentication and guest VLAN enabled, assign different VLAN IDs for the voice VLAN, the default VLAN of the access port, and the 802.1x guest VLAN.

  • Page 122: Setting Voice Vlan Mode On A Port To Manual Mode

    Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 1 Voice VLAN Configuration To do… Use the command… Remarks Optional Enable the voice VLAN voice vlan security By default, the voice security mode enable VLAN security mode on the port is enabled.
  • Page 123 Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 1 Voice VLAN Configuration To do… Use the command… Remarks Enter vlan vlan-id VLAN view Access Add the port port to the port interface-list VLAN Required Enter port...

  • Page 124: Displaying Voice Vlan Configuration

    Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 1 Voice VLAN Configuration Caution: You can enable the voice VLAN feature for only one VLAN at a moment. A port that has the link aggregation control protocol (LACP) enabled cannot have the voice VLAN feature enabled at the same time.

  • Page 125: Configuring Manual Voice Vlan Mode

    Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 1 Voice VLAN Configuration <H3C> system-view [H3C] vlan 2 # Configure Ethernet 1/0/1 to be a Trunk port, with VLAN 6 as its default VLAN. [H3C-vlan2] quit [H3C] interface Ethernet 1/0/1...
  • Page 126 Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 1 Voice VLAN Configuration [H3C] voice vlan mac-address 0011-2200-0000 mask ffff-ff00-0000 description test # Enable the voice VLAN function globally. [H3C] voice vlan 3 enable # Display voice VLAN-related configurations.

  • Page 127: Chapter 2 Isolate-User-Vlan Configuration

    Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 2 Isolate-User-VLAN Configuration Chapter 2 Isolate-User-VLAN Configuration When configuring isolate-user-VLAN, go to these sections for information you are interested in: Isolate-User-VLAN Overview Isolate-User-VLAN Configuration Displaying Isolate-User-VLAN Configuration Isolate-User-VLAN Configuration Example 2.1 Isolate-User-VLAN Overview...
  • Page 128 Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 2 Isolate-User-VLAN Configuration II. Configure Switch A To ensure that packets coming from Switch A can be forwarded by Switch B according to the VLAN configurations of the lower layer devices, you need to configure the port through which Switch A connects to Switch B to remove VLAN tags when Switch A sends packets to Switch B.

  • Page 129: Isolate-User-Vlan Configuration

    Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 2 Isolate-User-VLAN Configuration 2.2 Isolate-User-VLAN Configuration 2.2.1 Isolate-User-VLAN Configuration Task List Complete the following tasks to configure Isolate-user-VLAN: Task Remarks Configuring Isolate-User-VLAN Required Configuring Secondary VLAN Required Adding Ports to Isolate-User-VLAN and Secondary VLAN...

  • Page 130: Adding Ports To Isolate-User-Vlan And Secondary Vlan

    Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 2 Isolate-User-VLAN Configuration To do… Use the command… Remarks Enter system view system-view — Create a secondary VLAN vlan vlan-id Required 2.2.4 Adding Ports to Isolate-User-VLAN and Secondary VLAN...

  • Page 131: Displaying Isolate-User-Vlan Configuration

    Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 2 Isolate-User-VLAN Configuration To do… Use the command… Remarks Enter system view system-view — Configure the mapping relationship isolate-user-vlan vlan-id between an isolate-user-VLAN and Required secondary vlan-list secondary VLANs...

  • Page 132: Network Diagram

    Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 2 Isolate-User-VLAN Configuration 2.4.2 Network diagram Switch A Switch A VLAN 5 VLAN 5 VLAN 6 VLAN 6 /0/1 /0/1 /0/1 /0/1 /0/1 /0/1 /0/1 /0/1 E1/0/1 E1/0/1...
  • Page 133 Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 2 Isolate-User-VLAN Configuration [SwitchB-Ethernet1/0/5] port hybrid vlan 5 untagged [SwitchB-Ethernet1/0/5] port hybrid pvid vlan 2 # Add port Ethernet 1/0/1 to the isolate-user-VLAN (VLAN 5) and the secondary VLANs (VLAN 2 and VLAN 3), and configure the port to untag the VLAN packets.
  • Page 134 Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 2 Isolate-User-VLAN Configuration # Add port Ethernet 1/0/1 to the isolate-user-VLAN (VLAN 6) and the secondary VLANs (VLAN 3 and VLAN 4), and configure the port to untag the VLAN packets.

  • Page 135: Chapter 3 Super Vlan

    Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 3 Super VLAN Chapter 3 Super VLAN When configuring super VLAN, go to these sections for information you are interested Super VLAN Overview Super VLAN Configuration Displaying Super VLAN...

  • Page 136: Configuring A Super Vlan

    Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 3 Super VLAN Task Remarks Configuring the Mapping between a Super VLAN and Required Sub VLANs Configuring Super VLAN to Support DHCP Relay Optional 3.2.2 Configuring a Super VLAN You can configure multiple super VLANs for a switch.

  • Page 137: Configuring The Mapping Between A Super Vlan And Sub Vlans

    Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 3 Super VLAN Caution: The port command is only used to add the Access ports to a sub VLAN. If you want to add a Trunk port or a Hybrid port to a sub VLAN, you need to execute the port trunk permit vlan command and the port hybrid vlan command in Ethernet port view.

  • Page 138: Displaying Super Vlan

    Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 3 Super VLAN segment can forward the DHCP packets to each other, so as to assist the hosts in the sub VLANs to finish the dynamic configuration of IP address.

  • Page 139: Super Vlan Configuration Examples

    Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 3 Super VLAN 3.4 Super VLAN Configuration Examples 3.4.1 Super VLAN Configuration Example I. Network Requirements Create super VLAN 10 and sub VLANs VLAN 2, VLAN 3, VLAN 5. Configure ports Ethernet 1/0/1 and Ethernet 1/0/2 to belong to VLAN 2, Ethernet 1/0/3 and Ethernet 1/0/4 to belong to VLAN 3, and Ethernet 1/0/5 and Ethernet 1/0/6 to belong to VLAN 5.

  • Page 140: Super Vlan Supporting Dhcp Relay Example

    Operation Manual – Extended VLAN Application H3C S7500 Series Ethernet Switches Chapter 3 Super VLAN 3.4.2 Super VLAN Supporting DHCP Relay Example I. Network requirements Create VLAN 6 and configure it as a super VLAN, and create VLAN 2 and VLAN 3 as the sub VLANs which map with VLAN 6.
  • Page 141 Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IP Address Configuration ................... 1-1 1.1 IP Address Overview ......................1-1 1.1.1 IP Address Classification and Representation............1-1 1.1.2 Subnet and Mask ....................1-3 1.2 Configuring IP Address(es) for a VLAN Interface..............

  • Page 142: Chapter 1 Ip Address Configuration

    Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 1 IP Address Configuration Chapter 1 IP Address Configuration When configuring IP address, go to these sections for information you are interested in: IP Address Overview Configuring IP Address(es) for a VLAN Interface...
  • Page 143 Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 1 IP Address Configuration Some IP addresses are reserved for special use. The IP address ranges that can be used by users are listed in Table 1-1. Table 1-1 Classes and ranges of IP addresses...

  • Page 144: Subnet And Mask

    Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 1 IP Address Configuration 1.1.2 Subnet and Mask The traditional IP address classification method wastes IP addresses greatly. In order to make full use of the available IP addresses, the concepts of mask and subnet were introduced.

  • Page 145: Displaying And Maintaining Ip Address Configuration

    Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 1 IP Address Configuration However, you can configure up to five IP addresses for a VLAN interface so that the interface can be connected to several subnets. Among these IP addresses, one is the primary IP address and the others are secondary ones.

  • Page 146: Troubleshooting Ip Address Configuration

    Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 1 IP Address Configuration 1.5 Troubleshooting IP Address Configuration Symptom: The switch cannot ping through the directly connected host. Solution: You can perform troubleshooting as follows: Check the configuration of the switch, and then use the display arp command to check whether the host has a corresponding ARP entry in the ARP table maintained by the Switch.

  • Page 147: Chapter 2 Ip Performance Configuration

    Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 2 IP Performance Configuration Chapter 2 IP Performance Configuration When configuring IP performance, go to these sections for information you are interested in: IP Performance Overview IP Performance Configuration Task List...

  • Page 148: Ip Performance Configuration Task List

    Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 2 IP Performance Configuration 2.2 IP Performance Configuration Task List Complete the following tasks to configure IP performance: Task Remarks Configuring TCP Attributes Required Configuring to Send Special IP Packets to CPU...

  • Page 149: Configuring To Forward Layer 3 Broadcast Packets

    Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 2 IP Performance Configuration Use the To do… Remarks command… Required Configure to send TTL timeout packets and ip { ttl-expires | By default, Unreachable packets are unreachable packets...

  • Page 150: Displaying And Maintaining Ip Performance Configuration

    Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 2 IP Performance Configuration 2.6 Displaying and Maintaining IP Performance Configuration To do… Use the command… Remarks View TCP connection status display tcp status View TCP connection display tcp statistics...
  • Page 151 Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 2 IP Performance Configuration Use the display command to display the IP performance and check whether the PC runs normally. Use the terminal debugging command to enable debugging information to be output to the console.

  • Page 152: Chapter 3 Ipx Configuration

    Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 3 IPX Configuration Chapter 3 IPX Configuration When configuring IPX, go to these sections for information you are interested in: IPX Protocol Overview Configuring IPX Displaying and Maintaining IPX Configuration...

  • Page 153: Service Advertising Protocol

    Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 3 IPX Configuration This chapter describes RIP in IPX. For the RIP configurations on an IP network, refer to the Routing Protocol module of this manual. 3.1.2 Service Advertising Protocol IPX uses service advertising protocol (SAP) to maintain and advertise dynamic service information.

  • Page 154: Configuring Ipx Routing

    Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 3 IPX Configuration To do… Use the command… Remarks Required Configure an IPX By default, the system does not network number for ipx network network assign network numbers to VLAN the VLAN interface interfaces.

  • Page 155: Configuring Ipx Rip

    Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 3 IPX Configuration II. Configuring IPX route limit In IPX, you can configure, in the routing table, the maximum number of the dynamic routes and equivalent routes to the same destination. These two limit settings are independent of each other.
  • Page 156 Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 3 IPX Configuration To do… Use the command… Remarks Optional Configure the ipx rip timer update update interval of By default, the update interval of seconds IPX RIP IPX RIP is 60 seconds.

  • Page 157: Configuring Ipx Sap

    Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 3 IPX Configuration forward an IPX packet. A longer delay means slower forwarding whereas a shorter delay means faster forwarding. By importing routes, different routing protocols can share their routing information mutually.
  • Page 158 Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 3 IPX Configuration To do… Use the command… Remarks Required Enable IPX ipx enable Disabled by default. Optional Configure the ipx sap timer update update interval of By default, the update interval of...
  • Page 159 Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 3 IPX Configuration Follow these steps to configure IPX GNS: Use the To do… Remarks command… Enter system view system-view — Required Enable IPX ipx enable Disabled by default.

  • Page 160: Configuring Ipx Forwarding

    Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 3 IPX Configuration If the newly configured length of a service information queue is less than the original one, the current service entries are not deleted. If the number of the service entries of the same type reaches the specified value, new service information is not added.

  • Page 161: Displaying And Maintaining Ipx Configuration

    Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 3 IPX Configuration To do… Use the command… Remarks Required By default, the system Configure an IPX network does not assign network number for the VLAN ipx network network...

  • Page 162: Ipx Configuration Example

    Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 3 IPX Configuration 3.4 IPX Configuration Example I. Network requirements Through an IPX network, Switch A with a node address of 000f-e20f-0000 is connected to Switch B with a node address of 000f-e20f-0001.

  • Page 163: Troubleshooting Ipx Configuration

    [H3C] interface Vlan-interface 1 [H3C-Vlan-interface1] ipx network 1000 # Configure a static route with the destination network number 3. [H3C-Vlan-interface1] quit [H3C] ipx route-static 3 1000.000f-e20f-0001 tick 7 hop 2 Configure Switch B. # Enable IPX. [H3C] ipx enable # Assign the network number 3 to VLAN interface 2 and enable IPX on the VLAN interface.
  • Page 164 Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 3 IPX Configuration Check whether the destination address is correct. Use the display ipx interface command to check whether the network number and IPX frame encapsulation format configured on the interface of the switch are consistent with those configured on the connected interface.
  • Page 165 Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 3 IPX Configuration If there is an RIP packet with routing information from the peer device, you can use the debugging ipx rip event command to check whether the received routing information is added into the routing table.
  • Page 166 Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 3 IPX Configuration Check whether the relevant packets are received using the debugging ipx packet and debugging ipx sap packet verbose commands. If the packets are not received, the underlying network connection is abnormal.
  • Page 167 Operation Manual – IP Address-IP Performance-IPX H3C S7500 Series Ethernet Switches Chapter 3 IPX Configuration Use the debugging ipx packet sap command to check whether the switch receives the GNS packets. Check whether SAP is enabled on the VLAN interface.
  • Page 168 Operation Manual – GVRP H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 GVRP Configuration ....................1-1 1.1 Introduction to GARP and GVRP..................1-1 1.1.1 Introduction to GARP ....................1-1 1.1.2 GVRP Mechanism....................1-2 1.1.3 GVRP Packet Format....................1-3 1.1.4 Protocol Specifications....................

  • Page 169: Chapter 1 Gvrp Configuration

    Operation Manual – GVRP H3C S7500 Series Ethernet Switches Chapter 1 GVRP Configuration Chapter 1 GVRP Configuration When configuring GVRP, go to these sections for information you are interested in: Introduction to GARP and GVRP GVRP Configuration Displaying and Maintaining GVRP GVRP Configuration Examples 1.1 Introduction to GARP and GVRP...

  • Page 170: Gvrp Mechanism

    GARP participants and process them with corresponding GARP applications (GVRP or GMRP). GARP and GMRP are described in details in the IEEE 802.1p standard (which has been added to the IEEE802.1D standard). H3C Series Ethernet Switches fully support the GARP compliant with the IEEE standards. Note: The value of GARP timer will be used in all the GARP applications, including GVRP and GMRP, running in one switching network.

  • Page 171: Gvrp Packet Format

    Operation Manual – GVRP H3C S7500 Series Ethernet Switches Chapter 1 GVRP Configuration Normal: In this mode, a port can dynamically register/deregister a VLAN and propagate the dynamic/static VLAN information. Fixed: In this mode, a port cannot register/deregister a VLAN dynamically. It only propagates static VLAN information.

  • Page 172: Protocol Specifications

    Operation Manual – GVRP H3C S7500 Series Ethernet Switches Chapter 1 GVRP Configuration Table 1-1 Description of GVRP packet fields Field Description Value Protocol ID Protocol ID Each message consists of two parts: Message — Attribute Type and Attribute List.
  • Page 173 Operation Manual – GVRP H3C S7500 Series Ethernet Switches Chapter 1 GVRP Configuration To do… Use the command… Remarks Enter system view system-view — Optional Configure the garp timer leaveall By default, the LeaveAll timer is LeaveAll timer timer-value set to 1,000 centiseconds.

  • Page 174: Displaying And Maintaining Gvrp

    Operation Manual – GVRP H3C S7500 Series Ethernet Switches Chapter 1 GVRP Configuration Table 1-2 Relations between the timers Timer Lower threshold Upper threshold This upper threshold is less than or equal to one-half of the timeout Hold 10 centiseconds time of the Join timer.

  • Page 175: Gvrp Configuration Examples

    Operation Manual – GVRP H3C S7500 Series Ethernet Switches Chapter 1 GVRP Configuration To do… Use the command… Remarks reset garp statistics [ interface Available in Clear GARP statistics interface-list ] user view. 1.4 GVRP Configuration Examples 1.4.1 Network requirements You need to enable GVRP on the switches to enable dynamic VLAN information registration and update between the switches.
  • Page 176 Operation Manual – GVRP H3C S7500 Series Ethernet Switches Chapter 1 GVRP Configuration # Configure port Ethernet 1/0/2 to be a trunk port and to permit the packets of all the VLANs. [H3C] interface Ethernet1/0/2 [H3C-Ethernet1/0/2] port link-type trunk [H3C-Ethernet1/0/2] port trunk permit vlan all # Enable GVRP on the trunk port.
  • Page 177 Operation Manual – QinQ H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 QinQ Configuration ..................... 1-1 1.1 QinQ Overview........................1-1 1.1.1 Introduction to QinQ ....................1-1 1.1.2 Implementation of QinQ ..................1-2 1.2 QINQ Configuration ......................1-2 1.2.1 Configuration Prerequisites..................

  • Page 178: Chapter 1 Qinq Configuration

    Operation Manual – QinQ H3C S7500 Series Ethernet Switches Chapter 1 QinQ Configuration Chapter 1 QinQ Configuration 1.1 QinQ Overview 1.1.1 Introduction to QinQ The QinQ function enables packets to be transmitted across the operators’ backbone networks with VLAN tags of private networks encapsulated in those of public networks.

  • Page 179: Implementation Of Qinq

    Operation Manual – QinQ H3C S7500 Series Ethernet Switches Chapter 1 QinQ Configuration You can have your private network VLAN IDs independent of public network VLAN IDs. Provides simpler Layer 2 VPN solutions for small-sized MANs or intranets. 1.1.2 Implementation of QinQ QinQ can be implemented by enabling the QinQ function on ports.

  • Page 180: Displaying Qinq Configuration

    Operation Manual – QinQ H3C S7500 Series Ethernet Switches Chapter 1 QinQ Configuration 1.3 Displaying QinQ Configuration To do… Use the command… Remarks Display the QinQ This command can be configuration of all the display port vlan-vpn executed in any view.
  • Page 181 Operation Manual – QinQ H3C S7500 Series Ethernet Switches Chapter 1 QinQ Configuration [SwitchA-vlan10] quit [SwitchA] interface Ethernet2/0/2 [SwitchA-Ethernet2/0/2] port link-type trunk [SwitchA-Ethernet2/0/2] port trunk permit vlan 10 # Enable QinQ for Ethernet 2/0/1 of Switch A. Add the port to VLAN 10.

  • Page 182: Chapter 2 Selective Qinq Configuration

    Operation Manual – QinQ H3C S7500 Series Ethernet Switches Chapter 2 Selective QinQ Configuration Chapter 2 Selective QinQ Configuration 2.1 Selective QinQ Overview 2.1.1 Selective QinQ Implementation On an S7500 Ethernet switch, QinQ can be implemented in the following ways.

  • Page 183: Selective Qinq Configuration Example

    Operation Manual – QinQ H3C S7500 Series Ethernet Switches Chapter 2 Selective QinQ Configuration To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet port view — interface-number Enable QinQ for the port Required vlan-vpn enable...
  • Page 184 Operation Manual – QinQ H3C S7500 Series Ethernet Switches Chapter 2 Selective QinQ Configuration Specify GigabitEthernet 2/0/2 as the uplink port for packets encapsulated with outer VLAN tags. It is required that: the tag of VLAN 10 be removed from the packets to be forwarded when it is used as the outer VLAN tag;...
  • Page 185 Operation Manual – QinQ H3C S7500 Series Ethernet Switches Chapter 2 Selective QinQ Configuration # Specify the outer VLAN tag of VLAN 100 to be inserted to packets, and specify the upstream port of the tag to be GigabitEthernet 2/0/1 which does not remove the outer VLAN tags of packets when transmitting these packets.
  • Page 186 Operation Manual – Port Basic Configuration H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Port Basic Configuration .................... 1-1 1.1 Ethernet Port Configuration ....................1-1 1.1.1 Initially Configuring a Port ..................1-1 1.1.2 Configuring Broadcast/Multicast Suppression ............1-2 1.1.3 Enabling Flow Control on a Port ................

  • Page 187: Chapter 1 Port Basic Configuration

    Operation Manual – Port Basic Configuration H3C S7500 Series Ethernet Switches Chapter 1 Port Basic Configuration Chapter 1 Port Basic Configuration When configuring port basic configuration, go to these sections for information you are interested in: Ethernet Port Configuration Ethernet Port Configuration Example Troubleshooting Ethernet Port Configuration 1.1 Ethernet Port Configuration...

  • Page 188: Configuring Broadcast/Multicast Suppression

    Its duplex mode can be set to full only. Ethernet port Its duplex mode cannot be set. (About this port, refer Management Ethernet port to S7500 Series Ethernet Switches Installation Manual for detailed information) Table 1-2 Precautions in port speed setting Port type...

  • Page 189: Enabling Flow Control On A Port

    Note: Broadcast suppression is set in different ways for different LPUs of the S7500 series switches: For type-A LPUs, broadcast suppression must be set in VLAN view; for non-type-A LPUs, broadcast suppression must be set in Ethernet port view.

  • Page 190: Copying The Configuration Of A Port To Other Ports

    Operation Manual – Port Basic Configuration H3C S7500 Series Ethernet Switches Chapter 1 Port Basic Configuration To do… Use the command… Remarks interface interface-type Enter Ethernet port view — interface-number Required Enable flow control on the flow-control By default, flow control is Ethernet port disabled on a port.

  • Page 191: Configuring Loopback Detection For A Port

    Operation Manual – Port Basic Configuration H3C S7500 Series Ethernet Switches Chapter 1 Port Basic Configuration Note: If you specify a source aggregation group ID, the system will use the port with the smallest port number in the aggregation group as the source.

  • Page 192: Configuring The Interval To Perform Statistical Analysis On Port Traffic

    Operation Manual – Port Basic Configuration H3C S7500 Series Ethernet Switches Chapter 1 Port Basic Configuration To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet port view — interface-number Enable the system to test the...

  • Page 193: Displaying And Maintaining Basic Port Configuration

    Operation Manual – Port Basic Configuration H3C S7500 Series Ethernet Switches Chapter 1 Port Basic Configuration To do… Use the command… Remarks Enable the hardware speedup function outside speedup enable Optional the port By default, the hardware speedup function outside Disable the hardware the port is enabled.

  • Page 194: Ethernet Port Configuration Example

    # Allow packets of VLAN 2, VLAN 6 through VLAN 50 and VLAN 100 to pass Ethernet 2/0/1. [H3C-Ethernet2/0/1] port trunk permit vlan 2 6 to 50 100 # Configure the default VLAN ID of Ethernet 2/0/1 to 100. [H3C-Ethernet2/0/1] port trunk pvid vlan 100 1.3 Troubleshooting Ethernet Port Configuration...
  • Page 195 Operation Manual – Port Basic Configuration H3C S7500 Series Ethernet Switches Chapter 1 Port Basic Configuration Solution: Take the following steps. Use the display interface or display port command to check if the port is a trunk port or a hybrid port. If not, configure it to a trunk port or a hybrid port.
  • Page 196 Operation Manual – Link Aggregation H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Link Aggregation Configuration ................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to Link Aggregation ................1-1 1.1.2 Introduction to LACP ....................1-2 1.1.3 Operation Key ......................

  • Page 197: Chapter 1 Link Aggregation Configuration

    Operation Manual – Link Aggregation H3C S7500 Series Ethernet Switches Chapter 1 Link Aggregation Configuration Chapter 1 Link Aggregation Configuration When configuring link aggregation, go to these sections for information you are interested in: Overview Link Aggregation Configuration Displaying and Maintaining Link Aggregation Configuration Link Aggregation Configuration Example 1.1 Overview...

  • Page 198: Introduction To Lacp

    Operation Manual – Link Aggregation H3C S7500 Series Ethernet Switches Chapter 1 Link Aggregation Configuration Port attribute configuration, including port rate, duplex mode, and link type (Trunk, Hybrid or Access). The ports for a manual or static aggregation group must have the same link type, and the ports for a dynamic aggregation group must have the same rate, duplex mode and link type.

  • Page 199: Static Lacp Aggregation Group

    Operation Manual – Link Aggregation H3C S7500 Series Ethernet Switches Chapter 1 Link Aggregation Configuration II. Port status in manual aggregation group A port in a manual aggregation group can be in one of the two states: selected or standby. The selected port with the minimum port number serves as the master port of the group, and other selected ports serve as member ports of the group.

  • Page 200: Dynamic Lacp Aggregation Group

    Operation Manual – Link Aggregation H3C S7500 Series Ethernet Switches Chapter 1 Link Aggregation Configuration Note: In an aggregation group, the selected port with the minimum port number serves as the master port of the group, and other selected ports serve as member ports of the group.

  • Page 201: Restriction Of Lpu Types On Link Aggregation

    Operation Manual – Link Aggregation H3C S7500 Series Ethernet Switches Chapter 1 Link Aggregation Configuration II. Port status of dynamic aggregation group A port in a dynamic aggregation group can be in one of the two states: selected or standby. In a dynamic aggregation group, both the selected and the standby ports can transceive LACP protocol packets;...
  • Page 202 Operation Manual – Link Aggregation H3C S7500 Series Ethernet Switches Chapter 1 Link Aggregation Configuration Table 1-1 Link aggregation types and related descriptions Aggregation Basic Specific description type description For type-A LPUs, an aggregation group supports up to 8 selected GE ports or 16...

  • Page 203: Aggregation Group Categories

    Operation Manual – Link Aggregation H3C S7500 Series Ethernet Switches Chapter 1 Link Aggregation Configuration Table 1-3 Restriction of non-type-A LPUs on link aggregation Maximum Maximum number of number of Cross-chip Aggregation selected LPU type ports in an aggregation type...

  • Page 204: Link Aggregation Configuration

    Operation Manual – Link Aggregation H3C S7500 Series Ethernet Switches Chapter 1 Link Aggregation Configuration Caution: A load-sharing aggregation group contains at least two selected ports, however, a non-load-sharing aggregation group can have one selected port at most and others are standby ports.

  • Page 205: Configuring A Static Lacp Aggregation Group

    Operation Manual – Link Aggregation H3C S7500 Series Ethernet Switches Chapter 1 Link Aggregation Configuration To do… Use the command… Remarks Enter system view system-view — Create a manual link-aggregation group Required aggregation group agg-id mode manual link-aggregation Add a group of ports to the...

  • Page 206: Configuring A Dynamic Lacp Aggregation Group

    Operation Manual – Link Aggregation H3C S7500 Series Ethernet Switches Chapter 1 Link Aggregation Configuration Note: For a static LACP aggregation group or a manual aggregation group, you are recommended not to cross cables between the two devices at the two ends of the aggregation group.

  • Page 207: Displaying And Maintaining Link Aggregation Configuration

    Operation Manual – Link Aggregation H3C S7500 Series Ethernet Switches Chapter 1 Link Aggregation Configuration To do… Use the command… Remarks interface interface-type Enter Ethernet port view — interface-number Required Enable LACP on the port lacp enable By default, LACP is disabled on a port.

  • Page 208: Link Aggregation Configuration Example

    Operation Manual – Link Aggregation H3C S7500 Series Ethernet Switches Chapter 1 Link Aggregation Configuration 1.4 Link Aggregation Configuration Example I. Network requirements Switch A connects to Switch B with three ports (Ethernet 2/0/1 through Ethernet 2/0/3). It is required that incoming/outgoing load between the two switch can be shared among the three ports.
  • Page 209 Operation Manual – Link Aggregation H3C S7500 Series Ethernet Switches Chapter 1 Link Aggregation Configuration # Add Ethernet 2/0/1 through Ethernet 2/0/3 to aggregation group 1. [H3C] interface ethernet2/0/1 [H3C-Ethernet2/0/1] port link-aggregation group 1 [H3C-Ethernet2/0/1] interface ethernet2/0/2 [H3C-Ethernet2/0/2] port link-aggregation group 1...
  • Page 210 Operation Manual – Port Isolation H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Port Isolation Configuration ..................1-1 1.1 Port Isolation Overview...................... 1-1 1.1.1 Introduction to Port Isolation ................... 1-1 1.1.2 Port Isolation and Link Aggregation ................ 1-1 1.2 Configuring Port Isolation ....................

  • Page 211: Chapter 1 Port Isolation Configuration

    Operation Manual – Port Isolation H3C S7500 Series Ethernet Switches Chapter 1 Port Isolation Configuration Chapter 1 Port Isolation Configuration When configuring port isolation, go to these sections for information you are interested Port Isolation Overview Configuring Port Isolation Displaying Port Isolation Configuration Port Isolation Configuration Example 1.1 Port Isolation Overview...

  • Page 212: Displaying Port Isolation Configuration

    Operation Manual – Port Isolation H3C S7500 Series Ethernet Switches Chapter 1 Port Isolation Configuration To do… Use the command… Remarks Specify a description string for the current Optional description text isolation group Optional Add the specified port into By default, an isolation...
  • Page 213 Operation Manual – Port Isolation H3C S7500 Series Ethernet Switches Chapter 1 Port Isolation Configuration II. Network diagram Internet Et h2/ 0 Switch Eth2/0 /2 h2/ 0/4 Eth2 /0/ 3 Figure 1-1 Network diagram for port isolation configuratio III. Configuration procedure # Create isolation group 1.
  • Page 214 Operation Manual – Port Binding H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Port Binding Configuration..................1-1 1.1 Port Binding Overview ....................... 1-1 1.2 Configuring Port Binding....................1-1 1.3 Displaying Port Binding Configuration ................1-2...

  • Page 215: Chapter 1 Port Binding Configuration

    Operation Manual – Port Binding H3C S7500 Series Ethernet Switches Chapter 1 Port Binding Configuration Chapter 1 Port Binding Configuration When configuring port binding, go to these sections for information you are interested Port Binding Overview Configuring Port Binding Displaying Port Binding Configuration Port Binding Configuration Example 1.1 Port Binding Overview...

  • Page 216: Displaying Port Binding Configuration

    III. Configuration procedure # Enter system view. <H3C> system-view # Enter Ethernet 2/0/1 port view. [H3C] interface Ethernet2/0/1 # Bind the MAC address and the IP address of PC 1 to Ethernet 2/0/1. [H3C-Ethernet2/0/1] am user-bind mac-addr 0001-0002-0003 ip-addr 10.12.1.1...
  • Page 217 Operation Manual – DLDP H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 DLDP Configuration ....................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction......................1-1 1.2 DLDP Fundamentals ......................1-2 1.2.1 DLDP Implementation ..................... 1-2 1.2.2 DLDP Status......................1-6 1.2.3 DLDP Timers......................

  • Page 218: Chapter 1 Dldp Configuration

    Operation Manual – DLDP H3C S7500 Series Ethernet Switches Chapter 1 DLDP Configuration Chapter 1 DLDP Configuration When configuring Device Link Detection Protocol (DLDP), go to these sections for information you are interested in: Overview DLDP Fundamentals DLDP Configuration DLDP Network Example 1.1 Overview...

  • Page 219: Dldp Fundamentals

    Operation Manual – DLDP H3C S7500 Series Ethernet Switches Chapter 1 DLDP Configuration SwitchA SwitchA GE2/0/3 GE2/0/3 GE2/0/4 GE2/0/4 GE2/0/3 GE2/0/3 GE2/0/4 GE2/0/4 SwitchB SwitchB Figure 1-2 Fiber broken or not connecte DLDP provides the following features: As a link layer protocol, it works together with the physical layer protocols to monitor the link status of a device.
  • Page 220 Operation Manual – DLDP H3C S7500 Series Ethernet Switches Chapter 1 DLDP Configuration Table 1-1 DLDP packet types DLDP packet type Function Notifies the neighbor devices of the existence of the local device. An advertisement packet carries only the local port...
  • Page 221 Operation Manual – DLDP H3C S7500 Series Ethernet Switches Chapter 1 DLDP Configuration DLDP packet type Function Linkdown packets are used to notify unidirectional link emergencies (a unidirectional link emergency occurs when the local port is down and the peer port is up). Linkdown packets carry only the local port information instead of the neighbor information.
  • Page 222 Operation Manual – DLDP H3C S7500 Series Ethernet Switches Chapter 1 DLDP Configuration A DLDP packet received is processed as follows: In authentication mode, the DLDP packet is authenticated and is then dropped if it fails the authentication. The packet is further processed, as described in Table 1-3.

  • Page 223: Dldp Status

    Operation Manual – DLDP H3C S7500 Series Ethernet Switches Chapter 1 DLDP Configuration Table 1-4 Processing procedure when no echo packet is received from the neighbor No echo packet received from the Processing procedure neighbor In normal mode, no echo packet is...

  • Page 224: Dldp Timers

    Operation Manual – DLDP H3C S7500 Series Ethernet Switches Chapter 1 DLDP Configuration 1.2.3 DLDP Timers Table 1-6 DLDP timers Timer Description Interval between sending advertisement packets, which can be Advertisement configured on a command line interface. sending timer By default, the timer length is 5 seconds.

  • Page 225: Dldp Operating Mode

    Operation Manual – DLDP H3C S7500 Series Ethernet Switches Chapter 1 DLDP Configuration Timer Description When a device in the active, advertisement, or probe DLDP state receives a port down message, it does not removes the corresponding neighbor immediately, neither does it changes to the inactive state.

  • Page 226: Link Auto-Recovery Mechanism

    Operation Manual – DLDP H3C S7500 Series Ethernet Switches Chapter 1 DLDP Configuration Table 1-8 Description on the two DLDP neighbor states DLDP neighbor state Description two way The link to the neighbor operates properly. The device is detecting the neighbor and the neighbor unknown state is unknown.

  • Page 227: Dldp Configuration

    Operation Manual – DLDP H3C S7500 Series Ethernet Switches Chapter 1 DLDP Configuration 1.3 DLDP Configuration 1.3.1 Configuring DLDP Note: For a port with DLDP enabled, you are not recommended to execute the port monitor last command on the port. If it is necessary, the value argument in this command must be less than 10.
  • Page 228 Operation Manual – DLDP H3C S7500 Series Ethernet Switches Chapter 1 DLDP Configuration To do… Use the command… Remarks Optional Set the DLDP handling mode dldp By default, the when an unidirectional link is unidirectional-shutdown handling mode detected { auto | manual }...

  • Page 229: Resetting Dldp Status

    Operation Manual – DLDP H3C S7500 Series Ethernet Switches Chapter 1 DLDP Configuration Note: When you use the dldp enable/dldp disable command in system view to enable/disable DLDP globally on all optical ports of the switch, this command is only valid for existing optical ports on the device, however, it is not valid for those added subsequently.

  • Page 230: Precautions During Dldp Configuration

    Operation Manual – DLDP H3C S7500 Series Ethernet Switches Chapter 1 DLDP Configuration To do… Use the command… Remarks Enter Ethernet port interface interface-type — view interface-number Reset the Reset the status of status of DLDP on 100 M dldp reset...

  • Page 231: Dldp Network Example

    Operation Manual – DLDP H3C S7500 Series Ethernet Switches Chapter 1 DLDP Configuration unidirectional links will not be reported and ports will not be shut down, while only the state of DLDP neighbors changes. If DLDP is enabled after unidirectional links appear, DLDP cannot detect unidirectional links.
  • Page 232 Operation Manual – DLDP H3C S7500 Series Ethernet Switches Chapter 1 DLDP Configuration <H3CA> system-view [H3CA] interface gigabitethernet 2/0/3 [H3CA-GigabitEthernet2/0/3] duplex full [H3CA-GigabitEthernet2/0/3] speed 1000 [H3CA-GigabitEthernet2/0/3] quit [H3CA] interface gigabitethernet 2/0/4 [H3CA-GigabitEthernet2/0/4] duplex full [H3CA-GigabitEthernet2/0/4] speed 1000 [H3CA-GigabitEthernet2/0/4] quit # Enable DLDP globally...
  • Page 233 Operation Manual – DLDP H3C S7500 Series Ethernet Switches Chapter 1 DLDP Configuration Note: Suppose the port works in the mandatory full duplex mode and the connection at both ends of the link is normal. After DLDP is enabled, if the optical fiber in one end is not connected, DLDP will report that the link is a unidirectional link.
  • Page 234 Operation Manual – MAC Address Table H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 MAC Address Table Management................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to MAC Address Learning ..............1-1 1.1.2 Entries in a MAC Address Table ................1-3 1.2 Configuring MAC Address Table Management ..............

  • Page 235: Chapter 1 Mac Address Table Management

    This chapter describes the management of static and dynamic MAC address entries. For information on the management of multicast MAC address entries, refer to the section related to multicast protocol in H3C S7500 Series Ethernet Switches Operation Manual. 1.1 Overview 1.1.1 Introduction to MAC Address Learning...
  • Page 236 Operation Manual – MAC Address Table H3C S7500 Series Ethernet Switches Chapter 1 MAC Address Table Management If the MAC address table already contains MAC-SOURCE, the switch updates the corresponding MAC address entry. If MAC-SOURCE does not exist in the MAC address table, the switch adds MAC-SOURCE and Port 1 as a new MAC address entry to the MAC address table.

  • Page 237: Entries In A Mac Address Table

    Operation Manual – MAC Address Table H3C S7500 Series Ethernet Switches Chapter 1 MAC Address Table Management You can manually configure (add or modify) a static or dynamic MAC address entry based on the actual network environment. Note: The switch learns only unicast addresses by using the MAC address learning mechanism but directly drops any packet with a broadcast source MAC address.

  • Page 238: Configuring A Mac Address Entry

    Operation Manual – MAC Address Table H3C S7500 Series Ethernet Switches Chapter 1 MAC Address Table Management Task Remarks Configuring a MAC Address Entry Required Setting the Aging Time for MAC Address Entries Optional Setting the Maximum Number of MAC Addresses a Port can Learn...

  • Page 239: Setting The Maximum Number Of Mac Addresses A Port Can Learn

    Operation Manual – MAC Address Table H3C S7500 Series Ethernet Switches Chapter 1 MAC Address Table Management If the aging time is too short, the switch may remove valid MAC address entries. This decreases the forwarding performance of the switch.

  • Page 240: Configuring Mac Address Learning Synchronization Between Board Chips

    Operation Manual – MAC Address Table H3C S7500 Series Ethernet Switches Chapter 1 MAC Address Table Management Follow these steps to disable the current port from learning MAC addresses: To do… Use the command… Remarks Enter system view system-view —...

  • Page 241: Setting The Processing Method For Specific Packets

    Operation Manual – MAC Address Table H3C S7500 Series Ethernet Switches Chapter 1 MAC Address Table Management 1.2.7 Setting the Processing Method for Specific Packets Follow these steps to set the packet processing method of a switch when it receives a packet whose destination MAC address is the bridge MAC address of the switch: To do…...
  • Page 242 Chapter 1 MAC Address Table Management [H3C] # Add a MAC address, with the VLAN, ports, and states specified. [H3C] mac-address static 000f-e235-dc71 interface Ethernet 2/0/2 vlan 1 # Set the aging time of dynamic MAC addresses to 500 seconds. [H3C] mac-address timer aging 500 # Display the information about the MAC address entries in system view.
  • Page 243 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 MSTP Configuration ....................1-1 1.1 MSTP Overview ......................... 1-1 1.1.1 MSTP Protocol Data Unit ..................1-1 1.1.2 Basic MSTP Terminologies..................1-2 1.1.3 Implementation of MSTP..................1-6 1.1.4 MSTP Implementation on Switches ................
  • Page 244 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Table of Contents 1.5.3 BPDU Guard Configuration................... 1-32 1.5.4 Root Guard Configuration ..................1-33 1.5.5 Loop Guard Configuration..................1-33 1.5.6 TC-BPDU Attack Guard Configuration..............1-34 1.6 Digest Snooping Configuration ..................1-34 1.6.1 Introduction......................

  • Page 245: Chapter 1 Mstp Configuration

    Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration Chapter 1 MSTP Configuration When configuring MSTP, go to these sections for information you are interested in: MSTP Overview Root Bridge Configuration Leaf Node Configuration The mCheck Configuration...

  • Page 246: Basic Mstp Terminologies

    Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration The switches in a network transfer BPDUs between each other to determine the topology of the network. BPDUs carry enough information needed for switches to figure out the spanning tree.
  • Page 247 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration configuration: the same region name, the same VLAN-to-MSTI mappings (that is, VLAN 1 is mapped to MSTI 1, VLAN 2 is mapped to MSTI 2, and other VLANs are...
  • Page 248 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration VIII. Common root bridge The common root bridge is the root of the CIST. The common root bridge of the network shown in Figure 1-1 is a switch in region A0.
  • Page 249 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration Connecting to the common root bridge Edge ports Port 1 Port 2 MST region Master port Alternate port Port 6 Port 5 Backup port Designated port Port 4...

  • Page 250: Implementation Of Mstp

    Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration 1.1.3 Implementation of MSTP MSTP divides a network into multiple MST regions at Layer 2. The CST is generated between these MST regions, and MSTIs can be generated in each MST region. As well as RSTP, MSTP uses configuration BPDUs to generate spanning trees.

  • Page 251: Mstp Implementation On Switches

    STP and RSTP and use them to generate spanning trees. In addition to the basic MSTP functions, H3C series switches also provide the following other functions for the convenience of users to manage their switches.

  • Page 252: Configuration Prerequisites

    Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration Task Remarks Required To prevent network topology jitter caused by MSTP Configuration other related configurations, you are recommended to enable MSTP after other related configurations are performed.
  • Page 253 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration 1.2.2 MST Region Configuration I. Configuration procedure Follow these steps to configure an MST region: To do … Use the command … Remarks Enter system view —...

  • Page 254: Root Bridge/Secondary Root Bridge Configuration

    VLAN 30 being mapped to MSTI 2. <H3C> system-view [H3C] stp region-configuration [H3C-mst-region] region-name info [H3C-mst-region] instance 1 vlan 2 to 10 [H3C-mst-region] instance 2 vlan 20 to 30 [H3C-mst-region] revision-level 1 [H3C-mst-region] active region-configuration # Verify the above configuration.
  • Page 255 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration To do ... Use the command ... Remarks Enter system view — system-view stp [ instance instance-id ] root Specify the current switch primary [ bridge-diameter as the root bridge of a...

  • Page 256: Bridge Priority Configuration

    Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration Note: You can configure a switch as the root bridge of multiple MSTIs. But you cannot configure two or more root bridges for one MSTI. So, do not configure root bridge for the same MSTI on two or more switches using the stp root primary command.
  • Page 257 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration Caution: Once you specify a switch as the root bridge or a secondary root bridge by using the stp root primary or stp root secondary command, the bridge priority of the switch is not configurable.

  • Page 258: Mst Region Maximum Hops Configuration

    Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration II. Configuration example # Configure the current switch to operate in the STP-compatible mode. <H3C> system-view [H3C] stp mode stp 1.2.6 MST Region Maximum Hops Configuration The maximum hop values configured on the region roots in an MST region limit the size of the MST region.

  • Page 259: Network Diameter Configuration

    Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration 1.2.7 Network Diameter Configuration In a switched network, any two switches can communicate with each other through a path, on which there may be some other switches. The network diameter of a network is measured by the number of switches;...
  • Page 260 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration period ensures that the newly generated configuration BPDUs can be propagated across the entire network. The Hello time parameter is for link failure detecting. A switch regularly sends hello packets to other switches at the interval specified by the Hello time parameter to detect the link failures.
  • Page 261 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration Caution: The Forward delay parameter and the network diameter are correlated. Normally, a large network diameter corresponds to a large Forward delay. A too small Forward delay parameter may result in temporary redundant paths. And a too large Forward delay parameter may cause a network unable to resume the normal state in time after changes occurred to the network.
  • Page 262 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration 1.2.9 Timeout Time Factor Configuration A switch regularly sends protocol packets to its neighboring devices at the interval specified by the Hello time parameter to detect the link failures. Normally, a switch...
  • Page 263 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration To do ... Use the command ... Remarks Enter system view — system-view Required Configure the maximum stp interface interface-list The maximum transmitting transmitting speed transmit-limit packetnum...
  • Page 264 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration I. Configuration procedure (in system view) Follow these steps to configure a port as an edge port (in system view): To do ... Use the command ...
  • Page 265 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration [H3C-Ethernet2/0/1] stp edged-port enable 1.2.12 Point-to-point Link-Related Configuration A point-to-point link directly connects two switches. If the roles of the two ports at the two ends of a point-to-point link meet certain criteria, the two ports can transit to the forwarding state rapidly by exchanging synchronization packets, eliminating the forwarding delay.

  • Page 266: Mstp Configuration

    Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration To do ... Use the command ... Remarks Required The auto keyword is adopted by default. The force-true keyword specifies that the link connected to the port is a Specify whether or point-to-point link.
  • Page 267 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration Use the To do ... Remarks command ... Enter system view — system-view Required Enable MSTP stp enable MSTP is disabled by default. Optional By default, MSTP is enabled on all ports after you enable MSTP in system view.

  • Page 268: Leaf Node Configuration

    Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration Configure in Ethernet port view. <H3C> system-view [H3C] stp enable [H3C] interface ethernet2/0/1 [H3C-Ethernet2/0/1] stp disable 1.3 Leaf Node Configuration Complete the following tasks to configure leaf node:...

  • Page 269: Path Cost Configuration

    Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration 1.3.2 MST Region Configuration Refer to section MST Region Configuration. 1.3.3 MSTP Operation Mode Configuration Refer to section MSTP Operation Mode Configuration. 1.3.4 Timeout Time Factor Configuration...
  • Page 270 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration To do ... Use the command ... Remarks Enter system view — system-view Specify the standard to Optional be used to calculate the pathcost-standard By default, the legacy...
  • Page 271 CIST for the port. III. Configuration example (A) # Configure the path cost of Ethernet2/0/1 in MSTI 1 to be 2,000. Configure in system view. <H3C> system-view [H3C] stp interface ethernet2/0/1 instance 1 cost 2000 Configure in Ethernet port view. 1-27...

  • Page 272: Port Priority Configuration

    Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration <H3C> system-view [H3C] interface ethernet2/0/1 [H3C-Ethernet2/0/1] stp instance 1 cost 2000 IV. Configuration example (B) # Change the path cost of Ethernet2/0/1 in MSTI 1 to the default one calculated with the IEEE 802.1D-1998 standard.

  • Page 273: The Mcheck Configuration

    III. Configuration example # Configure the port priority of Ethernet2/0/1 in MSTI 1 to be 16. Configure in system view. <H3C> system-view [H3C] stp interface ethernet2/0/1 instance 1 port priority 16 Configure in Ethernet port view. <H3C> system-view [H3C] interface ethernet2/0/1 [H3C-Ethernet2/0/1] stp instance 1 port priority 16 1.3.9 Point-to-point Link-Related Configuration...

  • Page 274: Configuration Procedure

    Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration In this case, you can force the port to transit to the MSTP mode by performing the mCheck operation on the port. Similarly, a port on an RSTP-enabled switch operating as an upstream switch transits to the STP-compatible mode when it has an STP-enabled switch connected to it.

  • Page 275: Guard Function Configuration

    Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration <H3C> system-view [H3C] interface ethernet2/0/1 [H3C-Ethernet2/0/1] stp mcheck 1.5 Guard Function Configuration 1.5.1 Introduction The following guard functions are available on an MSTP-enabled switch: BPDU guard, root guard, loop guard, and TC-BPDU attack guard.

  • Page 276: Bpdu Guard Configuration

    Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration upstream switch for a certain period, the switch selects a new root port; the original root port becomes a designated port; and the blocked ports transit to forwarding state. This may cause loops in the network.

  • Page 277: Root Guard Configuration

    Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration II. Configuration example # Enable the BPDU guard function. <H3C> system-view [H3C] stp bpdu-protection 1.5.4 Root Guard Configuration I. Configuration procedure Follow these steps to enable the root guard function in system view: To do ...

  • Page 278: Tc-Bpdu Attack Guard Configuration

    Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration To do ... Use the command ... Remarks Enter system view — system-view Enter Ethernet port interface interface-type — view interface-number Required Enable the loop guard function on...
  • Page 279 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration between them. (A configuration ID contains information such as region ID and configuration digest.) As some other vendors' switches adopt proprietary spanning tree protocols, they cannot interwork with other switches in an MST region even if they are configured with the same MST region-related settings as other switches in the MST region.
  • Page 280 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration To do ... Use the command ... Remarks Return to system — quit view Required Enable the digest snooping function The digest snooping function config-digest-snooping globally is disabled globally by default.
  • Page 281 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration An upstream MSTP switch sends an agreement packet to the downstream switch; and an MSTP downstream switch sends an agreement packet to the upstream switch only after it receives an agreement packet from the upstream switch.
  • Page 282 RSTP in the way to implement rapid transition on designated ports. When a switch of this kind operating as the upstream switch connects with the H3C series switch running MSTP, the upstream designated port fails to change their states rapidly.
  • Page 283 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration To do ... Use the command ... Remarks Enter system view — system-view Required stp interface interface-type Enable the rapid interface-number By default, the rapid transition transition function no-agreement-check function is disabled on a port.
  • Page 284 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration Operator’s Network Packet ingress/egress Packet ingress/egress device device Network Users Network Network A etwork B Figure 1-6 VLAN-VPN tunnel network hierarch 1.8.2 VLAN-VPN Tunnel Configuration Follow these steps to configure the VLAN-VPN tunnel function: To do ...

  • Page 285: Displaying And Debugging Mstp

    Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration 1.9 Displaying and Debugging MSTP To do ... Use the command ... display stp [ instance instance-id ] Display spanning tree-related [ interface interface-list | slot slot-number ]...
  • Page 286 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration Note: The “Permit:” shown in Figure 1-7 means the corresponding link permits packets of specific VLANs. III. Configuration procedure Configure Switch A. # Enter MST region view.

  • Page 287: Vlan-Vpn Tunnel Configuration Example

    1.11 VLAN-VPN Tunnel Configuration Example I. Network requirements S7500 series switches operate as the access devices of the operator’s network, that is, Switch C and Switch D in the network diagram. S3100 series switches operate as the access devices of the user’s network, that is, Switch A and Switch B in the network diagram.
  • Page 288 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration II. Network diagram Switch D Switch C Eth 2/0/2 Eth 2/ Eth 2/0/2 Eth 2/0/1 Eth 1/0/1 Eth 1 /0/1 Switch A Switch B Figure 1-8 Network diagram for VLAN-VPN tunnel configuratio III.
  • Page 289 Operation Manual – MSTP H3C S7500 Series Ethernet Switches Chapter 1 MSTP Configuration [H3C-Vlan10] quit # Disable the STP feature on Ethernet2/0/1 and then enable the VLAN VPN function on [H3C] interface Ethernet 2/0/1 [H3C-Ethernet2/0/1] port access vlan 10 [H3C-Ethernet2/0/1] stp disable...
  • Page 290 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IP Routing Protocol Overview ..................1-1 1.1 Introduction to IP Route and Routing Table ..............1-1 1.1.1 IP Route ........................1-1 1.1.2 Routing Table ......................1-1 1.2 Routing Management Policy....................
  • Page 291 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Table of Contents 4.1.1 Introduction to OSPF....................4-1 4.1.2 OSPF Route Calculation ..................4-1 4.1.3 Basic OSPF Concepts .................... 4-2 4.1.4 OSPF Network Types ..................... 4-4 4.1.5 OSPF Packets......................4-6 4.1.6 LSA Types.......................
  • Page 292 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Table of Contents 5.1.1 Basic Concept ......................5-1 5.1.2 IS-IS Domain ......................5-2 5.1.3 IS-IS Address Structure ..................5-4 5.1.4 IS-IS PDU Format ....................5-6 5.2 IS-IS Configuration Task List ..................... 5-6 5.3 IS-IS Basic Configuration....................
  • Page 293 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Table of Contents 6.3.1 Configuration Prerequisites..................6-7 6.3.2 Configuring Basic BGP Functions................6-7 6.4 Configuring the Way to Advertise/Receive Routing Information ........6-9 6.4.1 Configuration Prerequisites..................6-9 6.4.2 Importing Routes ..................... 6-9 6.4.3 Configuring BGP Route Aggregation ..............
  • Page 294 Chapter 8 Route Capacity Configuration ..................8-1 8.1 Route Capacity Overview ....................8-1 8.1.1 Introduction......................8-1 8.1.2 Route Capacity Limitation on the S7500 Series ............. 8-1 8.2 Route Capacity Configuration.................... 8-2 8.2.1 Setting the Lower Limit and the Safety Value of the Switch Memory ..... 8-2 8.2.2 Enabling/Disabling Automatic Protocol Connection Recovery .......

  • Page 295: Chapter 1 Ip Routing Protocol Overview

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 1 IP Routing Protocol Overview Chapter 1 IP Routing Protocol Overview Go to these sections for information you are interested in: Introduction to IP Route and Routing Table Routing Management Policy Note: When running a routing protocol, the Ethernet switch also functions as a router.
  • Page 296 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 1 IP Routing Protocol Overview is 129.102.0.0. A mask consists of some consecutive 1s, represented either in dotted decimal notation or by the number of the consecutive 1s in the mask.

  • Page 297: Routing Management Policy

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 1 IP Routing Protocol Overview Router A Router F 13.0.0.1 13.0.0.2 13.0.0.0 16.0.0.1 11.0.0.1 13.0.0.3 Router D 11.0.0.0 16.0.0.0 14.0.0.2 11.0.0.2 16.0.0.2 14.0.0.1 14.0.0.3 Router B Router G 14.0.0.0 17.0.0.1...

  • Page 298: Traffic Sharing And Route Backup

    II. Route backup The S7500 series support route backup. When the primary route fails, the system automatically switches to a backup route to improve network reliability. To achieve route backup, you can configure multiple routes to the same destination according to actual situation.

  • Page 299: Routes Shared Between Routing Protocols

    As the algorithms of various routing protocols are different, different routing protocols may discover different routes. This brings about the problem of how to share the discovered routes between routing protocols. The S7500 series can import (with the import-route command) the routes discovered by one routing protocol to another routing protocol.

  • Page 300: Chapter 2 Static Route Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 2 Static Route Configuration Chapter 2 Static Route Configuration When configuring static routes, go to these sections for information you are interested Introduction to Static Route Static Route Configuration...

  • Page 301: Default Route

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 2 Static Route Configuration 2.1.2 Default Route A default route is a special route. You can manually configure a static route as the default route. Some dynamic routing protocols, such as OSPF and IS-IS, can automatically generate a default route.

  • Page 302: Displaying The Routing Table

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 2 Static Route Configuration Note: If the destination IP address and the mask of a route are both 0.0.0.0, the route is the default route. Any packet for which the router fails to find a matching entry in the routing table will be forwarded through the default route.

  • Page 303: Static Route Configuration Example

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 2 Static Route Configuration 2.4 Static Route Configuration Example I. Network requirements It is required that all the hosts/Layer 3 switches in the figure can interconnect with each other by configuring static routes.

  • Page 304: Troubleshooting A Static Route

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 2 Static Route Configuration [SwitchC] ip route-static 1.1.4.0 255.255.255.0 1.1.3.2 # Configure the default gateway of Host A to 1.1.5.1. Detailed configuration procedure is omitted. # Configure the default gateway of Host B to 1.1.4.1. Detailed configuration procedure is omitted.

  • Page 305: Chapter 3 Rip Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 3 RIP Configuration Chapter 3 RIP Configuration When configuring RIP, go to these sections for information you are interested in: RIP Overview RIP Configuration Task List Displaying and Maintaining RIP Configuration...

  • Page 306: Rip Initialization And Running Procedure

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 3 RIP Configuration Route tag: Identifies whether a route is of internal routing protocol or external routing protocol. III. RIP timers As defined in RFC 1058, RIP employs three timers: Period update, Timeout, and Garbage-collection.

  • Page 307: Basic Rip Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 3 RIP Configuration Task Remarks Enable RIP and specify networks Required Configuring Basic RIP Set the RIP operating status on an interface Optional Functions Specify the RIP version on an interface...
  • Page 308 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 3 RIP Configuration To do... Use the command... Remarks Enter system view system-view — Enable RIP globally and — enter RIP view Required Enable RIP on the interface of a specified...

  • Page 309: Rip Route Control

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 3 RIP Configuration To do... Use the command... Remarks Required By default, the interface can receive RIP-1 and RIP-2 broadcast packets but send Specify RIP version rip version { 1 | 2 only RIP-1 packets.
  • Page 310 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 3 RIP Configuration To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Optional Set the additional routing By default, the additional...
  • Page 311 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 3 RIP Configuration III. Disable the receiving of host routes In some special cases, the router can receive a lot of host routes from the same network segment, and these routes are of little help in route addressing but consume a large amount of network resources.
  • Page 312 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 3 RIP Configuration Note: The filter-policy import command filters the RIP routes received from neighbors, and the routes being filtered out will neither be added to the routing table nor be advertised to any neighbors.

  • Page 313: Rip Network Adjustment And Optimization

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 3 RIP Configuration To do... Use the command... Remarks Optional When you use the Set the default cost for import-route command RIP to redistribute routes default cost value without specifying the cost...
  • Page 314 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 3 RIP Configuration To do... Use the command... Remarks Enter system view system-view — Enter RIP view — Required timers { update Set the values of RIP By default, Update timer value...
  • Page 315 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 3 RIP Configuration To do... Use the command... Remarks Required Enable zero field check of By default, zero field checkzero RIP-1 packets check is performed on RIP-1 packets. Note: Some fields in a RIP-1 packet must be 0, and they are known as zero fields.

  • Page 316: Displaying And Maintaining Rip Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 3 RIP Configuration To do... Use the command... Remarks Enter system view system-view — Enter RIP view — Required To make RIP works on a link that does not support broadcast/multicast...
  • Page 317 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 3 RIP Configuration II. Network diagram Vlan-int 2 Switch A Ethernet Vlan-int 1 Switch C Switch B Vlan-int 4 Vlan-int 3 Device Interface IP address Device Interface IP address...

  • Page 318: Troubleshooting Rip Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 3 RIP Configuration [SwitchC] rip [SwitchC-rip] network 117.102.0.0 [SwitchC-rip] network 110.11.2.0 3.8 Troubleshooting RIP Configuration Symptom: The switch cannot receive any RIP update when the physical connection between the switch and the peer routing device is normal.

  • Page 319: Chapter 4 Ospf Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration Chapter 4 OSPF Configuration When configuring OSPF, go to these sections for information you are interested in: OSPF Overview OSPF Configuration Task List Displaying and Maintaining OSPF Configuration...

  • Page 320: Basic Ospf Concepts

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration Each OSPF router maintains a link state database (LSDB), which describes the topology of the whole AS. Based on the network topology around itself, each router generates link state advertisements (LSAs) and sends them to other routers in update packets.
  • Page 321 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration space, complicate the running of SPF algorithm, and increase CPU load. Furthermore, as a network grows larger, it is more potential to have changes in the network topology.

  • Page 322: Ospf Network Types

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration aggregated into one route 19.1.0.0/16, and only one corresponding LSA, which describes the route after summary, is generated on RTA. Router A 19.1.0.0/16 19.1.1.0/24 19.1.2.0/24 Router B Area 0 19.1.3.0/24...
  • Page 323 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration An NBMA network is fully connected, non-broadcast, and multi-accessible, whereas a P2MP network is not necessarily fully connected. DR and BDR must be elected on an NBMA network, while on a P2MP network there are no such routers.

  • Page 324: Ospf Packets

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration DRother DRother DRother Figure 4-2 DR and BDR IV. DR/BDR election Instead of being manually configured, DR and BDR are elected by all the routers on the current network segment.

  • Page 325: Lsa Types

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration When two routers synchronize their databases, they use database description (DD) packets to describe their own LSDBs, which contain the digest of each LSA. The digest refers to the HEAD of an LSA which uniquely identifies the LSA. This reduces the size of traffic transmitted between the routers because the HEAD of an LSA only occupies a small portion of the LSA.

  • Page 326: Ospf Features

    LSAs into Type-5 LSAs and advertise the Type-5 LSAs. Type-7 LSAs are not directly advertised to other areas (including the backbone area). 4.1.7 OSPF Features S7500 series support the following OSPF features: Stub area: Stub area is defined to reduce the cost for the routers in the area to receive ASE routes.

  • Page 327: Basic Ospf Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration Task Remarks Configuring the Network Type of an Optional OSPF Interface OSPF Network Type Setting an NBMA Neighbor Optional Configuration Setting the DR Priority on an OSPF...
  • Page 328 Enabling OSPF S7500 Series Ethernet Switches support multiple OSPF processes. To enable multiple OSPF processes on a router, you need to specify different process IDs. OSPF process ID is only locally significant; it does not affect the packet exchange between an OSPF process and other routers.

  • Page 329: Ospf Area Attribute Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration To do... Use the command... Remarks Required Configure the network network address By default, an interface does not segments in the area wildcard-mask belong to any area.

  • Page 330: Configuring Ospf Area Attributes

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration 4.4.1 Configuration Prerequisites Before configuring OSPF area attributes, perform the following tasks: Configuring the network layer addresses of interfaces so that the adjacent nodes are reachable to each other at the network layer Performing basic OSPF configuration 4.4.2 Configuring OSPF Area Attributes...

  • Page 331: Ospf Network Type Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration Note: You must use the stub command on all the routers connected to a stub area to configure the area with the stub attribute. You must use the nssa command on all the routers connected to an NSSA area to configure the area with the NSSA attribute.

  • Page 332: Setting An Nbma Neighbor

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration To do... Use the command... Remarks Required Configure the network ospf network-type By default, the network type of the OSPF { broadcast | nbma | type of an interface...

  • Page 333: Ospf Route Control

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Required Set the DR priority on the ospf dr-priority value OSPF interface The default DR priority is 1.

  • Page 334: Configuring Ospf To Filter Received Routes

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration To do... Use the command... Remarks Enter system view system-view — ospf [ process-id Enter OSPF view — [ router-id router-id ] ] Enter area view —...

  • Page 335: Configuring The Cost For Sending Packets On An Ospf Interface

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration Note: OSPF is a dynamic routing protocol based on link state, with routing information hidden in LSAs. Therefore, OSPF cannot filter any advertised or received LSA. In fact, the filter-policy import command filters the routes calculated by OSPF;...

  • Page 336: Configuring Ospf To Redistribute Routes

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration 4.6.6 Configuring OSPF to Redistribute Routes Follow these steps to configure OSPF to redistribute routes: To do... Use the command... Remarks Enter system view System-view —...

  • Page 337: Ospf Network Adjustment And Optimization

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration Note: The import-route command cannot import the default route. To import the default route, you must use the default-route-advertise command. The filtering of advertised routes by OSPF means that OSPF only converts the external routes meeting the filter criteria into Type-5 or Type-7 LSAs and advertises them.

  • Page 338: Configuring The Lsa Transmission Delay

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration The dead time on an interface must be at least four times of the Hello interval on the same interface. After a router sends an LSA to a neighbor, it waits for an acknowledgement packet from the neighbor.

  • Page 339: Configuring The Spf Calculation Interval

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Required Configure the LSA ospf trans-delay transmission delay...

  • Page 340: Configuring Ospf Authentication

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration To do... Use the command... Remarks Enter system view system-view — ospf [ process-id Enter OSPF view — [ router-id router-id ] ] Required Disable OSPF packet...

  • Page 341: Configuring To Fill The Mtu Field When An Interface Transmits Dd Packets

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration To do... Use the command... Remarks Required ospf Configure the authentication-mode By default, OSPF packets authentication mode of { simple password | md5 are not authenticated on...
  • Page 342 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration To do... Use the command... Remarks Enter system view system-view — Optional By default, MIB is bound to the first enabled OSPF Configure OSPF process. When multiple...

  • Page 343: Displaying And Maintaining Ospf Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration 4.8 Displaying and Maintaining OSPF Configuration To do... Use the command... Remarks Display brief information about one or all OSPF display ospf [ process-id ] brief...
  • Page 344 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration make Switch A and Switch C become DR and BDR respectively. Set the priority of Switch A to 100 (the highest on the network) so that Switch A is elected as the DR. Set the priority of Switch C to 2 (the second highest priority) so that Switch C is elected as the BDR.
  • Page 345 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration <SwitchC> system-view [SwitchC] interface Vlan-interface 1 [SwitchC-Vlan-interface1] ip address 196.1.1.3 255.255.255.0 [SwitchC-Vlan-interface1] ospf dr-priority 2 [SwitchC] router id 3.3.3.3 [SwitchC] ospf [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255 # Configure Switch D.

  • Page 346: Configuring Ospf Virtual Link

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration 4.9.2 Configuring OSPF Virtual Link I. Network requirements As shown in Figure 4-4, Area 2 and Area 0 are not directly interconnected. It is required to use Area 1 as a transition area for interconnecting Area 2 and Area 0.

  • Page 347: Troubleshooting Ospf Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration [SwitchB-Vlan-interface1] ip address 196.1.1.2 255.255.255.0 [SwitchB-Vlan-interface1] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] ip address 197.1.1.2 255.255.255.0 [SwitchB] router id 2.2.2.2 [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit...
  • Page 348 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration instead of FULL state. The peer state machine between DR/BDR and all the other routers is in FULL state. Use the display ospf peer command to view peers.
  • Page 349 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 4 OSPF Configuration Transit Area Router A Router B Router C Router D Virtual Link Area 2 Area 0 Area 1 Figure 4-5 OSPF area A virtual link cannot pass through a stub area. The backbone area (area 0) cannot be configured as a stub area.

  • Page 350: Chapter 5 Is-Is Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration Chapter 5 IS-IS Configuration When configuring IS-IS, go to these sections for information you are interested in: IS-IS Overview IS-IS Configuration Task List Displaying and Maintaining Integrated IS-IS Configuration Integrated IS-IS Configuration Example 5.1 IS-IS Overview...

  • Page 351: Is-Is Domain

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration of the IS. Each IS collects all the LSPs in the local area to generate its own LSDB. Network protocol data unit (NPDU). An NPDU is a network layer protocol packet in OSI, which is equivalent to an IP packet in TCP/IP.
  • Page 352 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration A router that functions as a Level-1 and a Level-2 router is called a Level-1-2 router. It can form the Level-1 neighbor relationship with the Level-1 and Level-1-2 routers in the same area, or form Level-2 neighbor relationship with the Level-2 and Level-1-2 routers in different areas.

  • Page 353: Is-Is Address Structure

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration Area 1 Area 4 Area 2 L1/L2 L1/L2 Area 3 Figure 5-2 An example of the IS-IS topology II Note: The IS-IS backbone does not need to be a particular Area.
  • Page 354 A system ID identifies a host or router uniquely. Its length has multiple options. For S7500 series Ethernet switches, the length of the system ID is 48 bits (6 bytes). The system ID is used together with the Router ID in practice. For example, a router uses the IP address 168.10.1.1 of the Loopback 0 as the Router ID, you can get the...

  • Page 355: Is-Is Pdu Format

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration For example, there is a NET named 47.0001.aaaa.bbbb.cccc.00, where: Area=47.0001, System ID=aaaa.bbbb.cccc, SEL=00. Here is another example. A NET named 01.1111.2222.4444.00 exists where: Area=01, System ID=1111.2222.4444, SEL=00.
  • Page 356 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration Task Remarks Enabling IS-IS Required Configuring a NET Required Enabling IS-IS on the Specified Interface Required Configuring DIS Priority Optional Configuring Router Type Optional Configuring the Line Type of an Interface...

  • Page 357: Is-Is Basic Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration 5.3 IS-IS Basic Configuration All configuration tasks, except enabling IS-IS, are optional. This section covers the following topics: IS-IS basic configuration Enabling IS-IS Configuring a NET...

  • Page 358: Configuring A Net

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration To do... Use the command... Remarks Enter system view system-view — Required Configure ISIS isis [ tag ] By default, no IS-IS routing process is enabled.

  • Page 359: Configuring Router Type

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Optional isis dis-priority value Assign a DIS priority [ level-1 | level-2 ] The default DIS priority is 64.

  • Page 360: Configuring Route Redistribution

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration 5.3.7 Configuring Route Redistribution IS-IS processes the routes discovered by other routing protocols as routes outside a routing domain. You can specify the default cost for IS-IS to redistribute routes from another routing protocol.

  • Page 361: Configuring Route Leaking

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration II. Configuring IS-IS to filter the routes advertised by other routing protocols Follow these steps to configure IS-IS to filter the routes advertised by other routing protocols: To do...

  • Page 362: Configuring Route Summarization

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration 5.3.10 Configuring Route Summarization You can configure the routes having the same IP prefix as one summarized route. Follow these steps to configure route summarization: To do...

  • Page 363: Configuring A Cost Style

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration To do... Use the command... Remarks Enter system view system-view — Enter IS-IS view isis [ tag ] — Required preference [ value | clns |...

  • Page 364: Configuring Is-Is Timer

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration 5.3.15 Configuring IS-IS Timer I. Configuring the Hello interval In IS-IS, Hello packets are sent periodically through interfaces and routers maintain neighbor relationship by sending and receiving Hello packets. You can configure the Hello interval.
  • Page 365 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration To do... Use the command... Remarks Required Configure the LSP sending interval, in isis timer lsp time The default LSP sending milliseconds interval is 33 milliseconds.

  • Page 366: Configuring Authentication

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration Note: If you do not provide the level-1 keyword or the level-2 keyword, this command applies to Level-1 and Level-2. 5.3.16 Configuring Authentication I. Configuring authentication on an interface The authentication configured on the interface applies to the Hello packet in order to authenticate neighbors.

  • Page 367: Adding An Interface To A Mesh Group

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration To do... Use the command... Remarks area-authentication-mode Define the area { simple | md5 } password Optional authentication mode [ ip | osi ] Optional domain-authentication-mo...

  • Page 368: Configuring Overload Tag

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Required isis mesh-group Add an interface to a...

  • Page 369: Configuring To Log Peer Changes

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration 5.3.20 Configuring to Log Peer Changes With peer state logging enabled, IS-IS peer state changes are output to the console terminal. Follow these steps to enable peer change logging: To do...

  • Page 370: Configuring Spf Parameters

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration To do... Use the command... Remarks Required Assign an LSP timer lsp-max-age By default, the LSP maximum maximum aging seconds aging time is 1,200 seconds, time namely, 20 minutes.

  • Page 371: Enabling/Disabling Packet Transmission Through An Interface

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration To do... Use the command... Remarks Required Configure SPF calculation spf-slice-size seconds By default, SPF duration calculation is not sliced. III. Configuring SPF to release CPU resources automatically In IS-IS, SPF calculation may occupy system resources for a long time and slow down console response.

  • Page 372: Resetting Configuration Data Of An Is-Is Peer

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration Follow these steps to reset all IS-IS configuration data: To do... Use the command... Remarks Enter system view system-view — Required Reset all IS-IS reset isis all...

  • Page 373: Integrated Is-Is Configuration Example

    As shown in Figure 5-4, four S7500 series Ethernet switches (Switch A, Switch B, Switch C, and Switch D) are interconnected through IS-IS routing protocol. In the network design, Switch A, Switch B, Switch C, and Switch D belong to the same area.

  • Page 374: Operation Manual – Routing Protocol

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 5 IS-IS Configuration [SwitchB-Vlan-interface101] ip address 200.10.0.1 255.255.255.0 [SwitchB-Vlan-interface101] isis enable [SwitchB] interface vlan-interface 102 [SwitchB-Vlan-interface102] ip address 200.0.0.1 255.255.255.0 [SwitchB-Vlan-interface102] isis enable [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ip address 100.10.0.2 255.255.255.0 [SwitchB-Vlan-interface100] isis enable # Configure Switch C.

  • Page 375: Chapter 6 Bgp Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration Chapter 6 BGP Configuration When configuring BGP, go to these sections for information you are interested in: BGP Overview BGP Configuration Task List Displaying and Maintaining BGP Configuration...

  • Page 376: Bgp Message Type

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration In BGP, multiple routing policies are available for filtering and choosing routes in a flexible way. BGP is extendible to allow for new types of networks.
  • Page 377 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration Route-refresh packets. Among these types of BGP packets, the first four are defined in RFC 1771, and the rest one is defined in RFC 2918. II. Open Open massage is used to establish connections between BGP speakers.
  • Page 378 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration Unfeasible Routes Length Withdrawn Routes(Variable) Total Path Attribute Length Path Attributes(Variable) NLRI(Variable) Figure 6-3 BGP Update message format An Update message can advertise a group of reachable routes with the same path attribute.

  • Page 379: Bgp Routing Mechanism

    I. BGP route advertisement policies In the implementation on H3C S7500 Series Ethernet Switches (hereinafter referred to as the S7500 series), BGP adopts the following policies to advertise routes: When there are multiple optional routes, a BGP speaker chooses only the optimal one;...

  • Page 380: Bgp Peer And Peer Group

    BGP peers. II. Relationship between peer and peer group In the S7500 series, a BGP peer cannot exist independently; it must belong to a peer group. Therefore, when you configure a BGP peer, make sure you first create a BGP peer group, and then add a peer to the group.

  • Page 381: Basic Bgp Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration Task Remarks Configuring Basic BGP Functions Required Importing Routes Optional Configuring BGP Route Aggregation Optional Enabling Default Route Advertising Optional Configuring the Configuring the BGP Route Advertising...
  • Page 382 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration To do... Use the command... Remarks Required Enable BGP and enter bgp as-number By default, BGP is BGP view disabled. group group-name Create a peer group...

  • Page 383: Configuring The Way To Advertise/Receive Routing Information

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration Caution: A router must be assigned a router ID in order to run BGP protocol. A router ID is a 32-bit unsigned integer. It uniquely identifies a router in an AS.

  • Page 384: Configuring Bgp Route Aggregation

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration by importing IGP routing information to BGP routing table. Once IGP routing information is imported to BGP routing table, it is advertised to BGP peers. You can filter IGP routing information by routing protocols before the IGP routing information is imported to BGP routing table.

  • Page 385: Enabling Default Route Advertising

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration Manual aggregation mode, where local BGP routes are aggregated. The priority of manual aggregation is higher than that of automatic aggregation. Follow these steps to configure BGP route aggregation: To do...

  • Page 386: Configuring Bgp Route Receiving Policy

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration To do... Use the command... Remarks Enter system view system-view — Enter BGP view bgp as-number — filter-policy Required { acl-number | ip-prefix Filter the advertised routes...

  • Page 387: Configuring Bgp-Igp Route Synchronization

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration Use the To do... Remarks command... Enter system view — system-view Enter BGP view bgp as-number — filter-policy Required { acl-number | Filter the received global...

  • Page 388: Configuring Bgp Route Dampening

    H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration Caution: BGP-IGP route synchronization is not supported on the H3C S7500 series Ethernet switches. 6.4.8 Configuring BGP Route Dampening Route dampening is used to solve the problem of route instability. Route instability mainly refers to route flapping.

  • Page 389: Configuring Bgp Route Attributes

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration To do... Use the command... Remarks Enter system view system-view — Enter BGP view bgp as-number — Required Configure BGP load By default, the system does...
  • Page 390 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration To do... Use the command... Remarks Required In some network, to ensure an IBGP neighbor locates Configure the local the correct next hop, you can address as the next hop...
  • Page 391 BGP connection reset To make a new BGP routing policy taking effect, you need to reset the BGP connection. This temporarily tears down the BGP connection. In S7500 Series Ethernet Switches implementations, BGP supports the route-refresh function. With route-refresh function enabled on all the BGP routers, if BGP routing policy changes, the local router sends refresh messages to its peers.
  • Page 392 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration Interval for sending the update packets MD5 authentication password 6.6.2 Adjusting and Optimizing a BGP Network Follow these steps to adjust and optimize a BGP network: Use the To do...

  • Page 393: Configuring A Large-Scale Bgp Network

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration Use the To do... Remarks command... Optional Configure the number of routes By default, the system balance num used for BGP load balance does not adopt BGP load balance.

  • Page 394: Configuring A Bgp Peer Group

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration Before configuring a large-scale BGP network, you need to prepare the following data: Peer group type, name, and the peers included. If you want to use community, the name of the applied routing policy is needed.

  • Page 395: Configuring A Bgp Community

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration Caution: It is not required to specify an AS number for creating an IBGP peer group. If there already exists a peer in a peer group, you can neither change the AS number of the peer group nor delete a specified AS number through the undo command.

  • Page 396: Configuring Bgp Confederation

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration To do... Use the command... Remarks Enter system view system-view — Enter BGP view bgp as-number — Configure the local router Required as the RR and configure...

  • Page 397: Displaying And Maintaining Bgp Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration Use the To do... Remarks command... Optional confederation By default, the Configure the compatibility of a { nonstandard | confederation configured is confederation standard1965 | consistent with the RFC standard3065 } 1965.

  • Page 398: Bgp Connection Reset

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration To do... Use the command... Remarks Display routing display bgp [ multicast ] routing-table information about a community [ aa:nn | specified BGP no-export-subconfed | no-advertise | community.

  • Page 399: Clearing Bgp Information

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration 6.8.3 Clearing BGP Information To do... Use the command... Remarks Clear the route dampening information reset bgp dampening and release the [ network-address [ mask ] ]...
  • Page 400 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration [SwitchA] bgp 1001 [SwitchA-bgp] confederation id 100 [SwitchA-bgp] confederation peer-as 1002 1003 [SwitchA-bgp] group confed1002 external [SwitchA-bgp] peer 172.68.10.2 group confed1002 as-number 1002 [SwitchA-bgp] group confed1003 external [SwitchA-bgp] peer 172.68.10.3 group confed1003 as-number 1003...
  • Page 401 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration II. Network diagram Router Reflector VLAN-int100 Switch C Switch A VLAN -int4 VLAN -int3 VLAN-int2 AS 100 AS 200 Switch D Switch B Device Interface IP interface...

  • Page 402: Configuring Bgp Routing

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration [SwitchB-bgp] group in internal [SwitchB-bgp] peer 193.1.1.1 group in Configure Switch C. # Configure VLAN 3. [SwitchC] interface Vlan-interface 3 [SwitchC-Vlan-interface3] ip address 193.1.1.1 255.255.255.0 # Configure VLAN 4.
  • Page 403 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration II. Network diagram AS 200 AS 100 VLAN- int4 Switch B Vlan -int101 VLAN -int2 VLAN-int2 VLAN-int5 Switch D VLAN -int3 VLAN -int3 Switch A Switch C...
  • Page 404 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration [SwitchA-acl-basic-2000] rule permit source 1.0.0.0 0.255.255.255 [SwitchA-acl-basic-2000] rule deny source any Define two routing policies, respectively named apply_med_50 and apply_med_100. The first routing policy apply_med_50 configures the MED attribute as 50 for network 1.0.0.0, and the second one apply_med_100 configures the MED attribute for the...
  • Page 405 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration [SwitchC] ospf [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 193.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [SwitchC] bgp 200 [SwitchC-bgp] undo synchronization [SwitchC-bgp] group ex external [SwitchC-bgp] peer 193.1.1.1 group ex as-number 100 [SwitchC-bgp] group in internal [SwitchC-bgp] peer 195.1.1.1 group in...

  • Page 406: Troubleshooting Bgp Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration [SwitchC-route-policy] if-match acl 2000 [SwitchC-route-policy] apply local-preference 200 [SwitchC-route-policy] quit [SwitchC] route-policy localpref permit node 20 [SwitchC-route-policy] apply local-preference 100 [SwitchC-route-policy] quit Apply this routing policy to the inbound traffic flows coming from BGP neighbor 193.1.1.1 (Switch A).
  • Page 407 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 6 BGP Configuration actual interface network segment. This may result in unsuccessful route import or wrong import, and may cause routing error in some network trouble situations. 6-33...

  • Page 408: Chapter 7 Ip Routing Policy Configuration

    7.1.1 Filters The S7500 series provide five kinds of filters (route-policy, ACL, AS-path, community-list and ip-prefix) for routing protocols reference. The following sections describe these filters.

  • Page 409: Applications Of Routing Policy

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 7 IP Routing Policy Configuration when all the matching conditions specified by all the if-match clauses are satisfied. The apply clauses specify the actions performed after a matching test against the node is successful, that is, configuration to be performed for the attributes of routing information.

  • Page 410: Ip Routing Policy Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 7 IP Routing Policy Configuration When a routing protocol imports the routes discovered by other protocols, it adopts routing policies to import those routes meeting the given conditions. In addition, routing policies can also be used to change some route attributes.
  • Page 411 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 7 IP Routing Policy Configuration To do... Use the command... Remarks Enter system view system-view — route-policy route-policy-name Define a route-policy and { permit | deny } node Required...
  • Page 412 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 7 IP Routing Policy Configuration To do... Use the command... Remarks Define an if-match clause to match the AS path field of Optional if-match as-path as-path-number BGP routing information...
  • Page 413 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 7 IP Routing Policy Configuration To do... Use the command... Remarks Enter system view system-view — route-policy route-policy-name Enter route-policy view { permit | deny } node — node-number...

  • Page 414: Define An Ip Prefix List

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 7 IP Routing Policy Configuration 7.2.2 Define an IP Prefix List An ip-prefix (IP prefix list) is identified by name. Each ip-prefix can include multiple items, and each item, identified by an index-number, can independently specify the match range in network prefix form.

  • Page 415: Configuring A Community List

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 7 IP Routing Policy Configuration By default, no AS path list is defined. 7.2.4 Configuring a Community List In BGP, community attributes are optional transit attributes. Some community attributes are globally recognized and they are called standard community attributes.

  • Page 416: Applying A Routing Policy To Receive Or Advertise Routes

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 7 IP Routing Policy Configuration 7.2.6 Applying a Routing Policy to Receive or Advertise Routes Note: The filter-policy command (used to apply a routing policy to receive or advertise routes) is somewhat different in form in different routing protocol views.
  • Page 417 Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 7 IP Routing Policy Configuration II. Network diagram Static 20 .0.0.0/8 Area 0 30 .0.0.0 /8 40 .0.0.0 /8 Vlan -Int 200 12.0.0.1 /8 10.0.0 .2/8 10.0.0.1 /8 Vlan-Int 100...

  • Page 418: Troubleshooting Ip Routing Policy

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 7 IP Routing Policy Configuration [SwitchA-acl-basic-2000] quit # Configure a route-policy. [SwitchA] route-policy ospf permit node 10 [SwitchA -route-policy] if-match acl 2000 [SwitchA -route-policy] quit # Apply route policy when the static routes are imported.

  • Page 419: Chapter 8 Route Capacity Configuration

    OSPF routes, IS-IS routes and BGP routes, in the routing table. If the routing table occupies too much memory, the switch performance will decline. To solve this problem, the S7500 series provide a mechanism to control the size of the routing table; that is, monitoring the free memory in the system to determine whether to add new routes to the routing table and whether to keep the connection of a routing protocol.

  • Page 420: Route Capacity Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 8 Route Capacity Configuration connection. If the automatic protocol connection recovery function is disabled, the switch will not re-establish the disconnected IS-IS, BGP or OSPF connection even when the free memory restores to a value larger than the safety value.

  • Page 421: Displaying And Maintaining Route Capacity Configuration

    Operation Manual – Routing Protocol H3C S7500 Series Ethernet Switches Chapter 8 Route Capacity Configuration Caution: If automatic protocol recovery is disabled, the broken OSPF, ISIS, or BGP connection will not recover even when the value of free memory exceeds the safety value.
  • Page 422 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Multicast Overview ...................... 1-1 1.1 Multicast Overview......................1-1 1.1.1 Information Transmission in the Unicast Mode............1-1 1.1.2 Information Transmission in the Broadcast Mode........... 1-2 1.1.3 Information Transmission in the Multicast Mode.............
  • Page 423 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Table of Contents 4.2 Common Multicast Configuration..................4-1 4.2.1 Enabling Multicast and Configuring Limit on the Number of Route Entries .... 4-2 4.2.2 Configuring Suppression on the Multicast Source Port .......... 4-2 4.2.3 Configuring Suppression on Multicast Wrongif Packets .........
  • Page 424 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Table of Contents 7.4.2 Configuring BSR/RP ..................... 7-14 7.4.3 Configuring PIM-SM Domain Boundary..............7-15 7.4.4 Configuring the RP to Filter Register Messages from the DR ......7-16 7.5 Displaying and Maintaining PIM ..................7-17 7.6 PIM Configuration Examples ...................

  • Page 425: Chapter 1 Multicast Overview

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 1 Multicast Overview Chapter 1 Multicast Overview 1.1 Multicast Overview With development of networks on the Internet, more and more interaction services such as data, voice, and video services are running on the networks. In addition,...

  • Page 426: Information Transmission In The Broadcast Mode

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 1 Multicast Overview information, when a large number of users need this information, the server must send many pieces of information with the same content to the users. Therefore, the limited bandwidth becomes the bottleneck in information transmission.
  • Page 427 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 1 Multicast Overview users. When the number of users requiring information is not certain, unicast and broadcast are both of low efficiency. Multicast solves this problem. When some users on a network require specified information, the multicast information sender (namely, the multicast source) sends the information only once.

  • Page 428: Advantages And Applications Of Multicast

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 1 Multicast Overview Multiple receivers receiving the same information form a multicast group. Multicast group is not limited by physical area. Each receiver receiving multicast information is a multicast group member.

  • Page 429: Multicast Architecture

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 1 Multicast Overview Multicast provides the following applications: Applications of multimedia and flow media, such as Web TV, Web radio, and real-time video/audio conferencing. Communication for training and cooperative operations, such as remote education.
  • Page 430 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 1 Multicast Overview information receivers), network-layer multicast addresses, namely, IP multicast addresses are required. In addition, a technology must be available to map IP multicast addresses to link-layer MAC multicast addresses. The following sections describe these two types of multicast addresses: I.
  • Page 431 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 1 Multicast Overview Class D address range Description Available any-source multicast (ASM) multicast 224.0.1.0 to 231.255.255.255 addresses (IP addresses of temporary groups). 233.0.0.0 to 238.255.255.255 They are valid for the entire network.

  • Page 432: Ip Multicast Protocols

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 1 Multicast Overview Note: Like having reserved the private network segment 10.0.0.0/8 for unicast, IANA has also reserved the network segments ranging from 239.0.0.0 to 239.255.255.255 for multicast. These are administratively scoped addresses. With the administratively...

  • Page 433: Forwarding Mechanism Of Multicast Packets

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 1 Multicast Overview AS 1 Receiver AS 2 Receiver IGMP IGMP MSDP IGMP Receiver Source Figure 1-5 Positions of multicast-relevant protocol I. Multicast group management protocol Internet group management protocol (IGMP) runs between hosts and multicast routers.
  • Page 434 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 1 Multicast Overview In order to guarantee the transmission of multicast packets in the network, multicast packets must be forwarded based on unicast routing tables or those specially provided to multicast (such as MBGP multicast routing tables). In addition, to prevent the interfaces from receiving the same information from different peers, routers must check the receiving interfaces.

  • Page 435: Chapter 2 Gmrp Configuration

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 2 GMRP Configuration Chapter 2 GMRP Configuration 2.1 GMRP Overview GMRP (GARP Multicast Registration Protocol), based on GARP, is used for maintaining multicast registration information of the switch. All GMRP-capable switches...

  • Page 436: Displaying And Maintaining Gmrp

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 2 GMRP Configuration To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter Ethernet port view — interface-number Required Enable GMRP on the port gmrp Disabled by default.
  • Page 437 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 2 GMRP Configuration GMRP is enabled on port Ethernet2/0/1. Configure SwitchB: # Enable GMRP globally. <H3C> system-view [H3C] gmrp GMRP is enabled globally. # Enable GMRP on the port. [H3C] interface Ethernet2/0/1 [H3C-Ethernet2/0/1] gmrp GMRP is enabled on port Ethernet2/0/1.

  • Page 438: Chapter 3 Igmp Snooping Configuration

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration Chapter 3 IGMP Snooping Configuration 3.1 Overview 3.1.1 IGMP Snooping Fundamentals Internet group management protocol snooping (IGMP Snooping) is a multicast control mechanism running on Layer 2 Ethernet switches. It is used to manage and control multicast groups.

  • Page 439: Igmp Snooping Implementation

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration Multicast packet transmission Multicast pack et transmission without IGMP Snooping when IGMP Snooping runs Multicast router Multicast router Source Source Layer 2 switch Layer 2 switch...
  • Page 440 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration Packet normally Timeout action received before Timer Setting on the switch timeout Remove the port Query response Query response IGMP report from the member timer timeout time...
  • Page 441 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration Messag Receiv Purpos Action of the multicast member switch Query if Multi specific cast Multicas IGMP IGMP route group-sp multica Send an IGMP group-specific query r and...
  • Page 442 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration Messag Receiv Purpos Action of the multicast member switch The switch checks whether the port is the last host port in corresponding MAC multicast group. If yes, remove...

  • Page 443: Igmp Snooping Configuration

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration Caution: An IGMP Snooping-enabled S7500 Ethernet switch judges whether the multicast group exists when it receives an IGMP leave message sent by a host in a multicast group. If this multicast group does not exist, the switch will drop the IGMP leave message instead of forwarding it.

  • Page 444: Configuring Timers

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration Caution: Although both Layer 2 and Layer 3 multicast protocols can run on the same switch simultaneously, they cannot run simultaneously in a VLAN or its corresponding virtual interface.

  • Page 445: Enabling Igmp Fast Leave

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration 3.2.3 Enabling IGMP Fast Leave Normally, when receiving an IGMP Leave message, the IGMP Snooping-enabled switch does not immediately remove the port from the multicast group, but sends an IGMP group-specific query message.
  • Page 446 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration filtering ACL configuration on the receiving port to determine whether the port can join the corresponding multicast group. If yes, it adds the port to the forwarding port list of the multicast group.

  • Page 447: Configuring To Limit The Number Of Multicast Groups On A Port

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration 3.2.5 Configuring to Limit the Number of Multicast Groups on a Port With limit imposed on the number of multicast groups on a switch port, users can no longer have as many multicast groups as they want when demanding programs in multicast groups.
  • Page 448 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration By configuring a multicast VLAN, adding switch ports to the multicast VLAN and enabling IGMP Snooping, you can make users in different VLANs share the same multicast VLAN.

  • Page 449: Displaying And Maintaining Igmp Snooping

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration 3.3 Displaying and Maintaining IGMP Snooping To do... Use the command... Remarks Display the current IGMP display igmp-snooping Snooping configuration configuration Display IGMP Snooping display igmp-snooping...
  • Page 450 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration III. Configuration procedure # Enable IGMP Snooping in system view globally. <H3C> system-view [H3C] igmp-snooping enable # Enable IGMP Snooping in VLAN 10 where no Layer 3 multicast protocol is enabled.
  • Page 451 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration Device Device connected to Device ID Port Description type the port Switch C is The port connected to users connecting to belonging to VLAN 5 Layer 2...

  • Page 452: Troubleshooting Igmp Snooping

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration [H3C-vlan1024] multicast-vlan enable [H3C-vlan1024] quit [H3C] multicast-vlan 1024 subvlan 2 to 7 3.5 Troubleshooting IGMP Snooping Symptom: Multicast does not work on the switch. Solution: The reason may be: IGMP Snooping is not enabled.

  • Page 453: Chapter 4 Common Multicast Configuration

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 4 Common Multicast Configuration Chapter 4 Common Multicast Configuration 4.1 Overview Common multicast configuration tasks are the common contents of the multicast group management protocol and the multicast routing protocol. You must enable the common multicast configuration on the switch before enabling the two protocols.

  • Page 454: Enabling Multicast And Configuring Limit On The Number Of Route Entries

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 4 Common Multicast Configuration 4.2.1 Enabling Multicast and Configuring Limit on the Number of Route Entries Follow these steps to enable multicast and configure limit on the number of route entries: To do...

  • Page 455: Configuring Suppression On Multicast Wrongif Packets

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 4 Common Multicast Configuration To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter Ethernet port view — interface-number Optional Configure suppression on Suppression on the...

  • Page 456: Configuring Static Router Ports

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 4 Common Multicast Configuration Caution: During the configuration, if the seconds argument is less than 15, the system sets the holdtime to 15; if the seconds argument is more than 15, the system sets the holdtime to the multiples of 15 according to the user-defined range.

  • Page 457: Clearing Multicast Related Entries

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 4 Common Multicast Configuration To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter Ethernet port view — interface-number Configure static router multicast static-router-port vlan Required...

  • Page 458: Displaying And Maintaining Common Multicast Configuration

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 4 Common Multicast Configuration To do... Use the command... Remarks reset multicast routing-table { all | { group-address [ mask { group-mask | group-mask-length } ] | Clear the route...
  • Page 459 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 4 Common Multicast Configuration To do... Use the command... Remarks display multicast routing-table [ group-address [ mask { group-mask | Display the mask-length } ] | information about source-address [ mask...

  • Page 460: Chapter 5 Multicast Mac Address Entry Configuration

    Operation Manual – Multicast Chapter 5 Multicast MAC Address Entry H3C S7500 Series Ethernet Switches Configuration Chapter 5 Multicast MAC Address Entry Configuration 5.1 Overview In Layer 2 multicast, the system can create multicast forwarding entries dynamically through Layer 2 multicast protocol. However, you can also statically bind a port to a multicast address entry by configuring a multicast MAC address entry manually.

  • Page 461: Displaying And Maintaining Multicast Mac Address

    Operation Manual – Multicast Chapter 5 Multicast MAC Address Entry H3C S7500 Series Ethernet Switches Configuration Note: If the multicast MAC address entry to be created already exists, the system gives you a prompt. If a multicast MAC address is added manually, the switch will not learn this multicast MAC address again through IGMP Snooping.

  • Page 462: Chapter 6 Igmp Configuration

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 6 IGMP Configuration Chapter 6 IGMP Configuration 6.1 Overview 6.1.1 Introduction to IGMP Internet group management protocol (IGMP) is responsible for the management of IP multicast members. It is used to establish and maintain membership between IP hosts and their directly connected neighboring multicast routers.

  • Page 463: Working Procedure Of Igmp

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 6 IGMP Configuration membership query messages. In this case, the querier selection mechanism is required to specify a router as the querier. In IGMPv1, the multicast routing protocol selects the querier. In IGMPv2, it is defined that the multicast router with the lowest IP address is selected as the querier when there are multiple multicast routers in a network segment.
  • Page 464 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 6 IGMP Configuration I. Working mechanism of IGMPv1 Comware implements the IGMPv1 protocol according to RFC1112. IGMPv1 manages the multicast groups based on the query/response mechanism. With the help of Layer 3 routing protocols, IGMP selects the designated router (DR) as the querier responsible for sending query messages.

  • Page 465: Igmp Proxy

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 6 IGMP Configuration The data from the multicast source reaches the IGMP router over the multicast routes. If there are receivers in the network connected to the IGMP router, the data will be forwarded to this network segment and the receiver hosts receive the data.

  • Page 466: Igmp Configuration

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 6 IGMP Configuration On VLAN interface 2, configure VLAN interface 1 as the outbound IGMP Proxy interface to external networks. You must enable the IGMP protocol on the interface first, and then configure the igmp proxy command.

  • Page 467: Configuring Igmp Query Messages

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 6 IGMP Configuration To do... Use the command... Remarks Enter system view system-view — Enable the multicast multicast Enable the multicast routing protocol routing-enable routing protocol. interface Vlan-interface Enter VLAN interface view —...
  • Page 468 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 6 IGMP Configuration When the IGMP querier receives the message, it will send IGMP group-specific query messages interval configured igmp lastmember-queryinterval command (the interval is 1 second by default) for the robust-value times (the robust-value argument is configured by the igmp robust-count command and it is 2 by default).
  • Page 469 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 6 IGMP Configuration To do... Use the command... Remarks Required By default, if the IP multicast routing protocol Enable IGMP on the igmp enable is enabled globally, IGMP current interface...

  • Page 470: Configuring Igmp Multicast Groups On The Interface

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 6 IGMP Configuration 6.2.3 Configuring IGMP Multicast Groups on the Interface You can perform the following configurations on the interface for the IGMP multicast groups: Limit the number of multicast groups on the interface Limit the range of multicast groups that the interface serves I.
  • Page 471 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 6 IGMP Configuration To do... Use the command... Remarks Optional By default, the filter is not configured, that is, any multicast group is permitted interface. If the port keyword is...

  • Page 472: Configuring Router Ports To Join The Specified Multicast Group

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 6 IGMP Configuration 6.2.4 Configuring Router Ports to Join the Specified Multicast Group Generally, the host running IGMP will respond to the IGMP query messages of the multicast switch. If the host cannot respond for some reasons, the multicast switch may think that there is no members of the multicast group in this network segment and then remove the corresponding paths.

  • Page 473: Configuring Suppression On Igmp Report Messages

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 6 IGMP Configuration After the configuration of IGMP Proxy on the Layer 3 switch of the leaf network, the leaf Layer 3 switch is just a host for the external network. Only when the Layer 3 switch has directly connected members, can it receive the multicast data of corresponding groups.

  • Page 474: Removing The Joined Igmp Groups From The Interface

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 6 IGMP Configuration When the suppression on IGMP report messages is enabled, the Layer 3 switch will receive only the first IGMP report message from the hosts in a multicast group and drop the other IGMP report messages from the multicast group.

  • Page 475: Chapter 7 Pim Configuration

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 7 PIM Configuration Chapter 7 PIM Configuration 7.1 PIM Overview Protocol independent multicast (PIM) means that the unicast routing protocols providing routes for IP multicast could be static routes, RIP, OSPF, IS-IS, or BGP. The multicast routing protocol is independent of unicast routing protocols only if unicast routing protocols can generate route entries.
  • Page 476 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 7 PIM Configuration Neighbor discovery SPT establishing Graft RPF check Assert mechanism I. Neighbor discovery In a PIM-DM network, the multicast router needs to use Hello messages to perform neighbor discovery and maintain the neighbor relation when it is started. All routers keep in touch with each other through sending Hello messages periodically, and thus SPT is established and maintained.
  • Page 477 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 7 PIM Configuration Host A Source Receiver Host B Server Receiver Prune message Multicast packets Host C Figure 7-1 Diagram for SPT establishment in PIM-DM The process above is called "Flooding and Pruning". Every pruned node also provides a timeout mechanism.

  • Page 478: Introduction To Pim-Sm

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 7 PIM Configuration V. Assert mechanism In the shared network such as Ethernet, the same packets may be sent repeatedly. For example, the LAN network segment contains many multicast routers, A, B, and C. They each have their own receiving path to the multicast source S.

  • Page 479: Work Mechanism Of Pim-Sm

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 7 PIM Configuration network bandwidth that the data packets and control messages occupy is reduced, and the processing overhead of the router is also reduced. In the receiving end, the router connected to the receiver sends a join message to the RP corresponding to the multicast group.
  • Page 480 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 7 PIM Configuration Receiver Source Receiver Hello message Register message Join message Figure 7-3 Diagram for DR election Each router on the shared network sends Hello messages with the DR priority option to each other.
  • Page 481 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 7 PIM Configuration The BSR is the core management device in a PIM-SM network. The BSR is responsible for: Collecting the Advertisement messages sent by the Candidate-RP (C-RP) in the network.
  • Page 482 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 7 PIM Configuration Only one BSR can be elected in a network or management domain, while multiple candidate BSRs (C-BSR) can be configured. In this case, once the BSR fails, other C-BSRs can elect a new BSR through auto-election.
  • Page 483 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 7 PIM Configuration check whether it has the receivers interested in the multicast information. If not, the upstream router will continue to forward the prune message to upstream routers. V. Multicast source registration...

  • Page 484: Common Pim Configuration

    S to the receiver directly. Through the RPT-to-SPT switchover, the PIM-SM can establish an SPT in a more economical way than PIM-DM. The related threshold value is not set on S7500 series Ethernet switches. When the switch receives multicast data forwarded over the RPT, it will update the incoming interface automatically and sends a prune message to the RP.

  • Page 485: Configuring Pim Neighbors

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 7 PIM Configuration Follow these steps to configure the interval of sending Hello messages: To do... Use the command... Remarks Enter system view system-view — Enable the multicast multicast Required...

  • Page 486: Clearing Pim Relevant Entries

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 7 PIM Configuration To do... Use the command... Remarks interface Vlan-interface Enter VLAN interface view — interface-number Required Configure Enable PIM-DM/PIM-SM pim dm / pim sm protocol type interface. Optional...

  • Page 487: Pim-Dm Configuration

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 7 PIM Configuration To do... Use the command... Remarks reset pim neighbor { all | Perform the Clear PIM neighbors { neighbor-address | interface configuration in interface-type interface-number } * } user view.

  • Page 488: Configuring Filtering Policies For Multicast Source/Group

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 7 PIM Configuration Task Remarks Configuring Filtering Policies for Multicast Source/Group Optional Configuring BSR/RP Optional Configuring PIM-SM Domain Boundary Optional Configuring the RP to Filter Register Messages from the DR Optional 7.4.1 Configuring Filtering Policies for Multicast Source/Group...

  • Page 489: Configuring Pim-Sm Domain Boundary

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 7 PIM Configuration To do... Use the command... Remarks Optional You can configure to filter the addresses some Limit the range of crp-policy acl-number multicast groups in an ACL. valid C-RPs...

  • Page 490: Configuring The Rp To Filter Register Messages From The Dr

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 7 PIM Configuration To do... Use the command... Remarks Enter system view system-view — Enable the multicast multicast routing-enable Required routing protocol Enter VLAN interface Vlan-interface — interface view interface-number...

  • Page 491: Displaying And Maintaining Pim

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 7 PIM Configuration To do... Use the command... Remarks — Enter PIM view Required You can configure to filter Configure the RP to the IP addresses of some filter the register register-policy multicast groups in an ACL.

  • Page 492: Pim Configuration Examples

    # Enable the multicast routing protocol. <H3C> system-view [H3C] multicast routing-enable # Enable IGMP and PIM-DM on the interfaces. [H3C] vlan 10 [H3C-vlan10] port Ethernet 2/0/2 to Ethernet 2/0/3 [H3C-vlan10] quit [H3C] vlan 11 [H3C-vlan11] port Ethernet 2/0/4 to Ethernet 2/0/5 [H3C-vlan11] quit...

  • Page 493: Pim-Sm Configuration Example

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 7 PIM Configuration [H3C-Vlan-interface10] quit [H3C] interface Vlan-interface 11 [H3C-Vlan-interface11] ip address 2.2.2.2 255.255.0.0 [H3C-Vlan-interface11] pim dm [H3C-Vlan-interface11] quit [H3C] interface Vlan-interface 12 [H3C-Vlan-interface12] ip address 3.3.3.3 255.255.0.0 [H3C-Vlan-interface12] pim dm 7.6.2 PIM-SM Configuration Example...
  • Page 494 III. Configuration procedure Configure LS_A # Enable PIM-SM. <H3C> system-view [H3C] multicast routing-enable [H3C] vlan 10 [H3C-vlan10] port Ethernet 2/0/2 to Ethernet 2/0/3 [H3C-vlan10] quit [H3C] interface Vlan-interface 10 [H3C-Vlan-interface10] igmp enable [H3C-Vlan-interface10] pim sm [H3C-Vlan-interface10] quit [H3C] vlan 11...
  • Page 495 Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 7 PIM Configuration [H3C-vlan12] port Ethernet 2/0/6 to Ethernet 2/0/7 [H3C-vlan12] quit [H3C] interface Vlan-interface 12 [H3C-Vlan-interface12] pim sm [H3C-Vlan-interface12] quit # Configure candidate BSRs. [H3C] pim [H3C-pim] c-bsr Vlan-interface 10 30 2 # Configure candidate RPs.

  • Page 496: Troubleshooting Pim

    Operation Manual – Multicast H3C S7500 Series Ethernet Switches Chapter 7 PIM Configuration [H3C] interface Vlan-interface 12 [H3C-Vlan-interface12] pim sm [H3C-Vlan-interface12] quit 7.7 Troubleshooting PIM Symptom 1: The router cannot set up multicast routing tables correctly. Solution: You can troubleshoot PIM according to the following procedure.
  • Page 497 1.1.2 802.1x Authentication Mechanism ................1-3 1.1.3 EAPoL Encapsulation ..................... 1-4 1.1.4 802.1x Authentication Procedure ................1-6 1.1.5 802.1x Timer ......................1-9 1.1.6 802.1x Implementation on an S7500 Series Switch ..........1-10 1.2 802.1x Configuration......................1-12 1.3 Basic 802.1x Configuration....................1-13 1.3.1 Prerequisites ......................1-13 1.3.2 Configuring Basic 802.1x Functions..............

  • Page 498: Chapter 1 802.1X Configuration

    EAPoL Encapsulation 802.1x Authentication Procedure 802.1x Timer 802.1x Implementation on an S7500 Series Switch 1.1.1 Architecture of 802.1x Authentication 802.1x adopts a client/server architecture with three entities: a supplicant system, an authenticator system, and an authentication server system, as shown in Figure 1-1.
  • Page 499 (extensible authentication protocol over LANs). The authenticator system authenticates the supplicant system. The authenticator system is usually an 802.1x-supported network device (such as an H3C series switch). It provides a port (physical or logical) for the supplicant system to access the LAN.

  • Page 500: Authentication Mechanism

    Operation Manual – 802.1x H3C S7500 Series Ethernet Switches Chapter 1 802.1x Configuration II. Controlled port and uncontrolled port The authenticator system provides ports for supplicant systems to access a LAN. A port of this kind is divided into two virtual ports: a controlled port and an uncontrolled port.

  • Page 501: Eapol Encapsulation

    Operation Manual – 802.1x H3C S7500 Series Ethernet Switches Chapter 1 802.1x Configuration terminated at the authenticator system PAE. The authenticator system PAE then communicates with the RADIUS server through PAP (password authentication protocol) or CHAP (challenge-handshake authentication protocol) packets.
  • Page 502 Operation Manual – 802.1x H3C S7500 Series Ethernet Switches Chapter 1 802.1x Configuration II. EAP packet format For an EAPoL packet with the Type value being EAP-packet, the corresponding Packet body is an EAP packet. Its format is illustrated in Figure 1-4.

  • Page 503: Authentication Procedure

    Figure 1-7 Encapsulation format of the Message-authenticator attribut 1.1.4 802.1x Authentication Procedure An H3C S7500 series switch can authenticate supplicant systems in EAP termination mode or EAP relay mode. I. EAP relay mode This mode is defined in 802.1x. In this mode, EAP protocol is carried over other upper layer protocols like EAP over RADIUS so that EAP packets can traverse through complicated networks and arrive the authentication server.
  • Page 504 Operation Manual – 802.1x H3C S7500 Series Ethernet Switches Chapter 1 802.1x Configuration EAPOR EAPOR EAPOR EAPOR EAPOL EAPOL EAPOL EAPOL Supplicant Supplicant Supplicant Supplicant Authenticator Authenticator Sw itch Sw itch RADIUS server RADIUS server RADIUS server RADIUS server EAPOL-Start...
  • Page 505 Operation Manual – 802.1x H3C S7500 Series Ethernet Switches Chapter 1 802.1x Configuration key and sends the encrypted password (encapsulated in an EAP-response/MD5 challenge packet) to the RADIUS server through the switch. (The encryption is irreversible.) The RADIUS server compares the received encrypted password (contained in an RADIUS Access-Request packet) with the locally encrypted password.

  • Page 506: Timer

    Operation Manual – 802.1x H3C S7500 Series Ethernet Switches Chapter 1 802.1x Configuration RADIUS RADIUS EAPOL EAPOL Supplicant Supplicant Sw itch Sw itch RADIUS server RADIUS server EAPOL-Start EAPOL-Start EAP-Request/Identity EAP-Request/Identity EAP-Response/Identity EAP-Response/Identity EAP-Request/MD5 Challenge EAP-Request/MD5 Challenge EAP-Response/MD5 Challenge EAP-Response/MD5 Challenge...

  • Page 507: Implementation On An S7500 Series Switch

    1.1.6 802.1x Implementation on an S7500 Series Switch In addition to the previously mentioned 802.1x features, an S7500 series switch is also capable of: Cooperating with a CAMS server to perform proxy detection, such as detecting login through proxy server and multiple network interface cards;...
  • Page 508 Note: The client version checking function needs the support of H3C’s 802.1x client program. III. Guest VLAN The Guest VLAN function enables supplicant systems that do not pass the authentication to access a LAN in a restrained way.

  • Page 509: Configuration

    Operation Manual – 802.1x H3C S7500 Series Ethernet Switches Chapter 1 802.1x Configuration With the Guest VLAN function enabled, supplicant systems that do not have 802.1x client installed can access specific network resources. They can also upgrade their 802.1x clients without being authenticated.

  • Page 510: Basic 802.1X Configuration

    Operation Manual – 802.1x H3C S7500 Series Ethernet Switches Chapter 1 802.1x Configuration You can also specify to adopt RADIUS authentication scheme, with a local authentication scheme as an alternative. In this case, the local authentication scheme is adopted when the RADIUS server fails.

  • Page 511: Timer And Maximum User Number Configuration

    Operation Manual – 802.1x H3C S7500 Series Ethernet Switches Chapter 1 802.1x Configuration To do... Use the command... Remarks In system view: dot1x re-authenticate [ interface Optional Enable 802.1x interface-list ] re-authentication Disabled by default In port view: dot1x re-authenticate Caution: 802.1x-related configurations can all be performed in system view.
  • Page 512 Operation Manual – 802.1x H3C S7500 Series Ethernet Switches Chapter 1 802.1x Configuration To do... Use the command... Remarks Optional Configure the By default, max-retry-value is maximum retry 2. That is, the authenticator dot1x retry max-retry-value times to send a...

  • Page 513: Advanced 802.1X Configuration

    Operation Manual – 802.1x H3C S7500 Series Ethernet Switches Chapter 1 802.1x Configuration 1.5 Advanced 802.1x Configuration Advanced 802.1x configurations, as listed below, are all optional. CAMS cooperation configuration, including detecting multiple network interface cards or proxy server; Client version checking configuration;...

  • Page 514: Configuring Client Version Checking

    Chapter 1 802.1x Configuration Note: The proxy detection function needs the support of H3C's 802.1x client program. The proxy detection function should be enabled on both the 802.1x client program and CAMS. The client version checking should be enabled on the switch (by using the dot1x version-check command).

  • Page 515: Configuring Guest Vlan

    Operation Manual – 802.1x H3C S7500 Series Ethernet Switches Chapter 1 802.1x Configuration Table 1-5 Enable DHCP-triggered authentication To do... Use the command... Remarks — Enter system view system-view Enable DHCP-triggered dot1x dhcp-launch Disabled by default authentication 1.5.5 Configuring Guest VLAN Table 1-6 Configure Guest VLAN To do...

  • Page 516: Configuration Example

    Operation Manual – 802.1x H3C S7500 Series Ethernet Switches Chapter 1 802.1x Configuration Table 1-7 Display and debug 802.1x To do... Use the command... Remarks Display the configuration, display dot1x [ sessions | health, and statistics about statistics ] [ interface In any view 802.1x...
  • Page 517 # Set the access control method to MAC-address-based (This command can be omitted as MAC-address-based is the default configuration). [H3C] dot1x port-method macbased interface Ethernet 2/0/1 # Create a RADIUS scheme named radius1 and enter RADIUS scheme view. [H3C] radius scheme radius1 # Assign IP addresses to the primary authentication and accounting RADIUS servers.
  • Page 518 Operation Manual – 802.1x H3C S7500 Series Ethernet Switches Chapter 1 802.1x Configuration [H3C-radius-radius1] secondary accounting 10.11.1.1 # Set the password for the switch and the authentication RADIUS servers to exchange messages. [H3C -radius-radius1] key authentication name # Set the password for the switch and the accounting RADIUS servers to exchange messages.

  • Page 519: Chapter 2 Habp Configuration

    Operation Manual – 802.1x H3C S7500 Series Ethernet Switches Chapter 2 HABP Configuration Chapter 2 HABP Configuration When configuring HABP, go to these sections for information you are interested in: Introduction to HABP HABP Server Configuration HABP Client Configuration Displaying HABP 2.1 Introduction to HABP...

  • Page 520: Habp Client Configuration

    Operation Manual – 802.1x H3C S7500 Series Ethernet Switches Chapter 2 HABP Configuration To do... Use the command... Remarks Required By default, a switch operates as an HABP client after you enable Configure the habp server vlan HABP on the switch, and if you...
  • Page 521 Operation Manual – AAA & RADIUS & HWTACACS & EAD H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 AAA & RADIUS & HWTACACS Configuration ............1-1 1.1 Introduction to AAA, RADIUS and HWTACACS ............... 1-1 1.1.1 Introduction to AAA ....................
  • Page 522 Operation Manual – AAA & RADIUS & HWTACACS & EAD H3C S7500 Series Ethernet Switches Table of Contents 1.7.1 Remote RADIUS Authentication of Telnet/SSH Users ......... 1-40 1.7.2 Local Authentication of FTP/Telnet Users ............1-42 1.7.3 TACACS Authentication, Authorization, and Accounting of Telnet Users .... 1-44 1.8 Troubleshooting AAA &...

  • Page 523: Chapter 1 Aaa & Radius & Hwtacacs Configuration

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration Chapter 1 AAA & RADIUS & HWTACACS Configuration When configuring AAA, RADIUS, and HWTACACS, go to these sections for...

  • Page 524: Introduction To Isp Domain

    Remote authentication: Users are authenticated remotely through the RADIUS protocol or HWTACACS protocol. The device (for example, an H3C series switch) acts as a client to communicate with the RADIUS server or TACACS server. For RADIUS protocol, both standard and extended RADIUS protocols can be used.

  • Page 525: Introduction To Radius

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration 1.1.3 Introduction to RADIUS AAA is a management framework. It can be implemented through more than one protocol.
  • Page 526 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration In addition, the RADIUS server can act as a proxy client to other AAA servers to provide the authentication or accounting service.
  • Page 527 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration start-accounting request (Accounting-Request, with the Status-Type filed set to start) to the RADIUS server. The RADIUS server returns a start-accounting response (Accounting-Response).
  • Page 528 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration Code Packet type Packet description Direction: server->client. The server transmits this packet to the client if Access-Reject...
  • Page 529 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration Table 1-2 RADIUS attributes Value of the Type Value of the Type Attribute type Attribute type field...

  • Page 530: Introduction To Hwtacacs

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration In the packet structure shown in Figure 1-4, the Vendor-ID field representing the code of the vendor occupies four bytes. The most significant byte is 0, and the other three bytes are defined in RFC1700.
  • Page 531 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration In a typical HWTACACS application, a dial-up or terminal user needs to log in to the device for operations. Acting as the HWTACACS client in this case, the switch sends the username and password to the TACACS server for authentication.
  • Page 532 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration Figure 1-6 The AAA implementation procedure for a telnet user The basic message exchange procedure is as follows: A user requests access to the switch;...

  • Page 533: Aaa & Radius & Hwtacacs Configuration Task List

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration The TACACS client sends the user authorization request packet to the TACACS server. The TACACS server sends back the authorization response, indicating that the user has passed the authorization.
  • Page 534 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration To do... Remarks Related section Create a RADIUS Creating a RADIUS Required scheme Scheme Configure RADIUS Configuring RADIUS...

  • Page 535: Aaa Configuration

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration To do... Remarks Related section Create a Creating a Required HWTACACS scheme HWTACACS Scheme Configure Configuring HWTACACS...

  • Page 536: Creating An Isp Domain

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration RADIUS scheme (radius-scheme): You can reference a configured RADIUS scheme to implement AAA services. For the configuration of RADIUS scheme,...

  • Page 537: Configuring An Aaa Scheme For An Isp Domain

    Caution: On an S7500 series switch, each access user belongs to an ISP domain. You can configure up to 16 ISP domains on the switch. When a user logs in, if no ISP domain name is carried in the user name, the switch assumes that the user belongs to the default ISP domain.
  • Page 538 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration be uniformly implemented by the RADIUS server or TACACS server specified in the RADIUS or HWTACACS scheme.

  • Page 539: Configuring Dynamic Vlan Assignment

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration Caution: You can execute the scheme command with the radius-scheme-name argument to adopt an already configured RADIUS scheme to implement all the three AAA functions.
  • Page 540 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration The switch supports the integer mode and string mode of dynamic VLAN assignments to adapt to authentication server. Different servers assign VLANs in different ways. You are recommended to configure the switch based on the mode of dynamic VLAN assignment used by the server.

  • Page 541: Configuring The Attributes Of A Local User

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration Caution: In string mode, if the VLAN ID assigned by the RADIUS server is a character string...
  • Page 542 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration To do... Use the command... Remarks Required service-type { ftp | Authorize the user to By default, the system...

  • Page 543: Cutting Down User Connections

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration 1.3.7 Cutting Down User Connections Table 1-11 Cut down user connection To do... Use the command... Remarks...

  • Page 544: Creating A Radius Scheme

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration Note: Actually, the RADIUS protocol configuration only defines the parameters used for information exchange between the switch and the RADIUS servers. To make these parameters take effect, make sure you reference the RADIUS scheme configured with these parameters in an ISP domain view.

  • Page 545: Configuring Radius Authentication/Authorization Servers

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration Caution: A RADIUS scheme can be referenced by multiple ISP domains at the same time. 1.4.2 Configuring RADIUS Authentication/Authorization Servers Table 1-13 Configure RADIUS authentication/authorization server To do...

  • Page 546: Configuring Radius Accounting Servers

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration 1.4.3 Configuring RADIUS Accounting Servers Table 1-14 Configure RADIUS accounting server To do... Use the command... Remarks...

  • Page 547: Configuring Shared Keys For Radius Packets

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration Caution: In an actual network environment, you can either specify two RADIUS servers as the primary and secondary accounting servers respectively, or specify only one server as both the primary and secondary accounting servers.

  • Page 548: Configuring The Maximum Number Of Transmission Attempts Of Radius Requests

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration To do... Use the command... Remarks Set a shared key for the RADIUS accounting Required key accounting string...

  • Page 549: Configuring The Supported Radius Server Type

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration 1.4.6 Configuring the Supported RADIUS Server Type Table 1-17 Configure the supported RADIUS server type To do...

  • Page 550: Configuring The Attributes For Data To Be Sent To Radius Servers

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration To do... Use the command... Remarks Set the status of the state primary primary RADIUS authentication { block |...

  • Page 551: Configuring A Local Radius Authentication Server

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration Caution: Generally, the access users are named in the userid@isp-name format. isp-name behind the @ character represents the ISP domain name, by which the device determines which ISP domain it should ascribe the user to.

  • Page 552: Configuring The Timers Of Radius Servers

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration Caution: When you use the local RADIUS authentication server function, the UDP port number for the authentication/authorization service must be 1645, the UDP port number for the accounting service is 1646, and the IP addresses of the servers must be set to the addresses of the switch.

  • Page 553: Configuring The User Re-Authentication Upon Device Restart Function

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration Table 1-21 Set the timers of RADIUS server To do... Use the command... Remarks Enter system view system-view —...

  • Page 554: Hwtacacs Configuration

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration The switch generates an Accounting-On packet, which mainly contains the following information: NAS-ID, NAS-IP address (source IP address), and session The switch sends the Accounting-On packet to CAMS at regular intervals.

  • Page 555: Creating A Hwtacacs Scheme

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration Configuring HWTACACS Authentication Servers Configuring HWTACACS Authorization Servers Configuring HWTACACS Accounting Servers Configuring Shared Keys for HWTACACS Packets...

  • Page 556: Configuring Hwtacacs Authorization Servers

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration To do... Use the command... Remarks Required Set the IP address and By default, the IP address...

  • Page 557: Configuring Hwtacacs Accounting Servers

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration Caution: The primary and secondary authorization servers cannot use the same IP address. Otherwise, the system will prompt unsuccessful configuration.

  • Page 558: Configuring Shared Keys For Hwtacacs Packets

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration Caution: The primary and secondary accounting servers cannot use the same IP address. Otherwise, the system will prompt unsuccessful configuration.

  • Page 559: Configuring The Attributes For Data To Be Sent To Tacacs Servers

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration 1.5.6 Configuring the Attributes for Data to be Sent to TACACS Servers Table 1-28 Configure the attributes for data to be sent to TACACS servers To do...

  • Page 560: Configuring The Timers Of Tacacs Servers

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration 1.5.7 Configuring the Timers of TACACS Servers Table 1-29 Configure the timers of TACACS servers To do...
  • Page 561 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration You can use the reset command in user view to clear the corresponding statistics. Table 1-30 Display AAA configuration information To do...

  • Page 562: Aaa & Radius & Hwtacacs Configuration Example

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration To do... Use the command... Remarks reset stop-accounting-buffer Delete the buffered { radius-scheme You can no-response radius-scheme-name | session-id...
  • Page 563 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration I. Network requirements In the network environment shown in Figure 1-7, you are required to configure the switch so that the Telnet users logging into the switch are authenticated by the RADIUS server.

  • Page 564: Local Authentication Of Ftp/Telnet Users

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration III. Configuration procedure # Enter system view. <H3C> system-view [H3C] # Adopt AAA authentication for Telnet users.
  • Page 565 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration II. Network diagram Internet Telnet User Switch Figure 1-8 Local authentication of Telnet user III. Configuration procedure Method 1: Use a local authentication scheme.

  • Page 566: Tacacs Authentication, Authorization, And Accounting Of Telnet Users

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration 1.7.3 TACACS Authentication, Authorization, and Accounting of Telnet Users I. Network requirements The switch needs to be configured so that the Telnet users logging in to the TACACS server are authenticated, authorized, and accounted.

  • Page 567: Troubleshooting Aaa & Radius & Hwtacacs Configuration

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration [H3C-isp-hwtacacs] scheme hwtacacs-scheme hwtac 1.8 Troubleshooting AAA & RADIUS & HWTACACS Configuration 1.8.1 Troubleshooting the RADIUS Protocol The RADIUS protocol is at the application layer in the TCP/IP protocol suite.

  • Page 568: Troubleshooting The Hwtacacs Protocol

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS H3C S7500 Series Ethernet Switches Configuration run on different devices — Be sure to configure the RADIUS servers on the switch according to the actual situation.

  • Page 569: Chapter 2 Ead Configuration

    Operation Manual – AAA & RADIUS & HWTACACS & EAD H3C S7500 Series Ethernet Switches Chapter 2 EAD Configuration Chapter 2 EAD Configuration When configuring EAD, go to these sections for information you are interested in: Introduction to EAD Typical Network Application of EAD...

  • Page 570: Typical Network Application Of Ead

    Operation Manual – AAA & RADIUS & HWTACACS & EAD H3C S7500 Series Ethernet Switches Chapter 2 EAD Configuration Figure 2-1 EAD basic principle 2.2 Typical Network Application of EAD The EAD scheme checks the security status of the user, and implements the user access control policy forcibly according to the result.

  • Page 571: Ead Configuration

    Operation Manual – AAA & RADIUS & HWTACACS & EAD H3C S7500 Series Ethernet Switches Chapter 2 EAD Configuration The security client (software installed on PC) checks the security status of a client that just passes the authentication, and interacts with the security policy server. If the client is not compliant with the security standard, the security policy server issues ACL control packets to the switch to control which resources the client can access.

  • Page 572: Ead Configuration Example

    10.110.91.166 10.110.91. Figure 2-3 EAD configuration exampl III. Configuration procedure # Configure 802.1X on the switch. Refer to the 802.1X module in H3C S7500 Series Ethernet Switches Operation Manual for detailed description. # Configure a domain. <H3C> system-view [H3C] domain system...
  • Page 573 Operation Manual – AAA & RADIUS & HWTACACS & EAD H3C S7500 Series Ethernet Switches Chapter 2 EAD Configuration # Configure a RADIUS scheme. [H3C] radius scheme cams [H3C-radius-cams] primary authentication 10.110.91.164 1812 [H3C-radius-cams] key authentication expert [H3C-radius-cams] accounting optional [H3C-radius-cams] server-type extended # Configure the IP address for the security policy server.

  • Page 574: Traffic Accounting

    Operation Manual – Traffic Accounting H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Traffic Accounting Configuration ................1-1 1.1 Introduction to Traffic Accounting ..................1-1 1.1.1 Related Concepts of Traffic Accounting..............1-1 1.1.2 Implementation Process of Traffic Accounting............1-2 1.2 Configuring Traffic Accounting...................

  • Page 575: Chapter 1 Traffic Accounting Configuration

    Operation Manual – Traffic Accounting H3C S7500 Series Ethernet Switches Chapter 1 Traffic Accounting Configuration Chapter 1 Traffic Accounting Configuration Note: The traffic accounting card mentioned in this chapter refers to LS81VSNP line processing unit (LPU). When configuring traffic accounting, go to these sections for information you are...

  • Page 576: Implementation Process Of Traffic Accounting

    1.1.2 Implementation Process of Traffic Accounting Figure 1-1 shows the implementation process of traffic accounting on the H3C S7500 Series Switches. Figure 1-1 Implementation process of traffic accounting The following section details the process of traffic accounting: After a user passes the 802.1x authentication, the user logs in successfully.

  • Page 577: Configuring Traffic Accounting

    Operation Manual – Traffic Accounting H3C S7500 Series Ethernet Switches Chapter 1 Traffic Accounting Configuration Note: This document describes the configuration of traffic accounting. The configuration of 802.1x and CAMS server is not covered here. 1.2.2 Configuring Traffic Accounting The following table describes the configuration tasks for traffic accounting.

  • Page 578: Displaying Traffic Accounting

    Operation Manual – Traffic Accounting H3C S7500 Series Ethernet Switches Chapter 1 Traffic Accounting Configuration Table 1-3 Configure a traffic group for a domain Configuration Use the command... Remarks Enter system view system-view — Enter ISP domain view domain domain-name —...
  • Page 579 Operation Manual – Traffic Accounting H3C S7500 Series Ethernet Switches Chapter 1 Traffic Accounting Configuration II. Network diagram CAMS Internet User Switch Figure 1-2 Network diagram for traffic accountin III. Configuration procedure # Configure a traffic accounting group named somegroup.

  • Page 580: Vrrp-Ha

    Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 VRRP Configuration ....................1-1 1.1 VRRP Overview ......................... 1-1 1.1.2 Virtual Router Overview ..................1-2 1.1.3 Introduction to Backup Group ................. 1-4 1.2 VRRP Configuration ......................1-6 1.2.1 VRRP Configuration Task List ................

  • Page 581: Chapter 1 Vrrp Configuration

    Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 1 VRRP Configuration Chapter 1 VRRP Configuration When configuring VRRP, go to these sections for information you are interested in: VRRP Overview VRRP Configuration Displaying and Maintaining VRRP VRRP Configuration Examples Troubleshooting VRRP 1.1 VRRP Overview...

  • Page 582: Virtual Router Overview

    Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 1 VRRP Configuration VRRP combines a group of LAN switches, including a master switch and several backup switches, into a virtual router, or a backup group. Network Actual IP address Actual IP address 10.100.10.3...
  • Page 583 Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 1 VRRP Configuration I. Configuring a virtual router IP address The IP address of the virtual router can be an unassigned IP address of the network segment where the backup group is located or the interface IP address of a member switch in the backup group.

  • Page 584: Introduction To Backup Group

    Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 1 VRRP Configuration Note: When you map a virtual IP address to the virtual MAC address on an S7500 switch, the number of backup groups that can be configured on a VLAN interface is determined by the chips used.
  • Page 585 Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 1 VRRP Configuration III. Configuring preemptive mode for a switch in a backup group As long as a switch in the backup group becomes the master switch, other switches, even if they are configured with a higher priority later, do not preempt the master switch unless they operate in preemptive mode.

  • Page 586: Vrrp Configuration

    Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 1 VRRP Configuration VRRP packets from the master after a specific period (determined by the master-down-interval argument), they consider the master is down and initiates the process to determine the master switch.

  • Page 587: Configuring A Virtual Router Ip Address

    Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 1 VRRP Configuration Task Remarks Configuring a Virtual Router IP Address Required Configuring Backup Group-Related Parameters Required 1.2.2 Configuring a Virtual Router IP Address The following table lists the operations to configure a virtual router IP address (suppose...

  • Page 588: Displaying And Maintaining Vrrp

    Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 1 VRRP Configuration To do… Use the command… Remarks interface Vlan-interface Enter VLAN interface view — valn-id Optional Configure the priority of vrrp vrid virtual-router-id By default, the priority of a...

  • Page 589: Vrrp Configuration Examples

    Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 1 VRRP Configuration 1.4 VRRP Configuration Examples 1.4.1 Single-VRRP Backup Group Configuration I. Network requirements Host A uses the VRRP virtual router comprising switch A and switch B as its default gateway to visit host B on the Internet.
  • Page 590 Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 1 VRRP Configuration II. Network diagram Host B 10.2.3.1 Internet VLAN-Interface3: 10.100.10.2 LSW A LSW B VLAN-Interface2: VLAN-Interface2: Virtual IP address 2 02.38.160.111 202.38.160.1 202.38.160.2 202.38.160.3 Host A Figure 1-3 Network diagram for single-VRRP backup group configuration III.

  • Page 591: Vrrp Tracking Interface Configuration

    Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 1 VRRP Configuration [LSW-A-Vlan-interface2] vrrp vrid 1 priority 110 # Configure the preemptive mode for the backup group. [LSW-A-Vlan-interface2] vrrp vrid 1 preempt-mode Configure Switch B. # Configure VLAN 2.
  • Page 592 Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 1 VRRP Configuration II. Network diagram Host B 10.2.3.1 Internet VLAN-Interface3: 10.100.10.2 LSW A LSW B VLAN-Interface2: Virtual IP address VLAN-Interface2: 202.38.160.1 202.38.160.111 202.38.160.2 202.38.160.3 Host A Figure 1-4 Network diagram for interface tracking configuratio III.

  • Page 593: Multiple-Vrrp Backup Group Configuration

    Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 1 VRRP Configuration # Set the authentication type for the backup group to md5, and the password to abc123. [LSW-A-Vlan-interface2] vrrp authentication-mode md5 abc123 # Configure that the master switch to send VRRP packets once every 5 seconds.
  • Page 594 Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 1 VRRP Configuration backup group 2. Similarly, Switch B operates as the master switch of backup group 2 and a backup switch in backup group 1. Some hosts in the network take virtual router 1 as the gateway, while others take virtual router 2 as the gateway.

  • Page 595: Troubleshooting Vrrp

    Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 1 VRRP Configuration # Create backup group 2. [LSW-A-Vlan-interface2] vrrp vrid 2 virtual-ip 202.38.160.112 Configure Switch B. # Configure VLAN 2. <LSW-B> system-view System View: return to User View with Ctrl+Z.
  • Page 596 Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 1 VRRP Configuration coexistence of many master switches, which may be because the original master switch and other member switches in a backup group cannot receive VRRP packets from each other, or receive some illegal packets.

  • Page 597: Chapter 2 Ha Configuration

    Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 2 HA Configuration Chapter 2 HA Configuration When configuring HA, go to these sections for information you are interested in: HA Overview HA Configuration Displaying HA 2.1 HA Overview S7506R supports high availability (HA) feature. This feature is to achieve a high availability of the system and to recover the system quickly in the event of failures so as to shorten the mean time between failure (MTBF).

  • Page 598: Ha Configuration

    Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 2 HA Configuration The configuration file of the slave board is copied from the master board in real time, which can ensure that the slave system continues to operate in the same configuration as that of the original active system after the master/slave switchover.

  • Page 599: Setting The Slave Board Restart Manually

    Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 2 HA Configuration 2.2.2 Setting the Slave Board Restart Manually When the slave board works normally, you can set the slave system restart manually. Perform the following operation to set slave board restart manually: To do…...

  • Page 600: Displaying Ha

    Operation Manual – VRRP-HA H3C S7500 Series Ethernet Switches Chapter 2 HA Configuration Follow the step to synchronize the configuration file manually: To do… Use the command… Remarks Optional Synchronize the slave update configuration file manually configuration Available in user view.
  • Page 601 Operation Manual – ARP H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ARP Configuration....................... 1-1 1.1 Introduction to ARP......................1-1 1.1.1 Necessity of ARP ....................1-1 1.1.2 ARP Packet Format ....................1-1 1.1.3 ARP Table ....................... 1-2 1.1.4 ARP Implementation ....................

  • Page 602: Chapter 1 Arp Configuration

    Operation Manual – ARP H3C S7500 Series Ethernet Switches Chapter 1 ARP Configuration Chapter 1 ARP Configuration When configuring ARP, go to these sections for information you are interested in: Introduction to ARP Configuring ARP Displaying and Maintaining ARP Configuration 1.1 Introduction to ARP...

  • Page 603: Arp Table

    Operation Manual – ARP H3C S7500 Series Ethernet Switches Chapter 1 ARP Configuration Table 1-1 describes the fields of an ARP packet. Table 1-1 Description on the fields of an ARP packet Field Description Type of the hardware interface. See...

  • Page 604: Arp Implementation

    Chapter 1 ARP Configuration Different manufactures’ products may provide more information about ARP table. On an S7500 series Ethernet switch, you can use the display arp command to display ARP entries in the table (see ARP Command Manual for details).

  • Page 605: Introduction To Gratuitous Arp

    To address this issue, you can configure the gratuitous ARP update interval on the S7500 series Ethernet switches. With gratuitous ARP packets sent periodically, the receiving host can update the ARP entry for the gateway in its ARP table timely. In this way, the ARP entry for the gateway has been updated before the host ages out the entry;...

  • Page 606: Introduction To Arp Attack Detection

    To guard against such attacks, S7500 series Ethernet switches support the ARP attack detection feature. With this feature, you can limit the number of IP addresses to be bound to a MAC address in a VLAN.

  • Page 607: Introduction To Arp Source Suppression

    ARP packets and discard them. 1.2 Configuring ARP ARP entries in an S7500 series Ethernet switch falls into two types: static and dynamic, as described in Table 1-4.

  • Page 608: Arp Configuration Task List

    Operation Manual – ARP H3C S7500 Series Ethernet Switches Chapter 1 ARP Configuration 1.2.1 ARP Configuration Task List Complete the following tasks to configure ARP: Task Remarks Adding a Static ARP Entry Manually Optional Configuring the Maximum Number of ARP Entries that Can Be...

  • Page 609: Configuring The Maximum Number Of Arp Entries That Can Be Learnt

    Operation Manual – ARP H3C S7500 Series Ethernet Switches Chapter 1 ARP Configuration 1.2.3 Configuring the Maximum Number of ARP Entries that Can Be Learnt Follow these steps to configure the maximum number of ARP entries that can be learnt on a port: To do…...

  • Page 610: Configuring Gratuitous Arp Learning

    Operation Manual – ARP H3C S7500 Series Ethernet Switches Chapter 1 ARP Configuration To do… Use the command… Remarks Enter system view system-view — Required Enable gratuitous ARP arp gratuitous-updating packets to be sent By default, this function is enable periodically disabled on the switch.

  • Page 611: Configuring Proxy Arp

    Operation Manual – ARP H3C S7500 Series Ethernet Switches Chapter 1 ARP Configuration Note: If secondary IP addresses are configured for a VLAN interface, the specified maximum number of IP addresses to be bound to a MAC address should be bigger than the total number of the primary and secondary IP addresses of the VLAN interface.

  • Page 612: Displaying And Maintaining Arp Configuration

    Operation Manual – ARP H3C S7500 Series Ethernet Switches Chapter 1 ARP Configuration 1.3 Displaying and Maintaining ARP Configuration To do… Use the command… Remarks Display ARP attack display arp attack-list information display arp [ static | dynamic | Display ARP entries...
  • Page 613 Operation Manual – DHCP H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 DHCP Overview......................1-1 1.1 Introduction to DHCP......................1-1 1.2 DHCP IP Address Assignment ..................1-2 1.2.1 IP Address Assignment Policy ................1-2 1.2.2 Obtaining IP Addresses Dynamically ..............1-2 1.2.3 Updating IP Address Lease ..................
  • Page 614 Operation Manual – DHCP H3C S7500 Series Ethernet Switches Table of Contents 2.6 DHCP Server Configuration Example................2-18 2.7 Troubleshooting a DHCP Server ..................2-21 Chapter 3 DHCP Relay Agent Configuration ................3-1 3.1 Introduction to DHCP Relay Agent ..................3-1 3.1.1 Usage of DHCP Relay Agent ..................

  • Page 615: Chapter 1 Dhcp Overview

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 1 DHCP Overview Chapter 1 DHCP Overview When configuring DHCP, go to these sections for information you are interested in: Introduction to DHCP DHCP IP Address Assignment DHCP Packet Format...

  • Page 616: Dhcp Ip Address Assignment

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 1 DHCP Overview 1.2 DHCP IP Address Assignment 1.2.1 IP Address Assignment Policy Currently, DHCP provides the following three IP address assignment policies to meet the requirements of different clients: Manual assignment.

  • Page 617: Updating Ip Address Lease

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 1 DHCP Overview Note: The IP addresses offered by other DHCP servers (if any) are not used by the DHCP client and are still available to other clients. 1.2.3 Updating IP Address Lease...
  • Page 618 Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 1 DHCP Overview op (1) htype (1) hlen (1) hops (1) xid (4) secs (2) flags (2) ciaddr (4) yiaddr (4) siaddr (4) giaddr (4) chaddr (16) sname (64) file (128)

  • Page 619: Dhcp Packet Processing Modes

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 1 DHCP Overview 1.4 DHCP Packet Processing Modes After the DHCP server is enabled on a device, the device processes the DHCP packet received from a DHCP client in one of the following three modes depending on your...

  • Page 620: Chapter 2 Dhcp Server Configuration

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration Chapter 2 DHCP Server Configuration When configuring DHCP servers, go to these sections for information you are interested in: Introduction to DHCP Server Global Address Pool-Based DHCP Server Configuration...

  • Page 621: Dhcp Ip Address Preferences

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration If an interface is configured with a valid unicast IP address, you can create an interface-based address pool for the interface by executing the dhcp select interface command in interface view.

  • Page 622: Global Address Pool-Based Dhcp Server Configuration

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration The first IP address found among the available IP addresses in the DHCP address pool. If no IP address is available, the DHCP server queries lease-expired and conflicted IP addresses.

  • Page 623: Configuring How To Assign Ip Addresses In A Global Address Pool

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration clients through these interfaces, it assigns IP addresses in the global address pool to the DHCP clients. Follow these steps to configure the global address pool mode on interface(s): To do…...
  • Page 624 Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration To do… Use the command… Remarks Enter system view system-view — Required Create a DHCP address dhcp server ip-pool By default, no global pool and enter DHCP...

  • Page 625: Configuring Dns Services For The Dhcp Server

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration To do… Use the command… Remarks Enter system view system-view — Required Create a DHCP address dhcp server ip-pool pool and enter DHCP By default, no DHCP...

  • Page 626: Configuring Netbios Services For The Dhcp Server

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration To do… Use the command… Remarks Enter system view system-view — Required Create a DHCP address dhcp server ip-pool By default, no global pool and enter DHCP...

  • Page 627: Customizing Dhcp Service

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration mappings by sending unicast packets to WINS servers. If they fail to obtain mappings, they send broadcast packets to obtain mappings. Follow these steps to configure NetBIOS services for the DHCP server: To do…...

  • Page 628: Interface Address Pool-Based Dhcp Server Configuration

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration DHCP server provides the gateway addresses to DHCP clients as well while assigning IP addresses to them. You can configure gateway addresses for address pools on a DHCP server. Currently, you can configure up to eight gateway addresses for a DHCP address pool.

  • Page 629: Enabling Dhcp

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration You can perform certain configurations for DHCP address pools of an interface or multiple interfaces within specified interface ranges. Configuring for multiple interfaces eases configuration work load and makes you to configure in a more convenient way.

  • Page 630: Configuring To Assign Ip Addresses Of Dhcp Address Pools To Dhcp Clients

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration Follow these steps to configure to assign the IP addresses of interface address pools to DHCP clients: To do… Use the command… Remarks Enter system view —...
  • Page 631 Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration Note: The IP addresses statically bound in interface address pools and the interface IP addresses must be in the same segment. There is no limit to the number of IP addresses statically bound in an interface address pool, but the IP addresses statically bound in interface address pools and the interface IP addresses must be in the same segment.

  • Page 632: Configuring Dns Services For The Dhcp Server

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration To do… Use the command… Remarks Optional By default, all IP addresses in a Specify the IP dhcp server forbidden-ip DHCP address addresses that are not...

  • Page 633: Configuring Netbios Services For Dhcp Clients

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration To do… Use the command… Remarks Enter system view system-view — interface interface-type interface-number Configure the current dhcp server domain-name Required Configure interface domain-name a domain...

  • Page 634: Customizing Dhcp Service

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration WINS server returns the IP address corresponding to the destination node name to the source node. M-node. Nodes of this type are p-nodes mixed with broadcasting features (The character m stands for the word mixed), that is to say, this type of nodes obtain mappings by sending broadcast packets first.

  • Page 635: Dhcp Security Configuration

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration To do… Use the command… Remarks Enter system view system-view — interface interface-type interface-number Configure dhcp server option code { ascii the current ascii-string | hex hex-string&<1-10> |...

  • Page 636: Configuring Ip Address Detecting

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration To do… Use the command… Remarks Enter system view system-view — Required Enable the private DHCP By default, the private dhcp server detect server detecting function...

  • Page 637: Displaying And Maintaining A Dhcp Server

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration 2.5 Displaying and Maintaining a DHCP Server To do… Use the command… Remarks Display the statistics on IP display dhcp server conflict { all | ip...
  • Page 638 Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration assigning is carried out through DHCP relay agent. Note that DHCP server configuration is the same in both scenarios. I. Network requirements The DHCP server assigns IP addresses dynamically to the DHCP clients on the same network segment.
  • Page 639 Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration II. Network diagram Client WINS server Client Client 10.1.1.4 /25 Vlan -int1 Vlan -int2 10.1.1 .1/25 10.1.1.129/25 Switch A 10.1 .1.126 /25 10 .1 .1.254 /25...

  • Page 640: Troubleshooting A Dhcp Server

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 2 DHCP Server Configuration # Configure DHCP address pool 2, including address range, gateway, WINS server address, and lease time. [H3C] dhcp server ip-pool 2 [H3C-dhcp-pool-2] network 10.1.1.128 mask 255.255.255.128 [H3C-dhcp-pool-2] expired day 5 [H3C-dhcp-pool-2] nbns-list 10.1.1.4...

  • Page 641: Chapter 3 Dhcp Relay Agent Configuration

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration Chapter 3 DHCP Relay Agent Configuration When configuring DHCP relay agents, go to these sections for information you are interested in: Introduction to DHCP Relay Agent...

  • Page 642: Option 82 Supporting

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration DHCP relay agents can transparently transmit broadcast packets on DHCP clients or servers to the DHCP servers or clients in other network segments. In the process of dynamic IP address assignment through the DHCP relay agent, the DHCP client and DHCP server interoperate with each other in a similar way as they do without the DHCP relay agent.
  • Page 643 Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration agent. Generally, sub-option 1 and sub-option 2 must be used together to identify information about a DHCP source. Sub-option 2: A sub-option of option 82. Sub-option 2 represents the remote agent ID, namely Remote ID.

  • Page 644: Configuring Dhcp Relay Agent

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration Note: Request packets sent by a DHCP client fall into two categories: DHCP-DISCOVER packets and DHCP-REQUEST packets. As DHCP servers coming from different manufacturers process DHCP request packets in different ways (that is, some DHCP...

  • Page 645: Configuring Dhcp Relay Agent Security

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration To enhance reliability, you can set multiple DHCP servers on the same network. These DHCP servers form a DHCP server group. When the interface establishes mapping relationship with the DHCP server group, the interface forwards the DHCP packets to all servers in the server group.
  • Page 646 Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration accessing external networks if the IP address configured on the user end and the MAC address of the user end do not match any entries (including the entries dynamically tracked by the DHCP relay agent and the manually configured static entries) in the user address table on the DHCP relay agent.

  • Page 647: Configuring Option 82 Supporting

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration III. Configuring whether to allow freely-connected clients to pass DHCP security check A freely-connected client refers to the client whose IP address and MAC address are not in the DHCP security table.

  • Page 648: Displaying And Maintaining Dhcp Relay Agent

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration To do… Use the command… Remarks Configure the strategy for Optional dhcp relay information the DHCP relay agent to strategy { drop | keep |...
  • Page 649 Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration II. Network diagram DHCP client DHCP client DHCP client DHCP client DHCP client DHCP client Vlan-int2 Vlan-int2 Vlan-int2 Vlan-int1 Vlan-int1 Vlan-int1 10.110.1.1/24 10.110.1.1/24 10.110.1.1/24 202.38.1.1/24 202.38.1.1/24...

  • Page 650: Troubleshooting Dhcp Relay Agent

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration 3.5 Troubleshooting DHCP Relay Agent I. Symptom A client fails to obtain configuration information through a DHCP relay agent. II. Analysis This problem may be caused by improper DHCP relay agent configuration. When a...

  • Page 651: Chapter 4 Dhcp Snooping Configuration

    Trusted ports forward any received DHCP packet to ensure that DHCP clients can obtain IP addresses from valid DHCP servers. Untrusted ports drop all the received packets. Figure 4-1 illustrates a typical network diagram for DHCP snooping application, where Switch A is an S7500 series switch.

  • Page 652: Configuring Dhcp Snooping

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 4 DHCP Snooping Configuration DHCP Server DHCP Server DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client Internet Internet Internet Switch A Switch A Switch A Switch B...

  • Page 653: Dhcp-Snooping Option 82

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 4 DHCP Snooping Configuration To do… Use the command… Remarks Enter system view system-view — Required Enable the DHCP By default, the DHCP dhcp-snooping snooping function snooping function is disabled...

  • Page 654: Enabling Dhcp-Snooping Option 82

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 4 DHCP Snooping Configuration If the message contains option 82, the switch replaces the original option 82 in the message with its own option 82, and then broadcasts the request message.

  • Page 655: Displaying And Maintaining Dhcp Snooping

    Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 4 DHCP Snooping Configuration II. Enabling DHCP-Snooping option 82 Follow these steps to enable DHCP-snooping option 82 on a DHCP-snooping-enabled network device: To do… Use the command… Remarks Enter system view system-view —...
  • Page 656 Operation Manual – DHCP H3C S7500 Series Ethernet Switches Chapter 4 DHCP Snooping Configuration II. Network diagram DHCP Server DHCP Server DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client Internet Internet Internet Eth2/0/2 Eth2/0/2 Eth2/0/2 Eth2/0/1...
  • Page 657 Operation Manual – ACL H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ACL Configuration....................... 1-1 1.1 ACL Overview ........................1-1 1.1.1 ACL Match Order ....................1-2 1.1.2 Ways to Apply ACL on a Switch................1-3 1.1.3 ACLs Based on Time Ranges.................
  • Page 658 Operation Manual – ACL H3C S7500 Series Ethernet Switches Table of Contents 1.11.2 Advanced ACL Configuration Example............... 1-23 1.11.3 Layer 2 ACL Configuration Example..............1-25 1.11.4 User-Defined ACL Configuration Example ............1-26...

  • Page 659: Chapter 1 Acl Configuration

    Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration Chapter 1 ACL Configuration Note: Type A line processing units (LPUs) include LS81FT48A, LS81FM24A, LS81FS24A, LS81GB8UA, LS81GT8UA, LS81FT48, LS81FM24, LS81FS24, LS81GB8U and LS81GT8U. When configuring ACL, go to these sections for information you are interested in:...

  • Page 660: Acl Match Order

    Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration Advanced ACL: rules are made based on the Layer 3 and Layer 4 information such as the source and destination IP addresses of the data packets, the type of protocol over IP, protocol-specific features, and so on.

  • Page 661: Ways To Apply Acl On A Switch

    Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration If the number and type of ACEs are the same for multiple rules, then the sum of ACE values of a rule determines its priority. The smaller the sum, the higher the priority.

  • Page 662: Types Of Acls Supported By Ethernet Switches

    Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration range. If you remove the time range of an ACL rule, the ACL rule becomes invalid the next time the ACL rule timer refreshes. 1.1.4 Types of ACLs Supported by Ethernet Switches...

  • Page 663: Specifying The Match Order Of Acl Rules

    Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration The current acl mode: link-based. 1.3 Specifying the Match Order of ACL Rules The acl match-order { config | auto } command is used to set the matching order of ACL rules when they are configured.

  • Page 664: Configuration Procedure

    Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration Note: An absolute time range on an H3C S5600 switch can be within the range 1970/1/1 00:00 to 2100/12/31 23:59. 1.4.1 Configuration Procedure Table 1-3 Configure a time range To do...

  • Page 665: Configuration Example

    08:00 to 18:00 working-day # Define an absolute time range from 15:00 1/28/2000 to 15:00 1/28/2004. <H3C> system-view [H3C] time-range test from 15:00 1/28/2000 to 15:00 1/28/2004 [H3C] display time-range test Current time is 13:30:32 4/16/2005 Saturday Time-range : test ( Inactive ) From 15:00 Jan/28/2000 to 15:00 Jan/28/2004 1.5 Defining Basic ACLs...

  • Page 666: Configuration Procedure

    Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration 1.5.2 Configuration Procedure Table 1-4 Define a basic ACL rule To do... Use the command... Remarks Enter system view system-view — acl { number acl-number | name...

  • Page 667: Defining Advanced Acls

    Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration 1.6 Defining Advanced ACLs Advanced ACLs define classification rules according to the source and destination IP addresses of packets, the type of protocol over IP, and protocol-specific features such as TCP/UDP source and destination ports, ICMP protocol type, code, and so on.
  • Page 668 Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration Table 1-6 Rule information Parameter Type Function Remarks When expressed in numerals, the value range is 1 to 255. Protocol Type of protocol protocol When expressed with a...
  • Page 669 Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration To define DSCP priority, you can directly input a value ranging from 0 to 63, or input a keyword listed in Table 1-7. Table 1-7 Description of DSCP values...
  • Page 670 Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration IP Precedence value in IP Precedence value in Keyword decimal binary immediate flash flash-override critical internet network To define the ToS value, you can directly input a value ranging from 0 to 15, or input a keyword listed in the following table.
  • Page 671 Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration Parameter Type Function Remarks Specifies that the “TCP rule is applicable connection only to the first established TCP-specific argument established” SYN segment for flag establishing a TCP connection Note: Only Type A LPUs support the “range”...

  • Page 672: Configuration Example

    80, the source network segment of packets is 129.9.0.0, and the destination network segment is 202.38.160.0 <H3C> system-view [H3C] acl number 3000 [H3C-acl-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.0.255 destination-port eq 80 [H3C-acl-adv-3000] display acl config 3000 Advanced ACL...

  • Page 673: Defining Layer 2 Acls

    Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration rule 0 permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.0.255 destination-port eq www (0 times matched) 1.7 Defining Layer 2 ACLs Layer 2 ACLs define rules based on the Layer 2 information such as the source and destination MAC address information, VLAN priority and Layer 2 protocol to process packets.
  • Page 674 Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration Table 1-14 Rule information Parameter Type Function Remarks protocol-type: the value can be ip, arp, rarp, ipx, nbx, pppoe-control, or pppoe-data. When the protocol type is arp, the...
  • Page 675 Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration Note: source-mac-mask and dest-mac-mask represent the MAC address masks. For example, if you want to specify a MAC address range from 0011-0011-0000 to 0011-0011-00ff, you can specify ffff-ffff-ff00 as the MAC address mask. The mask can be all Fs, representing the host address.

  • Page 676: Configuration Example

    Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration 1.7.3 Configuration Example # Configure ACL 4000 to deny packets whose 802.1p priority is 3, source MAC address is 000d-88f5-97ed, and destination MAC address is 011-4301-991e. <H3C> system-view...

  • Page 677: Configuration Example

    # Configure ACL 5001 to deny all TCP packets. <H3C> system-view [H3C] time-range t1 18:00 to 23:00 sat [H3C] acl number 5001 [H3C-acl-user-5001] rule 25 deny 06 ff 27 time-range t1 [H3C-acl-user-5001] display acl config 5001 User defined ACL 5001, 1 rule rule 25 deny 06 ff 27 time-range t1 (0 times matched) (Inactive) 1.9 Applying ACLs on Ports...

  • Page 678: Configuration Procedure

    Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration 1.9.2 Configuration Procedure Table 1-17 Apply an ACL on a port To do... Use the command... Remarks Enter system view system-view — Enter Ethernet port interface interface-type —...

  • Page 679: Configuration Example

    Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration Combination mode Form of acl-rule link-group { acl-number | acl-name } rule Apply one rule in a link type ACL rule-id Apply all rules in a user-defined ACL...

  • Page 680: Displaying Acl Configuration

    Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration 1.10 Displaying ACL Configuration To do… Use the command… Remarks Display a time range or time display time-range { all | ranges time-name } Display the configured ACL...

  • Page 681: Advanced Acl Configuration Example

    # Create ACL 2000 and enter ACL 2000 view. [H3C] acl number 2000 # Define an access rule to deny packets with their source IP addresses being 10.1.1.1. [H3C-acl-basic-2000] rule 1 deny source 10.1.1.1 0 time-range test [H3C-acl-basic-2000] quit Apply the ACL on the port # Apply ACL 2000 on the port.
  • Page 682 # Create ACL 3000 and enter ACL 3000 view. [H3C] acl number 3000 # Define an ACL rule for requests destined for the wage server. [H3C-acl-adv-3000] rule 1 deny ip destination 192.168.1.2 0 time-range test [H3C-acl-adv-3000] quit Apply the ACL on a port.

  • Page 683: Layer 2 Acl Configuration Example

    # Define an ACL rule to deny packets with the source MAC address of 0011-0011-0101 and destination MAC address of 0011-0011-0303, specifying the time range named test for the ACL rule. [H3C-acl-link-4000] rule 1 deny ingress 0011-0011-0101 ffff-ffff-ffff egress 0011-0011-0303 ffff-ffff-ffff time-range test [H3C-acl-link-4000] quit Apply the ACL on a port.

  • Page 684: User-Defined Acl Configuration Example

    # Create ACL 5000 and enter ACL 5000 view. [H3C] acl number 5000 # Define a rule for TCP packets. [H3C-acl-user-5000] rule 1 deny 06 ff 27 time-range test Apply the ACL on a port. # Apply ACL 5000 on port Ethernet 2/0/1.
  • Page 685 Operation Manual – ACL H3C S7500 Series Ethernet Switches Chapter 1 ACL Configuration [H3C] interface Ethernet2/0/1 [H3C-Ethernet2/0/1] qos [H3C-qosb-Ethernet2/0/1] packet-filter inbound user-group 5000 1-27...
  • Page 686 1.1.11 Traffic-based Traffic Statistics................1-10 1.1.12 RED........................1-10 1.2 QoS Supported by the S7500 Series Ethernet Switches ..........1-11 1.3 Setting Port Priority ......................1-12 1.4 Configuring Priority According to Which a Packet is Put into an Output Queue ..... 1-12 1.4.1 Setting the Priority According to Which a Packet is Put into an Output Queue..
  • Page 687 Operation Manual – QoS H3C S7500 Series Ethernet Switches Table of Contents 1.9.3 Configuration Example..................1-24 1.10 Configuring Congestion Avoidance ................1-25 1.10.1 Configuration Prerequisites................. 1-25 1.10.2 Configuration Procedure ..................1-25 1.10.3 Configuration Example..................1-26 1.11 Configuring Traffic Statistics ..................1-27 1.11.1 Configuration Prerequisites.................

  • Page 688: Chapter 1 Qos Configuration

    When performing QoS configuration, go to these sections for information you are interested in: Overview QoS Supported by the S7500 Series Ethernet Switches Setting Port Priority Configuring Priority According to Which a Packet is Put into an Output Queue Configuring Priority Marking...

  • Page 689: Traffic

    Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration 1.1.1 Traffic Traffic means service traffic, that is, all the packets passing the switch. 1.1.2 Traffic Classification Traffic classification means to identify packets conforming to certain characters according to certain rules.
  • Page 690 Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration The precedence values of an IP packet represent 8 different service classes. Table 1-1 Description on IP Precedence IP Precedence (decimal) IP Precedence (binary) Description routine priority...
  • Page 691 Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration DSCP precedence DSCP precedence Keyword (decimal) (binary) af23 010110 af31 011010 af32 011100 af33 011110 af41 100010 af42 100100 af43 100110 001000 010000 011000 100000 101000 110000...

  • Page 692: Priority Of Protocol Packets

    Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration Byte 1 Byte 2 Byte 3 Byte 4 TPID (Tag Protocol Identifier) TCI (Tag Control Info rmation) 0 0 0 Priority LAN ID Figure 1-3 The contents of an 802.1Q tag heade In the figure above, the 3-bit priority field in the TCI filed is 802.1p priority in the range of...

  • Page 693: Packet Filtering

    Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration 1.1.6 Packet Filtering Packet filter means filtering the service traffic. For example, in the operation of dropping packets, the service traffic matching the traffic classification rule is dropped and the other traffic is permitted.
  • Page 694 Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration Tokens are input into the token bucket at a given ra Packets to be sent through an interface Packets sent Packet classifying kets ooped Figure 1-4 Evaluate the traffic with the token bucke...

  • Page 695: Redirect

    Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration Peak information rate (PIR) Excess burst size (EBS) Two token buckets are used in this evaluation. The rates of putting tokens into the two buckets are CIR and PIR respectively, and the sizes of two buckets are CBS and EBS respectively (the two buckets are called C bucket and E bucket respectively for short), representing different permitted burst levels.
  • Page 696 Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration Queue 7 High priority Packets to be sent through an interface Queue 6 Forw arding direction Queue 2 weight 2 Outbound interface …… Queue 1 Serviced queue...

  • Page 697: Queue Scheduling

    Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration Queue 1 Weight 1 Packets to be sent Queue 2 Weight 2 through an interface warding direction Outbound interface …… Queue N-1 Weight N-1 Queue Packet Servic...

  • Page 698: Qos Supported By The S7500 Series Ethernet Switches

    TCP connections are sent at a high rate in any case. Thus, the utilization rate of bandwidth is improved. 1.2 QoS Supported by the S7500 Series Ethernet Switches Table 1-4 QoS features supported by the S7500 series Ethernet switches and related commands Specification...

  • Page 699: Setting Port Priority

    Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration Specification Related command traffic-remark-vlanid inbound Traffic-based selective Supported acl-rule [ system-index ] QinQ remark-vlan vlan-id 1.3 Setting Port Priority If a received packet is not VLAN-tagged, the switch will tag the packet with the default VLAN tag of the port receiving the packet.
  • Page 700 Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration A switch port supports eight output queues. The priority of each queue is different, and packets in the queue with higher priority are sent preferentially. The switch puts a packet into the corresponding queue according to the DSCP precedence, IP precedence, 802.1p priority or local precedence of the packet.
  • Page 701 Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration IP precedence Queue Table 1-8 The DSCP-precedence–to-queue mapping DSCP Name of type-A Name of non-type-A Queue precedence value 0 to 7 be(0) be(0) cs1(8), af11(10), af12(12), 8 to 15...

  • Page 702: Setting The Priority According To Which A Packet Is Put Into An Output Queue

    Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration Note: For LPUs that are not of A-type, if you specify the trusted priority for adding packets to output queues by using the priority-trust dscp or priority-trust ip-precedence...

  • Page 703: Configuring The 802.1P-Priority-To-Queue Mapping

    3 to 1, 4 to 7, 5 to 0, 6 to 5 and 7 to 6. Display the configuration. Configuration procedure: <H3C> system-view [H3C] qos cos-local-precedence-map 2 3 4 1 7 0 5 6 [H3C] display qos cos-local-precedence-map cos-local-precedence-map: cos :...

  • Page 704: Configuring Priority Marking

    Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration -------------------------------------------------------------------------- local-precedence : 1.5 Configuring Priority Marking Refer to Priority Marking for the introduction to priority marking. Priority marking can be implemented in the following ways: Through TP (only non-type-A LPUs support this feature). When configuring TP, you can define the action of remarking the DSCP precedence for the packets exceeding the traffic limit.
  • Page 705 Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration To do… Use the command… Remarks display qos-interface Display the priority [ interface-type interface-number ] Optional marking settings traffic-priority You can execute the display command in display qos-interface Display all the QoS any view.

  • Page 706: Configuration Example

    [H3C-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255 [H3C-acl-basic-2000] quit [H3C] interface Ethernet2/0/1 [H3C-Ethernet2/0/1] qos [H3C-qoss-Ethernet2/0/1] traffic-priority inbound ip-group 2000 dscp 56 1.6 Configuring Rate Limiting on a Port 1.6.1 Configuration Prerequisites The port where rate limiting is to be performed is determined.

  • Page 707: Configuration Example

    Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration To do… Use the command… Remarks Enter QoS view — Configure port-based line-rate [ kbps ] target-rate Required rate limiting Note: Only non-type-A LPUs support port-based rate limiting.

  • Page 708: Configuration Example

    Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration To do… Use the command… Remarks Required traffic-limit { inbound | outbound } acl-rule Type-A LPUs support this [ system-index ] target-rate command. Configure traffic-based TP Required...

  • Page 709: Configuring Redirect

    Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration [H3C-GigabitEthernet2/0/1] qos [H3C-qosb-GigabitEthernet2/0/1] traffic-limit inbound ip-group 2000 kbps 128 exceed remark-dscp 56 1.8 Configuring Redirect Refer to Redirect for the introduction to redirect. 1.8.1 Configuration Prerequisites ACL rules used for traffic identifying are defined. Refer to the ACL module in this manual for defining ACL rules.

  • Page 710: Configuration Example

    Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration Note: Only non-type-A LPUs support the traffic redirect configuration. In a traffic redirect configuration, the source port and the destination port must be on the same LPU.

  • Page 711: Configuration Example

    Display the configuration. Configuration procedure: <H3C> system-view [H3C] interface GigabitEthernet2/0/1 [H3C-GigabitEthernet2/0/1] qos [H3C-qosb-GigabitEthernet2/0/1] queue-scheduler wrr 10 5 10 10 5 10 5 10 [H3C-qosb-GigabitEthernet2/0/1] display qos-interface GigabitEthernet 1/0/1 queue-scheduler GigabitEthernet2/0/1: Queue scheduling mode: weighted round robin weight of queue 1: 10...

  • Page 712: Configuring Congestion Avoidance

    Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration weight of queue 8: 10 COS configuration: Config (max queues): 8 Schedule mode: weighted round-robin Weighting (in packets): COSQ 0 = 10 packets COSQ 1 = 5 packets...

  • Page 713: Configuration Example

    Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration To do… Use the command… Remarks Enter system view system-view — Enter Ethernet port interface interface-type — view interface-number Enter QoS view — Required The maximum available...

  • Page 714: Configuring Traffic Statistics

    Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration [H3C] interface Ethernet2/0/1 [H3C-Ethernet2/0/1] qos [H3C-qoss-Ethernet2/0/1] traffic-red outbound ip-group 2000 64 128 20 1.11 Configuring Traffic Statistics Refer to Traffic-based Traffic Statistics for the introduction to traffic statistics.

  • Page 715: Configuration Example

    Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration To do… Use the command… Remarks Enter system view system-view — interface Enter Ethernet port interface-type — view interface-number Enter QoS view — reset traffic-statistic Required { inbound |...

  • Page 716: Configuration Procedure

    Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration The ports that need this configuration are specified. 1.12.2 Configuration Procedure Follow these steps to configure guaranteed bandwidth: To do… Use the command… Remarks Enter system view system-view —...

  • Page 717: Configuring Inbound Car

    [H3C-acl-basic-2000] quit [H3C] interface Ethernet2/0/1 [H3C-Ethernet2/0/1] qos [H3C-qoss-Ethernet2/0/1] traffic-bandwidth outbound ip-group 2000 64 128 50 1.13 Configuring Inbound CAR You can enable/disable the inbound committed access rate (CAR) feature. With the inbound CAR feature enabled, when one ACL rule is applied to multiple ports, the switch regards the ACL rule applied to each port as different, so one ACL rule occupies multiple entries after it is applied.

  • Page 718: Configuration Procedure

    Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration Note: The inboundcar command is applicable to A-type LPUs only and can only take effect after the switch is restarted. 1.13.2 Configuration Procedure # Enable the inbound CAR feature.
  • Page 719 Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration To do… Use the command… Remarks The vlan-id argument is Add the port to the port hybrid vlan vlan-id the ID of the outer VLAN specified VLAN { tagged | untagged } tag.

  • Page 720: Configuration Example

    Operation Manual – QoS H3C S7500 Series Ethernet Switches Chapter 1 QoS Configuration Caution: A-type LPUs, LS82GT20, and LS82GP20 do not support traffic-based selective QinQ. Execute the vlan-vpn enable command in the corresponding port view before executing the traffic-remark-vlanid command.
  • Page 721 <H3C> system-view [H3C] acl number 3000 # Define ACL 3000 rules. [H3C-acl-adv-3000] rule 1 permit ip source 129.110.1.2 0 destination any [H3C-acl-adv-3000] quit Limit the outbound traffic of the salary query server # Limit the average rate of outbound traffic within 640kbps and set the precedence of packets exceeding the specification to 4.

  • Page 722: Configuration Example Of Priority Marking

    Define the traffic rules of PC packets # Enter number-identification-based basic ACL view identified. [H3C] acl number 2000 [H3C-acl-basic-2000] rule 0 permit source 1.0.0.1 0 time-range test [H3C-acl-basic-2000] quit Mark the ef precedence on the packets PC1 sends [H3C] interface Ethernet2/0/1...

  • Page 723: Mirroring

    Operation Manual – Mirroring H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Mirroring Configuration ....................1-1 1.1 Overview ..........................1-1 1.1.1 Port Mirroring......................1-1 1.1.2 Remote Port Mirroring ..................... 1-1 1.1.3 Traffic Mirroring ....................... 1-4 1.1.4 Remote Traffic Mirroring ..................

  • Page 724: Chapter 1 Mirroring Configuration

    Operation Manual – Mirroring H3C S7500 Series Ethernet Switches Chapter 1 Mirroring Configuration Chapter 1 Mirroring Configuration When configuring mirroring, go to these sections for information you are interested in: Overview Mirroring Supported by S7500 Mirroring Configuration 1.1 Overview Mirroring refers to the process of copying packets that meet the specified rules to a destination port.
  • Page 725 Operation Manual – Mirroring H3C S7500 Series Ethernet Switches Chapter 1 Mirroring Configuration Remote-probe VLAN Remote-probe VLAN Source Source Intermediate Switch Intermediate Switch Switch Switch Destination Destination Switch Switch Trunk port Trunk port Reflector port Reflector port Source Port Source Port...
  • Page 726 Operation Manual – Mirroring H3C S7500 Series Ethernet Switches Chapter 1 Mirroring Configuration Table 1-1 Ports involved in the mirroring operation Switch Ports involved Function Port to be mirrored; copies user data packets to the specified reflector port Source port through local port mirroring.

  • Page 727: Traffic Mirroring

    Operation Manual – Mirroring H3C S7500 Series Ethernet Switches Chapter 1 Mirroring Configuration Caution: To ensure the normal packet mirroring, you are not recommended to perform any of the following operations on the remote-probe VLAN: Configuring a source port to the remote-probe VLAN that is used by the local mirroring group;...

  • Page 728: Mirroring Supported By S7500

    Operation Manual – Mirroring H3C S7500 Series Ethernet Switches Chapter 1 Mirroring Configuration 1.2 Mirroring Supported by S7500 Table 1-2 Mirroring functions supported by S7500 and related commands Related Function Specifications Related command section mirroring-group Support port Configuring mirroring-group mirroring-port...
  • Page 729 Operation Manual – Mirroring H3C S7500 Series Ethernet Switches Chapter 1 Mirroring Configuration II. Configuring port mirroring in Ethernet port view To do… Use the command… Remarks Enter system view — system-view Create a port mirroring mirroring-group group-id Required group...

  • Page 730: Configuring Remote Port Mirroring

    Configuration procedure 2: <H3C> system-view [H3C] mirroring-group 1 local [H3C] mirroring-group 1 monitor-port GigabitEthernet 2/0/4 [H3C] mirroring-group 1 mirroring-port GigabitEthernet 2/0/1 both 1.3.2 Configuring Remote Port Mirroring I. Configuration prerequisites The source switch, intermediate switch, and the destination switch have been determined.
  • Page 731 Operation Manual – Mirroring H3C S7500 Series Ethernet Switches Chapter 1 Mirroring Configuration To do… Use the command… Remarks Enter port view of ports that connected to the interface interface-type — intermediate switch or interface-number destination switch Required Configure the current port...
  • Page 732 Operation Manual – Mirroring H3C S7500 Series Ethernet Switches Chapter 1 Mirroring Configuration Note: To mirror tagged packets, you need to configure VLAN VPN on the reflector port. The reflector port cannot forward traffics as a normal port. Therefore, it is recommended that you use a idle and in-down-state port as the reflector port, and be careful to not add other settings on this port.
  • Page 733 Operation Manual – Mirroring H3C S7500 Series Ethernet Switches Chapter 1 Mirroring Configuration Note: When a switch acts as a remote port mirroring intermediate switch, to realize the data mirroring successfully, you are recommended to configure redirection on the inbound interface and redirect all the packets in the remote-probe VLAN to the corresponding outbound interface.
  • Page 734 Operation Manual – Mirroring H3C S7500 Series Ethernet Switches Chapter 1 Mirroring Configuration To do… Use the command… Remarks Required The destination port for remote mirroring must be of the Access type. LACP and STP must be disabled mirroring-group group-id on this port.
  • Page 735 [H3C-GigabitEthernet2/0/1] port link-type trunk [H3C-GigabitEthernet2/0/1] port trunk permit vlan 10 [H3C-GigabitEthernet2/0/1] quit [H3C] mirroring-group 1 remote-source [H3C] mirroring-group 1 mirroring-port GigabitEthernet 2/0/2 inbound [H3C] mirroring-group 1 reflector-port GigabitEthernet 2/0/3 [H3C] mirroring-group 1 remote-probe vlan 10 [H3C] display mirroring-group remote-source mirroring-group 1:...

  • Page 736: Configuring Traffic Mirroring

    Operation Manual – Mirroring H3C S7500 Series Ethernet Switches Chapter 1 Mirroring Configuration reflector port: GigabitEthernet2/0/3 remote-probe vlan: 10 # Configure Switch B. <H3C> system-view [H3C] vlan 10 [H3C-vlan10] remote-probe vlan enable [H3C-vlan10] quit [H3C] interface GigabitEthernet 2/0/1 [H3C-GigabitEthernet2/0/1] port link-type trunk...
  • Page 737 Operation Manual – Mirroring H3C S7500 Series Ethernet Switches Chapter 1 Mirroring Configuration II. Configuration procedure To do… Use the command… Remarks Enter system view — system-view mirroring-group group-id Create a mirroring group Required local Required mirroring-group group-id LACP and STP cannot be...
  • Page 738 Operation Manual – Mirroring H3C S7500 Series Ethernet Switches Chapter 1 Mirroring Configuration Table 1-4 Combined application of ACLs on LPUs other than type A. Combination mode Form of acl-rule Apply all rules in an IP type ACL ip-group { acl-number | acl-name }...

  • Page 739: Configuring Remote Traffic Mirroring

    Operation Manual – Mirroring H3C S7500 Series Ethernet Switches Chapter 1 Mirroring Configuration 1.3.4 Configuring Remote Traffic Mirroring I. Configuration prerequisites ACLs for identifying traffics have been defined. For defining ACLs, refer to the description on the ACL module in this manual.
  • Page 740 Operation Manual – Mirroring H3C S7500 Series Ethernet Switches Chapter 1 Mirroring Configuration To do… Use the command… Remarks Required The remote reflector port must be Access port and LACP and STP must be disabled on the remote mirroring-group Configure the remote reflector port.
  • Page 741 Operation Manual – Mirroring H3C S7500 Series Ethernet Switches Chapter 1 Mirroring Configuration Note: If you want to mirror the tagged packets, you need to configure VLAN VPN on the reflector port. For the reflector port can not forward traffic as a normal port does, you are recommended to configure the port that is not in use to be the reflector port and not to perform other configurations on this port.
  • Page 742 Operation Manual – Mirroring H3C S7500 Series Ethernet Switches Chapter 1 Mirroring Configuration Switch C Switch B Switch A GE2/0/1 2/0/1 GE2/0/2 GE2/0/ 1 GE2/0/2 GE2/0/2 10.1.1.1/24 Data detect device Figure 1-4 Network diagram for remote traffic mirroring Configuration procedure # Configure Switch A.
  • Page 743 Operation Manual – Mirroring H3C S7500 Series Ethernet Switches Chapter 1 Mirroring Configuration [H3C-GigabitEthernet2/0/2] port link-type trunk [H3C-GigabitEthernet2/0/2] port trunk permit vlan 10 # Configure Switch C <H3C> system-view [H3C] acl number 2000 [H3C-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255 [H3C-acl-basic-2000] rule deny source any...
  • Page 744 Operation Manual – Cluster H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Cluster........................... 1-1 1.1 Cluster Overview........................ 1-1 1.1.1 Introduction to HGMP V2 ..................1-1 1.1.2 Introduction to NDP....................1-2 1.1.3 Introduction to NTDP....................1-3 1.1.4 Introduction to Cluster .....................

  • Page 745: Chapter 1 Cluster

    Operation Manual – Cluster H3C S7500 Series Ethernet Switches Chapter 1 Cluster Chapter 1 Cluster When configuring cluster, go to these sections for information you are interested in: Cluster Overview Management Device Configuration Member Device Configuration Intra-Cluster Configuration Displaying and Maintaining a Cluster Cluster Configuration Example 1.1 Cluster Overview...

  • Page 746: Introduction To Ndp

    Operation Manual – Cluster H3C S7500 Series Ethernet Switches Chapter 1 Cluster Simplifying the procedures to configure multiple switches. After assigning a public IP address to the management device, you can configure/manage a specific member device on the management device instead of logging in to it in advance.

  • Page 747: Introduction To Ntdp

    NTDP setting configurations are not needed. NTDP takes effect in the management VLAN only. S7500 series Ethernet switches take VLAN 1 as the management VLAN, that is, the NTDP function of the S7500 series takes effect in VLAN 1 only.

  • Page 748: Introduction To Cluster

    Operation Manual – Cluster H3C S7500 Series Ethernet Switches Chapter 1 Cluster 1.1.4 Introduction to Cluster I. Introduction to cluster configuration A cluster has one (and only one) management device. Note the following points when creating a cluster: You need to designate a management device first. The management device of a cluster is the portal of the cluster.

  • Page 749: Switch Roles In The Cluster

    Note: The S7500 series manage the cluster with VLAN 1, which serves as the management VLAN in the cluster. You are required to configure the IP address of the Layer 3 virtual interface of the management VLAN before setting up a cluster. Otherwise, the cluster cannot be set up successfully.

  • Page 750: Management Device Configuration

    Operation Manual – Cluster H3C S7500 Series Ethernet Switches Chapter 1 Cluster Role Configuration Description Member in the cluster Normally, a member Neighbor discovery, being managed by Member device is not management device, running device configured with a commands forwarded by proxies, and...

  • Page 751: Enabling Ndp Globally And For Specific Ports

    Operation Manual – Cluster H3C S7500 Series Ethernet Switches Chapter 1 Cluster Task Remarks Configuring NTDP-Related Parameters Required Enabling the Cluster Function Required Configuring Cluster Parameters Required Configuring Interaction for the Cluster Required 1.2.2 Enabling NDP Globally and for Specific Ports Follow these steps to enable NDP globally and for a specific port: To do…...

  • Page 752: Configuring Ntdp-Related Parameters

    Operation Manual – Cluster H3C S7500 Series Ethernet Switches Chapter 1 Cluster To do… Use the command… Remarks Enter system view system-view — Enable NTDP globally ntdp enable Required interface interface-type Enter Ethernet port view — interface-number Enable NTDP for the...

  • Page 753: Configuring Cluster Parameters

    Operation Manual – Cluster H3C S7500 Series Ethernet Switches Chapter 1 Cluster To do… Use the command… Remarks Enter system view system-view — Optional Enable the cluster cluster enable By default, the cluster function is function globally enabled 1.2.7 Configuring Cluster Parameters I.

  • Page 754: Configuring Interaction For The Cluster

    Operation Manual – Cluster H3C S7500 Series Ethernet Switches Chapter 1 Cluster II. Building a cluster automatically Follow these steps to enable the cluster function automatically: To do… Use the command… Remarks Enter system view system-view — Required You are required to...

  • Page 755: Member Device Configuration

    Operation Manual – Cluster H3C S7500 Series Ethernet Switches Chapter 1 Cluster To do… Use the command… Remarks Configure the TFTP server for the Optional tftp-server ip-address cluster Configure the logging host for the logging-host Optional cluster ip-address Configure the SNMP host for the cluster...

  • Page 756: Configure Member Devices To Access Ftp/Tftp Server Of The Cluster

    Operation Manual – Cluster H3C S7500 Series Ethernet Switches Chapter 1 Cluster To do… Use the command… Remarks Enter system view system-view — Enable NTDP globally ntdp enable Required interface interface-type Enter Ethernet port view — interface-number Enable NTDP for the port...

  • Page 757: Displaying And Maintaining A Cluster

    Operation Manual – Cluster H3C S7500 Series Ethernet Switches Chapter 1 Cluster To do… Use the command… Remarks Optional Switch between the cluster switch-to Switch between the management device view { member-number | management device view and a member device...
  • Page 758 Operation Manual – Cluster H3C S7500 Series Ethernet Switches Chapter 1 Cluster The S7500 switch manages other two member devices as the management device. The detailed information about the cluster is as follows. The two member devices are connected to GigabitEthernet 2/0/2 and GigabitEthernet 2/0/3 of the management device.
  • Page 759 [H3C-Ethernet1/1] quit # Enable the cluster function. [H3C] cluster enable Configure the management device # Configure the IP address of the management VLAN (the S7500 series take VLAN 1 as the default VLAN). <H3C> system-view [H3C] interface Vlan-interface 1 [H3C-Vlan-interface1] ip address 163.172.55.1 [H3C-Vlan-interface1] quit # Enable NDP globally and on ports GE 2/0/2 and GE 2/0/3.
  • Page 760 Operation Manual – Cluster H3C S7500 Series Ethernet Switches Chapter 1 Cluster [H3C] ntdp timer port-delay 15 # Configure the interval to collect topology information to be 3 minutes. [H3C] ntdp timer 3 # Enable the cluster function. [H3C] cluster enable # Enter cluster view.
  • Page 761 Operation Manual – Cluster H3C S7500 Series Ethernet Switches Chapter 1 Cluster <aaa_1.H3C> tftp cluster put bbb.txt Note: Upon the completion of the above configurations, you can execute the cluster switch-to { member-number | mac-address H-H-H } command on the management device to switch to member device view to maintain and manage a member device.
  • Page 762 Operation Manual – PoE H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 PoE Configuration ....................... 1-1 1.1 PoE Overview ........................1-1 1.1.1 Introduction to PoE....................1-1 1.1.2 PoE Features Supported by S7500 ................ 1-2 1.1.3 External PSE2500-A1 Power System..............1-2 1.1.4 PoE-enabled Boards ....................

  • Page 763: Chapter 1 Poe Configuration

    Operation Manual – PoE H3C S7500 Series Ethernet Switches Chapter 1 PoE Configuration Chapter 1 PoE Configuration When configuring PoE, go to these sections for information you are interested in: PoE Overview PoE Configuration Displaying PoE Configuration PoE Configuration Example 1.1 PoE Overview...

  • Page 764: Poe Features Supported By S7500

    The S7500 series support IEEE802.3af standard. They can also supply power to PDs noncompliant with the standard. The power supply of the S7500 series is administered by the main control board; each PoE board on the switch can be viewed as a PSE and administers the power supply of all the ports on it independently.

  • Page 765: Poe-Enabled Boards

    LS81GT48A 1.1.5 Setting PoE Management Mode S7500 series manage PoE in either auto mode or manual mode. Through the setting of the management and PoE priority, the switch determines whether to supply power to newly added PDs when the power supply is almost fully loaded.

  • Page 766: Configuring The Poe Feature Of A Switch

    Operation Manual – PoE H3C S7500 Series Ethernet Switches Chapter 1 PoE Configuration Task Remarks Setting the PoE Feature of a PoE Port Required Upgrading the PSE Processing Software Online Optional 1.2.2 Configuring the PoE Feature of a Switch Follow these steps to configure the PoE feature on a port: To do…...

  • Page 767: Setting The Poe Feature Of A Poe Port

    Operation Manual – PoE H3C S7500 Series Ethernet Switches Chapter 1 PoE Configuration To do… Use the command… Remarks Enable the Optional compatibility poe legacy enable slot By default, compatibility detection feature for slot-number detection is disabled for remote PDs of the PDs.

  • Page 768: Upgrading The Pse Processing Software Online

    Note: The S7500 series do not support the spare mode. When a board is almost fully loaded and a new PD is added, the switch will respond to the PD according to the PoE management mode. For details, see...

  • Page 769: Displaying Poe Configuration

    Operation Manual – PoE H3C S7500 Series Ethernet Switches Chapter 1 PoE Configuration Note: The refresh update mode is to upgrade the valid software in the PSE through refreshing the software, while the full update mode is to delete the invalid software in PSE completely and then reload the software.
  • Page 770 Operation Manual – PoE H3C S7500 Series Ethernet Switches Chapter 1 PoE Configuration Set the PoE management mode of slot 3 to auto. Slot 3 is supplied with 400 W of power and slot 5 is supplied with full power (namely, 806 W).
  • Page 771 Operation Manual – PoE H3C S7500 Series Ethernet Switches Chapter 1 PoE Configuration [H3C] poe max-power 400 slot 3 # Set the maximum power supplied by the board in slot 5 is 806 W (full power). [H3C] poe max-power 806 slot 5 # Disable the PoE feature on Ethernet 3/0/23 and Ethernet 3/0/24.

  • Page 772: Chapter 2 Poe Psu Supervision Configuration

    DC Output Alarm Threshold Configuration Displaying PoE Supervision Information PoE PSU Supervision Configuration Example 2.1 Introduction to PoE PSU Supervision The PoE-enabled S7500 series can monitor the external PoE power supply units (PSUs) through SRPUs. Complete these tasks to configure PoE PSU supervision: Task...

  • Page 773: Ac Input Alarm Threshold Configuration Example

    Operation Manual – PoE H3C S7500 Series Ethernet Switches Chapter 2 PoE PSU Supervision Configuration To do… Use the command… Remarks Enter the system view system-view — Required. For 220 VAC input, the Set the overvoltage poe-power threshold is recommended to...

  • Page 774: Dc Output Alarm Threshold Configuration

    Operation Manual – PoE H3C S7500 Series Ethernet Switches Chapter 2 PoE PSU Supervision Configuration [H3C] display poe-power ac-input state 2.3 DC Output Alarm Threshold Configuration You can set the DC output alarm thresholds for the PoE PSUs to enable the S7500 series to monitor the DC output voltages of the PSUs in real time through SRPUs.

  • Page 775: Displaying Poe Supervision Information

    2.5 PoE PSU Supervision Configuration Example I. Network requirements Insert a PoE-enabled board into slot 3 of the S7500 series. Connect IP phones to Ethernet 3/0/1 through Ethernet 3/0/48. Set the AC input and DC output alarm thresholds to appropriate values.
  • Page 776 Operation Manual – PoE H3C S7500 Series Ethernet Switches Chapter 2 PoE PSU Supervision Configuration II. Network diagram S7506 Eth3/0/1~Eth3/0/48 Network IP Pone IP Pone IP Pone IP Pone Figure 2-1 Network diagram for PoE supervision configuration III. Configuration procedure # Enter the system view.

  • Page 777: Udp-Helper

    Operation Manual – UDP-Helper H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 UDP-Helper Configuration ..................1-1 1.1 Introduction to UDP-Helper....................1-1 1.2 Configuring UDP-Helper ....................1-2 1.3 Displaying and Maintaining UDP-Helper Configuration............. 1-3 1.4 UDP-Helper Configuration Example .................. 1-3 1.4.1 Network requirements .....................

  • Page 778: Chapter 1 Udp-Helper Configuration

    Operation Manual – UDP-Helper H3C S7500 Series Ethernet Switches Chapter 1 UDP-Helper Configuration Chapter 1 UDP-Helper Configuration When configuring UDP-Helper, go to these sections for information you are interested Introduction to UDP-Helper Configuring UDP-Helper Displaying and Maintaining UDP-Helper Configuration UDP-Helper Configuration Example 1.1 Introduction to UDP-Helper...

  • Page 779: Configuring Udp-Helper

    Operation Manual – UDP-Helper H3C S7500 Series Ethernet Switches Chapter 1 UDP-Helper Configuration Protocol UDP port number NetBIOS datagram service (NetBIOS-DS) TACACS (terminal access controller access control system) 1.2 Configuring UDP-Helper Follow these steps to configure UDP-Helper: To do… Use the command…...

  • Page 780: Displaying And Maintaining Udp-Helper Configuration

    Operation Manual – UDP-Helper H3C S7500 Series Ethernet Switches Chapter 1 UDP-Helper Configuration Caution: You need to enable the UDP-Helper function before specifying a UDP-Helper destination port. The dns, netbios-ds, netbios-ns, tacacs, tftp, and time keywords refers to the six default UDP ports.
  • Page 781 Operation Manual – UDP-Helper H3C S7500 Series Ethernet Switches Chapter 1 UDP-Helper Configuration 1.4.2 Network diagram Vlan- int1 Vlan -int1 10.110 .1.1/16 202.38.1.2/24 IP network Switch Switch (UDP HELPER) Server Figure 1-1 Network diagram for UDP-Helper configuration 1.4.3 Configuration procedure...
  • Page 782 Operation Manual – SNMP and RMON H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 SNMP Configuration....................1-1 1.1 SNMP Overview......................... 1-1 1.1.1 SNMP Operation Mechanism.................. 1-1 1.1.2 SNMP Versions ....................... 1-2 1.1.3 MIBs Supported by the Device................1-2 1.2 Configuring SNMP Basic Functions...................

  • Page 783: Chapter 1 Snmp Configuration

    Operation Manual – SNMP and RMON H3C S7500 Series Ethernet Switches Chapter 1 SNMP Configuration Chapter 1 SNMP Configuration When configuring SNMP, go to these sections for information you are interested in: SNMP Overview Configuring SNMP Basic Functions Configuring Trap Message...

  • Page 784: Snmp Versions

    Operation Manual – SNMP and RMON H3C S7500 Series Ethernet Switches Chapter 1 SNMP Configuration 1.1.2 SNMP Versions Currently an SNMP agent of a device supports SNMPv3, and is compatible with SNMPv1 and SNMPv2c. SNMPv3 adopts user name and password authentication.

  • Page 785: Configuring Snmp Basic Functions

    Operation Manual – SNMP and RMON H3C S7500 Series Ethernet Switches Chapter 1 SNMP Configuration Table 1-1 Common MIBs MIB attribute MIB content References MIB II based on TCP/IP network RFC1213 devices RFC1493 BRIDGE MIB RFC2675 RIP MIB RFC1724 Public MIB...
  • Page 786 Operation Manual – SNMP and RMON H3C S7500 Series Ethernet Switches Chapter 1 SNMP Configuration To do… Use the command… Remarks Required By default, the contact information for system snmp-agent sys-info maintenance is { contact sys-contact | "Hangzhou H3C Set system information location sys-location | Technologies Co., Ltd.
  • Page 787 Operation Manual – SNMP and RMON H3C S7500 Series Ethernet Switches Chapter 1 SNMP Configuration To do… Use the command… Remarks Enter system view system-view — Required By default, SNMP agent is disabled. Enable SNMP agent snmp-agent You can enable SNMP agent...

  • Page 788: Configuring Trap Message

    Operation Manual – SNMP and RMON H3C S7500 Series Ethernet Switches Chapter 1 SNMP Configuration 1.3 Configuring Trap Message Trap message is the information that the managed device unsolicited sends to the NMS. Trap message is used to report some urgent and important events (e.g., the managed device is rebooted).

  • Page 789: Displaying Snmp

    Operation Manual – SNMP and RMON H3C S7500 Series Ethernet Switches Chapter 1 SNMP Configuration To do… Use the command… Remarks Optional The default Set aging time for trap aging time for snmp-agent trap life seconds messages trap messages is 120 seconds.
  • Page 790 IV. Configuring NMS The S7500 series switches support H3C’s QuidView NMS. SNMPv3 adopts user name and password authentication. In [Quidview Authentication Parameter], you need to set a user name, choose security level, and set authorization mode, authorization...
  • Page 791 In addition, you must set timeout time and retry times. You can query and configure Ethernet switches through the NMS. For more information, refer to the manuals of H3C’s NMS products. Note: Authentication configuration on the NMS must be consistent with that on a device;...

  • Page 792: Chapter 2 Rmon Configuration

    Operation Manual – SNMP and RMON H3C S7500 Series Ethernet Switches Chapter 2 RMON Configuration Chapter 2 RMON Configuration When configuring RMON, go to these sections for information you are interested in: RMON Overview RMON Configuration Displaying RMON RMON Configuration Example 2.1 RMON Overview...

  • Page 793: Commonly Used Rmon Groups

    An S7500 switch implements RMON in the second way. With the embedded RMON agent, the S7500 series switch can serve as a network device with the RMON probe function. Through the RMON-capable SNMP agents running on the Ethernet switch, an...

  • Page 794: Rmon Configuration

    Operation Manual – SNMP and RMON H3C S7500 Series Ethernet Switches Chapter 2 RMON Configuration Sampling the alarm variables referenced in the defined extended alarm expressions once in each specified period Performing operations on sampled values according to the defined operation...
  • Page 795 Operation Manual – SNMP and RMON H3C S7500 Series Ethernet Switches Chapter 2 RMON Configuration To do… Use the command… Remarks Optional rmon alarm entry-number alarm-variable sampling-time Before adding an alarm { delta | absolute } rising entry, you need to use the...

  • Page 796: Displaying Rmon

    Operation Manual – SNMP and RMON H3C S7500 Series Ethernet Switches Chapter 2 RMON Configuration 2.3 Displaying RMON To do… Use the command… Remarks display rmon statistics Display RMON statistics [ interface-type interface-number ] Display RMON history display rmon history [ interface-type...
  • Page 797 Operation Manual – SNMP and RMON H3C S7500 Series Ethernet Switches Chapter 2 RMON Configuration Statistics entry 1 owned by user1-rmon is VALID. Interface : Ethernet2/0/1<ifIndex.4227626> etherStatsOctets , etherStatsPkts etherStatsBroadcastPkts , etherStatsMulticastPkts : 0 etherStatsUndersizePkts , etherStatsOversizePkts etherStatsFragments , etherStatsJabbers...
  • Page 798 Operation Manual – NTP H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 NTP Configuration ....................... 1-1 1.1 Introduction to NTP ......................1-1 1.1.1 Applications of NTP....................1-1 1.1.2 Working Principle of NTP ..................1-2 1.1.3 NTP Implementation Mode ..................1-3 1.2 NTP Implementation Mode Configuration .................

  • Page 799: Chapter 1 Ntp Configuration

    Operation Manual – NTP H3C S7500 Series Ethernet Switches Chapter 1 NTP Configuration Chapter 1 NTP Configuration 1.1 Introduction to NTP Network time protocol (NTP) is a time synchronization protocol defined by RFC1305. It is used for time synchronization among a set of distributed time servers and clients.

  • Page 800: Working Principle Of Ntp

    Operation Manual – NTP H3C S7500 Series Ethernet Switches Chapter 1 NTP Configuration Note: The accuracy of a clock is determined by its stratum, which ranges from 1 to 16. The stratum of the reference clock ranges from 1 to 15. The accuracy descends with the increasing of stratum number.

  • Page 801: Ntp Implementation Mode

    Operation Manual – NTP H3C S7500 Series Ethernet Switches Chapter 1 NTP Configuration The procedures of synchronizing system clocks are as follows: LS_A sends an NTP packet to LS_B, with the timestamp identifying the time when it is sent (that is, 10:00:00am, noted as T ) carried.
  • Page 802 Operation Manual – NTP H3C S7500 Series Ethernet Switches Chapter 1 NTP Configuration II. Peer mode Active peer Passive peer Network Clock synchronization orks in passive peer request packet ode automatically Response packet In peer mode, both sides can be synchronized to...

  • Page 803: Ntp Implementation Mode Configuration

    Chapter 1 NTP Configuration Table 1-1 describes how the above mentioned NTP modes are implemented on an S7500 series switch. Table 1-1 NTP implementation modes on an S7500 series switch NTP implementation Configuration on S7500 switches mode Configure the S7500 switch to operate in the NTP server mode.

  • Page 804: Configuring Ntp Implementation Modes

    Operation Manual – NTP H3C S7500 Series Ethernet Switches Chapter 1 NTP Configuration operates in NTP broadcast mode or NTP multicast mode, you need to perform configurations on both the server side and the client side. 1.2.2 Configuring NTP Implementation Modes Follow these steps to configure NTP implementation modes: To do...
  • Page 805 The remote server identified by the remote-ip argument operates as the peer of the S7500 series switch, and the S7500 series switch operates as the active peer. The clock of the S7500 series switch can be synchronized to the remote server or be used to synchronize the clock of the remote server.

  • Page 806: Access Control Permission Configuration

    NTP server mode. Whereas if it operates in any of the other modes, it establishes connections with the peer. If an S7500 series switch operates as a passive peer in peer mode, NTP broadcast client mode, or NTP multicast client mode, the connections it establishes with the peers are dynamic.

  • Page 807: Configuring Ntp Authentication

    Operation Manual – NTP H3C S7500 Series Ethernet Switches Chapter 1 NTP Configuration If the NTP authentication is not enabled on a client, the client can be synchronized to a server regardless of the NTP authentication configuration performed on the server (assuming that the related configurations are performed).
  • Page 808 Operation Manual – NTP H3C S7500 Series Ethernet Switches Chapter 1 NTP Configuration Note: NTP authentication requires that the authentication keys configured for the server and the client are the same. Besides, the authentication keys must be trusted keys. Otherwise, the client cannot be synchronized with the server.

  • Page 809: Configuration Of Optional Ntp Parameters

    Operation Manual – NTP H3C S7500 Series Ethernet Switches Chapter 1 NTP Configuration Note: The procedures for configuring NTP authentication on the server are the same as those on the client. Besides, the client and the server must be configured with the same authentication key.

  • Page 810: Displaying And Maintaining Ntp

    Operation Manual – NTP H3C S7500 Series Ethernet Switches Chapter 1 NTP Configuration Caution: The source IP address in an NTP packet is the address of the sending interface specified by the ntp-service unicast-server command or the ntp-service unicast-peer command if you provide the address of the sending interface in these two commands.
  • Page 811 Operation Manual – NTP H3C S7500 Series Ethernet Switches Chapter 1 NTP Configuration III. Configuration procedures Configure S7500-1. # Set the local clock as the NTP master clock, with the stratum being 2. <S7500-1> system-view System View: return to User View with Ctrl+Z.

  • Page 812: Ntp Peer Mode Configuration

    H3C2 sets the local clock to be the NTP master clock, with the clock stratum being 2. Configure an S7500 series switch to operate as a client, with H3C2 as the time server. H3C2 will then operate in the server mode automatically. Meanwhile, H3C3 sets the S7500 series switch to be its peer.
  • Page 813 2, one stratum higher than H3C3. # View the information about the NTP sessions of the S7500 series switch and you can see that a connection is established between the S7500 series switch and H3C3.

  • Page 814: Ntp Broadcast Mode Configuration

    Operation Manual – NTP H3C S7500 Series Ethernet Switches Chapter 1 NTP Configuration 1.7.3 NTP Broadcast Mode Configuration I. Network requirements H3C3 sets its local clock to be an NTP master clock, with the stratum being 2. NTP packets are broadcast through VLAN interface 2.
  • Page 815 Operation Manual – NTP H3C S7500 Series Ethernet Switches Chapter 1 NTP Configuration [H3C3-Vlan-Interface2] ntp-service broadcast-server Configure S7500-1. # Enter system view. <S7500-1> system-view [S7500-1] # Enter VLAN-interface 2 view. [S7500-1] interface Vlan-interface 2 [S7500-1-Vlan-Interface2] # Configure S7500-1 to be a broadcast client.

  • Page 816: Ntp Multicast Mode Configuration

    Operation Manual – NTP H3C S7500 Series Ethernet Switches Chapter 1 NTP Configuration The output information indicates that S7500-1 is synchronized to H3C3, with the clock stratum of 3, one stratum higher than H3C3. # View the information about the NTP sessions of S7500-1 and you can see that a connection is established between S7500-1 and H3C3.
  • Page 817 Operation Manual – NTP H3C S7500 Series Ethernet Switches Chapter 1 NTP Configuration III. Configuration procedures Configure H3C3. # Enter system view. <H3C3> system-view [H3C3] # Enter VLAN-interface 2 view. [H3C3] interface Vlan-interface 2 # Configure H3C3 to be a multicast server.

  • Page 818: Ntp Server Mode With Authentication Configuration

    Operation Manual – NTP H3C S7500 Series Ethernet Switches Chapter 1 NTP Configuration Actual frequency: 249.9992 Hz Clock precision: 2^19 Clock offset: 198.7425 ms Root delay: 27.47 ms Root dispersion: 208.39 ms Peer dispersion: 9.63 ms Reference time: 17:03:32.022 UTC Thu Sep 6 2001 (BF422AE4.05AEA86C) The output information indicates that S7500-1 is synchronized to H3C3, with the clock stratum being 3, one stratum higher than H3C3.
  • Page 819 Operation Manual – NTP H3C S7500 Series Ethernet Switches Chapter 1 NTP Configuration # Enable NTP authentication. [S7500-2] ntp-service authentication enable # Set the MD5 key to 42, with the content being aNiceKey. [S7500-2] ntp-service authentication-keyid authentication-mode aNiceKey # Specify the key to be a trusted key.
  • Page 820 Operation Manual – NTP H3C S7500 Series Ethernet Switches Chapter 1 NTP Configuration <S7500-2> display ntp-service sessions source reference stra reach poll now offset delay disper ************************************************************************** [5]1.0.1.11 127.127.1.0 350.1 15.1 note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured 1-22...
  • Page 821 Operation Manual – SSH Terminal Service H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 SSH Terminal Service Configuration................. 1-1 1.1 SSH Terminal Services...................... 1-1 1.1.1 Introduction to SSH ....................1-1 1.1.2 Configuring an SSH Server..................1-2 1.1.3 Configuring an SSH Client ..................

  • Page 822: Chapter 1 Ssh Terminal Service Configuration

    As an SSH server, a switch can connect to multiple SSH clients; as an SSH client, a switch can establish SSH connections with switches or UNIX hosts that support SSH server. Currently, the S7500 series switches support SSH2.0 (compatible with SSH1.5). The communication process between the server and client includes the following five stages: Version negotiation stage.

  • Page 823: Configuring An Ssh Server

    Operation Manual – SSH Terminal Service H3C S7500 Series Ethernet Switches Chapter 1 SSH Terminal Service Configuration Through the above steps, the server and the client get the same session key, which is to be used to encrypt and decrypt data exchanged between the server and the client later.
  • Page 824 Operation Manual – SSH Terminal Service H3C S7500 Series Ethernet Switches Chapter 1 SSH Terminal Service Configuration Table 1-1 Configure SSH2.0 server To do… Use the command… Remarks Configure supported Configuring protocol inbound protocols supported protocols Generate a local RSA key pair...
  • Page 825 Operation Manual – SSH Terminal Service H3C S7500 Series Ethernet Switches Chapter 1 SSH Terminal Service Configuration Caution: When SSH protocol is supported in the current user interface, to ensure a successful login, you must use the authentication-mode scheme command to configure the AAA authentication for login to the user interface.
  • Page 826 Operation Manual – SSH Terminal Service H3C S7500 Series Ethernet Switches Chapter 1 SSH Terminal Service Configuration Note: Configuration of the rsa local-key-pair create can survive a reboot. You only need to configure it once. III. Creating an SSH user Table 1-4 Create an SSH user To do...
  • Page 827 Operation Manual – SSH Terminal Service H3C S7500 Series Ethernet Switches Chapter 1 SSH Terminal Service Configuration When the two commands are configured simultaneously, and the authentication types configured for the user (specified by username) are different from each other, comply with the configuration of the ssh user username authentication-type command.

  • Page 828: Configuring An Ssh Client

    Operation Manual – SSH Terminal Service H3C S7500 Series Ethernet Switches Chapter 1 SSH Terminal Service Configuration VI. Configuring client public keys You can configure RSA public keys for client users on the switch and specify RSA private keys, which correspond to the public keys, on the client. The client public keys are generated randomly by the SSH2.0 client software.

  • Page 829: Displaying Ssh Configuration

    Operation Manual – SSH Terminal Service H3C S7500 Series Ethernet Switches Chapter 1 SSH Terminal Service Configuration To do... Use the command... Remarks — Enter system view system-view Required ssh2 { host-ip | host-name } You can use this [ port-num ] [ prefer_kex...

  • Page 830: Ssh Server Configuration Example

    Operation Manual – SSH Terminal Service H3C S7500 Series Ethernet Switches Chapter 1 SSH Terminal Service Configuration Table 1-8 Display SSH configuration To do... Use the command... Remarks Display the public keys of the host key pair and the server...
  • Page 831 Operation Manual – SSH Terminal Service H3C S7500 Series Ethernet Switches Chapter 1 SSH Terminal Service Configuration Set authentication type. Settings for the two authentication types are described respectively in the following section: Password authentication # Set AAA authentication on the user interfaces.

  • Page 832: Ssh Client Configuration Example

    [H3C-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125 [H3C-rsa-key-code] public-key-code end [H3C-rsa-public-key] peer-public-key end [H3C] ssh user client002 assign rsa-key H3C002 # Start the SSH client software on the host which stores the RSA private keys and perform corresponding configurations to establish an SSH connection. 1.1.6 SSH Client Configuration Example I.
  • Page 833 Trying 10.165.87.136 ... Press CTRL+K to abort Connected to 10.165.87.136 ... Enter password: ************************************************************************** * Copyright(c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ************************************************************************** <H3C>...

  • Page 834: Sftp Service

    Trying 10.165.87.136... Press CTRL+K to abort Connected to 10.165.87.136... ************************************************************************** * Copyright(c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ************************************************************************** <H3C>...

  • Page 835: Sftp Client Configuration

    Operation Manual – SSH Terminal Service H3C S7500 Series Ethernet Switches Chapter 1 SSH Terminal Service Configuration Note: For SFTP login users, it is necessary to set their service type to sftp or all. II. Enabling the SFTP server Table 1-10 Enable the SFTP server To do...
  • Page 836 Operation Manual – SSH Terminal Service H3C S7500 Series Ethernet Switches Chapter 1 SSH Terminal Service Configuration Command To do... View Remarks Key word Rename a file on the rename SFTP server Download a file from the remote SFTP server...
  • Page 837 Operation Manual – SSH Terminal Service H3C S7500 Series Ethernet Switches Chapter 1 SSH Terminal Service Configuration To do... Use the command... Remarks The three commands Disable the SFTP client exit have the same function. quit III. Operating with SFTP directories SFTP directory-related operations include: changing or displaying the current directory, creating or deleting a directory, and displaying files or information of a specific directory.

  • Page 838: Sftp Configuration Example

    Operation Manual – SSH Terminal Service H3C S7500 Series Ethernet Switches Chapter 1 SSH Terminal Service Configuration Table 1-15 Operate with SFTP files To do... Use the command... Remarks Enter system view system-view sftp { host-ip | Enter SFTP client view...
  • Page 839 Operation Manual – SSH Terminal Service H3C S7500 Series Ethernet Switches Chapter 1 SSH Terminal Service Configuration II. Network diagram Switch B Switch A SFTP Server SFTP Client IP address: 10.111.27.91/24 Figure 1-3 Network diagram for SFTP configuration III. Configuration procedure Configure Switch B (SFTP server) # Enable the SFTP server.
  • Page 840 Operation Manual – SSH Terminal Service H3C S7500 Series Ethernet Switches Chapter 1 SSH Terminal Service Configuration New directory created sftp-client> dir -rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg -rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2...
  • Page 841 Operation Manual – File System Management H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 File System Management.................... 1-1 1.1 File System Configuration....................1-1 1.1.1 Introduction to File System..................1-1 1.1.2 CF Card Configuration .................... 1-2 1.1.3 File System Configuration Tasks ................

  • Page 842: Chapter 1 File System Management

    (for example, deleting and overwriting files). Note: S7500 series switches support SRPU switchover. Both the primary and the secondary SRPU have file system built in for you to manipulate the files on the both SRPUs. Note that the URL of a file on the secondary SRPU must begin with slot[No.]#flash:/, where No.

  • Page 843: Cf Card Configuration

    Operation Manual – File System Management H3C S7500 Series Ethernet Switches Chapter 1 File System Management 1.1.2 CF Card Configuration By installing a CF (compact flash) card in the compact flash slot of a SRPU of an S7500 switch, you can extend the memory space of the switch.

  • Page 844: File-Related Operations

    Operation Manual – File System Management H3C S7500 Series Ethernet Switches Chapter 1 File System Management Displaying the information about the files or the directories in the current directory or a specified directory Entering a directory or switching to another storage device Perform the following operations to perform directory-related configuration: To do...
  • Page 845 Operation Manual – File System Management H3C S7500 Series Ethernet Switches Chapter 1 File System Management To do... Use the command... Remarks Optional A deleted file can be restored if you delete it by executing the delete delete [ /unreserved ]...

  • Page 846: Storage Device-Related Operations

    Operation Manual – File System Management H3C S7500 Series Ethernet Switches Chapter 1 File System Management Caution: For files deleted with the /unreserved keyword not specified and with the same names, only the latest deleted file can be restored. The files which are deleted using the delete command with the /unreserved keyword not specified are actually moved to the recycle bin and thus still take storage space.

  • Page 847: File System Configuration Example

    Operation Manual – File System Management H3C S7500 Series Ethernet Switches Chapter 1 File System Management To do... Use the command... Remarks — Enter system view system-view Required Set the file system prompt file prompt { alert | By default, the file system...
  • Page 848 Operation Manual – File System Management H3C S7500 Series Ethernet Switches Chapter 1 File System Management drw- Apr 16 2006 11:18:17 drw- Apr 10 2005 19:07:59 -rw- 11779 Apr 05 2006 10:23:03 test.bak -rw- 19307 Apr 16 2006 11:15:55 1.txt...
  • Page 849 Operation Manual – File System Management H3C S7500 Series Ethernet Switches Chapter 1 File System Management temperature-limit 3 10 70 ……(Omitted)

  • Page 850: Ftp And Tftp

    Operation Manual – FTP and TFTP H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 FTP and TFTP Configuration ..................1-1 1.1 FTP Configuration......................1-1 1.1.1 Introduction to FTP....................1-1 1.1.2 FTP Configuration: A Switch Functioning as an FTP Server ........1-3 1.1.3 Configuration Example: A Switch Functioning as an FTP Server......

  • Page 851: Chapter 1 Ftp And Tftp Configuration

    Operation Manual – FTP and TFTP H3C S7500 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration Chapter 1 FTP and TFTP Configuration 1.1 FTP Configuration 1.1.1 Introduction to FTP The File Transfer Protocol (FTP) is commonly used in IP-based networks to transmit files.
  • Page 852 Operation Manual – FTP and TFTP H3C S7500 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration Table 1-1 Configurations needed when a switch functions as an FTP server Device Configuration Default Description You can run the display ftp-server The FTP server...

  • Page 853: Ftp Configuration: A Switch Functioning As An Ftp Server

    Operation Manual – FTP and TFTP H3C S7500 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration Device Configuration Default Description Enable the FTP server, and configure user FTP server — — names, passwords, and the corresponding rights 1.1.2 FTP Configuration: A Switch Functioning as an FTP Server I.

  • Page 854: Configuration Example: A Switch Functioning As An Ftp Server

    Operation Manual – FTP and TFTP H3C S7500 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration Note: Only one user can access an S7500 switch at a time when the switch functions as an FTP server. FTP services are implemented in this way: An FTP client sends FTP requests to the FTP server.
  • Page 855 Operation Manual – FTP and TFTP H3C S7500 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration Configure the IP address 1.1.1.1 for a VLAN interface on the switch, and 2.2.2.2 for the PC. Ensure that the switch and the PC are reachable to each other.
  • Page 856 The H3C Series Switches are not loaded with FTP client applications. You need to purchase and install them separately.

  • Page 857: Ftp Configuration: A Switch Functioning As An Ftp Client

    Operation Manual – FTP and TFTP H3C S7500 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration Note: For information about the boot boot-loader command and how to specify the startup file for a switch, refer to the “System Maintenance and Debugging” part of this manual.

  • Page 858: Configuration Example: A Switch Functioning As An Ftp Client

    Operation Manual – FTP and TFTP H3C S7500 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration To do… Use the command… Remarks ls [ remotefile ] Query a specified remote file Optional [ localfile ] get remotefile Download a remote file...
  • Page 859 Operation Manual – FTP and TFTP H3C S7500 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration II. Network diagram Network Network Network Network Switch Switch Figure 1-3 Network diagram for FTP configuration III. Configuration procedure Perform FTP server–related configurations on the PC, that is, create a user account on the FTP server with user name “switch”...

  • Page 860: Tftp Configuration

    Operation Manual – FTP and TFTP H3C S7500 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration # Run the put command to upload the configuration file named config.cfg to the FTP server. [ftp] put config.cfg # Run the get command to download the file named switch.bin to the flash of the switch.

  • Page 861: Tftp Configuration

    Operation Manual – FTP and TFTP H3C S7500 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration Note: Before performing TFTP-related configurations, you need to configure IP addresses of the TFTP client and the TFTP server, and make sure that they are reachable to each other .

  • Page 862: Tftp Configuration Example

    Operation Manual – FTP and TFTP H3C S7500 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration To do… Use the command… Remarks Download a file through tftp { cluster | tftp-server } get Optional TFTP source-file [ dest-file ]...
  • Page 863 Operation Manual – FTP and TFTP H3C S7500 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration Caution: If the available space of the flash of the switch is not enough to hold the file to be uploaded, you need to delete the existing applications in the flash and then upload new applications to the flash of the switch.

  • Page 864: Information Center

    Operation Manual – Information Center H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Information Center....................... 1-1 1.1 Information Center Overview ..................... 1-1 1.2 Information Center Configuration..................1-5 1.2.1 Enabling Information Output to a Log Host............. 1-6 1.2.2 Enabling Information Output to the Console ............

  • Page 865: Chapter 1 Information Center

    Combined with the debugging program (debugging commands), it provides powerful support for network administrators and developers in network operation monitoring and fault diagnosis. Information items output by the S7500 Series Ethernet Switches are presented in the following format: <priority>timestamp sysname module/level/digest:content Here, angle brackets “<>”, spaces, slashes “/”...
  • Page 866 Operation Manual – Information Center H3C S7500 Series Ethernet Switches Chapter 1 Information Center You can modify the host name using the sysname command. Refer to “System Maintaining and Debugging” part of the manual for detailed operations. Note that a space separates the host name and module name.
  • Page 867 Operation Manual – Information Center H3C S7500 Series Ethernet Switches Chapter 1 Information Center Module name Description FTPS FTP server module High availability module HABP Huawei authentication bypass protocol module HTTPD HTTP server module HWCM Huawei Configuration Management private MIB module...
  • Page 868 Operation Manual – Information Center H3C S7500 Series Ethernet Switches Chapter 1 Information Center Module name Description RMON Remote monitor module IPX routing module RRPP Rapid ring protection protocol module Revest, Shamir and Adleman encryption module L3+ plug-in card traffic accounting module...

  • Page 869: Information Center Configuration

    Operation Manual – Information Center H3C S7500 Series Ethernet Switches Chapter 1 Information Center the information with a severity level greater than the defined threshold will not be output. Therefore, when the severity threshold is set to “debugging”, all information will be output.

  • Page 870: Enabling Information Output To A Log Host

    Operation Manual – Information Center H3C S7500 Series Ethernet Switches Chapter 1 Information Center Table 1-3 Information channel names and numbers Output direction Channel number Default channel name Console console Monitor terminal monitor Log host loghost Trap buffer trapbuffer Log buffer...

  • Page 871: Enabling Information Output To The Console

    Operation Manual – Information Center H3C S7500 Series Ethernet Switches Chapter 1 Information Center To do... Use the command... Remarks Required By default, the switch does not output information to the log host. info-center loghost After you configure the host-ip-addr [ channel...
  • Page 872 Operation Manual – Information Center H3C S7500 Series Ethernet Switches Chapter 1 Information Center To do... Use the command... Remarks Enter system view system-view — Optional Enable the info-center enable By default, the information information center center is enabled. Required...

  • Page 873: Enabling Information Output To A Monitor Terminal

    Operation Manual – Information Center H3C S7500 Series Ethernet Switches Chapter 1 Information Center Use the To do... Remarks command... Optional Enable trap information By default, trap information terminal trapping terminal display function terminal display is enabled for terminal users.

  • Page 874: Enabling Information Output To The Log Buffer

    Operation Manual – Information Center H3C S7500 Series Ethernet Switches Chapter 1 Information Center Note: When there are multiple Telnet users or dumb terminal users, some configuration parameters (including module-based filtering, language and severity level threshold) are shared among the users. In this case, any change of the settings made by a user will also be reflected on all other user terminals.

  • Page 875: Enabling Information Output To The Trap Buffer

    Operation Manual – Information Center H3C S7500 Series Ethernet Switches Chapter 1 Information Center To do... Use the command... Remarks Enter system view system-view — Optional Enable the info-center enable By default, the information information center center is enabled. Optional...

  • Page 876: Enabling Information Output To The Snmp

    Operation Manual – Information Center H3C S7500 Series Ethernet Switches Chapter 1 Information Center To do... Use the command... Remarks Optional info-center trapbuffer By default, the switch uses Enable [channel { channel-number | information channel 3 to information output channel-name } | size...

  • Page 877: Displaying And Maintaining Information Center Configuration

    Operation Manual – Information Center H3C S7500 Series Ethernet Switches Chapter 1 Information Center To do... Use the command... Remarks info-center source { modu-name | default } Define an channel information { channel-number | Required source channel-name } [ { log |...

  • Page 878: Information Center Configuration Examples

    [H3C] info-center loghost 202.38.1.10 facility local4 language english [H3C] info-center source arp channel loghost log level informational debug state off trap state off [H3C] info-center source ip channel loghost log level informational debug state off trap state off Configure the log host:...
  • Page 879 Operation Manual – Information Center H3C S7500 Series Ethernet Switches Chapter 1 Information Center The operations here are performed on SunOS 4.0. The operations on other manufacturers' Unix operation systems are similar. Step 1: Execute the following commands as a superuser (root user).

  • Page 880: Log Output To A Linux Log Host

    English. Permit all modules to output information with a severity higher than “error” to the log host. [H3C] info-center loghost 202.38.1.10 facility local7 language english [H3C] info-center source default channel loghost log level errors debug state off trap state off Configure the log host: Step 1: Execute the following commands as a superuser (root user).

  • Page 881: Log Output To The Console

    Operation Manual – Information Center H3C S7500 Series Ethernet Switches Chapter 1 Information Center Note: Note the following items when you edit file “/etc/syslog.conf”. A note must start in a new line following a “#" sign. In each pair, a tab rather than a space should be used to separate the pair.
  • Page 882 # Enable log information output to the console. Permit ARP and IP modules to output information with a severity higher than “informational” to the console. [H3C] info-center console channel console [H3C] info-center source arp channel console log level informational [H3C] info-center source ip channel console log level informational # Enable terminal display.
  • Page 883 Operation Manual – DNS H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 DNS Configuration....................... 1-1 1.1 DNS Overview ........................1-1 1.1.1 Static DNS Resolution..................... 1-1 1.1.2 Dynamic DNS Resolution..................1-1 1.2 Configuring Static Domain Name Resolution ..............1-3 1.3 Configuring Dynamic Domain Name Resolution ...............

  • Page 884: Chapter 1 Dns Configuration

    Operation Manual – DNS H3C S7500 Series Ethernet Switches Chapter 1 DNS Configuration Chapter 1 DNS Configuration When configuring DNS, go to these sections for information you are interested in: DNS Overview Configuring Static Domain Name Resolution Configuring Dynamic Domain Name Resolution...
  • Page 885 Operation Manual – DNS H3C S7500 Series Ethernet Switches Chapter 1 DNS Configuration result (either successful or failed) is found. Finally, the resolution result is returned to the DNS client. The DNS client performs the next operation according to the result.

  • Page 886: Configuring Static Domain Name Resolution

    DNS lookup first. If the lookup fails, the resolver adds a DNS suffix for another lookup. Currently, the S7500 Series Ethernet Switches support both static and dynamic domain name resolution on the DNS client. 1.2 Configuring Static Domain Name Resolution Follow these steps to configure static domain name resolution: To do…...

  • Page 887: Dns Configuration Example

    Operation Manual – DNS H3C S7500 Series Ethernet Switches Chapter 1 DNS Configuration Note: You can configure up to 6 DNS servers and 10 DNS suffixes. 1.3.2 DNS Configuration Example I. Network requirements As shown in Figure 1-2, a switch is used as a DNS client with dynamic DNS resolution.

  • Page 888: Displaying And Maintaining Dns Configuration

    Operation Manual – DNS H3C S7500 Series Ethernet Switches Chapter 1 DNS Configuration [H3C] dns domain com Ping host on the switch to verify the configuration and the corresponding IP address (it should be 3.1.1.1). 1.4 Displaying and Maintaining DNS Configuration To do…...
  • Page 889 Operation Manual – System Maintenance and Debugging H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Boot ROM and Host Software Loading ..............1-1 1.1 Introduction to Loading Approaches .................. 1-1 1.2 Local Software Loading ..................... 1-1 1.2.1 Boot Menu .......................
  • Page 890 Operation Manual – System Maintenance and Debugging H3C S7500 Series Ethernet Switches Table of Contents 4.2.5 Specifying the APP to be Adopted at Reboot ............4-3 4.2.6 Updating the Boot ROM ..................4-4 4.2.7 Upgrading Boot ROM along with the Upgrade of ARP ........... 4-4 4.2.8 Setting Card Temperature Threshold ..............

  • Page 891: Chapter 1 Boot Rom And Host Software Loading

    Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S7500 Series Ethernet Switches Loading Chapter 1 Boot ROM and Host Software Loading Traditionally, the loading of switch software is accomplished through a serial port. This approach is slow, inconvenient, and cannot be used for remote loading.

  • Page 892: Boot Menu

    1.2.1 Boot Menu Starting..RAMLine..OK System is booting..***..****************************************** H3C S7506 BOOTROM, Version 530 ****************************************** Copyright(c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. Creation date : Apr 2 2007, 20:08:58 CPU type : MPC8245 CPU Clock Speed : 300Mhz BUS Clock Speed : 33Mhz...

  • Page 893: Loading Software Using Xmodem Through Console Port

    Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S7500 Series Ethernet Switches Loading Press Ctrl+B to enter Boot Menu... 0 Press <Ctrl+B>. The system displays: Password : Note: To enter the Boot Menu, you should press <Ctrl+B> within five seconds after the information “Press Ctrl-B to enter Boot Menu...”...
  • Page 894 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S7500 Series Ethernet Switches Loading II. Loading Boot ROM software Follow these steps to load the Boot ROM software: Step 1: At the prompt "Enter your choice(0-5):" in the Boot Menu, press <Ctrl+U>, and then press <Enter>...
  • Page 895 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S7500 Series Ethernet Switches Loading Note: If you have chosen 9600 bps as the download baud rate, you need not modify the HyperTerminal’s baud rate, and therefore you can skip Step 4 and 5 below and proceed to Step 6 directly.
  • Page 896 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S7500 Series Ethernet Switches Loading Figure 1-2 Console port configuration dialog box Step 5: Click the <Disconnect> button to disconnect the HyperTerminal from the switch and then click the <Connect>...
  • Page 897 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S7500 Series Ethernet Switches Loading Now please start transfer file with XMODEM protocol. If you want to exit, Press <Ctrl+X>. Loading ...CCCCCCCCCC Step 7: Choose [Transfer/Send File] in the HyperTerminal’s window, and click <Browse>...

  • Page 898: Loading Software Using Tftp Through Ethernet Port

    Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S7500 Series Ethernet Switches Loading Bootrom updating........done! Note: If the HyperTerminal’s baud rate is not reset to 9600 bps, the system prompts "Your baudrate should be set to 9600 bps again! Press enter key when ready".
  • Page 899 Step 2: Run the TFTP server program on the TFTP server, and specify the path of the program to be downloaded. Caution: TFTP server program is not provided with the H3C Series Ethernet Switches. Step 3: Run the HyperTerminal program on the configuration PC. Start the switch. Then enter the Boot Menu.

  • Page 900: Loading Software Using Ftp Through Ethernet Port

    Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S7500 Series Ethernet Switches Loading Loading........done Bootrom updating..done! III. Loading host software Follow these steps to load the host software. Step 1: Select <1> in Boot Menu and press <Enter>. The system displays the following information: 1.
  • Page 901 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S7500 Series Ethernet Switches Loading Switch Console port Ethernet port FTP Client FTP Serve Figure 1-7 Local loading using FTP client Step 1: As shown in...

  • Page 902: Remote Software Loading

    Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S7500 Series Ethernet Switches Loading Prepare for loading...OK! Loading........done Bootrom updating..done! Loading host software Follow these steps to load the host software: Step 1: Select <1> in Boot Menu and press <Enter>. The system displays the following information: 1.
  • Page 903 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S7500 Series Ethernet Switches Loading Switch Ethernet port 10.1.1 .1 Internet FTP Client FTP Serve Figure 1-8 Remote loading using FTP Step 1: Download the software to the switch using FTP commands.
  • Page 904 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S7500 Series Ethernet Switches Loading Note: Before restarting the switch, make sure you have saved all other configurations that you want, so as to avoid losing configuration information.
  • Page 905 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S7500 Series Ethernet Switches Loading Note: You can configure the IP address for any VLAN on the switch for FTP transmission. However, before configuring the IP address for a VLAN interface, you have to make sure whether the IP addresses of this VLAN and PC are routable.
  • Page 906 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S7500 Series Ethernet Switches Loading Step 5: Enter cd in the interface to switch to the path that the Boot ROM upgrade file is to be stored, and assume the name of the path is “D:\Bootrom”, as shown in Figure 1-11.
  • Page 907 Operation Manual – System Maintenance and Debugging Chapter 1 Boot ROM and Host Software H3C S7500 Series Ethernet Switches Loading Step 7: Use the put command to upload the file s7500.btm to the switch, as shown in Figure 1-13. Figure 1-13 Upload file s7500.btm to the switch Step 8: Configure s7500.btm to be the Boot ROM at reboot, and then restart the switch.

  • Page 908: Remote Loading Using Tftp

    To keep the software of SRPU and LPU identical, you need to restart the LPU after you upgrade the host software of the SRPU of the S7500 series Ethernet switches. S7506R switches feature the double SRPUs and active-standby switchover function.

  • Page 909: Chapter 2 Basic System Configuration And Debugging

    Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration and H3C S7500 Series Ethernet Switches Debugging Chapter 2 Basic System Configuration and Debugging When configuring basic system configuration and debugging, go to these sections for information you are interested in:...

  • Page 910: Setting The System Name Of The Switch

    Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration and H3C S7500 Series Ethernet Switches Debugging 2.1.3 Setting the System Name of the Switch To do… Use the command… Remarks Enter system view system-view — Optional Set the system name of...

  • Page 911: Setting The Cli Language Mode

    Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration and H3C S7500 Series Ethernet Switches Debugging To do… Use the command… Remarks clock summer-time zone-name one-off start-time start-date end-time end-date offset-time Set the name and Optional clock summer-time zone-name...

  • Page 912: Displaying The System Status

    Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration and H3C S7500 Series Ethernet Switches Debugging 2.2 Displaying the System Status To do… Use the command… Remarks Display the current date display clock and time of the system...
  • Page 913 Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration and H3C S7500 Series Ethernet Switches Debugging Debugging information Debugging information Protocol debugging switches Protocol debugging switches Terminal display switches Terminal display switches Figure 2-1 Debugging information outpu You can use the following commands to operate the two kinds of switches.

  • Page 914: Displaying Debugging Status

    Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration and H3C S7500 Series Ethernet Switches Debugging 2.3.2 Displaying Debugging Status To do… Use the command… Remarks display debugging Display all enabled You can execute the [ interface interface-type...

  • Page 915: Chapter 3 Network Connectivity Test

    Operation Manual – System Maintenance and Debugging H3C S7500 Series Ethernet Switches Chapter 3 Network Connectivity Test Chapter 3 Network Connectivity Test When configuring network connectivity test, go to these sections for information you are interested in: ping tracert 3.1 Network Connectivity Test 3.1.1 ping...
  • Page 916 Operation Manual – System Maintenance and Debugging H3C S7500 Series Ethernet Switches Chapter 3 Network Connectivity Test the source host resends the packet with the TTL of 2, and the second hop device also returns an ICMP TTL timeout message. This procedure goes on and on until the packet gets to the destination.

  • Page 917: Chapter 4 Device Management

    Operation Manual – System Maintenance and Debugging H3C S7500 Series Ethernet Switches Chapter 4 Device Management Chapter 4 Device Management When configuring device management, go to these sections for information you are interested in: Introduction to Device Management Device Management Configuration...

  • Page 918: Device Management Configuration

    Operation Manual – System Maintenance and Debugging H3C S7500 Series Ethernet Switches Chapter 4 Device Management maintain and manage your physical device, and restart the system when some functions of the system are abnormal. 4.2 Device Management Configuration 4.2.1 Device Management Configuration Task List...

  • Page 919: Rebooting A Card Of Ethernet Switch

    The S7500 series Ethernet switches feature double SRPUs. When both the active and standby SRPUs need to be upgraded, you need to specify the APP file used for the next startup for the active SRPU and the standby SRPU respectively.

  • Page 920: Updating The Boot Rom

    Operation Manual – System Maintenance and Debugging H3C S7500 Series Ethernet Switches Chapter 4 Device Management To do… Use the command… Remarks boot boot-loader Optional Specify the APP to be { primary | backup } adopted at reboot Available in user view file-url 4.2.6 Updating the Boot ROM...

  • Page 921: Setting Card Temperature Threshold

    Operation Manual – System Maintenance and Debugging H3C S7500 Series Ethernet Switches Chapter 4 Device Management Caution: If you do not specify the slot number to upgrade in the boot bootrom command, the system will upgrade all the cards working normally by default.

  • Page 922: Configuring Pause Frame Protection Mechanism

    Operation Manual – System Maintenance and Debugging H3C S7500 Series Ethernet Switches Chapter 4 Device Management To do… Use the command… Remarks Enter system view system-view — Required Enable system load loadsharing enable By default, system load sharing function sharing is disabled.

  • Page 923: Pause Frame Protection Mechanism Configuration Example

    Operation Manual – System Maintenance and Debugging H3C S7500 Series Ethernet Switches Chapter 4 Device Management 4.3.2 Pause Frame Protection Mechanism Configuration Example I. Network requirements Enable pause frame protection mechanism on the card in Slot 7 of the switch.

  • Page 924: Layer 3 Connectivity Detection Configuration Example

    Operation Manual – System Maintenance and Debugging H3C S7500 Series Ethernet Switches Chapter 4 Device Management To do… Use the command… Remarks Enter system view system-view — Enter Ethernet interface interface interface-type — view interface-number Enable Layer 3 uplink monitor ip...

  • Page 925: Queue Traffic Monitoring Configuration Example

    Operation Manual – System Maintenance and Debugging H3C S7500 Series Ethernet Switches Chapter 4 Device Management To do… Use the command… Remarks Enter system view system-view — Required Enable queue traffic qe monitor enable This function is enabled by monitoring default.

  • Page 926: Error Packets Monitoring Configuration Example

    Operation Manual – System Maintenance and Debugging H3C S7500 Series Ethernet Switches Chapter 4 Device Management To do… Use the command… Remarks Enter Ethernet interface interface interface-type — view interface-number Required. If you specify the keyword all in the command, the...

  • Page 927: Displaying The Device Management Configuration

    Operation Manual – System Maintenance and Debugging H3C S7500 Series Ethernet Switches Chapter 4 Device Management 4.7 Displaying the Device Management Configuration After the above configurations, you can execute the display command in any view to display the operating status of the device management to verify the configuration effects.
  • Page 928 Operation Manual – System Maintenance and Debugging H3C S7500 Series Ethernet Switches Chapter 4 Device Management The host software switch.app and the Boot ROM file boot.btm of the switch are stored into the directory of the switch. Use FTP to download the switch.app and boot.btm files from the FTP server to the switch.
  • Page 929 Operation Manual – System Maintenance and Debugging H3C S7500 Series Ethernet Switches Chapter 4 Device Management Trying ... Press CTRL+K to abort Connected. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(none):switch 331 Give me your password, please...
  • Page 930 Operation Manual – HWPing H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 HWPing Configuration ....................1-1 1.1 Introduction to HWPing ...................... 1-1 1.2 HWPing Configuration ....................... 1-1 1.2.1 Introduction to HWPing Configuration..............1-1 1.2.2 Configuring HWPing....................1-2 1.2.3 Displaying HWPing Configuration ................

  • Page 931: Chapter 1 Hwping Configuration

    Operation Manual – HWPing H3C S7500 Series Ethernet Switches Chapter 1 HWPing Configuration Chapter 1 HWPing Configuration When configuring HWPing, go to these sections for information you are interested in: Introduction to HWPing HWPing Configuration 1.1 Introduction to HWPing HWPing is a network diagnostic tool used to test the performance of protocols (only ICMP by far) operating on network.

  • Page 932: Configuring Hwping

    (the -t keyword in the ping command is in ms, while the timeout time in the HWPing command is in seconds). Note: The H3C S7500 Series Ethernet Switches support up to five test groups simultaneously. 1.2.2 Configuring HWPing...

  • Page 933: Displaying Hwping Configuration

    Operation Manual – HWPing H3C S7500 Series Ethernet Switches Chapter 1 HWPing Configuration Use the To do... Remarks command... Required Configure the destination-ip destination IP By default, no destination ip-address address of the test IP address is configured. Optional Configure the type...
  • Page 934 Operation Manual – HWPing H3C S7500 Series Ethernet Switches Chapter 1 HWPing Configuration [H3C] hwping-agent enable # Create a HWPing test group, with the administrator name of administrator and the test tag of icmp. [H3C] hwping administrator icmp # Specify the test type as ICMP.
  • Page 935 Operation Manual – HWPing H3C S7500 Series Ethernet Switches Chapter 1 HWPing Configuration 2004-11-25 16:28:55.0 2004-11-25 16:28:55.9 2004-11-25 16:28:55.9 Refer to HWPing Command for the detailed information.
  • Page 936 1.1.2 RRPP Packet Type ....................1-4 1.1.3 Basic Principles of RRPP..................1-5 1.1.4 Typical Networking of RRPP................... 1-5 1.1.5 RRPP on H3C S7500 Series Ethernet Switches ............ 1-7 1.2 Master Node Configuration....................1-8 1.2.1 Master Node Configuration Tasks................1-8 1.2.2 Master Node Configuration Example ..............1-9 1.3 Transit Node Configuration....................

  • Page 937: Chapter 1 Rrpp Configuration

    Operation Mannual – RRPP H3C S7500 Series Ethernet Switches Chapter 1 RRPP Configuration Chapter 1 RRPP Configuration When performing RRPP configuration, go to these sections for information you are interested in: RRPP Overview Master Node Configuration Transit Node Configuration Edge Node Configuration...
  • Page 938 Operation Mannual – RRPP H3C S7500 Series Ethernet Switches Chapter 1 RRPP Configuration I. Domain A domain consists of switches with the same domain ID and control VLAN. A domain can consist of multiple Ethernet rings, only one of which is the primary ring and the others are subrings.
  • Page 939 Operation Mannual – RRPP H3C S7500 Series Ethernet Switches Chapter 1 RRPP Configuration 1. Switch B and Switch C are edge nodes because they are both on ring 2. You can specify one of them as an edge node, and the other as an assistant edge node.

  • Page 940: Rrpp Packet Type

    Operation Mannual – RRPP H3C S7500 Series Ethernet Switches Chapter 1 RRPP Configuration VII. MAC address FDB The Layer 2 forwarding database (FDB) on a switch is updated through the source MAC address auto-learning function of the switch. VIII. Timer Two timers, Hello timer and Fail timer, are involved when the master node sends and receives RRPP packets.

  • Page 941: Basic Principles Of Rrpp

    Operation Mannual – RRPP H3C S7500 Series Ethernet Switches Chapter 1 RRPP Configuration 1.1.3 Basic Principles of RRPP I. Link DOWN notification mechanism When detecting a port in the RRPP domain is down, a transit node sends the LINK DOWN packet immediately to the master node. After receiving the LINK DOWN packet,...
  • Page 942 Operation Mannual – RRPP H3C S7500 Series Ethernet Switches Chapter 1 RRPP Configuration I. Single ring network Domain 1 Switch A Switch B Transit node Master node Ring 1 Transit node Transit node Switch C Switch D Figure 1-2 Single ring network There is only one ring in the network topology.

  • Page 943: Rrpp On H3C S7500 Series Ethernet Switches

    Salience III, Salience III Plus, and Salience III Edge) are used. Besides, BootROM version 527 (or later) is used. For H3C S7502 switches, the CPLD version of the SRPU is not lower than 005. The CPLD version of the LPUs is not lower than 005.

  • Page 944: Master Node Configuration

    Ethernet switches, refer to H3C S7500 Series Ethernet Switches Installation Manual. For information about the chassis, SRPU, and LPU of H3C S7502 Ethernet switch, refer to H3C S7502 Ethernet Switch Installation Manual. As for the above-mentioned ports, to make RRPP-related configuration to take effect, you need also to make sure that: The ports are Trunk ports and permit packets of data VLANs.

  • Page 945: Master Node Configuration Example

    Operation Mannual – RRPP H3C S7500 Series Ethernet Switches Chapter 1 RRPP Configuration To do… Use the command… Remarks Return to system — quit view Enable the RRPP rrpp enable Required protocol Display the brief information of all RRPP domains...

  • Page 946: Transit Node Configuration

    Set the Hello timer and Fail time to 2 seconds and 7 seconds respectively. II. Configuration procedure <H3C> system-view [H3C] rrpp domain 1 [H3C-rrpp-domain1] control-vlan 4092 [H3C-rrpp-domain1] ring 1 node-mode master primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2 level 0 [H3C-rrpp-domain1] timer hello-timer 2 fail-timer 7 [H3C-rrpp-domain1] ring 1 enable [H3C-rrpp-domain-1] quit...

  • Page 947: Transit Node Configuration Example

    Operation Mannual – RRPP H3C S7500 Series Ethernet Switches Chapter 1 RRPP Configuration To do… Use the command… Remarks Display the brief information of all RRPP display rrpp brief domains configured on the switch Optional. Display RRPP display rrpp verbose...

  • Page 948: Edge Node Configuration

    Chapter 1 RRPP Configuration II. Configuration procedure <H3C> system-view [H3C] rrpp domain 1 [H3C-rrpp-domain1] control-vlan 4092 [H3C-rrpp-domain1] ring 1 node-mode transit primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2 level 0 [H3C-rrpp-domain1] ring 1 enable [H3C-rrpp-domain1] quit [H3C] rrpp enable [H3C] display rrpp brief...

  • Page 949: Edge Node Configuration Example

    Operation Mannual – RRPP H3C S7500 Series Ethernet Switches Chapter 1 RRPP Configuration To do… Use the command… Remarks Display the brief information of all RRPP display rrpp brief domains configured on the switch Optional. Display RRPP display rrpp verbose...

  • Page 950: Assistant Edge Node Configuration

    <H3C> system-view [H3C] rrpp domain 1 [H3C-rrpp-domain1] control-vlan 4092 [H3C-rrpp-domain1] ring 1 node-mode transit primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2 level 0 [H3C-rrpp-domain1] ring 2 node-mode edge common-port GigabitEthernet 2/0/2 edge-port GigabitEthernet 2/0/4 [H3C-rrpp-domain1] ring 1 enable [H3C-rrpp-domain1] ring 2 enable [H3C-rrpp-domain1] quit...
  • Page 951 Operation Mannual – RRPP H3C S7500 Series Ethernet Switches Chapter 1 RRPP Configuration To do… Use the command… Remarks Enable the primary ring ring ring-id enable Required Enable the subring ring ring-id enable Required Return to system view quit —...

  • Page 952: Assistant Edge Node Configuration Example

    GigabitEthernet 2/0/2 as the common port, and the port GigabitEthernet 2/0/4 as the edge port. II. Configuration procedure <H3C> system-view [H3C] rrpp domain 1 [H3C-rrpp-domain1] control-vlan 4092 [H3C-rrpp-domain1] ring 1 node-mode transit primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2 level 0 [H3C-rrpp-domain1] ring node-mode assistant-edge...
  • Page 953 Figure 1-5 Network diagram for single ring topology III. Configuration procedure Configure Switch A <H3C> system-view [H3C] rrpp domain 1 [H3C-rrpp-domain1] control-vlan 4092 [H3C-rrpp-domain1] ring 1 node-mode master primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2 level 0 [H3C-rrpp-domain1] ring 1 enable [H3C-rrpp-domain1] quit [H3C] rrpp enable Configure Switch B <H3C>...

  • Page 954: Intersectant Ring Network Configuration Example

    [H3C] rrpp enable Configure Switch D <H3C> system-view [H3C] rrpp domain 1 [H3C-rrpp-domain1] control-vlan 4092 [H3C-rrpp-domain1] ring 1 node-mode transit primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2 level 0 [H3C-rrpp-domain1] ring 1 enable [H3C-rrpp-domain1] quit [H3C] rrpp enable After the configuration, you can use the display command to view the RRPP configuration and packet statistics.
  • Page 955 <H3C> system-view [H3C] rrpp domain 1 [H3C-rrpp-domain1] control-vlan 4092 [H3C-rrpp-domain1] ring 1 node-mode transit primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2 level 0 [H3C-rrpp-domain1] ring 2 node-mode edge common-port GigabitEthernet 2/0/2 edge-port GigabitEthernet 2/0/3 [H3C-rrpp-domain1] ring 1 enable [H3C-rrpp-domain1] ring 2 enable [H3C-rrpp-domain1] quit...
  • Page 956 Operation Mannual – RRPP H3C S7500 Series Ethernet Switches Chapter 1 RRPP Configuration [H3C-rrpp-domain1] control-vlan 4092 [H3C-rrpp-domain1] ring 1 node-mode transit primary-port GigabitEthernet2/0/1 secondary-port GigabitEthernet2/0/2 level 0 [H3C-rrpp-domain-1] ring node-mode assistant-edge common-port GigabitEthernet 2/0/1 edge-port GigabitEthernet 2/0/3 [H3C-rrpp-domain1] ring 1 enable...
  • Page 957 Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 NAT Configuration....................... 1-1 1.1 NAT Overview........................1-1 1.2 NAT Features........................1-3 1.2.1 NAT and NAT Control ..................... 1-3 1.2.2 NAPT........................1-4 1.2.3 Easy IP ........................
  • Page 958 Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Table of Contents 3.2 Configuring Policy Routing ....................3-1 3.3 Displaying Policy Routing Configuration................3-2 3.4 Policy Routing Configuration Example ................3-3 3.4.1 Configuration Example.................... 3-3...

  • Page 959: Chapter 1 Nat Configuration

    Displaying NAT Configuration NAT Configuration Example Note: Currently, the LS81VSNP boards installed in S7500 series switches support the NAT feature. In this manual, the LS81VSNP board is called LPU (line processing unit). 1.1 NAT Overview As described in RFC1631, network address translation (NAT) is a procedure to translate the private IP address in packet header into a public IP address.
  • Page 960 Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 1 NAT Configuration 202 .120 .10.2 Packet 1: Packet 1: Server Source IP:192.168.1.3 Source IP:202.169.10.1 192 .168 .1.3 Destination IP:202.120.10.2 Destination IP:202.120.10.2 192.168.1.1 202 .169.10.1 Internet Switch Packet 2:...

  • Page 961: Nat Features

    Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 1 NAT Configuration 1.2 NAT Features 1.2.1 NAT and NAT Control According to the NAT procedure illustrated in Figure 1-1, when an internal host tries to access an external network, NAT selects a proper public address and substitutes it for the source address in the packets from the internal host.

  • Page 962: Napt

    Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 1 NAT Configuration 1.2.2 NAPT With normal NAT, after the private address of an internal host is mapped to a public address, the public address is unavailable to other internal hosts unless the mapping is removed.

  • Page 963: Easy Ip

    Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 1 NAT Configuration which internal hosts the response packets should be forwarded to depending on the destination addresses and port numbers carried in the packets. 1.2.3 Easy IP...

  • Page 964: Configuring A Nat Address Pool

    Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 1 NAT Configuration Task Remarks Configuring Non-Standard Internal FTP Server Required Configuring NAT Blacklist Required Configuring NAT Connection Aging Time Optional Configuring NAT Security Logging Optional 1.3.2 Configuring a NAT Address Pool A NAT address pool is a set of consecutive public IP addresses.
  • Page 965 Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 1 NAT Configuration You can use the nat outbound command to associate an ACL with an address pool or interface address. Different NAT modes need different configurations.

  • Page 966: Configuring Internal Server

    Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 1 NAT Configuration III. Configuring the Easy IP feature You can enable the Easy IP feature by using the nat outbound command without the address-group keyword. After that, when performing address translation, the system will use the IP address of the VLAN interface as the translated source address.
  • Page 967 Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 1 NAT Configuration To do… Use the command… Remarks Enter system view system-view — Enter VLAN interface view interface Vlan-interface vlan-id — nat server protocol pro-type TCP/UDP is...

  • Page 968: Configuring Non-Standard Internal Ftp Server

    Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 1 NAT Configuration Note: If the public IP address you configured for an internal server is the VLAN interface address on the NAT device, you cannot ping through the internal server (which acts as an ICMP server) from the NAT device with the public IP address.

  • Page 969: Configuring Nat Blacklist

    Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 1 NAT Configuration To do… Use the command… Remarks Enter system view system-view — Enter VLAN interface view interface Vlan-interface vlan-id — nat ftp server global global-addr...

  • Page 970: Configuring Nat Connection Aging Time

    Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 1 NAT Configuration Caution: Each command that is used to modify blacklist-related configuration and is not source IP address-specific must be coupled with the reset nat session command.
  • Page 971 Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 1 NAT Configuration To do… Use the command… Remarks Enter system view system-view — Optional ip userlog nat slot Enable NAT logging slot-number acl By default, this function is acl-number disabled.
  • Page 972 Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 1 NAT Configuration To do… Use the command… Remarks Enter system view system-view — Optional Set the source address of ip userlog nat export By default, the source IP...

  • Page 973: Displaying Nat Configuration

    As shown in Figure 1-3: An enterprise’s internal network organized by a H3C S3600 switch requires NAT service on a H3C S7506 switch to access the Internet; The private IP addresses of the two PCs in internal VLAN 2 are 192.168.1.2 and 192.168.1.3 respectively;...
  • Page 974 [H3C-vlan2] port ethernet1/0/1 to ethernet1/0/2 [H3C-vlan2] quit [H3C] interface vlan-interface 2 [H3C-vlan-interface2] ip address 192.168.1.1 255.255.255.0 # At the end connecting with the H3C S7506 switch, create VLAN 3 and VLAN-interface 3, and configure the interface IP address. [H3C] vlan 3 [H3C-vlan3] port ethernet1/0/24...
  • Page 975 [H3C-acl-basic-2000] rule 0 permit source any # Configure a NAT address pool with the identifier of 0. [H3C] nat address-group 0 200.18.2.3 200.18.2.5 # Associate the ACL with the address pool. [H3C] interface vlan-interface 10 [H3C-vlan-interface10] nat outbound 2000 address-group 0 slot 3 1-17...

  • Page 976: Chapter 2 Netstream Configuration

    Configuring Netstream Displaying Netstream Configuration Netstream Configuration Example Note: Currently, the LS81VSNP boards installed in S7500 series switches support the Netstream feature. In this manual, the LS81VSNP board is called LPU. 2.1 Netstream Overview 2.1.1 Introduction to Netstream Netstream is a traffic statistics feature. It classifies the traffic flow through the switch into...

  • Page 977: Implementation Of Netstream

    Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 2 Netstream Configuration The NDA analyzes the data it received, and the analysis result can be used for network charging and deployment. 2.1.2 Implementation of Netstream With Netstream enabled, a stream entry is first created and saved in the Netstream cache for the system to collect statistics about the stream.

  • Page 978: Enabling Netstream

    Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 2 Netstream Configuration Task Remarks Enabling Netstream Required Entering Netstream Aggregation View Required Enabling the Corresponding Aggregation Mode Optional Configuring the Address Information for Netstream Export Packets...

  • Page 979: Enabling The Corresponding Aggregation Mode

    Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 2 Netstream Configuration The switch supports the following five aggregation modes, each of which corresponds to an aggregation view: Table 2-1 Aggregation modes of Netstream Mode Classify stream entries by…...

  • Page 980: Configuring The Address Information For Netstream Export Packets

    Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 2 Netstream Configuration To do… Use the command… Remarks Enable the aggregation Optional mode corresponding to enable By default, no aggregation the current aggregation mode is enabled.

  • Page 981: Configuring The Dscp Value For Netstream Export Packets

    Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 2 Netstream Configuration Both version 5 and 9 packets support the AS options of the border gateway protocol (BGP). You can choose to use original AS numbers (origin-as) or peer AS numbers (peer-as) as the AS numbers for individual IP addresses.

  • Page 982: Configuring The Ways To Update The Template For Version 9 Netstream Packets

    Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 2 Netstream Configuration Follow these steps to configure the active/inactive aging time for Netstream entries: To do… Use the command… Remarks Enter system view system-view — Optional...

  • Page 983: Displaying Netstream Configuration

    VLAN 20 12.110.2.1/24 Network Figure 2-2 Network diagram for Netstream configuration on H3C S750 III. Configuration procedure # Enable Netstream on the LPU in slot 5 to collect statistics about the inbound packets on the interface board in slot 3.
  • Page 984 IP address 192.168.0.5 on the interface board in slot 2. [H3C] acl number 2003 [H3C-acl-basic-2003] rule permit source 192.168.0.5 0 [H3C] ip netstream inbound source 2 to 5 acl 2003 # Configure the source IP address of UDP packets. [H3C] vlan 20...
  • Page 985 Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 2 Netstream Configuration Exported stream number : 103 Exported UDP datagram number(failed number): 102(0) 2-10...

  • Page 986: Chapter 3 Policy Routing Configuration

    IP address, source/destination port number, and even protocol type, to determine the next hops of packets. On S7500 series switches, policy routing is achieved by redirecting packets. You can use the traffic-redirect commands to redirect the packets that match particular ACLs to specified VLAN interfaces or IP addresses.

  • Page 987: Displaying Policy Routing Configuration

    Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 3 Policy Routing Configuration To do… Use the command… Remarks Enter system view system-view — Enter VLAN view vlan vlan-id — Redirect traffic-redirect inbound ip-group packets { acl-number | acl-name } [ rule rule...

  • Page 988: Policy Routing Configuration Example

    <H3C S7500>system-view [H3C S7500] acl number 2000 # Define a rule to permit packets sourced from Host 1. [H3C S7500-acl-basic-2000] rule 0 permit source 1.0.0.1 0 [H3C S7500-acl-basic-2000] quit Set the next hop for packets sourced from Host 1. # Set the next hop of all packets sourced from Host 1 to 2.0.0.1.
  • Page 989 Operation Manual – NAT, Netstream, Policy Routing H3C S7500 Series Ethernet Switches Chapter 3 Policy Routing Configuration [H3C S7500] vlan 2 [H3C S7500-vlan2] traffic-redirect inbound ip-group 2000 rule 0 next-hop 2.0.0.1 slot 5 [H3C S7500-vlan2] quit # Display information about policy routing configured on VLAN2.
  • Page 990 Operation Manual – Telnet Protection H3C S7500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Telnet Protection Configuration................. 1-1 1.1 Introduction ........................1-1 1.2 Telnet Protection Configuration ..................1-2 1.2.1 Configuring Telnet Protection.................. 1-2 1.2.2 Configuring SNMP Protection ................. 1-2 1.2.3 Configuring ICMP Protection...................

  • Page 991: Chapter 1 Telnet Protection Configuration

    Operation Manual – Telnet Protection H3C S7500 Series Ethernet Switches Chapter 1 Telnet Protection Configuration Chapter 1 Telnet Protection Configuration When configuring Telnet protection, go to these sections for information you are interested in: Introduction Telnet Protection Configuration 1.1 Introduction...

  • Page 992: Telnet Protection Configuration

    Operation Manual – Telnet Protection H3C S7500 Series Ethernet Switches Chapter 1 Telnet Protection Configuration 1.2 Telnet Protection Configuration 1.2.1 Configuring Telnet Protection Follow these steps to configure Telnet protection: To do... Use the command... Remarks Enter system view system-view —...

  • Page 993: Configuring Default-Route Telnet Protection

    Operation Manual – Telnet Protection H3C S7500 Series Ethernet Switches Chapter 1 Telnet Protection Configuration To do... Use the command... Remarks Enter system view system-view — Required If you use this command with the Enable ICMP attack-protection ip-address parameter, you can...
  • Page 994 Operation Manual – Hardware-Dependent Software Configuration H3C S7500 Series Ethernet Switches Table of Contetnts Table of Contents Chapter 1 Hardware-Dependent Software Configuration............1-1 1.1 Configuring Boot ROM Upgrade with App File ..............1-1 1.1.1 Boot ROM Upgrade Configuration ................1-1 1.1.2 Boot ROM Upgrade Configuration Example ............

  • Page 995: Configuring Boot Rom Upgrade With App File

    Operation Manual – Hardware-Dependent Software Configuration Chapter 1 Hardware-Dependent H3C S7500 Series Ethernet Switches Software Configuration Chapter 1 Hardware-Dependent Software Configuration When configuring hardware-dependent software, go to these sections for information you are interested in: Configuring Boot ROM Upgrade with App File...

  • Page 996: Boot Rom Upgrade Configuration Example

    1.2 Configuring Inter-Card Link State Adjustment 1.2.1 Introduction The inter-card link state adjustment function is designed to improve the adaptability of the inter-card links in an S7500 series switch. It enables you to set the mode in which inter-card links are established as needed.

  • Page 997: Inter-Card Link State Adjustment Configuration

    Operation Manual – Hardware-Dependent Software Configuration Chapter 1 Hardware-Dependent H3C S7500 Series Ethernet Switches Software Configuration Note: An inter-card link refers to the internal links between the SRPU and all the service cards of an Ethernet switch. Inter-card links can be established in one of the following two modes: Auto-negotiation mode, where inter-card links are established through negotiation to improve the adaptability and stability.

  • Page 998: Monitoring Internal Channel Configuration

    In actual application, a switch may fail to process services normally due to internal channel block or because the switch chip is busy. The S7500 series switches support the function of resetting switch chips automatically. In case that the function of monitoring internal channels is enabled, when the internal channel handshake between a card and the backplane fails, the switch resets the switch chip automatically to resume the corresponding card.

  • Page 999: Switch Chip Auto-Reset Configuration

    Operation Manual – Hardware-Dependent Software Configuration Chapter 1 Hardware-Dependent H3C S7500 Series Ethernet Switches Software Configuration 1.4.2 Switch Chip Auto-reset Configuration Follow these steps to configure switch chip auto-reset: To do... Use the command... Remarks Enter system view system-view —...

Table of Contents