Sign In
Upload
Manuals
Brands
H3C Manuals
Network Router
SR8800-F
H3C SR8800-F Manuals
Manuals and User Guides for H3C SR8800-F. We have
4
H3C SR8800-F manuals available for free PDF download: Configuration Manual, Installation Manual, Faq, Quick Start Manual
H3C SR8800-F Configuration Manual (502 pages)
Comware 7 User Access
Brand:
H3C
| Category:
Network Router
| Size: 3 MB
Table of Contents
Table of Contents
6
Configuring AAA
17
About AAA
17
AAA Implementation
17
AAA Network Diagram
17
Radius
18
Hwtacacs
21
Ldap
24
User Management Based on ISP Domains and User Access Types
27
Authentication, Authorization, and Accounting Methods
27
AAA for MPLS L3Vpns
29
Protocols and Standards
29
AAA Tasks at a Glance
30
Configuring Local Users
31
About Local Users
31
Local User Configuration Tasks at a Glance
32
Configuring Attributes for Device Management Users
32
Configuring Attributes for Network Access Users
33
Configuring Local Guest Attributes
34
Configuring User Group Attributes
35
Managing Local Guests
37
Display and Maintenance Commands for Local Users and Local User Groups
38
Configuring RADIUS
39
RADIUS Tasks at a Glance
39
Configuring a Test Profile for RADIUS Server Status Detection
39
Creating a RADIUS Scheme
40
Specifying the RADIUS Authentication Servers
40
Specifying the RADIUS Accounting Servers
41
Specifying the Shared Keys for Secure RADIUS Communication
42
Specifying an MPLS L3VPN Instance for the Scheme
42
Setting the Username Format and Traffic Statistics Units
43
Setting the Maximum Number of RADIUS Request Transmission Attempts
43
Setting the Maximum Number of Real-Time Accounting Attempts
44
Configuring RADIUS Stop-Accounting Packet Buffering
44
Setting the Maximum Number of Pending RADIUS Requests
45
Setting the Status of RADIUS Servers
45
Enabling the RADIUS Server Load Sharing Feature
47
Specifying the Source IP Address for Outgoing RADIUS Packets
48
Setting RADIUS Timers
49
Configuring the RADIUS Accounting-On Feature
50
Interpreting the RADIUS Class Attribute as CAR Parameters
50
Configuring the Login-Service Attribute Check Method for SSH, FTP, and Terminal Users
51
Configuring the MAC Address Format for RADIUS Attribute 31
51
Configuring the Format for RADIUS Attribute 87
52
Setting the Data Measurement Unit for the Remanent_Volume Attribute
52
Specifying a Server Version for Interoperating with Servers with a Vendor ID of 2011
53
Configuring the RADIUS Attribute Translation Feature
53
Configuring the RADIUS Session-Control Feature
55
Configuring the RADIUS das Feature
55
Changing the DSCP Priority for RADIUS Packets
56
Configuring the Device to Preferentially Process RADIUS Authentication Requests
56
Enabling SNMP Notifications for RADIUS
57
Display and Maintenance Commands for RADIUS
57
Configuring HWTACACS
58
HWTACACS Tasks at a Glance
58
Creating an HWTACACS Scheme
58
Specifying the HWTACACS Authentication Servers
58
Specifying the HWTACACS Authorization Servers
59
Specifying the HWTACACS Accounting Servers
60
Specifying the Shared Keys for Secure HWTACACS Communication
60
Specifying an MPLS L3VPN Instance for the Scheme
61
Setting the Username Format and Traffic Statistics Units
61
Configuring HWTACACS Stop-Accounting Packet Buffering
62
Specifying the Source IP Address for Outgoing HWTACACS Packets
62
Setting HWTACACS Timers
63
Display and Maintenance Commands for HWTACACS
64
Configuring LDAP
65
LDAP Tasks at a Glance
65
Creating an LDAP Server
65
Configuring the IP Address of the LDAP Server
65
Specifying the LDAP Version
66
Setting the LDAP Server Timeout Period
66
Configuring Administrator Attributes
66
Configuring LDAP User Attributes
67
Configuring an LDAP Attribute Map
68
Creating an LDAP Scheme
68
Specifying the LDAP Authentication Server
69
Specifying the LDAP Authorization Server
69
Specifying an LDAP Attribute Map for LDAP Authorization
69
Display and Maintenance Commands for LDAP
69
Configuring AAA Methods for ISP Domains
70
Creating an ISP Domain
70
Configuring ISP Domain Attributes
71
Configuring Authentication Methods for an ISP Domain
74
Configuring Authorization Methods for an ISP Domain
76
Configuring Accounting Methods for an ISP Domain
78
Display and Maintenance Commands for ISP Domains
80
Setting the Maximum Number of Concurrent Login Users
81
Configuring the Local Bill Cache Feature
81
About Local Bill Cache
81
Procedure
81
Display and Maintenance Commands for Local Bill Cache
82
Configuring a NAS-ID
82
About NAS-Ids
82
Configuring a NAS-ID Profile
82
Setting the NAS-ID on an Interface
83
Setting the NAS-ID in an ISP Domain
83
Configuring the Device ID
84
AAA Configuration Examples
84
Example: Configuring Authentication and Authorization for SSH Users by a RADIUS Server
84
Example: Configuring Local Authentication and Authorization for SSH Users
87
Example: Configuring AAA for SSH Users by an HWTACACS Server
88
Example: Configuring Authentication for SSH Users by an LDAP Server
89
Example: Configuring AAA for PPP Users by an HWTACACS Server
94
Troubleshooting RADIUS
95
RADIUS Authentication Failure
95
RADIUS Packet Delivery Failure
96
RADIUS Accounting Error
96
Troubleshooting HWTACACS
97
Troubleshooting LDAP
97
LDAP Authentication Failure
97
Appendixes
98
Appendix A Commonly Used RADIUS Attributes
98
Appendix B Descriptions for Commonly Used Standard RADIUS Attributes
99
Appendix C RADIUS Subattributes (Vendor ID 25506)
101
DHCP Overview
104
DHCP Network Model
104
DHCP Address Allocation
104
Allocation Mechanisms
104
IP Address Allocation Process
105
IP Address Lease Extension
105
DHCP Message Format
106
DHCP Options
107
Common DHCP Options
107
Custom DHCP Options
107
Vendor-Specific Option (Option 43)
108
Relay Agent Option (Option 82)
109
Option 184
109
Protocols and Standards
110
Configuring the DHCP Server
111
About DHCP Server
111
DHCP Address Assignment Mechanisms
111
Principles for Selecting an Address Pool
112
IP Address Allocation Sequence
113
DHCP Server Tasks at a Glance
113
Creating a DHCP User Class
114
Configuring an Address Pool on the DHCP Server
114
DHCP Address Pool Tasks at a Glance
114
Creating a DHCP Address Pool
115
Specifying IP Address Ranges for a DHCP Address Pool
115
Specifying Gateways for DHCP Clients
118
Specifying a Domain Name Suffix for DHCP Clients
118
Specifying DNS Servers for DHCP Clients
119
Specifying WINS Servers and Netbios Node Type for DHCP Clients
119
Specifying BIMS Server for DHCP Clients
119
Specifying the Configuration File for DHCP Client Auto-Configuration
120
Specifying a Server for DHCP Clients
121
Configuring Option 184 Parameters for DHCP Clients
121
Customizing DHCP Options
121
Configuring the DHCP User Class Whitelist
123
Enabling DHCP
123
Enabling the DHCP Server on an Interface
124
Applying a DHCP Address Pool to a VPN Instance
124
Applying an Address Pool on an Interface
124
Configuring a DHCP Policy for Dynamic Address Assignment
125
Allocating Different IP Addresses to DHCP Clients with the same MAC
126
Enabling Random IP Address Allocation
126
Configuring IP Address Conflict Detection
126
Enabling Handling of Option 82
127
Disabling Option 60 Encapsulation in DHCP Replies
127
Configuring the DHCP Server Security Features
128
Restrictions and Guidelines
128
Configuring DHCP Flood Attack Protection
128
Configuring DHCP Starvation Attack Protection
129
Configuring DHCP Server Compatibility
129
Configuring the DHCP Server to Always Broadcast Responses
129
Configure the DHCP Server to Ignore BOOTP Requests
130
Configuring the DHCP Server to Send BOOTP Responses in RFC 1048 Format
131
Enabling the DHCP Server to Return a DHCP-NAK Message Upon Client Notions of Incorrect IP Addresses
130
Setting the DSCP Value for DHCP Packets Sent by the DHCP Server
131
Configuring DHCP Packet Rate Limit on a DHCP Server Interface
131
Configuring DHCP Binding Auto Backup
132
Binding Gateways to DHCP Server's MAC Address
132
Advertising Subnets Assigned to Clients
133
Enabling Client Offline Detection on the DHCP Server
134
Configuring SNMP Notifications for the DHCP Server
134
Enabling DHCP Logging on the DHCP Server
135
Display and Maintenance Commands for DHCP Server
135
DHCP Server Configuration Examples
136
Example: Configuring Static IP Address Assignment
136
Example: Configuring Dynamic IP Address Assignment
137
Example: Configuring DHCP User Class
139
Example: Configuring DHCP User Class Whitelist
141
Example: Configuring Primary and Secondary Subnets
142
Example: Customizing DHCP Option
143
Example: Configuring DHCP Server (WLAN Application)
145
Network Configuration
145
Procedure
146
Verifying the Configuration
146
Troubleshooting DHCP Server Configuration
146
Failure to Obtain a Non-Conflicting IP Address
146
Configuring the DHCP Relay Agent
148
About DHCP Relay Agent
148
DHCP Relay Agent Operation
148
DHCP Relay Agent Support for Option 82
149
DHCP Relay Agent Support for MCE
149
DHCP Relay Agent Tasks at a Glance
150
Enabling DHCP
150
Enabling the DHCP Relay Agent on an Interface
150
Specifying DHCP Servers
151
Specifying DHCP Servers on a Relay Agent
151
Configuring a DHCP Address Pool on a DHCP Relay Agent
151
Specifying the DHCP Server Selecting Algorithm
152
Configuring the DHCP Relay Agent Security Features
154
Rustications and Guidelines
154
Enabling the DHCP Relay Agent to Record Relay Entries
154
Enabling Periodic Refresh of Dynamic Relay Entries
154
Configuring DHCP Flood Attack Protection
155
Enabling DHCP Starvation Attack Protection
155
Enabling DHCP Server Proxy on the DHCP Relay Agent
156
Enabling Client Offline Detection on the DHCP Relay Agent
157
Configuring the DHCP Relay Agent to Release an IP Address
157
Configuring Option 82
157
Setting the DSCP Value for DHCP Packets Sent by the DHCP Relay Agent
158
Configuring DHCP Packet Rate Limit on a DHCP Relay Interface
159
Specifying the DHCP Relay Agent Address for the Giaddr Field
159
Manually Specifying the DHCP Relay Agent Address for the Giaddr Field
159
Configuring Smart Relay to Specify the DHCP Relay Agent Address for the Giaddr Field
159
Specifying the Source IP Address for DHCP Requests
161
Configuring the DHCP Relay Agent to Always Unicast Relayed DHCP Responses
162
Configuring Forwarding DHCP Replies Based on Option 82
162
Display and Maintenance Commands for DHCP Relay Agent
163
DHCP Relay Agent Configuration Examples
164
Example: Configuring Basic DHCP Relay Agent
164
Example: Configuring Option 82
165
Example: Configuring DHCP Server Selection
165
Troubleshooting DHCP Relay Agent Configuration
167
Failure of DHCP Clients to Obtain Configuration Parameters through the DHCP Relay Agent
167
Configuring the DHCP Client
168
About DHCP Client
168
Restrictions and Guidelines: DHCP Client Configuration
168
Enabling the DHCP Client on an Interface
168
Configuring a DHCP Client ID for an Interface
168
Enabling Duplicated Address Detection
169
Setting the DSCP Value for DHCP Packets Sent by the DHCP Client
169
Display and Maintenance Commands for DHCP Client
170
DHCP Client Configuration Examples
170
Example: Configuring DHCP Client
170
Configuring DHCP Snooping
173
About DHCP Snooping
173
Application of Trusted and Untrusted Ports
173
DHCP Snooping Support for Option 82
174
Restrictions and Guidelines: DHCP Snooping Configuration
175
DHCP Snooping Tasks at a Glance
175
Configuring Basic DHCP Snooping
175
Configuring Option 82
176
Configuring DHCP Snooping Entry Auto Backup
177
Enabling DHCP Starvation Attack Protection
178
Enabling DHCP-REQUEST Attack Protection
178
Setting the Maximum Number of DHCP Snooping Entries
179
Configuring a DHCP Packet Blocking Port
179
Enabling DHCP Snooping Logging
180
Display and Maintenance Commands for DHCP Snooping
180
DHCP Snooping Configuration Examples
181
Example: Configuring Basic DHCP Snooping
181
Example: Configuring DHCP Snooping Support for Option 82
182
Configuring the BOOTP Client
184
About BOOTP Client
184
BOOTP Application
184
Obtaining an IP Address Dynamically
184
Protocols and Standards
184
Configuring an Interface to Use BOOTP for IP Address Acquisition
184
Display and Maintenance Commands for BOOTP Client
185
BOOTP Client Configuration Examples
185
Example: Configuring BOOTP Client
185
Dhcpv6 Overview
186
Dhcpv6 Address/Prefix Assignment
186
Rapid Assignment Involving Two Messages
186
Assignment Involving Four Messages
186
Address/Prefix Lease Renewal
187
Stateless Dhcpv6
188
Dhcpv6 Options
188
Option 18
188
Option 37
189
Protocols and Standards
190
Configuring the Dhcpv6 Server
191
About Dhcpv6 Server
191
Ipv6 Address Assignment
191
Ipv6 Prefix Assignment
191
Concepts
192
Dhcpv6 Address Pool
192
Ipv6 Address/Prefix Allocation Sequence
193
Dhcpv6 Server Tasks at a Glance
194
Configuring Ipv6 Prefix Assignment
194
Configuring Ipv6 Address Assignment
196
Configuring Network Parameters Assignment
197
Configuring Network Parameters in a Dhcpv6 Address Pool
198
Configuring Network Parameters in a Dhcpv6 Option Group
198
Configuring a Dhcpv6 Policy for Ipv6 Address and Prefix Assignment
199
Configuring the Dhcpv6 Server on an Interface
200
Allocating Different Ipv6 Addresses to Dhcpv6 Clients with the same MAC
201
Setting the DSCP Value for Dhcpv6 Packets Sent by the Dhcpv6 Server
201
Configuring Dhcpv6 Binding Auto Backup
202
Advertising Subnets Assigned to Clients
202
Applying a Dhcpv6 Address Pool to a VPN Instance
203
Configuring the Dhcpv6 Server Security Features
204
Configuring Dhcpv6 Flood Attack Protection
204
Enabling the Dhcpv6 Server to Advertise Ipv6 Prefixes
205
Enabling Dhcpv6 Logging on the Dhcpv6 Server
205
Display and Maintenance Commands for Dhcpv6 Server
205
Dhcpv6 Server Configuration Examples
206
Example: Configuring Dynamic Ipv6 Prefix Assignment
206
Example: Configuring Dynamic Ipv6 Address Assignment
209
Configuring the Dhcpv6 Relay Agent
211
About Dhcpv6 Relay Agent
211
Typical Application
211
Dhcpv6 Relay Agent Operating Process
211
Dhcpv6 Relay Agent Tasks at a Glance
212
Enabling the Dhcpv6 Relay Agent on an Interface
212
Specifying Dhcpv6 Servers on the Relay Agent
212
Specifying the Dhcpv6 Server IP Addresses
212
Specifying Dhcpv6 Servers for a Dhcpv6 Address Pool on the Dhcpv6 Relay Agent
213
Specifying a Gateway Address for Dhcpv6 Clients
214
Setting the DSCP Value for Dhcpv6 Packets Sent by the Dhcpv6 Relay Agent
214
Specifying a Padding Mode for the Interface-ID Option
215
Configuring Dhcpv6 Relay Security Features
215
Enabling the Dhcpv6 Relay Agent to Record Relay Entries
215
Enabling Ipv6 Release Notification
215
Enabling Client Offline Detection
216
Configuring Dhcpv6 Flood Attack Protection
216
Enabling the Dhcpv6 Relay Agent to Advertise Ipv6 Prefixes
217
Display and Maintenance Commands for Dhcpv6 Relay Agent
217
Dhcpv6 Relay Agent Configuration Examples
218
Example: Configuring Dhcpv6 Relay Agent
218
Configuring Dhcpv6 Snooping
220
About Dhcpv6 Snooping
220
Application of Trusted and Untrusted Ports
220
Restrictions and Guidelines: Dhcpv6 Snooping Configuration
221
Dhcpv6 Snooping Tasks at a Glance
221
Configuring Basic Dhcpv6 Snooping
221
Configuring Support for Option 18
222
Configuring Support for Option 37
222
Configuring Dhcpv6 Snooping Entry Auto Backup
222
Setting the Maximum Number of Dhcpv6 Snooping Entries
223
Enabling Dhcpv6-REQUEST Check
223
Configuring a Dhcpv6 Packet Blocking Port
224
Enabling Dhcpv6 Snooping Logging
224
Display and Maintenance Commands for Dhcpv6 Snooping
225
Example: Configuring Dhcpv6 Snooping
225
Network Configuration
225
Procedure
226
Verifying the Configuration
226
Configuring MAC Authentication
227
About MAC Authentication
227
User Account Policies
227
Authentication Methods
228
VLAN Assignment
228
ACL Assignment
230
User Profile Assignment
230
Periodic MAC Reauthentication
231
Restrictions and Guidelines: MAC Authentication Configuration
231
MAC Authentication Tasks at a Glance
231
Prerequisites for MAC Authentication
232
Enabling MAC Authentication
232
Specifying a MAC Authentication Domain
232
Configuring the User Account Format
233
Configuring MAC Authentication Timers
233
About MAC Authentication Timers
233
Procedure
233
Enabling MAC Authentication Offline Detection
234
Setting the Maximum Number of Concurrent MAC Authentication Users on a Port
234
Enabling MAC Authentication Multi-VLAN Mode on a Port
234
Configuring MAC Authentication Delay
235
Configuring a MAC Authentication Guest VLAN
235
Restrictions and Guidelines
235
Prerequisites
236
Procedure
236
Configuring a MAC Authentication Critical VLAN
236
Restrictions and Guidelines
236
Prerequisites
237
Procedure
237
Configuring the Keep-Online Feature
237
Including User IP Addresses in MAC Authentication Requests
238
About the Feature of Including User IP Addresses in MAC Authentication Requests
238
Restrictions and Guidelines
238
Procedure
238
Display and Maintenance Commands for MAC Authentication
238
MAC Authentication Configuration Examples
239
Example: Configuring Local MAC Authentication
239
Example: Configuring RADIUS-Based MAC Authentication
241
Example: Configuring ACL Assignment for MAC Authentication
243
Configuring PPP
246
About PPP
246
PPP Protocols
246
PPP Link Establishment Process
246
PPP Authentication
247
PPP for Ipv4
247
PPP for Ipv6
248
Protocols and Standards
249
PPP Tasks at a Glance
249
Configuring a VT Interface
249
Configuring PPP Authentication
250
Configuring PAP Authentication
250
Configuring CHAP Authentication (Authenticator Name Is Configured)
251
Configuring CHAP Authentication (Authenticator Name Is Not Configured)
252
Configuring MS-CHAP or MS-CHAP-V2 Authentication
253
Configuring the Polling Feature
254
Enabling Fast Reply for Keepalive Packets
255
Configuring PPP Negotiation
255
Configuring the PPP Negotiation Timeout Time
255
Configuring IP Address Negotiation on the Client
256
Configuring IP Address Negotiation on the Server
256
Enabling IP Segment Match
259
Configuring DNS Server IP Address Negotiation on the Client
260
Configuring DNS Server IP Address Negotiation on the Server
260
Enabling PPP Accounting
260
Enabling Logging for PPP Users
261
Configuring Service Tracing Objects
261
Enabling PPP User Blocking
262
About PPP User Blocking
262
Procedure
262
Configuring the NAS-Port-Type Attribute
262
Suppressing Adding PPP Peer Host Routes to the Local Direct Route Table
263
Configuring the Traffic Accounting Frequency Mode for Online PPP Users
263
Display and Maintenance Commands for PPP
263
Configuring L2TP
266
About L2TP
266
Typical L2TP Networking
266
L2TP Message Types and Encapsulation Structure
266
L2TP Tunnel and Session
267
L2TP Tunneling Modes and Tunnel Establishment Process
267
L2TP Features
270
L2TP-Based EAD
272
Protocols and Standards
272
Restrictions: Hardware Compatibility with L2TP
272
Restrictions and Guidelines: L2TP Configuration
272
L2TP Tasks at a Glance
273
Configuring Basic L2TP Capabilities
274
Configuring an LAC
274
Configuring an LAC to Initiate Tunneling Requests for a User
274
Specifying LNS IP Addresses
275
Configuring the Source IP Address of L2TP Tunnel Packets
275
Configuring each L2TP User to Use an L2TP Tunnel Exclusively
275
Enabling Transferring AVP Data in Hidden Mode
276
Configuring AAA Authentication on an LAC
276
Configuring an LAC to Automatically Establish an L2TP Tunnel
276
Configuring an LNS
277
Creating a VT Interface
278
Configuring an LNS to Accept L2TP Tunneling Requests from an LAC
278
Configuring User Authentication on an LNS
278
Configuring AAA Authentication on an LNS
280
Setting the Maximum Number of ICRQ Packets that the LNS Can Process Per Second
280
Configuring Optional L2TP Parameters
280
Configuring L2TP Tunnel Authentication
280
Setting the Hello Interval
281
Setting the DSCP Value of L2TP Packets
281
Setting the TSA ID of the LTS
281
Enabling L2TP-Based EAD
282
Configuring IMSI/SN Binding Authentication on the LNS
282
Display and Maintenance Commands for L2TP
283
L2TP Configuration Examples
283
Example: Configuring a NAS-Initiated L2TP Tunnel
283
Example: Configuring a Client-Initiated L2TP Tunnel
286
Example: Configuring an LAC-Auto-Initiated L2TP Tunnel
287
Troubleshooting L2TP
289
Failure to Access the Private Network
289
Data Transmission Failure
290
L2TP User Offline
290
Configuring Pppoe
291
About Pppoe
291
Pppoe Network Structure
291
Router-Initiated Network Structure
291
Host-Initiated Network Structure
292
Protocols and Standards
292
Restrictions: Hardware Compatibility with Ipoe
292
Restrictions and Guidelines: Pppoe Configuration
292
Configuring the Pppoe Server
293
Pppoe Server Tasks at a Glance
293
Configuring a Pppoe Session
293
Setting the Maximum Number of Pppoe Sessions
294
Limiting the Pppoe Access Rate
294
Configuring the NAS-Port-ID Attribute
295
Enabling Pppoe Users to Come Online Despite the Pppoe-NAT444 Collaboration Failure
296
Setting the Maximum Number of PADI Packets that the Device Can Receive Per Second
297
Configuring Pppoe User Blocking
297
Enabling Pppoe Logging
298
Display and Maintenance Commands for Pppoe
298
Pppoe Configuration Examples
299
Example: Configuring the Pppoe Server
299
Example: Assigning the Pppoe Server IP Address through the Local DHCP Server
300
Example: Assigning the Pppoe Server IP Address through a Remote DHCP Server
301
Example: Assigning the Pppoe Server Ipv6 Address through ND and Ipv6Cp Negotiation
303
Example: Assigning the Pppoe Server Ipv6 Address through Dhcpv6
305
Example: Assigning the Pppoe Server Ipv6 Address through Prefix Delegation by Dhcpv6
306
Example: Configuring Pppoe Server RADIUS-Based IP Address Assignment
307
Configuring Portal Authentication
310
About Portal
310
Advantages of Portal Authentication
310
Extended Portal Functions
310
Portal System
310
Portal Authentication Using a Remote Portal Server
311
Local Portal Service
312
Portal Authentication Modes
312
Portal Authentication Process
313
Portal Filtering Rules
315
MAC-Based Quick Portal Authentication
315
Restrictions: Hardware Compatibility with Portal
316
Restrictions and Guidelines: Portal Configuration
316
Portal Tasks at a Glance
316
Prerequisites for Portal
318
Configuring a Portal Authentication Server
318
Configuring a Portal Web Server
319
Configure Basic Parameters for a Portal Web Server
319
Configuring a Match Rule for URL Redirection
320
Configuring a Local Portal Web Service
320
Restrictions and Guidelines for Configuring a Local Portal Web Service
320
Customizing Authentication Pages
320
Configuring Parameters for a Local Portal Web Service
322
Specifying a Portal Authentication Domain
323
About Portal Authentication Domains
323
Restrictions and Guidelines for Specifying a Portal Authentication Domain
323
Specifying a Portal Authentication Domain on an Interface
324
Configuring a Portal Preauthentication Policy
324
About Portal Preauthentication Policies
324
Restrictions and Guidelines
324
Procedure
324
Specifying a Preauthentication IP Address Pool
325
About Preauthentication IP Address Pools
325
Restrictions and Guidelines
325
Procedure
326
Enabling Portal Authentication on an Interface
326
Restrictions and Guidelines
326
Procedure
327
Specifying a Portal Web Server on an Interface
327
Controlling Portal User Access
328
Configuring a Portal-Free Rule
328
Configuring an Authentication Source Subnet
329
Setting the Maximum Number of Portal Users
330
Enabling Strict-Checking on Portal Authorization Information
331
Allowing Only Users with DHCP-Assigned IP Addresses to Pass Portal Authentication
332
Configuring Support of Web Proxy for Portal Authentication
332
Blocking Portal Users that Fail Portal Authentication
333
Enabling Portal Roaming
333
Configuring the Portal Fail-Permit Feature
334
Configuring Portal Detection Features
335
Configuring Online Detection of Portal Users
335
Configuring Portal Authentication Server Detection
336
Configuring Portal Web Server Detection
337
Configuring Portal User Synchronization
337
Configuring Portal Packet Attributes
338
Configuring the BAS-IP or BAS-Ipv6 Attribute
338
Specifying the Device ID
339
Configuring Attributes for RADIUS Packets
340
Specifying a Format for the NAS-Port-ID Attribute
340
Applying a NAS-ID Profile to an Interface
340
Configuring MAC-Based Quick Portal Authentication
341
Restrictions and Guidelines for Configuring MAC-Based Quick Portal Authentication
341
Configuring a MAC Binding Server
341
Specifying a MAC Binding Server on an Interface
342
Configuring Portal HTTP Attack Defense
342
Setting the User Traffic Backup Threshold
343
Logging out Online Portal Users
343
Enabling Portal User Login/Logout Logging
344
Configuring Web Redirect
344
About Web Redirect
344
Restrictions and Guidelines
344
Procedure
344
Display and Maintenance Commands for Portal
345
Portal Configuration Examples
346
Example: Configuring Direct Portal Authentication
346
Example: Configuring Re-DHCP Portal Authentication
354
Example: Configuring Cross-Subnet Portal Authentication
358
Example: Configuring Extended Direct Portal Authentication
361
Example: Configuring Extended Re-DHCP Portal Authentication
365
Example: Configuring Extended Cross-Subnet Portal Authentication
369
Example: Configuring Portal Server Detection and Portal User Synchronization
372
Example: Configuring Cross-Subnet Portal Authentication for MPLS L3Vpns
380
Example: Configuring Direct Portal Authentication with a Preauthentication Policy
382
Example: Configuring Re-DHCP Portal Authentication with a Preauthentication Policy
384
Example: Configuring Direct Portal Authentication Using a Local Portal Web Service
386
Example: Configuring MAC-Based Quick Portal Authentication
389
Troubleshooting Portal
397
No Portal Authentication Page Is Pushed for Users
397
Cannot Log out Portal Users on the Access Device
398
Cannot Log out Portal Users on the RADIUS Server
398
Users Logged out by the Access Device Still Exist on the Portal Authentication Server
398
Re-DHCP Portal Authenticated Users Cannot Log in Successfully
399
Advertisement
H3C SR8800-F Installation Manual (148 pages)
Brand:
H3C
| Category:
Network Router
| Size: 20 MB
Table of Contents
Documentation Feedback
6
Table of Contents
6
Preparing for Installation
7
Safety Recommendations
7
General Safety Recommendations
7
Electricity Safety
7
Moving Safety
7
ESD Prevention
7
Humidity
8
Temperature
8
Weight Support
8
Examining the Installation Site
8
Laser Safety
8
Operating Altitude
9
Cleanliness
9
Emi
9
Grounding
10
Power
10
Cooling
10
Space
11
Tools and Equipment
12
Installing the Router
14
Confirming Installation Preparations
15
Installation Flow
15
Installing the Router
15
Attaching Slide Rails and Cage Nuts to the Rack
16
Installing Slide Rails
16
Installing Cage Nuts
17
Installing Cable Management Bracket and Mounting Brackets
18
Installing Mounting Brackets
18
Installing the Cable Management Bracket
18
(Optional) Installing an Air Filter
19
Mounting the Router in the Rack
20
Connecting the Grounding Cable to a Grounding Strip
21
Grounding the Router
21
Grounding the Router through the PE Wire of an AC Power Supply
22
Grounding the Router through the RTN Wire of a DC Power Supply
23
Installing Frus
24
Attaching an ESD Wrist Strap
25
Installing Frus
25
Installing Mpus/Service Modules
25
Installing a Subcard
27
Installing a Power Supply Adapter
28
Installing the Power Supply System
28
Installing a Power Supply in the Chassis
29
Connecting the Power Cord
30
(Optional) Installing a CF Card for an MPU
39
(Optional) Installing a Transceiver Module
40
Installing a CFP Transceiver Module
41
Installing an XFP/QSFP+/SFP+/SFP/QSFP28 Transceiver Module
41
Connecting an E1 Cable
42
Connecting Your Router to the Network
43
Accessing the Router for the First Time
44
Connecting Your Router to the Network
44
Setting up the Configuration Environment
44
Powering on the Router
45
Setting Terminal Parameters
45
Configuring the Router
46
Configuring Authentication on a User Interface
47
Connecting the Router to the Network
47
Connecting Your Router to the Network through Twisted Pair Cables
47
Verifying the Network Configuration
47
Connecting Your Router to the Network through Optical Fibers
48
Testing Connectivity
48
Debugging Commands in H3C Sr8800-F Routers Network Management and Monitoring Command Reference.
50
Troubleshooting
51
Troubleshooting Methods
51
Troubleshooting on Startup
51
Troubleshooting the System
51
Troubleshooting the Power Supply System
52
Troubleshooting the Router During the Operation
52
Troubleshooting the Fans
53
Troubleshooting the Mpus
53
Troubleshooting the Service Modules
53
Troubleshooting CF Cards
54
Troubleshooting Interfaces
54
Technical Support
55
Replacement Procedures
56
Replacement Procedures
57
Replacing a Power Supply Adapter
57
Replacing the Power Supply System
57
Replacing a Power Supply
58
Replacing a Card
60
Replacing a Subcard
61
Removing a Fan Tray
62
Replacing a Fan Tray
62
Installing a Fan Tray
63
Replacing an Air Filter
63
Replacing a CF Card
64
Replacing a Transceiver Module
65
Replacing a CFP Transceiver Module
66
Replacing an XFP/QSFP+/SFP+/SFP/QSFP28 Transceiver Module
66
Replacing an E1 Cable
67
Appendix A Chassis Views and Technical Specifications
68
Appendix A Chassis Views and Technical Specifications
69
Chassis Views
69
Sr8803-F
69
Sr8805-F
70
Sr8808-F
71
Sr8812-F
72
Technical Specifications
72
Weights and Dimensions
72
Module Power Consumption and Total Power Consumption
75
Environmental Specifications
78
Heat Dissipation
78
Noise
79
Appendix B Frus and Compatibility Matrixes
80
Appendix B Frus and Compatibility Matrixes
81
Mpus
81
Overview
81
CSPC and SPC Cards
82
Ordering Guide
82
Service Modules
82
CSPEX Cards
84
CMPE Cards
86
Subcards
87
OAA Modules
90
Overview
90
Power Supplies
90
Service Module Ordering Guide
90
Ordering Guide
91
Fan Tray Ordering Guide
92
Fan Tray Overview
92
Fan Trays
92
Air Filter Ordering Guide
93
Air Filter Overview
93
Air Filters
93
CF Card Ordering Guide
93
CF Card Overview
93
CF Cards
93
DC Power Cords
93
AC Power Cords
94
Appendix C Leds
102
Appendix C Leds
103
MPU Leds
103
CF Card Status LED
104
10-GE MCC Port Leds
105
Management Ethernet Port Leds
105
Power Status Leds
105
Card Status Leds
106
Fan Tray Status Leds
106
MPU Active/Standby Status LED
107
CSPC/SPC Leds
108
Service Module Leds
108
CSPEX/CMPE Card LED
109
Subcard Leds
109
OAA Module Leds
112
Power Supply Leds
112
PSR320-A/PSR650-A/PSR650-D/PSR1200-A/PSR1200-D Power Supply LED
112
PSR1400-A/PSR2500-12AHD/PSR2500-12D Power Supply Leds
113
PSR1400-D Power Supply Leds
114
Appendix D Slot Arrangement and Port Numbering
115
Appendix D Slot Arrangement and Port Numbering
116
Slot Arrangement
116
Conventions
118
Port Numbering
118
Power Supply Slot Arrangement
118
Subcard Slot Arrangement and Port Numbering
118
Example
119
Appendix E Cables
120
Appendix E Cables
121
Cable Pinouts
121
Ethernet Twisted Pair Cable
121
RJ-45 Connector
121
Cable Type
122
Pin Assignments
123
E1 Cable
125
Making an Ethernet Twisted Pair Cable
125
Optical Fiber
128
Fiber Connector
129
Optical Fiber Cable
129
Patch Cord
129
Pigtail Cord
129
Precautions
130
H3C SR8800-F Faq (37 pages)
Brand:
H3C
| Category:
Network Router
| Size: 0 MB
Table of Contents
Table of Contents
3
Can I Add an MPU to an IRF Fabric if It Runs a Different Software Version than the Global Active MPU
14
Can I Remove both the Mpus in a Subordinate Chassis
14
Can I Run LACP MAD on any Ethernet Link Aggregations
14
Can I Use an IRF Fabric as the Intermediate Device to Detect Multi-Active Collisions for Another IRF Fabric
15
Why Are Network Interfaces that Were Shut down by MAD Still down after an IRF Merge
15
Why Doesn't the Running Configuration on a Reunified IRF Fabric Include the Configuration that I Made on
15
One Chassis after an IRF Split
15
Will the Active IRF Fabric Retain Configuration for Chassis in the Recovery IRF Fabric after an IRF Split
15
Network Security and Attack Prevention
15
What Attack Prevention Features Does the Router Support
16
What Roles Can the Router Play When Using Different SSH Versions
18
Why Cannot a User Log in to an ACS Authentication Server through a Console Port When the Router Uses
18
RADIUS Authentication
18
Why Can the Level for the RADIUS Server (the Router) Only be 1 When It Connects to an ACS Server
18
Does the Router Support Local Authentication When HWTACACS Authentication Fails
18
Can the Router be Connected to a TACACS Server that Runs Third-Party TACACS Server Software
19
Does the Reply from a RADIUS Server Include the Login-Service Option after the Authentication Succeeds
19
How Do I Set the User Role
19
How Are the Levels of HWTACACS and Cisco's ACS Matched
19
Which One of the User Role Configured in VTY User Interface and the User Role Configured on a RADIUS Server or a HWTACACS Server Is Assigned to a Telnet User
19
What Are the Definitions of the Error Packet Fields for Input and Output Packets in the Output from the Display Interface Command
20
How Do I Prevent Gateway Spoofing When the Router Acts as a Gateway
20
Network Access
20
What Is the Maximum Number of Bits of a Port Count
20
Does the Router Support Jumbo Frames
21
How Do Different Services Handle Packets Larger than MTU
21
Does the MTU Configuration Affect Only the Fragmentation of Packets Sent to the CPU
22
Are the MAC Address Entries the same Across the Interface Cards on the Router
22
How Long Is the Aging Timer for Dynamic MAC Address Entries? How Are the Dynamic MAC Address
22
Entries Aged
22
Can Frames be Correctly Forwarded When the MAC Address Learning Limit Is Set to 0
22
Why Does a Port Still Have MAC Address Entries after the Mac-Address Max-Mac-Count 0 Command Is
22
Configured on the Port
22
Why Is a MAC Address Learned into Multiple Vlans
22
Does the Router Support Multicard Link Aggregation
22
How Is Traffic Load Shared for Link Aggregation on the Router
22
Does the Router Support Configuring Static MAC Address Entries on an Aggregate Interface
23
Does DLDP Take Effect When One Fiber Is Connected in Case that Two Fibers of a Link Are both Disconnected
23
What Fields Are Displayed in the Output Transceiver Module Optical Power Information
23
How Is the Port Rate Percentage Calculated
23
Why Is the Peer Port down and the Local Port Not down When the Port of the Router Is Connected to the Port
24
Of Another Device
24
What Are the Restrictions and Guidelines for Configuring the Duplex Modes and Rates for Subcard Interfaces
24
What Types of Subinterfaces on the Router Support VLAN Termination
25
What Is the Difference between Regular Termination and User VLAN Termination? What Are the Usage
26
Scenarios
26
Does the Router Support Layer 3 Subinterface Statistics Collection
26
IP Forwarding Services
26
Does the Router Support Configuring a Secondary IP Address for a Layer 3 Ethernet Interface
26
Interface
26
What Is the MAC Address of a VLAN Interface Used for
27
Which Route in the FIB Table Has Higher Priority for Packet Forwarding When a Route Obtained from the Routing Table Conflicts with a Host Route Obtained from the ARP Table
27
Does the Router Support the Super VLAN Configuration
27
How Does the Router Handle an ICMP Ping Packet Whose Size Exceeds 1500 Bytes
27
Is the Sending Interval of ICMP Ping Packets Configurable on the Router
27
Does the Router Support Cross-Card Port Mirroring
28
Does the Router Support Remote Port Mirroring
28
What Tunneling Technologies Does the Router Support
28
What Protocols and Features Does BFD Support on the Router
28
Which Load Sharing Modes Are Supported by the Router
29
IP Routing
29
Does the Router Support Configuring Blackhole Routes
29
Is the OSPF Cost of a Layer 3 Ethernet Interface on the Router Relevant to the Interface Rate
29
What Are the Preferences of Different Routing Protocols
30
What Are the Possible Reasons for the OSPF CONFIG ERROR Trap
30
Does the Router Discard the Matching Packets When the PBR-Based Forwarding Fails
30
Mpls
30
How Do I Filter Lsps Triggered by Routes with Non-32-Bit Masks
30
How Do I View the Tracert Path Correctly after Enabling TTL Propagation for the Router
31
IP Multicast
31
Which IGMP Versions Are Supported by the Router
31
Are Static Rps Supported by the Router
31
Are Static Multicast Routes Supported by the Router
31
How Do I Deny Multicast Packets from an Illegal Multicast Source
31
Are Multicast Group Policies Supported by the Router
31
The RPF Check Fails after the MSDP Peer Switchover in Inter-Domain Multicast Routing. What Are the Possible Reasons
32
Is Inter-AS MD VPN Supported by the Router
32
Is IP Multicast Unavailable if I Configure both of VPLS and IP Multicast on the same Interface of the Router
32
Qacl
32
Are Qos Policy, Port Mirroring, and Flow Mirroring Are Supported on Logical Interfaces
32
What if both Redirection and Traffic Policing Are Associated with One Class in a Qos Policy
33
What Are the Traffic Priorities for CBQ
33
What Can I Configure to Limit the Traffic Rate on an Interface if I Have Configured a Queue Scheduling Profile
34
Or CBQ on the Interface
34
What Is the Default Action in a Qos Traffic Behavior
34
How Can I View the Rate Limit Values for Protocol Packets to the Control Plane
34
What Happens if I Configure Traffic Policing for a User Profile by Using both the MQC and Non-MQC
34
Approaches
34
Atm
34
What Are the Restrictions and Guidelines for Configuring the Interval Argument for the Oam Loopback
34
Command
34
What Are the Restrictions and Guidelines for Configuring an ATM P2P/P2MP Subinterface
35
Can OAM Continuity Check be Enabled on Only One End of the Network
35
When Configuring the ATM Cell Transmission Rate for the Local PVC, Should I Take the Peak Rate of the Remote PVC into Consideration
36
What Are the Restrictions and Guidelines for Configuring an ATM Network Involving Multicast or Broadcast
36
Advertisement
H3C SR8800-F Quick Start Manual (21 pages)
High-End Routers
Brand:
H3C
| Category:
Network Router
| Size: 0 MB
Table of Contents
Table of Contents
2
About this Document
3
Preparing for Maintenance
4
Maintaining the Device
5
Checking the LED Status
5
SR8800-X/CR16000-F Leds
6
SR8800-X-S/SR8800-F Leds
7
RX8800 Leds
8
CR16000-M/SR6600-G Leds
9
Checking Critical or Minor Alarms
9
Checking the Health Status of the Device
10
Checking the Status of Cards and Subcards
13
Collecting and Reporting Failure Information
15
Collecting Basic Failure Information
15
Collecting Log Information
15
Collecting Diagnostic Information
16
Troubleshooting Login Failure
18
Checking for Power Supply System Failure
18
Console Port
18
Checking for MPU Failure
19
Resetting the Device
19
Contacting H3C Support
19
Safety and Configuration Cautions and Guidelines
20
Hardware Safety Guidelines
20
CLI-Based Configuration Cautions and Guidelines
20
Advertisement
Related Products
H3C SR8800 10G
H3C SR8800 IM-FW-II
H3C SR8800-X-S
H3C SR8800-X
H3C SR8800 Series
H3C SR8805
H3C SR8808
H3C SR8805-F
H3C SR8808-F
H3C SR8808-X
H3C Categories
Switch
Network Router
Wireless Access Point
Control Unit
Server
More H3C Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL