3Com Switch 8800 Configuration Guide www.3com.com Part No.
Copyright © 2005, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation. 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
About This Manual Release Notes This manual applies to 3Com Switch 8800. Related Manuals The related manuals are listed in the following table. Manual Content 3Com Switch 8800 Installation Guide It provides information for the system installation, booting, hardware/software maintenance & monitoring. 3Com Switch 8800 Command Reference Guide It introduces all commands available in the Switch 8800, as well as a command index.
Switch 8800 Configuration Guide About This Manual PoE z This module focuses on power over Ethernet (PoE) configuration. NAT & VPLS z This module presents the configurations on NAT and VPLS. Appendix z This appendix offers the acronyms in this manual. Intended Audience The manual is intended for the following readers: z Network engineers z Network administrators z Customers who are familiar with network fundamentals Conventions The manual uses the following conventions: I.
Switch 8800 Configuration Guide About This Manual Convention Description selected. [ x | y | ... ] * Optional alternative items are grouped in square brackets and separated by vertical bars. Many or none can be selected. # A line starting with the # sign is comments. III. GUI conventions Convention Description <> Button names are inside angle brackets. For example, click the button. [] Window names, menu items, data table and field names are inside square brackets.
Switch 8800 Configuration Guide About This Manual V. Mouse operation Action Description Select Press and hold the primary mouse button (left mouse button by default). Click Select and release the primary mouse button without moving the pointer. Double-Click Press the primary mouse button twice continuously and quickly without moving the pointer. Drag Press and hold the primary mouse button and move the pointer to a certain position. VI.
3Com Switch 8800 Configuration Guide Table of Contents Table of Contents Chapter 1 Product Overview ........................................................................................................ 1-1 1.1 Product Overview............................................................................................................... 1-1 1.2 Function Features ..............................................................................................................
3Com Switch 8800 Configuration Guide Table of Contents 6.2.4 Setting the Duplex Attribute of the Ethernet Port .................................................... 6-2 6.2.5 Setting Speed on the Ethernet Port ........................................................................ 6-2 6.2.6 Setting the Cable Type for the Ethernet Port .......................................................... 6-3 6.2.7 Enabling/Disabling Flow Control for the Ethernet Port............................................ 6-3 6.
3Com Switch 8800 Configuration Guide Table of Contents 8.4.1 Creating/Deleting a VLAN Protocol Type................................................................ 8-4 8.4.2 Associating/Dissociating a Port with/from a Protocol-Based VLAN........................ 8-5 8.5 Displaying VLAN ................................................................................................................ 8-5 8.6 VLAN Configuration Example ............................................................................
3Com Switch 8800 Configuration Guide Table of Contents Chapter 13 DHCP Configuration ................................................................................................ 13-1 13.1 Introduction to DHCP..................................................................................................... 13-1 13.1.1 How DHCP Works............................................................................................... 13-1 13.2 Configuring General DHCP .......................................
3Com Switch 8800 Configuration Guide Table of Contents 15.2 Displaying and Debugging IP Performance................................................................... 15-2 15.3 Troubleshooting IP Performance ................................................................................... 15-3 Chapter 16 IP Routing Protocol Overview ................................................................................ 16-5 16.1 Introduction to IP Route and Routing Table .......................................
3Com Switch 8800 Configuration Guide Table of Contents 18.4 Typical RIP Configuration Example ............................................................................. 18-12 18.5 Troubleshooting RIP Faults ......................................................................................... 18-14 Chapter 19 OSPF Configuration ................................................................................................ 19-1 19.1 OSPF Overview .....................................................
3Com Switch 8800 Configuration Guide Table of Contents 20.1.1 Terms of IS-IS Routing Protocol ......................................................................... 20-1 20.1.2 Two-level Structure of IS-IS Routing Protocol .................................................... 20-2 20.1.3 NSAP Structure of IS-IS Routing Protocol .......................................................... 20-4 20.1.4 IS-IS Routing Protocol Packets...........................................................................
3Com Switch 8800 Configuration Guide Table of Contents 21.2.2 Configuring Basic Features for BGP Peer .......................................................... 21-5 21.2.3 Configuring application features of a BGP peer (group)..................................... 21-8 21.2.4 Configuring Route Filtering of a Peer (group) ................................................... 21-12 21.2.5 Configuring Network Routes for BGP Distribution ............................................ 21-14 21.2.
3Com Switch 8800 Configuration Guide Table of Contents 23.1.3 Application of Multicast ....................................................................................... 23-7 23.2 Implementation of IP Multicast....................................................................................... 23-7 23.2.1 IP Multicast Addresses........................................................................................ 23-7 23.2.2 IP Multicast Protocols..................................................
3Com Switch 8800 Configuration Guide Table of Contents 27.2.3 Configuring the IGMP Version ............................................................................ 27-3 27.2.4 Configuring the Interval to Send IGMP Query Message..................................... 27-4 27.2.5 Configuring the Interval and the Number of Querying IGMP Packets ................ 27-4 27.2.6 Configuring the Present Time of IGMP Querier .................................................. 27-5 27.2.
3Com Switch 8800 Configuration Guide Table of Contents 29.2.11 Configuring RP to Filter the Register Messages Sent by DR ........................... 29-7 29.2.12 Limiting the range of legal BSR......................................................................... 29-7 29.2.13 Limiting the range of legal C-RP ....................................................................... 29-8 29.2.14 Clearing multicast route entries from PIM routing table .................................... 29-8 29.2.
3Com Switch 8800 Configuration Guide Table of Contents 31.2.6 Configuring MBGP Timer .................................................................................... 31-5 31.2.7 Configuring MBGP Peer (Group) ........................................................................ 31-5 31.2.8 Configuring MBGP Route Aggregation ............................................................... 31-9 31.2.9 Configuring an MBGP Route Reflector ...............................................................
3Com Switch 8800 Configuration Guide Table of Contents 36.4.2 Displaying and Debugging LDP ........................................................................ 36-10 36.5 Typical MPLS Configuration Example ......................................................................... 36-11 36.6 Troubleshooting MPLS Configuration.......................................................................... 36-15 Chapter 37 BGP/MPLS VPN Configuration...............................................................
3Com Switch 8800 Configuration Guide Table of Contents 38.2.7 Configuring the Time Parameters of a Switch .................................................. 38-19 38.2.8 Setting the Timeout Factor of a Specific Bridge................................................ 38-21 38.2.9 Configuring the Max Transmission Speed on a Port ........................................ 38-21 38.2.10 Configuring a Port as an Edge Port or Non-edge Port ................................... 38-22 38.2.
3Com Switch 8800 Configuration Guide Table of Contents 40.2 AAA Configuration ......................................................................................................... 40-6 40.2.1 Creating/Deleting an ISP Domain ....................................................................... 40-6 40.2.2 Configuring Relevant Attributes of an ISP Domain ............................................. 40-7 40.2.3 Configuring Self-Service Server URL .......................................................
3Com Switch 8800 Configuration Guide Table of Contents Chapter 41 VRRP Configuration ................................................................................................ 41-1 41.1 Introduction to VRRP ..................................................................................................... 41-1 41.2 Configuring VRRP ......................................................................................................... 41-3 41.2.
3Com Switch 8800 Configuration Guide Table of Contents 43.3.2 Enabling/Disabling FTP Server ......................................................................... 43-12 43.3.3 Configuring the FTP Server Authentication and Authorization ......................... 43-12 43.3.4 Configuring the Running Parameters of FTP Server ........................................ 43-13 43.3.5 Displaying and Debugging FTP Server............................................................. 43-13 43.3.
3Com Switch 8800 Configuration Guide Table of Contents 46.1.1 Setting a Name for a Switch................................................................................ 46-1 46.1.2 Setting the System Clock .................................................................................... 46-1 46.1.3 Setting the Time Zone......................................................................................... 46-1 46.1.4 Setting the Summer Time ...........................................................
3Com Switch 8800 Configuration Guide Table of Contents 47.5 SNMP Configuration Example ....................................................................................... 47-9 Chapter 48 RMON Configuration ............................................................................................... 48-1 48.1 RMON Overview ............................................................................................................ 48-1 48.2 Configuring RMON ............................................
3Com Switch 8800 Configuration Guide Table of Contents 50.2.3 SFTP Client Configuration ................................................................................ 50-18 50.2.4 SFTP Configuration Example............................................................................ 50-22 Chapter 51 PoE Configuration ................................................................................................... 51-1 51.1 PoE Overview ...................................................................
3Com Switch 8800 Configuration Guide Chapter 1 Product Overview Chapter 1 Product Overview 1.1 Product Overview The Switch 8800 is a large-capacity, modularized L2/L3 switch. It is mainly designed for broadband MAN, backbone, switching core and convergence center of large-sized enterprise network and campus network. It provides diverse services and can be used in constructing a stable and high-performance IP network.
3Com Switch 8800 Configuration Guide Chapter 1 Product Overview Features Implementation Supports static routing Supports Routing Information Protocol (RIP) v1/v2 Supports Open Shortest Path First (OSPF) IP routing Supports Border Gateway Protocol (BGP) Supports Intermediate System-to-Intermediate System intra-domain routing information exchange protocol (IS-IS) Supports IP routing policy DHCP Relay Supports Dynamic Host Configuration Protocol (DHCP) Relay Link aggregation Supports link aggregation,
3Com Switch 8800 Configuration Guide Chapter 2 Logging into Switch Chapter 2 Logging into Switch 2.1 Setting Up Configuration Environment Through the Console Port Step 1: As shown in the figure below, to set up the local configuration environment, connect the serial port of a PC (or a terminal) to the Console port of the switch with the Console cable.
3Com Switch 8800 Configuration Guide Chapter 2 Logging into Switch Figure 2-3 Configure the port for connection Figure 2-4 Set communication parameters Step 3: The switch is powered on. Display self-test information of the switch and prompt you to press Enter to show the command line prompt such as . Step 4: Input a command to configure the switch or view the operation state. Input a “?” for an immediate help. For details of specific commands, refer to the following chapters.
3Com Switch 8800 Configuration Guide Chapter 2 Logging into Switch 2.2 Setting Up Configuration Environment Through Telnet 2.2.1 Connecting a PC to the Switch Through Telnet After you have correctly configured IP address of a VLAN interface for a switch via Console port (using ip address command in VLAN interface view), and added the port (that connects to a terminal) to this VLAN (using port command in VLAN view), you can telnet this switch and configure it.
3Com Switch 8800 Configuration Guide Chapter 2 Logging into Switch Figure 2-6 Run Telnet Step 4: The terminal displays “Login authentication!” and prompts the user to input the logon password. After you input the correct password, it displays the command line prompt (such as ).
3Com Switch 8800 Configuration Guide PC Telnet Client Chapter 2 Logging into Switch Telnet Server Figure 2-7 Provide Telnet Client service Step 1: Configure the Telnet user name and password on the Telnet Server through the console port. Note: By default, the password is required for authenticating the Telnet user to log in the switch. If a user logs in via the Telnet without password, he will see the prompt “Login password has not been set !.”.
3Com Switch 8800 Configuration Guide Chapter 2 Logging into Switch Note: By default, the password is required for authenticating the Modem user to log in the switch. If a user logs in via the Modem without password, he will see the prompt “Login password has not been set !.”. system-view System View: return to User View with Ctrl+Z.. [SW8800] user-interface aux 0 [SW8800-ui-aux0] set authentication password simple xxxx (xxxx is the preset login password of the Modem user.
3Com Switch 8800 Configuration Guide Chapter 2 Logging into Switch Figure 2-9 Set the dialed number Figure 2-10 Dial on the remote PC Step 4: Enter the preset login password on the remote terminal emulator and wait for the prompt such as . Then you can configure and manage the switch. Enter “?” to get the immediate help. For details of specific commands, refer to the following chapters. Note: By default, when a Modem user logs in, he can access the commands at Level 0.
3Com Switch 8800 Configuration Guide Chapter 3 Command Line Interface Chapter 3 Command Line Interface 3.1 Command Line Interface The Switch 8800 provides a series of configuration commands and command line interfaces for configuring and managing the switch. The command line interface has the following characteristics: z Local configuration via the Console port and AUX port. z Local or remote configuration via Telnet. z Remote configuration through dialing with modem via the AUX port.
3Com Switch 8800 Configuration Guide z Chapter 3 Command Line Interface Management level: They are commands that influence basis operation of the system and system support module, which plays a support role on service. Commands of this level involve file system commands, FTP commands, TFTP commands, XModem downloading commands, user management commands, and level setting commands. At the same time, login users are classified into four levels that correspond to the four command levels respectively.
3Com Switch 8800 Configuration Guide Chapter 3 Command Line Interface z Route policy view z Basic ACL view z Advanced ACL view z Layer-2 ACL view z Conform-level view z WRED index view z RADIUS server group view z ISP domain view z MPLS view z VPNv4 sub-address family view z VPN-instance sub-address family view z Remote-peer view z VSI-LDP view z VSI view z TACACS+ view z Port group view z Lanswitch view The following table describes the function features of different vie
3Com Switch 8800 Configuration Guide Command view Chapter 3 Command Line Interface Function Prompt [SW8800Ethernet2/ 1/1] Ethernet view: Port view port Configure Ethernet port parameters [SW8800GigabitEth ernet2/1/1 ] [SW880010-Gigabit Ethernet2/ 1/1] Command to enter 100M Ethernet port view Key in interface ethernet 2/1/1 in system view GigabitEthernet port view Key in interface gigabitethernet 2/1/1 in system view quit returns to system view return returns to user view 10G Ethernet port view
3Com Switch 8800 Configuration Guide Command view Chapter 3 Command Line Interface Command to enter Command to exit Function Prompt PIM view Configure PIM parameters [SW8800PIM] Key in pim system view MSDP view Configure MSDP parameters [SW8800msdp] Key in msdp in system view IPv4 multicast sub-addres s family view Enter the IPv4 multicast sub-address family view to configure MBGP multicast extension parameters [SW8800bgp-af-mu l] Key in ipv4-family multicast in BGP view in return return
3Com Switch 8800 Configuration Guide Command view Chapter 3 Command Line Interface Function Prompt Command to enter Advanced ACL view Define the rule of advanced ACL [SW8800acl-adv-30 00] Key in acl number 3000 in system view Layer-2 ACL view Define the rule of layer-2 ACL [SW8800acl-link-40 00] Key in acl number 4000 in system view Conform-le vel view Configure the "DSCP + Conform-level Service group" mapping table and”EXP + Conform-level>service parameters”map ping table and "Local-preceden
3Com Switch 8800 Configuration Guide Chapter 3 Command Line Interface Command view Function Prompt Command to enter VPN-instan ce subaddres s family view Configure VPN instance subaddress family parameters [SW8800bgp-af-vp n-instance ] Key in ipv4-family vpn-instance vpna in BGP/RIP view Remote-pe er view Configure MPLS peer group parameters [SW8800mpls-remo te1] Key in remote1 VSI-LDP view Configure some VPLS features [SW8800vsi-3Comldp] VSI view Specify mode [SW8800vsi-3Com] Key in vsi
3Com Switch 8800 Configuration Guide Chapter 3 Command Line Interface Partial help z You can get the help information through these online help commands, which are described as follows. 1) Input “?” in any view to get all the commands in it and corresponding descriptions.
3Com Switch 8800 Configuration Guide Chapter 3 Command Line Interface 3.3.2 Displaying Characteristics of Command Line Command line interface provides the following display characteristics: z For users’ convenience, the instruction and help information can be displayed in both English and Chinese. z For the information to be displayed exceeding one screen, pausing function is provided. In this case, users can have three choices, as shown in the table below.
3Com Switch 8800 Configuration Guide Chapter 3 Command Line Interface 3.3.4 Common Command Line Error Messages All the input commands by users can be correctly executed, if they have passed the grammar check. Otherwise, error messages will be reported to users. The common error messages are listed in the following table. Table 3-4 Common command line error messages Error messages Causes Cannot find the command. Cannot find the keyword. Unrecognized command Wrong parameter type.
3Com Switch 8800 Configuration Guide Chapter 3 Command Line Interface Press after typing the incomplete key word and the system will execute the partial help: If the key word matching the typed one is unique, the system will replace the typed one with the complete key word and display it in a new line; if there is not a matched key word or the matched key word is not unique, the system will do no modification but display the originally typed word in a new line.
3Com Switch 8800 Configuration Guide Chapter 4 User Interface Configuration Chapter 4 User Interface Configuration 4.1 User Interface Overview User interface configuration is another way provided by the switch to configure and manage the port data. The Switch 8800 supports the following configuration methods: z Local configuration via the Console port and AUX port z Local and remote configuration through Telnet on Ethernet port z Remote configuration through dialing with modem via the AUX port.
3Com Switch 8800 Configuration Guide z Chapter 4 User Interface Configuration VTY is numbered after AUX user interface. The absolute number of the first VTY is incremented by 1 than the AUX user interface number. II. Relative number The relative number is in the format of “user interface type” + “number”. The “number” refers to the internal number for each user interface type.
3Com Switch 8800 Configuration Guide Chapter 4 User Interface Configuration When the users log in the switch, if a connection is activated, the login header will be displayed. After the user successfully logs in the switch, the shell header will be displayed. Perform the following configuration in system view. Table 4-2 Configure the login header.
3Com Switch 8800 Configuration Guide Chapter 4 User Interface Configuration By default, the flow control on an asynchronous port is none, that is, no flow control will be performed. III. Configuring parity Table 4-5 Configure parity Operation Command Configure parity mode parity { even | mark | none | odd | space } Restore the default parity mode undo parity By default, the parity on an asynchronous port is none, that is, no parity bit. IV.
3Com Switch 8800 Configuration Guide Chapter 4 User Interface Configuration After the terminal service is disabled on a user interface, you cannot log in to the switch through the user interface. However, the user logged in through the user interface before disabling the terminal service can continue his operation. After such user logs out, he cannot log in again. In this case, a user can log in to the switch through the user interface only when the terminal service is enabled again.
3Com Switch 8800 Configuration Guide Chapter 4 User Interface Configuration IV. Setting the screen length If a command displays more than one screen of information, you can use the following command to set how many lines to be displayed in a screen, so that the information can be separated in different screens and you can view it more conveniently.
3Com Switch 8800 Configuration Guide Chapter 4 User Interface Configuration By default, terminal authentication is not required for local users log in via the Console port. However, password authentication is required for local users and remote Modem users log in via the AUX port, and Telnet users log in through Ethernet port. 1) Perform local password authentication to the user interface Using authentication-mode password command, you can perform local password authentication.
3Com Switch 8800 Configuration Guide Chapter 4 User Interface Configuration Note: By default, password is required to be set for authenticating local users and remote Modem users log in via the AUX port, and Telnet users log in through Ethernet port. If no password has been set, the following prompt will be displayed “Login password has not been set !.” If the authentication-mode none command is used, the local and Modem users via the AUX port and Telnet users will not be required to input password. II.
3Com Switch 8800 Configuration Guide Chapter 4 User Interface Configuration Note: When a user logs in the switch, the command level that it can access depends on two points. One is the command level that the user itself can access, the other is the set command level of this user interface. If the two levels are different, the former will be taken.
3Com Switch 8800 Configuration Guide Chapter 4 User Interface Configuration 4.2.6 Configuring Modem Attributes When logging in the switch via the Modem, you can use the following commands to configure these parameters. Perform the following configuration in AUX user interface view.
3Com Switch 8800 Configuration Guide Chapter 4 User Interface Configuration Table 4-21 Configure to automatically run the command Operation Command Configure to automatically run the command auto-execute command text Configure not to automatically run the command undo auto-execute command Note the following points: z After executing this command, the user interface can no longer be used to carry out the routine configurations for the local system. Use this command with caution.
3Com Switch 8800 Configuration Guide Chapter 5 Management Interface Configuration Chapter 5 Management Interface Configuration 5.1 Management Interface Overview The Switch 8800 provides a 10/100Base-TX management interface on the Fabric. The management interface can connect a background PC for software loading and system debugging, or a remote network management station for remote system management. 5.
3Com Switch 8800 Configuration Guide Chapter 6 Ethernet Port Configuration Chapter 6 Ethernet Port Configuration 6.1 Ethernet Port Overview The Switch 8800 provides conventional Ethernet ports, fast Ethernet ports, 1000 Mbps Ethernet ports and 10 Gbps Ethernet ports. The configurations of these Ethernet ports are basically the same, which will be described in the following sections. 6.
3Com Switch 8800 Configuration Guide Chapter 6 Ethernet Port Configuration 6.2.2 Enabling/Disabling an Ethernet Port After configuring the related parameters and protocol of the port, you can use undo shutdown command to enable the port. If you do not want a port to forward data any more, use shutdown command to disable it. Perform the following configuration in Ethernet port view.
3Com Switch 8800 Configuration Guide Chapter 6 Ethernet Port Configuration Note that, 10/100 Mbps electrical Ethernet port can operate in full-duplex, half-duplex or auto-negotiation mode. The10/100/1000 Mbps electrical Ethernet port can operate in full duplex, half duplex or auto-negotiation mode. When the port operates at 1000 Mbps or in auto mode, the duplex mode can be set to full (full duplex) or auto (auto-negotiation).
3Com Switch 8800 Configuration Guide Chapter 6 Ethernet Port Configuration Operation Command Restore the default type of the cable connected to the Ethernet port undo mdi Note that, the settings only take effect on 10/100 Mbps and 10/100/1000 Mbps electrical ports. By default, the cable type is auto (auto-recognized). That is, the system can automatically recognize the type of cable connecting to the port. 6.2.
3Com Switch 8800 Configuration Guide Chapter 6 Ethernet Port Configuration Note that, the values can be consecutive, but the effective values are discrete. The effective frame length for the FE port is 1552. The effective frame length for the GE port and 10 GE port is 1552, 9022, 9192 and 10240. You can execute the display interface command to view the configured effective value for the port. 6.2.
3Com Switch 8800 Configuration Guide Chapter 6 Ethernet Port Configuration 6.2.11 Setting the Link Type for the Ethernet Port Ethernet port can operate in three different link types, access, hybrid, and trunk types. The access port carries one VLAN only, used for connecting to the user’s computer. The trunk port can belong to more than one VLAN and receive/send the packets on multiple VLANs, used for connection between the switches.
3Com Switch 8800 Configuration Guide Chapter 6 Ethernet Port Configuration Operation Command Add the current trunk port to specified VLANs port trunk permit vlan { vlan_id_list | all } Remove the current access port from to a specified VLAN undo port access vlan Remove the current hybrid port from to specified VLANs undo port hybrid vlan vlan_id_list Remove the current trunk port from specified VLANs undo port trunk { vlan_id_list | all } permit vlan Note that the access port shall be added to
3Com Switch 8800 Configuration Guide Chapter 6 Ethernet Port Configuration By default, the VLAN of hybrid port and trunk port is VLAN 1 and that of the access port is the VLAN to which it belongs 6.2.14 Setting the VLAN VPN Feature VLAN Tag consists of 12 bits (defined by IEEE802.1Q), so Ethernet Switches can support up to 4k VLANs. In networking, especially in MAN (metropolitan area network), a large numbers of VLANs are required to segment users. In this case, 4k VLANs are not enough.
3Com Switch 8800 Configuration Guide Chapter 6 Ethernet Port Configuration Path cost Link attributes(point-to-point or not) Port mCheck Max transmission speed Enable/disable root protection Enable/disable loop protection Edge or non-edge port Reset ARP or not Define/apply flow template Traffic reshaping Traffic redirection Packet filtering QoS setting Priority re-assignment Traffic statistics Traffic mirroring Rate limiting Permitted VLAN ID Default VLAN ID Add ports to VLAN Port setting Default 802.
3Com Switch 8800 Configuration Guide Chapter 6 Ethernet Port Configuration Table 6-16 Copy port configuration to other ports Operation Command Copy port configuration to other ports copy configuration source { interface-type interface-number | interface-name | aggregation-group agg-id } destination { interface_list [ aggregation-group agg-id ] | aggregation-group agg-id } Note that if the copy source is an aggregation group, take the port with minimum Active as the source; if the copy destination is a
3Com Switch 8800 Configuration Guide Chapter 6 Ethernet Port Configuration 6.3 Displaying and Debugging Ethernet Port After the above configuration, execute display command in any view to display the running of the Ethernet port configuration, and to verify the effect of the configuration. Execute reset command in user view to clear the statistics information of the port.
3Com Switch 8800 Configuration Guide Chapter 6 Ethernet Port Configuration II. Network diagram Switch A Switch B Figure 6-1 Network diagram for Ethernet port configuration III. Configuration procedure The following configurations are used for Switch A. Please configure Switch B in the similar way. Enter the Ethernet port view of GigabitEthernet2/1/1. [SW8800] interface gigabitethernet2/1/1 Set the GigabitEthernet2/1/1 as a trunk port and allows VLANs 2, 6 through 50, and 100 to pass.
3Com Switch 8800 Configuration Guide Chapter 7 Link Aggregation Configuration Chapter 7 Link Aggregation Configuration 7.1 Overview 7.1.1 Introduction to Link Aggregation Link aggregation means aggregating several ports together to implement the outgoing/incoming payload balance among the member ports and enhance the connection reliability. Link aggregation may be manual aggregation, dynamic LACP aggregation or static LACP aggregation.
3Com Switch 8800 Configuration Guide Chapter 7 Link Aggregation Configuration operation key. The management key of an LACP-enabled dynamic aggregation port is 0 by default. The management key of an LACP-enabled static aggregation port is the same as the aggregation group ID. In a dynamic aggregation group, the member ports must have the same operation key. In manual and static aggregation groups, the active ports have the same operation key. 7.1.
3Com Switch 8800 Configuration Guide z Chapter 7 Link Aggregation Configuration The system sets to inactive state the active port connecting to the different peer devices, or the port connecting to the same peer device but locating in the different aggregation group. z The system sets to inactive state the ports which cannot be aggregated with the port, due to hardware limit (for example, trans-board aggregation is forbidden).
3Com Switch 8800 Configuration Guide Chapter 7 Link Aggregation Configuration protocol types in determining if to use IP or MAC addresses. The packet with 0800 ETYPE Ethernet field is IP packet. In general, the system only provides limited resources. The system will always allocate hardware aggregation resources to the load balancing aggregation groups with higher priority levels.
3Com Switch 8800 Configuration Guide Chapter 7 Link Aggregation Configuration 7.
3Com Switch 8800 Configuration Guide z Chapter 7 Link Aggregation Configuration You cannot enable LACP at the mirroring port, the port with static MAC address configured, and the port with static ARP configured, port with 802.1x enabled. z You are inhibited to enable LACP at the port in a manual aggregation group. z You can add a port with LACP enabled into a manual aggregation group, but then the LACP will be disabled on it automatically.
3Com Switch 8800 Configuration Guide Chapter 7 Link Aggregation Configuration Table 7-3 Add/delete an Ethernet port into/from an aggregation group Operation Command Add an Ethernet port into the aggregation group (Ethernet port view) port link-aggregation group agg-id Delete an Ethernet port from the aggregation port (Ethernet port view) undo port link-aggregation group Aggregate Ethernet ports (system view) link-aggregation interface_name1 to interface_name2 [ both ] Note that: z You cannot add
3Com Switch 8800 Configuration Guide Chapter 7 Link Aggregation Configuration Note: If you save the current configuration using the save command, the static and dynamic LACP aggregation groups and their description strings remains on the system after rebooting, but not the dynamic LACP aggregation groups, or their description strings. 7.2.5 Configuring System Priority The LACP refers to system IDs to determine if the member ports are active or inactive for a dynamic LACP aggregation group.
3Com Switch 8800 Configuration Guide Chapter 7 Link Aggregation Configuration 7.3 Displaying and Debugging Link Aggregation After the above configuration, execute the display command in any view to display the running of the link aggregation configuration, and to verify the effect of the configuration. In user view, execute the reset command to clear statistics on the LACP-enabled port, and the debugging command to enable LACP debugging.
3Com Switch 8800 Configuration Guide Chapter 7 Link Aggregation Configuration 7.4 Link Aggregation Configuration Example I. Network requirements Switch A connects switch B with three aggregation ports, numbered as Ethernet2/1/1 to Ethernet2/1/3, so that incoming/outgoing load can be balanced among the member ports. II. Network diagram Switch A Link aggregation Switch B Figure 7-1 Network diagram for link aggregation configuration III.
3Com Switch 8800 Configuration Guide Chapter 7 Link Aggregation Configuration Enable LACP on Ethernet ports Ethernet2/1/1 to Ethernet2/1/3.
3Com Switch 8800 Configuration Guide Chapter 8 VLAN Configuration Chapter 8 VLAN Configuration 8.1 VLAN Overview Virtual local area network (VLAN) groups the devices in a LAN logically, not physically, into segments to form virtual workgroups. IEEE issued the IEEE 802.1Q in 1999 to standardize the VLAN implementations. The VLAN technology allows network administrators to logically divide a physical LAN into different broadcast domains or the so-called virtual LANs.
3Com Switch 8800 Configuration Guide Chapter 8 VLAN Configuration Table 8-1 Create/Delete a VLAN Operation Command Create a VLAN and enter the VLAN view vlan vlan_id Delete a specified VLAN undo vlan { vlan_id [ to vlan_id ] | all } Note that the default VLAN, namely VLAN 1, cannot be deleted. 8.2.2 Specifying a Description Character String for a VLAN or VLAN interface You can use the following commands to specify a description character string for a VLAN or VLAN interface.
3Com Switch 8800 Configuration Guide Chapter 8 VLAN Configuration 8.2.4 Shutting down/Bringing up a VLAN Interface You can use the following commands to shut down/bring up a VLAN interface. Perform the following configuration in VLAN interface view.
3Com Switch 8800 Configuration Guide Chapter 8 VLAN Configuration 8.4 Configuring Protocol-Based VLAN The following sections describe the protocol-based VLAN configuration tasks: z Creating/Deleting a VLAN Protocol Type z Associating/Dissociating a Port with/from a Protocol-Based VLAN 8.4.1 Creating/Deleting a VLAN Protocol Type You can use the following commands to create/delete a VLAN protocol type. Perform the following configuration in VLAN view.
3Com Switch 8800 Configuration Guide Chapter 8 VLAN Configuration Note: z The port to be associated with a protocol-based VLAN must be of Hybrid type and in this VLAN. z The same protocol can be configured in the different VLANs, but cannot be configured repeatedly in the same VLAN. z A port cannot be associated with different VLANs with the same protocols configured. z You cannot delete a protocol-based VLAN that has ports associated with.
3Com Switch 8800 Configuration Guide Chapter 8 VLAN Configuration 8.6 VLAN Configuration Example I. Network requirements z Create VLAN2 and VLAN3. z Add Ethernet3/1/1 and Ethernet4/1/1 to VLAN2. z Add Ethernet3/1/2 and Ethernet4/1/2 to VLAN3. II. Network diagram Switch E3/1/1 E4/1/1 E3/1/2 E4/1/2 VLAN 2 VLAN 3 Figure 8-1 Network diagram for VLAN configuration III. Configuration procedure Create VLAN 2 and enter its view. [SW8800] vlan 2 Add Ethernet3/1/1 and Ethernet4/1/1 to VLAN2.
3Com Switch 8800 Configuration Guide Chapter 9 GARP/GVRP Configuration Chapter 9 GARP/GVRP Configuration 9.1 Configuring GARP 9.1.1 GARP Overview Generic attribute registration protocol (GARP) offers a mechanism that is used by the members in the same switching network to distribute, propagate and register such information as VLAN and multicast addresses. GARP dose not exist in a switch as an entity. A GARP participant is called GARP application.
3Com Switch 8800 Configuration Guide Chapter 9 GARP/GVRP Configuration Note: z The value of GARP timer will be used in all the GARP applications, including GVRP and GMRP, running in one switched network. z In one switched network, the GARP timers on all the switching devices should be set to the same value. Otherwise, GARP application cannot work normally. 9.1.2 Setting the GARP Timer GARP timers include Hold timer, Join timer, Leave timer and LeaveAll timer.
3Com Switch 8800 Configuration Guide Chapter 9 GARP/GVRP Configuration Note that, the value of Join timer should be no less than the doubled value of Hold timer, and the value of Leave timer should be greater than the doubled value of Join timer and smaller than the Leaveall timer value. Besides, you must set the value of the Join timer in terms of 5 centiseconds. Otherwise, the system will prompt message of error. The value range of a timer varies with the values of other timers.
3Com Switch 8800 Configuration Guide Chapter 9 GARP/GVRP Configuration GVRP-supporting switches can receive VLAN registration information from other switches and dynamically update the local VLAN registration information including the active members and through which port those members can be reached.
3Com Switch 8800 Configuration Guide Chapter 9 GARP/GVRP Configuration Table 9-3 Enable/disable global GVRP Operation Command Enable global GVRP gvrp Disable global GVRP undo gvrp By default, global GVRP is disabled. 9.2.3 Enabling/Disabling Port GVRP You can use the following command to enable/disable the GVRP on a port. Perform the following configurations in Ethernet port view.
3Com Switch 8800 Configuration Guide Chapter 9 GARP/GVRP Configuration Table 9-5 Set the GVRP registration type Operation Command Set GVRP registration type gvrp registration { normal | fixed | forbidden } Restore the default GVRP registration type undo gvrp registration By default, GVRP registration type is normal. 9.2.5 Displaying and Debugging GVRP After the above configuration, execute the display command in any view to display the running of GVRP configuration, and to verify the configuration.
3Com Switch 8800 Configuration Guide Chapter 9 GARP/GVRP Configuration III. Configuration procedure Configure Switch A: Enable GVRP globally. [SW8800] gvrp Set Ethernet3/1/1 as a Trunk port and allows all the VLANs to pass through. [SW8800] interface ethernet3/1/1 [SW8800-Ethernet3/1/1] port link-type trunk [SW8800-Ethernet3/1/1] port trunk permit vlan all Enable GVRP on the Trunk port. [SW8800-Ethernet3/1/1] gvrp Configure Switch B: Enable GVRP globally.
3Com Switch 8800 Configuration Guide Chapter 10 Super VLAN Configuration Chapter 10 Super VLAN Configuration 10.1 Super VLAN Overview Super VLAN is also called VLAN aggregation: A super VLAN contains multiple sub VLANs. A super VLAN can be configured with an IP address of the virtual port, while a sub VLAN cannot be configured with the IP address of the virtual port. Each sub VLAN is a broadcast domain. Different sub VLANs are isolated at Layer 2.
3Com Switch 8800 Configuration Guide Number Chapter 10 Super VLAN Configuration Item Command Description 2 Enter VLAN view [SW8800] vlan vlan_id Required 3 Set the type to VLAN [SW8800-vlan4093] supervlan Required. The VLAN_ID is the configured VLAN ID in the range 1 to 4,094.
3Com Switch 8800 Configuration Guide Chapter 10 Super VLAN Configuration 10.2.2 Super VLAN Configuration Example I. Network requirements Super VLAN 10 and sub VLANs including VLAN 2, VLAN 3 and VLAN 5 need configuring. VLAN2 contains port 1 and 2; VLAN3 contains port 3 and 4; VLAN5 contains port 5 and 6. These sub VLANs are isolated at Layer 2. It is required that these sub VLANs communicate with each other at Layer 3. II. Network diagram Omitted III.
3Com Switch 8800 Configuration Guide Chapter 11 IP Address Configuration Chapter 11 IP Address Configuration 11.1 Introduction to IP Address 11.1.1 IP Address Classification and Representation An IP address is a 32-bit address allocated to a device that accesses the Internet. It consists of two fields: net-id field and host-id field. IP addresses are allocated by Network Information Center (NIC) of American Defense Data Network (DDN).
3Com Switch 8800 Configuration Guide Chapter 11 IP Address Configuration Table 11-1 IP address classes and ranges Network class Address range IP network range available Note Host ID with all the digits being 0 indicates that the IP address is the network address, and is used for network routing. Host ID with all the digits being 1 indicates the broadcast address, that is, broadcast to all hosts on the network. A 0.0.0.0 to 127.255.2 55.255 1.0.0.0 126.0.0.0 to IP address 0.0.0.
3Com Switch 8800 Configuration Guide Network class Address range Chapter 11 IP Address Configuration IP network range available Note Addresses of class D are multicast addresses, among which: z D 224.0.0.0 to 239.255.2 55.255 None z z IP address 224.0.0.0 is reserved and will not be allocated. Those from 224.0.0.1 to 224.0.0.255 are reserved for routing protocols and other protocols that are used to discover and maintain routes. Those from 239.0.0.0 to 239.255.255.
3Com Switch 8800 Configuration Guide Chapter 11 IP Address Configuration 138.38.160.0, 138.38.192.0 and 138.38.224.0 (Refer to the following figure). Each subnet can contain more than 8000 hosts. ClassB 138.38.0.0 10001010, 00100110, 000 00000, 00000000 Standard mask 255.255.0.0 11111111, 11111111, 000 00000, 00000000 Subnet mask 11111111, 11111111, 111 00000, 00000000 255.255.224.0 Subnet Host number number Subnet address: 000 001 010 011 100 101 110 111 Subnet address: 138.38. 0.
3Com Switch 8800 Configuration Guide Chapter 11 IP Address Configuration 11.2.2 Configuring the IP Address of the VLAN Interface You can configure an IP address for every VLAN interface of the switch. Generally, it is enough to configure one IP address for an interface. You can also configure ten IP addresses for an interface at most, so that it can be connected to several subnets. Among these IP addresses, one is the primary IP address and all others are secondary.
3Com Switch 8800 Configuration Guide Chapter 11 IP Address Configuration II. Network diagram Switch Console cable PC Figure 11-3 Network diagram for IP address configuration III. Configuration procedure Enter VLAN interface 1. [SW8800] interface vlan-interface 1 Configure the IP address for VLAN interface 1. [SW8800-Vlan-interface1] ip address 129.2.2.1 255.255.255.0 11.5 Troubleshooting IP Address Configuration Fault 1: The switch cannot ping through a certain host in the LAN.
3Com Switch 8800 Configuration Guide Chapter 12 ARP Configuration Chapter 12 ARP Configuration 12.1 Introduction to ARP Address Resolution Protocol (ARP) is used to resolve an IP address into a MAC address. I. Necessity of ARP An IP address cannot be directly used for communication between network devices because network devices can only identify MAC addresses. An IP address is only an address of a host in the network layer.
3Com Switch 8800 Configuration Guide Chapter 12 ARP Configuration corresponding MAC address of Host B and adds them to its own ARP mapping table. Then Host A sends Host B all the packets standing in the queue. Normally, dynamic ARP takes effect and automatically searches for the resolution from the IP address to the Ethernet MAC address without the help of an administrator. 12.2 Configuring ARP The ARP mapping table can be maintained dynamically or manually.
3Com Switch 8800 Configuration Guide Chapter 12 ARP Configuration 12.2.2 Configuring the Dynamic ARP Aging Timer For purpose of flexible configuration, the system provides the following commands to assign dynamic ARP aging period. When the system learns a dynamic ARP entry, its aging period is based on the current value configured. Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 12 ARP Configuration 12.3 Displaying and Debugging ARP After the above configuration, execute the display command in any view to display the running of the ARP configuration, and to verify the effect of the configuration. Execute the reset command in user view to clear ARP mapping table. Execute the debugging command in user view to debug ARP configuration.
3Com Switch 8800 Configuration Guide Chapter 12 ARP Configuration Table 12-5 Enable/Disable the scheme of preventing attack from packets Operation Command Enable/Disable the scheme preventing attack from packets of anti-attack { arp | dot1x | ip }{ disable | enable } By default, the scheme of preventing attack from IP packets is enabled; the scheme of preventing attack from ARP packets and dot1x packets is disabled.
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration Chapter 13 DHCP Configuration 13.1 Introduction to DHCP 13.1.1 How DHCP Works This is a world where networks are ever-growing in both size and complexity, and the network configuration is getting more and more complex.
3Com Switch 8800 Configuration Guide z Chapter 13 DHCP Configuration Automatic IP address assignment. The DHCP server automatically assigns fixed IP addresses to DHCP clients when they connect to the network for the first time. After that, the IP addresses are always occupied by the DHCP clients. z Dynamic IP address assignment. The DHCP server leases IP addresses to DHCP clients for predetermined period of time and reclaims them at the expiration of the period.
3Com Switch 8800 Configuration Guide z Chapter 13 DHCP Configuration Selection. The DHCP client only receives the first arriving DHCP_Offer packet if there are DHCP_Offer packets from several DHCP servers. Then, it retrieves the IP address carried in the packet, and broadcasts a DHCP_Request packet to each DHCP server. The packet contains the IP address carried by the DHCP_Offer packet. z Acknowledgement.
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration 13.2.1 Enabling/Disabling DHCP Service For both DHCP server and DHCP relay, you must enable the DHCP service first before performing other DHCP configurations. The other related DHCP configurations take effect only after the DHCP service is enabled. Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration Table 13-3 Configure the processing method for multiple VLAN interfaces Operation Command Specify to forward DHCP packets to local DHCP server and let the local server assign IP addresses in global address pools to DHCP clients dhcp select global { interface vlan-interface vlan_id [ to vlan-interface vlan_id ] | all } Specify to forward DHCP packets to local DHCP server and let the local server assign IP addresses in VLAN interface add
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration 13.
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration So, you can configure the parameters (such as domain name) that are common to all levels in the address pool structure or some subnets only for the network segment or for corresponding subnets. The display dhcp server tree command displays the tree-like structure of address pool, where address pools on the same level are sorted by the time they are created.
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration Perform the following configuration in DHCP address pool view.
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration Caution: A binding in a VLAN interface address pool cannot be overwritten directly. If an IP-to-MAC address binding entry is configured and you want to modify it, you must remove it and redefine a new one. III. Configuring dynamic IP address assignment If you specify to assign IP addresses dynamically, that is, IP addresses are leased permanently or temporarily, you need to configure an available address range.
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration You can set multiple IP address ranges that are not assigned automatically by executing the dhcp server forbidden-ip command multiple times. 13.3.4 Configuring Lease Time For DHCP Address Pool You can configure different lease times for different DHCP address pools. But you can configure only one lease time for one DHCP address pool and all the address in the same pool will have the same lease time. I.
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration Operation Command Restore the lease time of DHCP address pools of multiple VLAN interfaces to the default value undo dhcp server expired { interface vlan-interface vlan_id [ to vlan-interface vlan_id ] | all } The default lease times for global address pools and VLAN interface address pools are all one day. 13.3.
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration Table 13-15 Configure a DHCP client domain name for multiple VLAN interfaces Operation Command Configure a DHCP client domain name for DHCP address pools of multiple VLAN interfaces dhcp server domain-name domain-name { interface vlan-interface vlan_id [ to vlan-interface vlan_id ] | all } Remove the DHCP client domain name configured for DHCP address pools of multiple VLAN interfaces undo dhcp server domain-name domain-name { interfa
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration Table 13-17 Configure DNS server address for current VLAN interface Operation Command Configure one or more DNS server addresses for the DHCP address pool of the current VLAN interface dhcp server dns-list ip-address [ ip-address ] Remove one or all DNS server addresses configured for the DHCP address pool of the current VLAN interface undo dhcp server { ip-address | all } dns-list III.
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration Table 13-19 Configure NetBIOS server address for a global DHCP address pool Operation Command Configure one or more NetBIOS server addresses for a global DHCP address pool nbns-list ip-address [ ip-address ] Remove one or all NetBIOS server addresses configured for a global DHCP address pool undo nbns-list { ip-address | all } II.
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration 13.3.8 Configuring NetBIOS Node Type for DHCP Clients For DHCP clients communicating in wide area network (WAN) by NetBIOS protocol, the mapping between their host names and IP addresses must be established. According to the ways they establish their mappings, NetBIOS nodes fall into the following four types: z b-node: Nodes of this type establish their mappings by broadcasting. (b stands for broadcast.
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration Table 13-24 Configure a NetBIOS node type for multiple VLAN interfaces Operation Command Configure NetBIOS node types for DHCP clients of multiple VLAN interface DHCP address pools dhcp server netbios-type { b-node | h-node | m-node | p-node } { interface vlan-interface vlan_id [ to vlan-interface vlan_id ] | all } Remove NetBIOS node configurations of multiple interface DHCP address pools undo dhcp server netbios-type { interface vla
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration III. Configuring custom DHCP options for multiple VLAN interfaces Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration the DHCP server receives no response after sending all these packets, it considers the IP address is not used by other devices in this network and assigns the IP address to this DHCP client. Otherwise, it does not assign the IP address. Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration Operation Command Display the information about IP address binding in DHCP address pool(s) display dhcp server ip-in-use { ip ip-address | pool [ pool-name ] | interface [ vlan-interface vlan_id ] | all } Display the statistics about the DHCP server display dhcp server statistics Display the information about the tree-like structure of DHCP address pool(s) display dhcp server tree { pool [ pool-name ] | interface [ vlan-interface vl
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration DHCP server, is supposed to assign IP addresses to the two DHCP clients without the help of any DHCP Relay. II. Network diagram DHCP client DHCP client 10.110.0.0 Ethernet 10.110.1.1 Sw itch ( DHCP Server) Figure 13-2 Network diagram for DHCP server III. Configuration procedure Enter system view. system-view Create VLAN2. [SW8800]vlan 2 Enter VLAN interface view and create Vlan-interface 2.
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration 13.4 Configuring DHCP Relay 13.4.1 Introduction to DHCP Relay This is a world where networks are ever-growing in both size and complexity, and the network configuration is getting more and more complex.
3Com Switch 8800 Configuration Guide z Chapter 13 DHCP Configuration After receiving the packet, the DHCP server generates configuration information accordingly and sends it to the DHCP client through the DHCP Relay to complete the dynamic configuration of the DHCP client. Note that the entire configuration procedure may goes through multiples times of such interactions. 13.4.
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration Table 13-34 Configure user address entries for DHCP server Operation Command Add a user address entry for DHCP server dhcp relay security mac_address static Remove a user address entry for DHCP server undo dhcp relay security ip_address ip_address III.
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration Operation Command Disable debugging for DHCP Relay undo debugging dhcp relay { all| packet | error | event } 13.4.4 DHCP Relay Configuration Example I. Network requirements As shown in Figure 13-4, two DHCP clients located at the same network segment (10.110.0.0) are connected to a switch through a port in VLAN 2.
3Com Switch 8800 Configuration Guide Chapter 13 DHCP Configuration [SW8800-Vlan-interface2]ip relay address 202.38.1.2 Note: Besides the above configurations for DHCP Relay, you need to configure address pool on the DHCP server and make sure the DHCP server and the switch interface connecting the two DHCP clients is routing reachable with each other.
3Com Switch 8800 Configuration Guide Chapter 14 DNS Configuration Chapter 14 DNS Configuration 14.1 Introduction to DNS Used in the TCP/IP application, Domain Name System (DNS) is a distributed database which provides the translation between domain name and the IP address. In this way, the user can use domain names that are easy to memorize and meaningful, and never needs to keep obscure IP addresses in mind.
3Com Switch 8800 Configuration Guide Chapter 14 DNS Configuration “3Com”. Then the system connects the input domain name with the suffix into “3Com.com” automatically to search. When the domain name suffix is used, if the input domain name does not include “.”, like “3Com”, the system regards it as a host name and add a domain name suffix to search. After all the domain names are failed to be searched out in this way, the system finally searches with the primarily input domain name.
3Com Switch 8800 Configuration Guide Chapter 14 DNS Configuration this function when you do not want to perform dynamic domain name resolution sometimes. Perform the following configuration in system view. Table 14-2 Enable/disable dynamic domain name resolution Operation Command Enable dynamic domain name resolution dns resolve Disable dynamic domain name resolution undo dns resolve By default, dynamic domain name resolution is disabled. 14.3.
3Com Switch 8800 Configuration Guide Chapter 14 DNS Configuration 14.4 Displaying and Debugging Domain Name Resolution After the above configuration, you can execute the display command in any view to view the running states of the domain name resolution, and verify the configuration results through the displayed information. Execute the reset command in user view to clear the dynamic domain name buffer. Execute the debugging command to debug the domain name resolution.
3Com Switch 8800 Configuration Guide Chapter 14 DNS Configuration III. Configuraiton procedure Enable dynamic domain name resolution [SW8800] dns resolve Configure the IP address of the domain name server to 172.16.1.1. [SW8800] dns server 172.16.1.1 Configure the domain name suffix as com. [SW8800] dns domain com Ping a host with the specified domain name. [SW8800] ping ftp Trying DNS server (172.16.1.1) PING ftp.com (200.200.200.200): 56 data bytes, press CTRL_C to break Reply from 200.200.200.
3Com Switch 8800 Configuration Guide Chapter 15 IP Performance Configuration Chapter 15 IP Performance Configuration 15.1 Configuring IP Performance IP performance configuration includes: z Configuring TCP Attributes 15.1.1 Configuring TCP Attributes TCP attributes that can be configured include: z synwait timer: When sending the syn packets, TCP starts the synwait timer. If response packets are not received before synwait timeout, the TCP connection is terminated.
3Com Switch 8800 Configuration Guide Chapter 15 IP Performance Configuration 15.2 Displaying and Debugging IP Performance After the above configuration, execute the display command in any view to display the running of the IP performance configuration, and to verify the effect of the configuration. Execute the reset command in user view to clear IP, TCP and UDP statistics information. Execute the debugging command to debug IP performance.
3Com Switch 8800 Configuration Guide Chapter 15 IP Performance Configuration Operation Command Enable the connections debugging of UDP debugging socket-id ] udp Disable the connections debugging of UDP undo debugging udp packet [ task-id socket-id ] Enable the connections debugging of TCP debugging socket-id ] Disable the connections debugging of TCP undo debugging tcp packet [ task-id socket-id ] tcp packet packet tcp event [ [ [ task-id task-id Enable the debugging of TC
3Com Switch 8800 Configuration Guide z Chapter 15 IP Performance Configuration Use the debugging tcp packet command to enable the TCP debugging to trace the TCP packets. Operations include: terminal debugging debugging tcp packet Then the TCP packets received or sent can be checked in real time. Specific packet formats include: TCP output packet: Source IP address:202.38.160.1 Source port:1024 Destination IP Address 202.38.160.
3Com Switch 8800 Configuration Guide Chapter 16 IP Routing Protocol Overview Chapter 16 IP Routing Protocol Overview Note: A router that is referred to in the following or its icon represents a generalized router or a Switch 8800 running routing protocols. To improve readability, this will not be described in the other parts of the manual. For the configuration of VPN instance, refer to the MPLS chapter in this book. 16.1 Introduction to IP Route and Routing Table 16.1.
3Com Switch 8800 Configuration Guide Chapter 16 IP Routing Protocol Overview A R R A Route segment R R R C B Figure 16-1 The concept of route segment As the networks may have different sizes, the segment lengths connected between two different pairs of routers are also different. The number of route segments multiplies a weighted coefficient can serve as a weighted measurement for the actual length of the signal transmission path.
3Com Switch 8800 Configuration Guide Chapter 16 IP Routing Protocol Overview with the mask 255.255.0.0 is located will be 129.102.0.0. It is made up of several consecutive "1"s, which can also be expressed in the dotted decimal format. z Output interface: It indicates an interface through which an IP packet should be forwarded. z Next hop address: It indicates the next router that an IP packet will pass through.
3Com Switch 8800 Configuration Guide Chapter 16 IP Routing Protocol Overview The Switch 8800 supports the configuration of a series of dynamic routing protocols such as RIP, OSPF, IS-IS and BGP, as well as the static routes. In addition, the running switch will automatically obtain some direct routes according to the port state and user configuration. 16.
3Com Switch 8800 Configuration Guide Chapter 16 IP Routing Protocol Overview Routing protocol or route type UNKNOWN The preference of the corresponding route 255 Apart from direct routing, IBGP and EBGP, the preferences of various dynamic routing protocols can be manually configured to meet the user requirements. In addition, the preferences for individual static routes can be different. 16.2.2 Supporting Load Sharing and Route Backup I.
3Com Switch 8800 Configuration Guide Chapter 16 IP Routing Protocol Overview 16.2.3 Routes Shared Between Routing Protocols As the algorithms of various routing protocols are different, different protocols may generate different routes, thus bringing about the problem of how to resolve the differences when different routes are generated by different routing protocols. The Switch 8800 can import the information of another routing protocol. Each protocol has its own route importing mechanism.
3Com Switch 8800 Configuration Guide Chapter 17 Static Route Configuration Chapter 17 Static Route Configuration 17.1 Introduction to Static Route 17.1.1 Static Route A static route is a special route configured manually by an administrator. You can set up an interconnecting network with the static route configuration.
3Com Switch 8800 Configuration Guide Chapter 17 Static Route Configuration there is no default route and the destination address of the packet fails in matching any entry in the routing table, this packet will be discarded, and an internet control message protocol (ICMP) packet will be sent to the originating host to inform that the destination host or network is unreachable. 17.
3Com Switch 8800 Configuration Guide Chapter 17 Static Route Configuration The packets sent to NULL interface, a kind of virtual interface, will be discarded at once. This can decrease the system load. z Preference Depending on the configuration of preference, you can achieve different route management policies. For example, to implement load sharing, you can specify the same preference for multiple routes to the same destination network.
3Com Switch 8800 Configuration Guide Chapter 17 Static Route Configuration 17.3 Displaying and Debugging Static Route After the above configuration, execute the display command in any view to display the running of the static route configuration, and to verify the effect of the configuration.
3Com Switch 8800 Configuration Guide Chapter 17 Static Route Configuration II. Network diagram C Host 1. 1.5. 1 1.1.5. 2/24 1.1.3. 1/24 1.1.2. 2/24 Switch C 1.1.2. 1/2 4 1.1.1. 2/24 Switch A 1.1.3. 2/2 4 Switch B 1.1.4. 1/2 4 B Host 1. 1.4. 2 A Host 1. 1.1. 1 Figure 17-1 Network diagram for the static route configuration example III. Configuration procedure Configure the static route for Switch A [Switch A] ip route-static 1.1.3.0 255.255.255.0 1.1.2.2 [Switch A] ip route-static 1.1.4.0 255.
3Com Switch 8800 Configuration Guide Chapter 17 Static Route Configuration 17.5 Troubleshooting Static Route Faults Symptom: The switch is not configured with the dynamic routing protocol and both the physical status and the link layer protocol status of the interface is UP, but the IP packets cannot be forwarded normally. Solution: z Use the display ip routing-table protocol static command to view whether the configured static route is correct and in effect.
3Com Switch 8800 Configuration Guide Chapter 18 RIP Configuration Chapter 18 RIP Configuration 18.1 Introduction to RIP Routing Information Protocol (RIP) is a relatively simple interior gateway protocol (IGP), which is mainly applied to small scale networks. It is easy to implement RIP. You can configure and maintain RIP more easily than OSPF and IS-IS, so RIP still has a wide application in actual networking. 18.1.1 RIP Operation Mechanism I.
3Com Switch 8800 Configuration Guide Chapter 18 RIP Configuration z Period update is triggered periodically to send all RIP routes to all neighbors. z If the RIP route is not updated (a router receives the update packets from the neighbor) when the Timeout timer expires, this route is regarded as unreachable. The cost is set to 16.
3Com Switch 8800 Configuration Guide Chapter 18 RIP Configuration If the link, which does not support broadcast or multicast packets, runs RIP, you need to configure RIP to send any packet to the specified destination, establishing RIP neighbors correctly. In NBMA link networking through a Frame Relay sub-interface and others, to ensure the routing information can be correctly transmitted, you possibly need to disable split horizon.
3Com Switch 8800 Configuration Guide Chapter 18 RIP Configuration Table 18-2 Enable RIP Interface Operation Command Enable RIP on the specified network network network-address Disable RIP on the specified network undo network network-address Note that after the RIP task is enabled, you should also specify its operating network segment, for RIP only operates on the interface on the specified network segment.
3Com Switch 8800 Configuration Guide Chapter 18 RIP Configuration Table 18-4 Configure Split Horizon Operation Command Enable split horizon rip split-horizon Disable split horizon undo rip split-horizon By default, split horizon of the interface is enabled. 18.2.5 Setting Additional Routing Metric Additional routing metric is the input or output routing metric added to an RIP route.
3Com Switch 8800 Configuration Guide Chapter 18 RIP Configuration Perform the following configuration in RIP view.
3Com Switch 8800 Configuration Guide Chapter 18 RIP Configuration II.
3Com Switch 8800 Configuration Guide Chapter 18 RIP Configuration 18.2.9 Enabling RIP-2 Route Aggregation Function The so-called route aggregation means that different subnet routes in the same natural network can be aggregated into one natural mask route for transmission when they are sent to the outside (i.e. other network). Route aggregation can be performed to reduce the routing traffic on the network as well as to reduce the size of the routing table.
3Com Switch 8800 Configuration Guide Chapter 18 RIP Configuration broadcast packets. In addition, this mode can also make the hosts running RIP-1 avoid incorrectly receiving and processing the routes with subnet mask in RIP-2. When an interface is running in RIP-2 broadcast mode, the RIP-1 packets can also be received.
3Com Switch 8800 Configuration Guide Chapter 18 RIP Configuration always become unreachable at the point when a new period starts, the actual value of Garbage-collection timer is three to four times that of Period Update timer. Note: You must consider network performance when adjusting RIP timers, and configure all the routers that are running RIP, so as to avoid unnecessary traffic or network jitter. 18.2.
3Com Switch 8800 Configuration Guide Chapter 18 RIP Configuration Operation Command Enable the interface to send RIP update packet rip output Disable the interface to send RIP update packet undo rip output The undo rip work command and the undo network command have similar but not all the same functions. Neither of the two commands configures an interface to receive or send RIP route. The difference also exists. RIP still advertises the routes of the interface applying the undo rip work command.
3Com Switch 8800 Configuration Guide Chapter 18 RIP Configuration 18.3 Displaying and Debugging RIP After the above configuration, execute the display command in any view to display the running of the RIP configuration, and to verify the effect of the configuration. Execute the debugging command in user view to debug the RIP module. Execute the reset command in RIP view to reset the system configuration parameters of RIP.
3Com Switch 8800 Configuration Guide Chapter 18 RIP Configuration II. Network diagram Network address: 155.10.1.0/24 Interface address: 155.10.1.1/24 SwitchA Interface address: 110.11.2.1/24 Ethernet Interface address: 110.11.2.3/24 Interface address: 110.11.2.2/24 SwitchC Interface address: 117.102.0.1/16 SwitchB Interface address: 196.38.165.1/24 Network address: 117.102.0.0/16 Network address: 196.38.165.0/24 Figure 18-1 Network diagram for RIP configuration III.
3Com Switch 8800 Configuration Guide Chapter 18 RIP Configuration [Switch C-rip] network 110.11.2.0 18.5 Troubleshooting RIP Faults Symptom: The Switch 8800 cannot receive the update packets when the physical connection to the peer routing device is normal. Solution: RIP does not operate on the corresponding interface (for example, the undo rip work command is executed) or this interface is not enabled through the network command.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration Chapter 19 OSPF Configuration 19.1 OSPF Overview 19.1.1 Introduction to OSPF Open Shortest Path First (OSPF) is an Interior Gateway Protocol based on the link state developed by IETF. At present, OSPF version 2 (RFC2328) is used, which is available with the following features: z Applicable scope: It can support networks in various sizes and can support several hundreds of routers at maximum.
3Com Switch 8800 Configuration Guide z Chapter 19 OSPF Configuration A router uses the SPF algorithm to calculate the shortest path tree with itself as the root, which shows the routes to the nodes in the autonomous system. The external routing information is the leave node. A router, which advertises the routes, also tags them and records the additional information of the autonomous system. Obviously, the routing tables obtained by different routers are different.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration 19.1.4 LSA Type I. Five basic LSA types As mentioned previously, OSPF calculates and maintains routing information from LSAs. RFC2328 defines five LSA types as follows: z Router-LSAs: Type-1. Each router generates Router-LSAs, which describe the link state and cost of the local router. Router-LSAs are broadcast within the area where the router is located. z Network-LSAs: Type-2.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration II. DR and BDR z Designated Router (DR) In multi-access networks, if any two routers establish adjacencies, the same LSA will be transmitted repeatedly, wasting bandwidth resources. To solve this problem, the OSPF protocol regulates that a DR must be elected in a multi-access network and only the DR (and the BDR) can establish adjacencies with other routers in this network.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration Since all the areas should be connected to the backbone area, virtual link is adopted so that the physically separated areas can still maintain the logic connectivity to the backbone area. V. Route summary An AS is divided into different areas that are interconnected via OSPF ABRs. The routing information between areas can be reduced through route summary.
3Com Switch 8800 Configuration Guide z Chapter 19 OSPF Configuration Authenticator: OSPF provides clear text authenticator and MD5 encryption authenticator to authenticate packets transmitted between neighboring routers in the same area.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration z Configuring to fill the MTU field when an interface transmits DD packets z Setting an SPF calculation interval for OSPF 4) Configurations related to OSPF networking z Configuring OSPF authentication z Prohibit OSPF packet receiving/sending z Configuring OSPF virtual link z Configuring Stub area of OSPF z Configuring NSSA of OSPF 5) Configuration related to specific applications z Configuring OSPF and network management
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration By default, OSPF is disabled. When enabling OSPF, pay attention to the following points: z The default OSPF process ID is 1. If no process ID is specified in the command, the default one is adopted. z If a router is running multiple OSPF processes, you are recommended to use router-id in the command to specify different router IDs for different processes. 19.2.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration 19.2.5 Configuring OSPF to Import Routes of Other Protocols The dynamic routing protocols on the router can share the routing information. As far as OSPF is concerned, the routes discovered by other routing protocols are always processed as the external routes of AS.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration The routes that can be imported include Direct, Static, RIP, IS-IS, or BGP and in addition, the routes of other OSPF processes. Note: z It is recommended to configure the imported route type, cost and tag for the import-route command simultaneously. Otherwise, the later configuration will overwrite the former configuration.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration III. Configuring the default interval and number for OSPF to import external routes OSPF can import the external routing information and broadcast it to the entire autonomous system. Importing routes too often and importing too many external routes at one time will greatly affect the performance of the device. Therefore it is necessary to specify the default interval and number for the protocol to import external routes.
3Com Switch 8800 Configuration Guide z Chapter 19 OSPF Configuration The broadcasting scope of Type-5 LSA or Type-7 LSA advertising the default route is the same as that of the common Type-5 LSA or Type-7 LSA. Perform the following configuration in OSPF view.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration By default, OSPF will not filter the received routing information. II. Configuring filtering the routes imported to OSPF Use the filter-policy export command to configure the ASBR router to filter the external routes imported to OSPF. This command is only valid for the ASBR router.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration aggregate segment specified by the command will not be transmitted separately. This can reduce the LSDB size in other areas. Once the aggregated segment of a certain network is added to the area, all the internal routes of the IP addresses in the range of the aggregated segment will no longer be separately advertised to other areas. Only the route summary of the whole aggregated network will be advertised.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration 19.2.9 Setting OSPF Route Preference Since maybe multiple dynamic routing protocols are running on one router concurrently, the problem of route sharing and selection between various routing protocols occurs. The system sets a preference for each routing protocol, which will be used in tie-breaking in case different protocols discover the same route. Perform the following configuration in OSPF view.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration II. Setting a dead timer for the neighboring routers The dead timer of neighboring routers refers to the interval in which a router will regard the neighboring router as dead if no Hello packet is received from it. The user can set a dead timer for the neighboring routers. Perform the following configuration in interface view.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration 19.2.11 Configuring the Network Type on the OSPF Interface The route calculation of OSPF is based upon the topology of the adjacent network of the local router. Each router describes the topology of its adjacent network and transmits it to all the other routers. OSPF divides networks into four types by link layer protocol: z Broadcast: If Ethernet or FDDI is adopted, OSPF defaults the network type to broadcast.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration Table 19-17 Configure a network type for an OSPF interface Operation Command Configure the network type on the interface ospf network-type { broadcast | nbma | p2mp | p2p } Restore the default network type of the OSPF interface undo ospf network-type By default, OSPF determines the network type based on the link layer type.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration If DR fails due to some faults, the routers on the network must elect a new DR and synchronize with the new DR. The process will take a relatively long time, during which, the route calculation is incorrect. In order to speed up this process, OSPF puts forward the concept of BDR. In fact, BDR is a backup for DR. DR and BDR are elected in the meantime.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration 19.2.14 Configuring an Interval Required for Sending LSU Packets Trans-delay seconds should be added to the aging time of the LSA in an LSU packet. Setting the parameter like this mainly considers the time duration that the interface requires for transmitting a packet. The user can configure the interval of sending LSU message. Obviously, more attention should be paid to this item over low speed networks.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration Table 19-22 Configure whether the MTU field will be filled in when an interface transmits DD packets Operation Command Enable an interface to fill in the MTU field when transmitting DD packets ospf mtu-enable Disable the interface to fill the MTU field when transmitting DD packets undo ospf mtu-enable By default, the interface does not fill in the MTU field when transmitting DD packets. In other words, MTU in the DD packets is 0.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration By default, all interfaces are allowed to transmit and receive OSPF packets. After an OSPF interface is set to be in silent status, the interface can still advertise its direct route. However, the OSPF hello packets of the interface will be blocked, and no neighboring relationship can be established on the interface.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration Operation Disable the authentication interface Command to use MD5 undo ospf authentication-mode md5 By default, the interface is not configured with either simple authentication or MD5 authentication. 19.2.20 Configuring OSPF Virtual Link According to RFC2328, after the area partition of OSPF, not all the areas are equal. In which, an area is different from all the other areas. Its area-id is 0.0.0.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration Table 19-27 Configure an OSPF virtual link Operation Command Create and configure a virtual link vlink-peer router-id [ hello seconds | retransmit seconds | trans-delay seconds | dead seconds | simple password | md5 keyid key ]* Remove the created virtual link undo vlink-peer router-id area-id and router-id have no default value.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration Table 19-28 Configure stub area of OSPF Operation Command Configure an area to be the stub area stub [ no-summary ] Remove the configured stub area undo stub Configure the cost of the default route transmitted by OSPF to the stub area default-cost value Remove the cost of the default route to the stub area undo default-cost By default, the stub area is not configured, and the cost of the default route to the stub area is 1. 19.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration Perform the following configuration in OSPF area view.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration By default, MIB is bound to the first enabled OSPF process. II. Configuring OSPF TRAP You can configure the switch to send multiple types of SNMP TRAP packets in case of OSPF anomalies. In addition, you can configure the switch to send SNMP TRAP packets when a specific process is abnormal by specifying the process ID. Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration 19.3 Displaying and Debugging OSPF After the above configuration, execute the display command in any view to display the running of the OSPF configuration, and to verify the effect of the configuration. Execute the debugging command in user view to debug the OSPF module.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration Operation Command Disable OSPF event debugging undo debugging ospf event Enable OSPF debugging LSA packet debugging ospf lsa-originate Disable OSPF debugging LSA packet Enable OSPF SPF debugging of Disable OSPF SPF debugging of undo debugging ospf lsa-originate debugging ospf spf undo debugging ospf spf 19.4 Typical OSPF Configuration Example 19.4.1 Configuring DR Election Based on OSPF Priority I.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration III. Configuration procedure Configure Switch A [Switch A] interface Vlan-interface 1 [Switch A-Vlan-interface1] ip address 196.1.1.1 255.255.255.0 [Switch A-Vlan-interface1] ospf dr-priority 100 [Switch A] router id 1.1.1.1 [Switch A] ospf [Switch A-ospf-1] area 0 [Switch A-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255 Configure Switch B. [Switch B] interface Vlan-interface 1 [Switch B-Vlan-interface1] ip address 196.1.1.2 255.255.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration Change the priority of Switch B to 200 [Switch B-Vlan-interface2000] ospf dr-priority 200 On Switch A, execute the display ospf peer command to show its OSPF neighbors. Note the priority of Switch B has changed to 200, but it is still not the DR. Only when the current DR is offline, will the DR be changed. Shut down Switch A, and execute the display ospf peer command on Switch D to display its neighbors.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration III. Configuration procedure Configure Switch A [Switch A] interface Vlan-interface 1 [Switch A-Vlan-interface1] ip address 196.1.1.1 255.255.255.0 [Switch A] router id 1.1.1.1 [Switch A] ospf [Switch A-ospf-1] area 0 [Switch A-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255 Configure Switch B [Switch B] interface vlan-interface 7 [Switch B-Vlan-interface7] ip address 196.1.1.2 255.255.255.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration 19.5 Troubleshooting OSPF Faults Symptom 1: OSPF has been configured in accordance with the earlier-mentioned steps, but OSPF on the router cannot run normally. Solution: Check according to the following procedure. Local troubleshooting: Check whether the protocol between two directly connected routers is in normal operation. The normal sign is the peer state machine between the two routers reaches the FULL state.
3Com Switch 8800 Configuration Guide Chapter 19 OSPF Configuration As shown in Figure 19-5: RTA and RTD are configured to belong to only one area, whereas RTB (area0 and area1) and RTC (area1 and area 2) are configured to belong to two areas. In which, RTB also belongs to area0, which is compliant with the requirement. However, none of the areas to which RTC belongs is area0. Therefore, a virtual link should be set up between RTC and RTB. Ensure that area2 and area0 (backbone area) is connected.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration Chapter 20 Integrated IS-IS Configuration 20.1 Introduction to Integrated IS-IS Intermediate System-to-Intermediate System (IS-IS) intra-domain routing information exchange protocol is designed by the international organization for standardization (ISO) for connection-less network protocol (CLNP). This protocol is a dynamic routing protocol.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration II. Link types IS-IS routing protocol is applied to IS-IS routing protocol can run on point to point Links, such as PPP, HDLC and others. IS-IS routing protocol can also run on broadcast links, such as Ethernet, Token-Ring and others. For a Non-Broadcast Multi-Access (NBMA) network such as ATM, you need to configure sub-interfaces and configure sub-interface type as P2P or broadcast network.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration IS ES IS IS ES ES IS ES ES IS IS Area 1 IS Area 2 Routing Domain 1 Routing Domain 2 Routing Domain Boundary IS-IS Area ES IS Area 3 IS IS End system Intermediate system ES ES ES Subnetwork Path Interdomain Routing Level 1 IS-IS Routing Level 2 IS-IS Routing Figure 20-1 IS-IS topology 20-3
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration 20.1.3 NSAP Structure of IS-IS Routing Protocol I. Address structure IDP DSP AFI IDI High Order DSP SyStem ID SEL (1 octet) Area Address Figure 20-2 NSAP structure OSI adopts the address structure as shown in Figure 20-2. NSAP includes initial domain part (IDP) and domain specific part (DSP). The IDP is defined by ISO; it consists of authority responsible for assigning the rest of the address and address format.
3Com Switch 8800 Configuration Guide z Chapter 20 Integrated IS-IS Configuration SEL NSAP selector (SEL or N-SEL) functions as the protocol identifier of an IP address. Different transmission protocols correspond to different identifiers. All the SELs of IP are 00. Because the address structure defines clearly an area, a Level-1 router can easily identify the packets not sent to the area where it is located. The Level-1 router forwards the packets to a Level-2 router.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration III. SNP Sequence Number Packet (SNP) can confirm the LSPs last received from neighbors. SNPs function as acknowledge packets, but SNPs function more validly. SNP includes complete SNP (CSNP) and partial SNP (PSNP). SNP can be further divided into Level-1 CSNP, Level-2 CSNP, Level-1 PSNP and Level-2 PSNP. PSNP only lists one or more last received LSP sequence numbers, and confirms multiple LSPs.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration Enabling IS-IS on the Specified Interface z Setting Priority for DIS Election z Setting Router Type z Setting Interface Circuit Level 2) Configuration related to IS-IS route z Configuring IS-IS to Import Routes of Other Protocols z Configuring IS-IS Route Filtering z Configuring IS-IS Routing Leak z Setting IS-IS Route Summary z Setting to Generate Default Route 3) Default route generation z Setting the Pre
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration Configuring IS-IS Route Metric Type z Setting IS-IS Link State Routing Cost z Configuring IS-IS Timers z Setting to Discard the LSPs with Checksum Errors z Setting LSP Refreshment Interval z Setting Lifetime of LSP z Setting Parameters Related to SPF 4) Configuration related to IS-IS networking z Setting IS-IS Authentication z Setting Overload Flag Bit z Setting to Log the Peer Changes z Setting the Mesh Gr
3Com Switch 8800 Configuration Guide Delete a NET Chapter 20 Integrated IS-IS Configuration undo network-entity network-entity-title The format of the network-entity-title argument is X…X.XXXXXXXXXXXX.XX, among which the first “X…X” is the area address, the twelve Xs in the middle is the System ID of the router. The last XX should be 00.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration 20.2.3 Enabling IS-IS on the Specified Interface After enabling IS-IS, you need to specify on which Interfaces the IS-IS will be run. Perform the following configuration in interface view. Table 20-3 Enable IS-IS on the specified interface Operation Command Enable IS-IS on the specified Interface isis enable [ tag ] Cancel this designation undo isis enable [ tag ] 20.2.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration Table 20-5 Set the router type Operation Command Set the router type is-level { level-1 | level-1-2 | level-2 } Restore the default router type undo is-level By default, the router type is level-1-2. 20.2.6 Setting Interface Circuit Level Perform the following configuration in Interface view.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration Table 20-7 Import routes of other protocols Operation Command Import routes of other protocols import-route protocol [ cost value | type { external | internal } | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name ]* Cancel importing routes from other protocols undo import-route protocol [ cost value | type { external | internal } | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name ]* If t
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration protocol specifies the routing protocol sources for advertising routes, which can be direct, static, rip, bgp, ospf, ospf-ase, and so on. Note: z The filter-policy import command only filters the ISIS routes received from the neighbors, and routes that cannot pass the filter will not be added to the routing table. This command takes effect on Level-1-2 routers.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration By default, the system disables route summarization. 20.2.11 Setting to Generate Default Route In the IS-IS route domain, the Level-1 router only has the LSDB of the local area, so it can only generate the routes in the local areas. But the Level-2 router has the backbone LSDB in the IS-IS route domains and generates the backbone network routes only.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration 20.2.13 Configuring IS-IS Route Metric Type IS-IS routing protocol has two styles of route metric: z Narrow: The value of route metric ranges from 1 to 63. z Wide: The value of route metric ranges from 1 to 16,777,215. A router can choose either or both of the styles. Perform the following configuration in IS-IS view.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration Perform the following configuration in interface view. Table 20-16 Set the Hello packet broadcast interval Operation Command Set Hello packet interval, measured in seconds. isis timer hello seconds [ level-1 | level-2 ] Restore the default Hello packet interval on the interface undo isis timer hello [ level-1 | level-2 ] Usually, on the broadcast links, there exist level-1 and level-2 hello packets.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration Table 20-18 Set the LSP packet transmission interval Operation Command Set LSP packet interval on the interface, measured in milliseconds. isis timer lsp time Restore the default LSP packet interval on the interface undo isis timer lsp By default, the LSP packet is transmitted via the interface every 33 milliseconds. IV.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration By default, the number of the invalid Hello packets is set to 3. If this command does not specify Level-1 or Level-2, the system regard the invalid Hello packets are set for both Level-1 and Level-2 routers. 20.2.16 Setting IS-IS Authentication I. Setting interface authentication The authentication password set on the interface is mainly used in the Hello packet so as to confirm the validity and correctness of its peers.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration Table 20-22 Set IS-IS authentication password Operation Command Set authentication-mode password area-authentication-mode { simple | md5 } password [ ip | osi ] Delete authentication-mode password undo area-authentication-mode { simple | md5 } [ ip | osi ] Set routing password authentication domain-authentication-mode { simple | md5 } password [ ip | osi ] Delete routing domain authentication password undo domain-auth
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration Table 20-24 Set the mesh group of the interface Operation Command Add an interface to a mesh group isis mesh-group { mesh-group-number | mesh-blocked } Remove the interface from the mesh group undo isis mesh-group By default, the LSP is flooded normally from the interface. When configured with the mesh-blocked keyword, it will not flood the LSP to other interfaces.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration Table 20-26 Set to discard the LSPs with checksum errors Operation Command Set to discard the LSP with checksum error ignore-lsp-checksum-error Set to ignore the LSP checksum error undo ignore-lsp-checksum-error By default, the LSP checksum error is ignored. 20.2.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration Perform the following configuration in IS-IS view. Table 20-29 Set Lifetime of LSP Operation Command Set lifetime of LSP timer lsp-max-age seconds Restore the default LSP lifetime undo timer lsp-max-age By default, LSP can live for 1200 seconds (20 minutes). 20.2.23 Setting Parameters Related to SPF I. Setting SPF calculation interval When IS-IS LSDB changes, the router will compute the shortest path again.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration By default, SPF calculation is not divided into slices but runs to the end once, which can also be implemented by setting the seconds argument to 0. After slice calculation is set, the routes that are not processed once will be calculated in one second. Normally, the user is not recommended to modify the default configuration.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration The silent-interface command is only used to restrain the IS-IS packets not to be sent on the interface, but the interface routes can still be sent from other interfaces. On a switch, this command can disable/enable the specified VLAN interface to send IS-IS packets. 20.2.25 Resetting All the IS-IS Data Structure When it is necessary to refresh some LSPs immediately, perform the following configuration in user view.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration Display IS-IS SPF calculation log display isis spf-log Display IS-IS routing information display isis route Display IS-IS neighbor information display isis peer [ verbose ] Display mesh group information display isis mesh-group Enable IS-IS debugging debugging isis { adjacency | all authentication-error | checksum-error circuit-information | configuration-error datalink-receiving-packet datalink-sending-packet | genera
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration II. Network diagram Switch A Vlan-interface 101 100.0.0.1/24 Vlan-interface 100 100.10.0.1/24 Switch D Vlan-interface 102 200.0.0.1/24 Vlan-interface 100 100.10.0.2/24 Vlan-interface 102 100.20.0.1/24 Vlan-interface 101 200.10.0.1/24 Vlan-interface 102 100.20.0.2/24 Vlan-interface 101 200.10.0.2/24 Vlan-interface 100 100.30.0.1/24 Switch B Switch C Vlan-interface 100 200.20.0.
3Com Switch 8800 Configuration Guide Chapter 20 Integrated IS-IS Configuration Configure Switch C [Switch C] isis [Switch C-isis] network-entity 86.0001.0000.0000.0007.00 [Switch C] interface vlan-interface 101 [Switch C-Vlan-interface101] ip address 200.10.0.2 255.255.255.0 [Switch C-Vlan-interface101] isis enable [Switch C] interface vlan-interface 100 [Switch C-Vlan-interface100] ip address 200.20.0.1 255.255.255.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration Chapter 21 BGP Configuration 21.1 BGP/MBGP Overview 21.1.1 Introduction to BGP Border gateway protocol (BGP) is an inter-autonomous system (inter-AS) dynamic route discovery protocol. Three early versions of BGP are BGP-1 (RFC1105), BGP-2 (RFC1163) and BGP-3 (RFC1267). The current version is BGP-4 (RFC1771) that is applied to advertised structures and supports classless inter-domain routing (CIDR).
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration BGP runs on a router in any of the following modes: z Internal BGP (IBGP) z External BGP (EBGP) The BGP is called IBGP when it runs in an AS and EBGP when it runs among different ASs. 21.1.2 BGP Message Types BGP is driven by messages, which include the following types: z Type 1, OPEN: The first message sent after the creation of a connection to create association between BGP peers.
3Com Switch 8800 Configuration Guide z Chapter 21 BGP Configuration A BGP speaker does not advertise the routes obtained from IBGP to its IBGP peers. z A BGP speaker advertises the routes obtained from IBGP to its IBGP peers (In the Switch 8800, BGP and IGP are asynchronous.) z Once the connection is set up, a BGP speaker will advertise all its BGP routes to its peers. II.
3Com Switch 8800 Configuration Guide z Chapter 21 BGP Configuration MP_REACH_NLRI: Multiprotocol Reachable NLRI, used to advertise reachable routes and the next hop information. z MP_UNREACH_NLRI: Multiprotocol Unreachable NLRI, used to delete unreachable routes. These two attributes are optional non-transitive. Therefore, the BGP speaker that does not provide multiple protocols ability will ignore the information of them nor transfer them to other peers. III.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration z Configuring application features of a BGP peer (group) z Configuring Route Filtering of a Peer (group) 3) BGP route configuration z Configuring Network Routes for BGP Distribution z Configuring the Interaction Between BGP and IGP z Configuring BGP Route Summarization z Configuring BGP Route Filtering z Configuring BGP Route Dampening 4) BGP protocol configuration z Configuring BGP Preference z Configuring BGP Timer z
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration Perform the following configurations in BGP view. I. Creating a peer group A BGP peer must belong to a peer group. Before configuring a BGP peer, a peer group to which the peer belongs must be created first. Table 21-2 Create a peer group Operation Command Create a peer group group group-name [ internal | external ] Delete the specified peer group undo group group-name There are two types of BGP peer group, IBGP and EBGP.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration Delete a peer undo peer peer-address If you want to add a peer to an IBGP peer group, this command cannot specify AS numbers. When a peer is added to an EBGP peer group and the peer group is defined with an AS number, all its member peers inherits the configuration of the group. If the AS number of the peer group is not specified, each peer added to it should be specified with its own AS number.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration higher than the timer command that is used to configure timers for the whole BGP peers. Perform the following configuration in BGP view.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration Table 21-9 Configure to permit connections with EBGP peer groups on indirectly connected networks Operation Command Configure to permit connections with EBGP peer groups on indirectly connected networks peer group-name ebgp-max-hop [ ttl ] Configure to permit connections with EBGP peer groups on directly connected network only undo peer ebgp-max-hop group-name By default, only the connections with EBGP peer groups on directly connect
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration After you use the peer default-route-advertise command, the local router will send a default route with the next hop as itself to the peer unconditionally, even if there is no default route in BGP routing table. IV. Configuring itself as the next hop when advertising routes In general, when sending routes to the EBGP peer, the BGP speaker will set the next hop address of the routing information as the local address.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration Table 21-14 Configure to send the community attributes to a peer group Operation Configure to send the attributes to a peer group Command community peer advertise-community group-name Configure not to send the community attributes to a peer group undo peer advertise-community group-name By default, the BGP speaker does not send the community attributes to a peer group. VII.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration IX. Configuring BGP MD5 authentification password BGP uses TCP as its transport layer. For the sake of high security, you can configure MD5 authentication password when setting up a TCP connection. In other words, BGP MD5 authentication just sets password for TCP connection, but not for authenticating BGP packets. The authentication is implemented by TCP. Perform the following configuration in BGP view.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration Operation Command Configure the egress route policy for a peer group peer group-name route-policy-name export route-policy Remove the egress route policy of a peer group undo peer group-name route-policy route-policy-name export II.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration IV.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration Table 21-23 Import IGP routing information Operation Command Configure BGP to import routes of IGP protocol import-route protocol [ process-id ] [ med med ] [ route-policy route-policy-name ] Configure BGP not to import routes of IGP protocol undo import-route protocol The protocol argument specifies the imported source route protocols.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration Table 21-25 Configure BGP route summarization Operation Command Configure the summary automatic function of the subnet routes summary Cancel the summary automatic function of the subnet routes undo summary Configure local aggregation function aggregate address mask [ as-set | attribute-policy route-policy-name | detail-suppressed | origin-policy route-policy-name | suppress-policy route-policy-name ]* route Cancel local route aggre
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration II. Configuring to filter the routes advertised by the BGP Perform the following configuration in the BGP view.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration suppressed. With time going, the penalty value will decrease according to power function, and when it decreases to certain specific threshold, the route suppression will be eliminated and the route will be re-advertised. Perform the following configuration in BGP view.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration The ebgp-value, ibgp-value and local-value arguments are in the range of 1 to 256. By default, the first two is 256 and the last one is 130. 21.2.11 Configuring BGP Timer After you established BGP connections between routers, a router sends Keepalive packets to the peer periodically. Otherwise, the routers regard the BGP connections are interrupted.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration By default, the local preference is 100. 21.2.13 Configuring MED for AS Multi-Exit Discriminators (MED) attribute is the external metric for a route. AS uses the local preference to select the route to the outside, and uses the MED to determine the optimum route for entering the AS.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration 21.2.15 Configuring BGP Route Reflector To ensure the interconnection between IBGP peers, it is necessary to establish a fully connected network. If there are many IBGP peers, large overhead is needed to establish a fully connected network. Route reflecting can solve the problem. Route reflector is the centralized point of other routers, and other routers are called the clients.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration By default, the route reflection between clients is allowed. If the clients are fully connected, for the purpose of overhead reduction, it is recommended to use the undo reflect between-clients command to disable the route reflection between clients. II. Configuring the cluster ID Generally, there is only one route reflector in a cluster which is identified by the router ID of the route reflector.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration Table 21-37 Configure confederation_ID Operation Command Configure confederation_ID confederation id as-number Cancel confederation_ID undo confederation id By default, the confederation_ID is not configured. The configured confederation_ID and the existing AS number of a peer or peer group cannot be the same. II.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration By default, the configured confederation is consistent with RFC1965. 21.2.17 Clearing BGP Connection After the user changes BGP policy or protocol configuration, they must cut off the current connection so as to enable the new configuration. Perform the following configuration in user view.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration Table 21-42 Display and debug BGP Operation Command Display the routing information in BGP routing table display bgp routing-table [ ip-address [ mask ] ] Display filtered AS path information in the BGP display ip as-path-acl acl-number Display CIDR routes display bgp routing-table cidr Display the routing information of the specified BGP community display bgp routing-table community [ aa:nn | no-export-subconfed | no-advertise | n
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration Operation Enable/Disable debugging BGP Command Keepalive [ undo ] debugging bgp keepalive [ receive | send ] [ verbose ] Enable/Disable BGP Open debugging [ undo ] debugging bgp open [ receive | send ] [ verbose ] Enable /Disable BGP packet debugging [ undo ] debugging bgp packet [ receive | send ] [ verbose ] Enable/Disable BGP Update packet debugging [ undo ] debugging bgp route-refresh [ receive | send ] [ verbose ] Enable/Disa
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration II. Network diagram AS100 AS1001 Switch A AS1002 Switch B 172.68.10.2 172.68.10.1 Ethernet 172.68.10.3 172.68.1.1 156.10.1.1 Switch C 172.68.1.2 AS1003 Switch D 156.10.1.2 Switch E AS200 Figure 21-2 Network diagram for AS confederation configuration III.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration Configure Switch C: [Switch C] bgp 1003 [Switch C-bgp] confederation id 100 [Switch C-bgp] confederation peer-as 1001 1002 [Switch C-bgp] group confed1001 external [Switch C-bgp] peer confed1001 as-number 1001 [Switch C-bgp] group confed1002 external [Switch C-bgp] peer confed1002 as-number 1002 [Switch C-bgp] peer 172.68.10.1 group confed1001 [Switch C-bgp] peer 172.68.10.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration [Switch A-Vlan-interface100] quit [Switch A] bgp 100 [Switch A-bgp] network 1.0.0.0 255.0.0.0 [Switch A-bgp] group ex external [Switch A-bgp] peer 192.1.1.2 group ex as-number 200 2) Configure Switch B: Configure VLAN 2: [Switch B] interface Vlan-interface 2 [Switch B-Vlan-interface2] ip address 192.1.1.2 255.255.255.0 Configure VLAN 3: [Switch B] interface Vlan-interface 3 [Switch B-Vlan-interface3] ip address 193.1.1.2 255.255.255.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration Using the display bgp routing-table command, you can view BGP routing table on Switch B. Note: Switch B has known the existence of network 1.0.0.0. Using the display bgp routing-table command ,you can view the BGP routing table on Switch D. Note: Switch D also knows the existence of network 1.0.0.0. 21.4.3 Configuring BGP Routing I. Network requirements This example illustrates how the administrators manage the routing via BGP attributes.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration [Switch A-bgp] group ex193 external [Switch A-bgp] peer 193.1.1.2 group ex193 as-number 200 [Switch A-bgp] quit Configure the MED attribute of Switch A z Add ACL on Switch A, enable network 1.0.0.0. [Switch A] acl number 2000 [Switch A-acl-basic-2000] rule permit source 1.0.0.0 0.255.255.255 [Switch A-acl-basic-2000] rule deny source any z Define two route policies, one is called apply_med_50 and the other is called apply_med_100.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration [Switch C-Vlan-interface3] ip address 193.1.1.2 255.255.255.0 [Switch C] interface vlan-interface 5 [Switch C-Vlan-interface5] ip address 195.1.1.2 255.255.255.0 [Switch C] ospf [Switch C-ospf-1] area 0 [Switch C-ospf-1-area-0.0.0.0] network 193.1.1.0 0.0.0.255 [Switch C-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [Switch C] bgp 200 [Switch C-bgp] group ex external [Switch C-bgp] peer 193.1.1.
3Com Switch 8800 Configuration Guide z Chapter 21 BGP Configuration Define the route policy with the name of localpref, of those, the local preference matching ACL 2000 is set as 200, and that of not matching is set as 100.
3Com Switch 8800 Configuration Guide Chapter 21 BGP Configuration covering large network segment cannot be imported. For example, route 10.1.1.0/24 can be imported, while 10.0.0.0/8 may cause error.
3Com Switch 8800 Configuration Guide Chapter 22 IP Routing Policy Configuration Chapter 22 IP Routing Policy Configuration 22.1 Introduction to IP Routing Policy When a router advertises or receives routing information, it possibly needs to implement some policies to filter the routing information, so as to receive or advertise the routing information which can meet the specified condition only. A routing protocol, e.g.
3Com Switch 8800 Configuration Guide Chapter 22 IP Routing Policy Configuration II. ip-prefix The function of the ip-prefix is similar to that of the acl, but it is more flexible and easy for the users to understand. When the ip-prefix is applied to the routing information filtering, its matching objects are the destination address information domain of the routing information. An ip-prefix is identified by the ip-prefix name.
3Com Switch 8800 Configuration Guide Chapter 22 IP Routing Policy Configuration Configuring ip-prefix z Configuring the AS Path List z Configuring a Community Attribute List Note: For the configuration of ACL, refer to the QoS/ACL operation part of this manual. 2) Applications of routing policies include: z Importing Routing Information Discovered by Other Routing Protocols z Configuring Route Filtering 22.2.1 Configuring a Route-policy A route-policy can comprise multiple nodes.
3Com Switch 8800 Configuration Guide Chapter 22 IP Routing Policy Configuration satisfies all the if-match clauses of the node, it will be denied by the node and will not take the test of the next node. If not, however, the route will take the test of the next node. The nodes have the “OR” relationship. In other words, the router will test the route against the nodes in the route-policy in sequence. Once a node is matched, the route-policy filtering will be passed.
3Com Switch 8800 Configuration Guide Chapter 22 IP Routing Policy Configuration Operation Command Cancel the matched next-hop of the routing information set by ACL undo if-match ip next-hop Cancel the matched next-hop of the routing information set by address prefix list undo if-match ip next-hop ip-prefix Match the routing cost of the routing information if-match cost value Cancel the matched routing cost of the routing information undo if-match cost Match the tag domain of the OSPF routing inf
3Com Switch 8800 Configuration Guide Chapter 22 IP Routing Policy Configuration Operation Command Set the next-hop address of the routing information apply ip next-hop ip-address Cancel the next-hop address of the routing information undo apply ip next-hop Import the route to IS-IS level-1, level-2 or level-1-2 apply isis [ level-1 | level-2 level-1-2 ] Remove the function of importing the route to IS-IS undo apply isis Set the local preference of the BGP routing information apply local-prefere
3Com Switch 8800 Configuration Guide Chapter 22 IP Routing Policy Configuration 22.2.2 Configuring ip-prefix z A prefix-list is identified by an ip-prefix-name. Each IP prefix-list may include multiple entries each specifying an IP prefix matching range. IP prefix entries are identified by index-numbers. The order in which IP prefix entries are matched against depends on the order of their index numbers. Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 22 IP Routing Policy Configuration 22.2.4 Configuring a Community Attribute List In BGP, community attribute is optional and transitive. Some community attributes known globally are called standard community attributes. Some community attributes are for special purpose. You can also define expanded community attribute. A route can have one more community attributes.
3Com Switch 8800 Configuration Guide Chapter 22 IP Routing Policy Configuration Operation Command Cancel the setting for importing routes of other protocols undo import-route protocol By default, the routes discovered by other protocols will not be advertised. Note: In different routing protocol views, the parameter options are different. For details, respectively refer to the import-route command in different protocols. 22.2.6 Configuring Route Filtering I.
3Com Switch 8800 Configuration Guide Chapter 22 IP Routing Policy Configuration Table 22-9 Configure to filter the advertised routes Operation Command Configure to filter the routes advertised by the protocol filter-policy { acl-number | ip-prefix-name } export [ protocol ] ip-prefix Cancel the filtering of the routes advertised by the protocol undo filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ] By far, the route policy supports importing the routes discovered by the fo
3Com Switch 8800 Configuration Guide Chapter 22 IP Routing Policy Configuration 22.4 Typical IP Routing Policy Configuration Example 22.4.1 Configuring to Filter the Received Routing Information I. Network requirements Switch A communicates with Switch B, running OSPF protocol. The router ID of z Switch A is 1.1.1.1, and that of Switch B is 2.2.2.2. z Import three static routes through enabling the OSPF protocol on the Switch A.
3Com Switch 8800 Configuration Guide 2) Chapter 22 IP Routing Policy Configuration Configure Switch B: Configure the IP address of VLAN interface. [Switch B] interface vlan-interface 100 [Switch B-Vlan-interface100] ip address 10.0.0.2 255.0.0.0 Configure the access control list. [Switch B] acl number 2000 [Switch B-acl-basic-2000] rule deny source 30.0.0.0 0.255.255.
3Com Switch 8800 Configuration Guide Chapter 23 IP Multicast Overview Chapter 23 IP Multicast Overview Note: An Ethernet switch functions as a router when it runs IP multicast protocol. A router that is referred to in the following represents a generalized router or a layer 3 Ethernet switch running IP multicast protocol. 23.1 IP Multicast Overview 23.1.
3Com Switch 8800 Configuration Guide Chapter 23 IP Multicast Overview over the network if there is a large number of users in need of this infomration. As the bandwidth would turn short, the unicast mode is incapable of massive transmission. II. Data transmission in broadcast mode In broadcast mode, every user on the network receives the information regardless of their needs. See Figure 23-2 Data transmission in broadcast mode.
3Com Switch 8800 Configuration Guide Chapter 23 IP Multicast Overview User A User B Multicast User C User D Server User E Figure 23-3 Data transmission in multicast mode Suppose the Users B, D, and E need the information, they need to be organized into a receiver group to ensure that the information can reach them smoothly. The routers on the network duplicate and forward the information according to the distribution of these users in the group.
3Com Switch 8800 Configuration Guide Chapter 23 IP Multicast Overview z Occasional communication for training and cooperation z Data storage and finance (stock) operation z Point-to-multipoint data distribution With the increasing popularity of multimedia services over IP network, multicast is gaining its marketplace. In addition, the multicast service becomes popular and prevalent gradually. 23.2 Implementation of IP Multicast 23.2.
3Com Switch 8800 Configuration Guide Chapter 23 IP Multicast Overview Table 23-1 Ranges and meanings of Class D addresses Class D address range Description 224.0.0.0∼224.0.0.255 Reserved multicast addresses (addresses of permanent groups). All but 224.0.0.0 can be allocated by routing protocols. 224.0.1.0∼238.255.255.255 Multicast addresses available for users (addresses of temporary groups). They are valid in the entire network. 239.0.0.0∼239.255.255.255 Multicast addresses for local management.
3Com Switch 8800 Configuration Guide Chapter 23 IP Multicast Overview Class D address range Description …… …… II. Ethernet Multicast MAC Addresses When a unicast IP packet is transmitted on the Ethernet, the destination MAC address is the MAC address of the receiver. However, for a multicast packet, the destination is no longer a specific receiver but a group with unspecific members. Therefore, the multicast MAC address should be used.
3Com Switch 8800 Configuration Guide Chapter 23 IP Multicast Overview AS1 User A IGMP PIM User B User C MBGP/MSDP IGMP Multicast User D PIM Server IGMP AS2 User E Figure 23-5 Application positions of multicast-related protocols I. Multicast group management protocol Multicast groups use Internet group management protocol (IGMP) as the management protocols. IGMP runs between the host and multicast router and defines the membership establishment and maintenance mechanism between them. II.
3Com Switch 8800 Configuration Guide Chapter 23 IP Multicast Overview uses the source address of a received multicast packet to query the unicast routing table or the independent multicast routing table to determine that the receiving interface is on the shortest path from the receiving station to the source. If a source tree is used, the source address is the address of the source host sending the multicast packet. If a shared tree is used, the source address is the RP address of the shared tree.
3Com Switch 8800 Configuration Guide Chapter 24 IGMP Snooping Configuration Chapter 24 IGMP Snooping Configuration 24.1 IGMP Snooping Overview 24.1.1 IGMP Snooping Principle IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast control mechanism running on the Layer 2 Ethernet switch and it is used for multicast group management and control. IGMP Snooping runs on the link layer.
3Com Switch 8800 Configuration Guide Chapter 24 IGMP Snooping Configuration Video stream Internet / Intranet Multicast router Video stream VOD Server Layer 2 Ethernet Switch Video stream Multicast group member Video stream Video stream Non-multicast group member Non-multicast group member Figure 24-2 Multicast packet transmission when IGMP Snooping runs 24.1.2 Implement IGMP Snooping I.
3Com Switch 8800 Configuration Guide Chapter 24 IGMP Snooping Configuration II. Implement Layer 2 multicast with IGMP Snooping The Ethernet switch runs IGMP Snooping to listen to the IGMP messages and map the host and its ports to the corresponding multicast group address.
3Com Switch 8800 Configuration Guide Chapter 24 IGMP Snooping Configuration forwarding table, and meanwhile creates an IP multicast group and adds the port received the report message to it. If the corresponding MAC multicast group exists but does not contains the port received the report message, the switch adds the port into the multicast group and starts the port aging timer. And then the switch checks if the corresponding IP multicast group exists.
3Com Switch 8800 Configuration Guide Chapter 24 IGMP Snooping Configuration Table 24-1 Enabling/Disabling IGMP Snooping Operation Enable/disable IGMP Snooping Command igmp-snooping { enable | disable } By default, IGMP Snooping is disabled. Caution: z Although layer 2 and layer 3 multicast protocols can be configured in pair, they cannot run on the same VLAN or its corresponding VLAN interface at the same time.
3Com Switch 8800 Configuration Guide Chapter 24 IGMP Snooping Configuration Table 24-3 Configuring the maximum response time Operation Command Configure the maximum response time igmp-snooping seconds Restore the default setting undo IGMP-snooping max-response-time max-response-time By default, the maximum response time is 1 seconds. 24.2.4 Configuring Aging Time of Multicast Group Member Ports This task is to manually set the aging time of the multicast group member port.
3Com Switch 8800 Configuration Guide Chapter 24 IGMP Snooping Configuration Caution: If IGMP snooping is not enabled on the VLAN (nor Layer 3 multicast), unknown multicast packets are broadcasted within the VLAN no matter whether this function is enabled or not. That is, to make unknown multicast packets not be broadcasted with a VLAN, you must enable igmp-snooping in this VLAN and enable igmp-snooping nonflooding-enable globally. Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 24 IGMP Snooping Configuration To implement IGMP Snooping on the switch, you need to enable IGMP Snooping on the switch first. The switch is connected with the router via the router port, and connected with user PC through the non-router ports. II. Networking diagram Internet Ro uter Multicast Swit ch Figure 24-4 IGMP Snooping configuration networking III. Configuration procedure Suppose you need to enable IGMP Snooping on VLAN1.
3Com Switch 8800 Configuration Guide z Chapter 24 IGMP Snooping Configuration If IGMP Snooping is not enabled, input the igmp-snooping enable command in system view to enable IGMP Snooping. Then, use the same command in VLAN view to enable IGMP Snooping in the corresponding VLAN. 2) Multicast forwarding table set up by IGMP Snooping is wrong. z Input the display igmp-snooping group command to display if the multicast group is the expected one.
3Com Switch 8800 Configuration Guide Chapter 25 Multicast VLAN Configuration Chapter 25 Multicast VLAN Configuration 25.1 Multicast VLAN Overview Based on the current multicast on demand, when users in different VLANs request the service, multicast flow is duplicated in each VLAN and a great deal of bandwidth is wasted. To solve this problem, we provide the multicast VLAN feature.
3Com Switch 8800 Configuration Guide Chapter 25 Multicast VLAN Configuration Item Command Add ports corresponding VLANs to Description port hybrid vlan vlan_id_list untagged Required To cancel the configurations, use the corresponding undo commands. Note: z A port can only belong to one multicast VLAN. z The type of the ports connected to user terminals must be hybrid untagged. 25.3 Multicast VLAN Configuration Example I.
3Com Switch 8800 Configuration Guide Chapter 25 Multicast VLAN Configuration II. Network diagram Sw itch A Workstation Sw itch B PC 1 PC 2 Figure 25-1 Network diagram for multicast VLAN configuration III. Configuration procedure Before performing the following configurations, you should configure the IP addresses and connect the devices correctly. 1) Configure Switch A Configure the IP address of the VLAN 2 interface to 168.10.1.1. Enable the PIM DM protocol.
3Com Switch 8800 Configuration Guide 2) Chapter 25 Multicast VLAN Configuration Configure Switch B Enable IGMP Snooping. system-view [Switch B] igmp-snooping enable Enable IGMP-Snooping on VLAN 2 and VLAN 3. [Switch B] vlan 2 [Switch B-vlan 2] igmp-snooping enable [Switch B-vlan 2]quit [Switch B] vlan 3 [Switch B-vlan 3] igmp-snooping enable Configure VLAN 10 as multicast VLAN. Enable IGMP Snooping.
3Com Switch 8800 Configuration Guide Chapter 26 Common Multicast Configuration Chapter 26 Common Multicast Configuration 26.1 Introduction to Common Multicast Configuration The multicast common configuration is for both the multicast group management protocol and the multicast routing protocol. The configuration includes enabling multicast, displaying multicast routing table and multicast forwarding table, etc. 26.
3Com Switch 8800 Configuration Guide Chapter 26 Common Multicast Configuration 26.2.2 Configuring multicast route number limit Because too many multicast routes may exhaust the router memory, you need to limit the number of multicast routes. Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 26 Common Multicast Configuration 26.3 Controlled Multicast Configuration 26.3.1 Controlled Multicast Overview The controlled multicast feature controls user’s authority to join multicast groups. This feature is based on ports: users must first pass the 802.1x authentication set for their ports. Then they are allowed to join the multicast groups specifically configured for them but are prohibited from joining the unauthorized multicast groups.
3Com Switch 8800 Configuration Guide Chapter 26 Common Multicast Configuration Caution: In local user view, before executing this command, you must configure user service type to LAN-ACCESS, which is the only one supported by controlled multicast at present. 26.3.3 Controlled Multicast Configuration Example I. Network reuirements As shown in Figure 26-1, HostA and HostB join the multicast group. Layer 3 multicast is enabled on LSA, LSB, LSC and LSD. Controlled multicast is enabled on LSA and LSC.
3Com Switch 8800 Configuration Guide Chapter 26 Common Multicast Configuration [SW8800-GigabitEthernet2/1/1] dot1x [SW8800-GigabitEthernet2/1/2] dot1x Configure the authentication mode on the controlled ports to port-based mode. [SW8800-GigabitEthernet2/1/1] dot1x –method portbased [SW8800-GigabitEthernet2/1/2] dot1x –method portbased Create a local-user in system view. Then set the password and service type for the user.
3Com Switch 8800 Configuration Guide Chapter 26 Common Multicast Configuration Operation Command Enable multicast kernel routing debugging debugging multicast kernel-routing Disable multicast kernel routing debugging undo debugging multicast kernel-routing The multicast routing tables can be layered as follows: z Each multicast routing protocol has a multicast routing table of itself. z All the multicast routing tables can be summarized into the multicast kernel routing tables.
3Com Switch 8800 Configuration Guide Chapter 27 IGMP Configuration Chapter 27 IGMP Configuration 27.1 IGMP Overview 27.1.1 Introduction to IGMP Internet Group Management Protocol (IGMP) is a protocol in the TCP/IP suite responsible for management of IP multicast members. It is used to establish and maintain multicast membership among IP hosts and their directly connected neighboring routers.
3Com Switch 8800 Configuration Guide Chapter 27 IGMP Configuration address is elected as the querier when there are multiple multicast routers on the same network segment. II. Leaving group mechanism In IGMP Version 1, hosts leave the multicast group quietly without informing the multicast router. In this case, the multicast router can only depend on the timeout of the response time of the multicast group to confirm that hosts leave the group.
3Com Switch 8800 Configuration Guide Chapter 27 IGMP Configuration 27.2.1 Enabling Multicast Only if the multicast function is enabled can the multicast-related configurations take effect. Refer to Chapter 26 Common Multicast Configuration. 27.2.2 Enabling IGMP on an Interface This configuration task is to enable IGMP on the interface which needs to maintain the multicast membership. After this, you can initiate IGMP feature configuration. Perform the following configuration in VLAN interface view.
3Com Switch 8800 Configuration Guide Chapter 27 IGMP Configuration 27.2.4 Configuring the Interval to Send IGMP Query Message Multicast routers send IGMP query messages to discover which multicast groups are present on attached networks. Multicast routers send query messages periodically to refresh their knowledge of members present on their networks. Perform the following configuration in VLAN interface view.
3Com Switch 8800 Configuration Guide Chapter 27 IGMP Configuration I. Configuring interval for querying IGMP packets Table 27-4 Configuring interval for querying IGMP packets Operation Command Configure interval for querying IGMP packets igmp lastmember-queryinterval seconds Restore te default query interval undo igmp lastmember-queryinterval By default, the interval is 1 second. II.
3Com Switch 8800 Configuration Guide Chapter 27 IGMP Configuration maximum response time. When any timer becomes 0, the host will send the membership report message of the multicast group. Setting the maximum response time reasonably can enable the host to respond to query messages quickly. In this case, the router can fast master the existing status of the members of the multicast group. Perform the following configuration in VLAN interface view.
3Com Switch 8800 Configuration Guide Chapter 27 IGMP Configuration Configuring one interface of the router as multicast member can avoid such problem. When the interface receives IGMP query packet, the router will respond, thus ensuring that the network segment where the interface located can normally receive multicast packets. For an Ethernet switch, you can configure a port in a VLAN interface to join a multicast group. Perform the following configuration in the corresponding view.
3Com Switch 8800 Configuration Guide Chapter 27 IGMP Configuration Table 27-10 Limiting multicast groups an interface can access Operation Command Limit the range of allowed multicast groups on current interface (in VLAN interface view) igmp group-policy acl-number [ 1 | 2 | port { interface_type interface_ num | interface_name } [ to { interface_type interface_ num | interface_name } ] ] Remove the filter set on the interface (in VLAN interface view) undo igmp group-policy [ port { interface_type in
3Com Switch 8800 Configuration Guide Chapter 27 IGMP Configuration 27.3 Displaying and Debugging IGMP After the above configuration, execute display command in any view to display the running of IGMP configuration, and to verify the effect of the configuration. Execute debugging command in corresponding views for the debugging of IGMP.
3Com Switch 8800 Configuration Guide Chapter 28 PIM-DM Configuration Chapter 28 PIM-DM Configuration 28.1 PIM-DM Overview 28.1.1 Introduction to PIM-DM PIM-DM (Protocol Independent Multicast, Dense Mode) belongs to dense mode multicast routing protocols. PIM-DM is suitable for small networks. Members of multicast groups are relatively dense in such network environments. 28.1.2 PIM-DM Working Principle The working procedures of PIM-DM include neighbor discovery, flood & prune and graft. I.
3Com Switch 8800 Configuration Guide Chapter 28 PIM-DM Configuration During this process, PIM-DM uses the RPF check and the existing unicast routing table to build a multicast forwarding tree rooted at the data source. When a packet arrives, the router will first judge the correctness of the path. If the interface that the packet arrives is the one indicated by the unicast routing to the multicast source, the packet is regarded to be from the correct path.
3Com Switch 8800 Configuration Guide Chapter 28 PIM-DM Configuration IV. Graft When the pruned downstream node needs to be restored to the forwarding state, the node will send a graft packet to inform the upstream node. 28.
3Com Switch 8800 Configuration Guide Chapter 28 PIM-DM Configuration 28.2.3 Configuring the Time Intervals for Ports to Send Hello Packets When protocol independent multicast (PIM) protocol is enabled for a port, the port sends Hello packets periodically. The time intervals to send Hello packets vary with the bandwidth and type of the connected networks. Perform the following configuration in VLAN interface view.
3Com Switch 8800 Configuration Guide Chapter 28 PIM-DM Configuration 28.2.5 Configuring the Filtering of Multicast Source/Group You can set to filter the source (and group) address of multicast data packets via this command. When this feature is configured, the router filters not only multicast data, but the multicast data encapsulated in the registration packets. Perform the following configuration in the PIM view.
3Com Switch 8800 Configuration Guide Chapter 28 PIM-DM Configuration Table 28-6 Configuring the maximum number of PIM neighbor on an interface Operation Command Configure the maximum number of PIM neighbor on an interface pim limit Restore the limit of PIN neighbor to the default value pim neighbor-limit neighbor-limit By default, the PIM neighbors on the interface are limited to 128.
3Com Switch 8800 Configuration Guide Chapter 28 PIM-DM Configuration Table 28-9 Displaying and debugging PIM-DM Operation Command Display the PIM multicast routing table display pim routing-table [ { { *g [ group-address [ mask { mask-length | mask } ] ] | **rp [ rp-address [ mask { mask-length | mask } ] ] } | { group-address [ mask { mask-length | mask } ] | source-address [ mask { mask-length | mask } ] } * } | incoming-interface { Vlan-interface Vlan-interface-number | null } | { dense-mode | spars
3Com Switch 8800 Configuration Guide Chapter 28 PIM-DM Configuration VL AN20 VL AN10 VL AN11 RECEIVER 1 RECEIVER 1 Lanswitch2 Multicast Multicast Source Source VL AN30 Lanswitch1 VL AN12 Lanswitch3 RECEIVER 2 Figure 28-2 PIM-DM configuration networking III. Configuration procedure This section only introduces Lanswitch1 configuration procedure, while Lanswitch2 and Lanswitch3 configuration procedures are similar. Enable the multicast routing protocol.
3Com Switch 8800 Configuration Guide Chapter 29 PIM-SM Configuration Chapter 29 PIM-SM Configuration 29.1 PIM-SM Overview 29.1.1 Introduction to PIM-SM PIM-SM (Protocol Independent Multicast, Sparse Mode) belongs to sparse mode multicast routing protocols. PIM-SM is mainly applicable to large-scale networks with broad scope in which group members are relatively sparse.
3Com Switch 8800 Configuration Guide Chapter 29 PIM-SM Configuration I. Build the RP shared tree (RPT) When hosts join a multicast group G, the leaf routers that directly connect with the hosts send IGMP messages to learn the receivers of multicast group G. In this way, the leaf routers calculate the corresponding rendezvous point (RP) for multicast group G and then send join messages to the node of the next level toward the rendezvous point (RP).
3Com Switch 8800 Configuration Guide Chapter 29 PIM-SM Configuration It should be noted that one RP can serve multiple multicast groups or all multicast groups. Each multicast group can only be uniquely correspondent to one RP at a time rather than multiple RPs. II. Configuring BSRs The BSR is the management core in a PIM-SM network. Candidate-RPs send announcement to the BSR, which is responsible for collecting and advertising the information about all candidate-RPs.
3Com Switch 8800 Configuration Guide Chapter 29 PIM-SM Configuration It should be noted that at least one router in an entire PIM-SM domain should be configured with Candidate-RPs and Candidate-BSRs. 29.2.1 Enabling Multicast Refer to Chapter 26 Common Multicast Configuration. 29.2.2 Enabling PIM-SM This configuration can be effective only after multicast is enabled. Perform the following configuration in VLAN interface view.
3Com Switch 8800 Configuration Guide Chapter 29 PIM-SM Configuration At first, each candidate BSR considers itself as the BSR of the PIM-SM domain, and sends Bootstrap message by taking the IP address of the interface as the BSR address. When receiving Bootstrap messages from other routers, the candidate BSR will compare the BSR address of the newly received Bootstrap message with that of itself. Comparison standards include priority and IP address.
3Com Switch 8800 Configuration Guide Chapter 29 PIM-SM Configuration Operation Command Remove the candidate-RP configured undo c-rp { interface-type interface-number | all } When configuring RP, if the range of the served multicast group is not specified, the RP will serve all multicast groups. Otherwise, the range of the served multicast group is the multicast group in the specified range. It is suggested to configure Candidate RP on the backbone router. 29.2.
3Com Switch 8800 Configuration Guide Chapter 29 PIM-SM Configuration By default, no domain border is set. After this configuration is performed, a bootstrap message can not cross the border but other PIM packets can. This configuration can effectively divide a network into domains using different BSRs. 29.2.9 Configuring the filtering of multicast source/group Refer to 28.2.5 Configuring the Filtering of Multicast Source/Group. 29.2.10 Configuring the filtering of PIM neighbor Refer to 28.2.
3Com Switch 8800 Configuration Guide Chapter 29 PIM-SM Configuration Perform the following configuration in PIM view. Table 29-7 Limiting the range of legal BSR Operation Command Set the limit legal BSR range bsr-policy acl-number Restore to the default setting undo bsr-policy For detailed information of bsr-policy, please refer to the command manual. 29.2.13 Limiting the range of legal C-RP To avoid C-RP spoofing, you can limit the range of legal C-RP and limit the groups that each C-RP servers.
3Com Switch 8800 Configuration Guide Chapter 29 PIM-SM Configuration Table 29-9 Displaying and debugging PIM-SM Operation Display the information Command BSR Display the information RP Enable the debugging PIM-SM Disable the debugging PIM-SM display pim bsr-info display pim rp-info [ group-address ] debugging pim sm { all | mrt | msdp | verbose | warning | mbr { alert | fresh } | { recv | send } { assert | bootstrap | crpadv | jp | reg | regstop } | timer { assert | bsr | crpadv | jp | jpdelay | m
3Com Switch 8800 Configuration Guide Chapter 29 PIM-SM Configuration II. Networking diagram Host A VLAN11 Host B VLAN12 VLAN12 LS_A VLAN10 LS_C VLAN11 VLAN10 VLAN11 VLAN10 VLAN12 LS_B LSD Figure 29-2 PIM-SM configuration networking III. Configuration procedure 1) Configure LS_A Enable PIM-SM.
3Com Switch 8800 Configuration Guide Chapter 29 PIM-SM Configuration [SW8800-vlan-interface12] quit 2) Configure LS_B Enable PIM-SM.
3Com Switch 8800 Configuration Guide Chapter 29 PIM-SM Configuration Enable PIM-SM.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration Chapter 30 MSDP Configuration 30.1 MSDP Overview 30.1.1 Introduction Multicast source discovery protocol (MSDP) is used to discover multicast source information in other PIM-SM domains. No ISP would like to forward multicast traffic depending on the RP of competitors, though it has to obtain information from the source and distribute it among its members, regardless of the location of the source RP. MSDP is proposed to solve this problem.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration 30.1.2 Working Principle I. Indentifying multicast source and receiving multicast data As shown in Figure 30-1, the RPs of PIM-SM domains 1, 2 and 3 establish peer relationship between them. Domain 3 contains a group member.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration this case, the last hop router connected with the group member in domain 3 can choose whether to switch to SPT. II. Message forwarding and RPF check between MSDP peers As shown in Figure 30-2 MSDP working principles (II), Switch A, Switch B, Switch C, Switch D, Switch E and Switch F belong to domain 1, domain 2 and domain 3 respectively.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration case when the message is from Switch E to Switch F, it is received and forwarded to other peers. 6) If the SA message is sent from a MSDP peer in a different domain which is the next autonomous domain along the optimal path to the RP in the domain of source, as from Switch D to Switch F, it is received and forwarded to other peers. 7) For other SA messages, they are neither received nor forwarded. III.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration 30.2.2 Configuring MSDP Peers To run MSDP, you need to configure MSDP peers locally. Please perform the following configurations in MSDP view.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration rp-policy parameter are configured, any peer that receives an SA message will forward it to the other peers. z Not using the rp-policy parameter universally: According to the configuration sequence, only the first static RPF peer whose connection state is UP is activated. All SA messages from the peer will be received and those from other static RPF peers will be discarded.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration 30.2.6 Configuring the Maximum Number of SA caching To prevent DoS (Deny of Service) attacks, you can set the maximum number of SAs cached on the router. Perform the following configuration in MSDP view.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration qualified (S, G) entries in the multicast routing table when creating SA messages, that is, to control the (S,G) entries imported from the multicast routing table to the domain. Please perform the following configurations in MSDP view.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration I. Using MSDP outbound filter MSDP outbound filter of are functional in: z Filtering off all the (S, G) entries z Forwarding only the SA messages permitted by the advanced ACL Please perform the following configurations in MSDP view.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration Table 30-12 Controlling the received source information Operation Command Filter off the SA messages from a specified MSDP peer peer peer-address import Receive the SA messages permitted by the advanced ACL from a specified MSDP peer peer peer-address sa-policy import [ acl acl-number ] Remove the filtering rule over received source information undo peer sa-policy import sa-policy peer-address Similar to MSDP outbound filter in f
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration Table 30-14 Configuring the MSDP connection retry period Operation Command Configuring the MSDP connection retry period timer retry seconds Restore the default value of MSDP connection retry interval undo timer retry By default, MSDP connection is retried at the interval of 30 seconds. 30.2.13 Shutting MSDP Peers Down The session between MSDP peers can be cut off and re-activated as needed.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration 30.3 Displaying and Debugging MSDP I. Displaying and Debugging MSDP After the above configuration, execute display commands in any view to display the running information of MSDP and to verify the effect of the configuration. Execute the debugging command in user view for the debugging of MSDP.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration 30.4 MSDP Configuration Examples 30.4.1 Configuring Static RPF Peers I. Networking requirements In the following networking environment, four Switch 8800s all are in the PIM-SM domains with no BGP or MBGP running among them (Note that MBGP is not supported in the basic code; the extended option is required).
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration [SwitchD-msdp] static-rpf-peer 10.10.1.1 rp-policy list-a Configure Switch B to be a static RPF peer of Switch D. [SwitchD] ip ip-prefix list-b permit 10.21.0.0 16 [SwitchD] msdp [SwitchD-msdp] peer 10.21.1.1 connect-interface Vlan-interface 20 [SwitchD-msdp] static-rpf-peer 10.21.1.1 rp-policy list-b Configure Switch C to be a static RPF peer of Switch D. [SwitchD] ip ip-prefix list-c permit 10.25.0.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration II. Networking diagram SwitchE SwitchB Loopback0 10.10.1.1 SRC A PIM-SM domain Vlan-interface10 10.10.2.1/24 E1/1/2 Loopback10 10.1.1.1 E1/1/3 Vlan-interface20 10.10.3.1/24 Loopback10: Anycast RP address 10.1.1.1 SwitchD Loopback0: MSDP peer address & Originating-RP SRC B Vlan-interface10 10.21.3.1/24 E1/1/2 Loopback0 Loopback10 10.21.1.1 10.1.1.1 E1/1/3 SwitchA Vlan-interface20 10.21.2.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration [SwitchB-LoopBack10] igmp enable [SwitchB-LoopBack10] pim sm [SwitchB-LoopBack10] quit Configure the IP address of Vlan-interface10 and enable IGMP and PIM-SM. [SwitchB] interface Vlan-interface10 [SwitchB-Vlan-interface10] ip address 10.10.2.1 255.255.255.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration [SwitchA] vlan 10 [SwitchA-vlan10] port ethernet1/1/2 [SwitchA-vlan10] quit [SwitchA] vlan 20 [SwitchA-vlan20] port ethernet1/1/3 [SwitchA-vlan20] quit Enable multicast. [SwitchA] multicast routing-enable Configure the IP address of interface loopback0. [SwitchA] interface loopback0 [SwitchA-LoopBack0] ip address 10.21.1.1 255.255.255.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration [SwitchA-ospf-1] quit Configure Switch B as its MSDP peer. [SwitchA] msdp [SwitchA-msdp] peer 10.10.1.1 connect-interface loopback 0 Configure Originating RP. [SwitchA-msdp] originating-rp loopback0 [SwitchA-msdp] quit Configure C-RP and BSR. [SwitchA] pim [SwitchA-pim] c-rp loopback 10 [SwitchA-pim] c-bsr loopback 10 30 30.4.3 MSDP Integrated Networking I.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration II. Networking diagram PIM-SM domain 2 Loopback0 10.28.1.1 SwitchG SRC A Vlan-interface10 E1/1/2 SwitchA Loopback10 Loopback0 10.1.1.1 10.25.1.1 E1/1/3 Vlan-interface30 Ethernet: 10.25.2.0 SwitchB PIM-SM domain 1 Vlan-interface30 E1/1/4 Loopback0 10.25.1.2 Vlan-interface20 Vlan-interface10 SRC B SRC C SwitchD SwitchC Loopback0 10.26.1.1 Ethernet: 10.26.2.0 Vlan-interface10 E1/1/2 Loopback0 Loopback10 10.26.1.2 10.1.1.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration Enable multicast. [SwitchA] multicast routing-enable Configure the IP address of interface loopback0 and enable PIM-SM. [SwitchA] interface loopback0 [SwitchA-LoopBack0] ip address 10.25.1.1 255.255.255.255 [SwitchA-LoopBack0] pim sm [SwitchA-LoopBack0] quit Configure the IP address of interface loopback10 and enable PIM-SM. [SwitchA] interface loopback10 [SwitchA-LoopBack10] ip address 10.1.1.1 255.255.255.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration [SwitchA-bgp] peer 10.27.1.2 group in [SwitchA-bgp] peer in connect-interface loopback0 [SwitchA-bgp] ipv4-family multicast [SwitchA-bgp-af-mul] peer in enable [SwitchA-bgp-af-mul] peer 10.26.1.2 group in [SwitchA-bgp-af-mul] peer 10.27.1.2 group in [SwitchA-bgp-af-mul] peer in next-hop-local [SwitchA-bgp-af-mul] quit [SwitchA-bgp] group ex external [SwitchA-bgp] peer 10.28.1.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration [SwitchE] multicast routing-enable Configure the IP address of interface loopback0 and enable PIM-SM. [SwitchE] interface loopback0 [SwitchE-LoopBack0] ip address 10.26.1.2 255.255.255.255 [SwitchE-LoopBack0] pim sm [SwitchE-LoopBack0] quit Configure the IP address of interface lookback10 and enable PIM-SM. [SwitchE] interface loopback10 [SwitchE-LoopBack10] ip address 10.1.1.1 255.255.255.
3Com Switch 8800 Configuration Guide Chapter 30 MSDP Configuration [SwitchE-bgp] ipv4-family multicast [SwitchE-bgp-af-mul] peer in enable [SwitchE-bgp-af-mul] peer 10.25.1.1 group in [SwitchE-bgp-af-mul] peer 10.27.1.2 group in [SwitchE-bgp-af-mul] peer in next-hop-local [SwitchE-bgp-af-mul] quit [SwitchE-bgp] group ex external [SwitchE-bgp] peer 10.29.1.
3Com Switch 8800 Configuration Guide Chapter 31 MBGP Multicast Extension Configuration Chapter 31 MBGP Multicast Extension Configuration 31.1 MBGP Multicast Extension Overview 31.1.1 Introduction At present, the most widely used inter-domain unicast routing protocol is BGP-4. Because the multicast topology may be different from the unicast topology, BGP-4 must be modified in order to implement the transmission of inter-domain multicast routing information.
3Com Switch 8800 Configuration Guide Chapter 31 MBGP Multicast Extension Configuration I. MP_REACH_NLRI attribute MP_REACH_NLRI is an optional non-transitive attribute, and can be used to: z Send the routing information of a new reachable protocol. z Send the next hop information about the new protocol with the same coding mode as that of NLRI. z Enable the router to report part or all of the SNPAs (Sub-network Points of Attachment) saved in the local system. II.
3Com Switch 8800 Configuration Guide Chapter 31 MBGP Multicast Extension Configuration 31.
3Com Switch 8800 Configuration Guide Chapter 31 MBGP Multicast Extension Configuration Table 31-1 Enabling MBGP multicast extension protocol Operation Command Enter the MBGP multicast address family view ipv4-family multicast Remove the MBGP multicast address family view undo ipv4-family multicast By default, the system does not run the MBGP multicast extension protocol. 31.2.
3Com Switch 8800 Configuration Guide Chapter 31 MBGP Multicast Extension Configuration 31.2.5 Configuring Local Preference Different local preference can be configured as a reference of the MBGP route selection. When an MBGP router gets routes with the same destination but different next hops through different neighbors, it will choose the route with the highest local preference. The configuration works both in unicast and multicast.
3Com Switch 8800 Configuration Guide Chapter 31 MBGP Multicast Extension Configuration II. Enabling a peer (group) Please perform the following configurations in IPV4 multicast sub-address family view. Table 31-3 Enabling a peer (group) Operation Command Enable the specified peer (group) peer group-name enable Disable the specified peer (group) undo peer group-name enable III. Adding an MBGP peer to the group Please perform the following configurations in IPV4 multicast sub-address family view.
3Com Switch 8800 Configuration Guide Chapter 31 MBGP Multicast Extension Configuration By default, there is no route reflector in an AS. It is generally unnecessary to configure this command for a peer group. This command is reserved for the occasional compatibility with the network equipments of other vendors. VI.
3Com Switch 8800 Configuration Guide Chapter 31 MBGP Multicast Extension Configuration Table 31-9 Configuring IP-ACL-based route filtering policy for a peer (group) Operation Command Configure filteriing incoming packets policy Remove incoming cnfiguration Configure routing outgoing packets for policy policy Remove outgoing cnfiguration for policy peer { group-name | peer-address filter-policy acl-number import } undo peer { group-name | peer-address } filter-policy acl-number import peer gro
3Com Switch 8800 Configuration Guide Chapter 31 MBGP Multicast Extension Configuration Operation Remove outgoing cnfiguration Command policy undo peer group-name ip-prefix prefixname export By default, a peer (group) does not perform route filtering based on the prefix list. 31.2.8 Configuring MBGP Route Aggregation MBGP supports the manual aggregation of routes. Manual aggregation aggregates the local MBGP routes. A series of parameters can be configured during manual route aggregation.
3Com Switch 8800 Configuration Guide Chapter 31 MBGP Multicast Extension Configuration 31.2.10 Configure MBGP Community Attributes Within the MBGP, a community is a set of destinations with some characteriestics in common. A community is not limited to a network or an AS has no physical boundary. For details, refer to “BGP Configuration” in the Routing Protocol part. 31.2.11 Importing IGP Routing Information into MBGP MBGP can advertise intra-area netwrok informaiton to other ASs.
3Com Switch 8800 Configuration Guide Chapter 31 MBGP Multicast Extension Configuration 31.2.14 Resetting BGP Connections After changing the MBGP policy or protocol configuration, users must disconnect the present BGP connection to make the new configuration effective. For details, refer to “BGP Configuration” of the Routing Protocol part of this manual. 31.
3Com Switch 8800 Configuration Guide Chapter 31 MBGP Multicast Extension Configuration 31.4 MBGP Multicast Extension Configuration Example I. Networking requirement This example describes how the administrator uses the MBGP attributes to manage route selection. All switches are configured with MBGP. The IGP in AS200 uses OSPF. Switch A is AS100 and serves as the MBGP neighbor of Switch B and Switch C in AS200. Switch B and Switch C run IBGP for Switch D in AS200. Switch D is also in AS200. II.
3Com Switch 8800 Configuration Guide Chapter 31 MBGP Multicast Extension Configuration [SwitchA-bgp-af-mul] network 1.0.0.0 [SwitchA-bgp-af-mul] network 2.0.0.0 [SwitchA-bgp-af-mul] quit Configure peers relationship. [SwitchA-bgp] bgp 100 [SwitchA-bgp] group a1 external [SwitchA-bgp] peer 192.1.1.2 group a1 as-number 200 [SwitchA-bgp] group a2 external [SwitchA-bgp] peer 193.1.1.
3Com Switch 8800 Configuration Guide Chapter 31 MBGP Multicast Extension Configuration [SwitchB-vlan40] quit [SwitchB] interface vlan-interface 40 [SwitchB-Vlan-interface40] ip address 194.1.1.2 255.255.255.0 [SwitchB-Vlan-interface40] quit [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.
3Com Switch 8800 Configuration Guide Chapter 31 MBGP Multicast Extension Configuration [SwitchC-bgp] group c2 internal [SwitchC-bgp] peer 194.1.1.2 group c2 [SwitchC-bgp] peer 195.1.1.1 group c2 [SwitchC-bgp] ipv4-family multicast [SwitchC-bgp-af-mul] peer c1 enable [SwitchC-bgp-af-mul] peer c2 enable Configure the local preference attribute of Switch C. z Add ACL 2000 on Switch C to permit network 1.0.0.0. [SwitchC] acl number 2000 [SwitchC-acl-basic-2000] rule permit source 1.0.0.0 0.255.255.
3Com Switch 8800 Configuration Guide Chapter 31 MBGP Multicast Extension Configuration [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit [SwitchD] bgp 200 [SwitchD-bgp] undo synchronization [SwitchD-bgp] group d1 internal [SwitchD-bgp] peer 194.1.1.2 group d1 [SwitchD-bgp] peer 195.1.1.2 group d1 [SwitchD-bgp] ipv4-family multicast [SwitchD-bgp-af-mul] peer d1 enable To make the configuration effective, you need to use the reset bgp all command on all MBGP neighbors.
3Com Switch 8800 Configuration Guide Chapter 32 ACL Configuration Chapter 32 ACL Configuration 32.1 ACL Overview 32.1.1 Introduction to ACL A series match rules must be configured to recognize the packets before they are filtered. Only when packets are identified, can the network take corresponding actions, allowing or prohibiting them to pass, according to the preset policies. Access control list (ACL) is targeted to achieve these functions.
3Com Switch 8800 Configuration Guide Chapter 32 ACL Configuration Note: Depth first principle means putting the statement with smaller packet range in the front. You can know the packet range by comparing IP address wildcards: The smaller the wildcard is, the smaller host range is. For example, the address 129.102.1.1 0.0.0.0 specifies the host 129.102.1.1 and address 129.102.1.1 0.0.255.255 specifies the segment 129.102.1.1 to 129.102.255.255. Then 129.102.1.1 is surely put in the front.
3Com Switch 8800 Configuration Guide Chapter 32 ACL Configuration Table 32-1 Requirements for defining ACLs Item Number range Maximum number Number-based basic ACL 2000 to 2999 1000 Number-based advanced ACL 3000 to 3999 1000 Number-based L2 ACL 4000 to 4999 1000 Number-based user ACL 5000 to 5999 1000 Name-based basic ACL -- -- Name-based advanced ACL -- -- Name-based L2 ACL -- -- Name-based user ACL -- -- Maximum sub-rules for an ACL 0 to 127 128 Maximum sub-rules for the s
3Com Switch 8800 Configuration Guide Chapter 32 ACL Configuration Table 32-3 ACL configuration tasks No.
3Com Switch 8800 Configuration Guide Chapter 32 ACL Configuration start-time and end-time days-of-the-week define period time range together. start-time start-date and end-time end-date define absolute time range together. If a time range only defines the period time range, the time range is only active within the period time range. If a time range only defines the absolute time range, the time range is only active within the absolute time range.
3Com Switch 8800 Configuration Guide Chapter 32 ACL Configuration Table 32-6 Length of template elements Name Description Length in template cos 802.
3Com Switch 8800 Configuration Guide Chapter 32 ACL Configuration The fragment-flags field is 0 in length in flow template, so it can be ignored in calculating the total length of template elements. You can either use the default template or define a flow template based on your needs. Note: Default flow template: ip-protocol tcp-flag sport dport icmp-type icmp-code sip 0.0.0.0 dip 0.0.0.0 You cannot modify or delete the default flow template. II.
3Com Switch 8800 Configuration Guide Chapter 32 ACL Configuration Note: z If the time-range keyword is not selected, the ACL will be effective at any time after being activated. z You can define multiple rules for the ACL by using the rule command several times. z If the ACL is sent directly to hardware for packet filtering and traffic classification, the auto matching order is available and the user-defined (config) matching order becomes ineffective.
3Com Switch 8800 Configuration Guide Chapter 32 ACL Configuration Table 32-9 Define advanced ACL Operation Command Enter advanced ACL view (system view) acl { number acl-number | name acl-name advanced } [ match-order { config | auto } ] Define an ACL rule (advanced ACL view) rule [ rule-id ] { permit | deny } protocol [ source { source-addr wildcard | any } ] [ destination { dest-addr wildcard | any } ] [ source-port operator port1 [ port2 ] ] [ destination-port operator port1 [ port2 ] ] [ icmp-typ
3Com Switch 8800 Configuration Guide Chapter 32 ACL Configuration 32.2.4 Activating ACL After defining an ACL, you must activate it. This configuration activates those ACLs to filter or classify the packets forwarded by hardware. For interface cards, perform the following configurations in Ethernet port view or port group view.
3Com Switch 8800 Configuration Guide Chapter 32 ACL Configuration Display ACL configuration display acl config { all | acl-number | acl-name } Display ACL information display acl running-packet-filter { all | interface { interface-name | interface-type interface-num } | vlan vlan-id } application Display configuration information of flow template display flow-template [ default | interface interface-type interface-num | slot slotid | user-defined] Clear ACL statistics reset acl counter { all | acl
3Com Switch 8800 Configuration Guide Chapter 32 ACL Configuration III. Configuration procedure Note: Only the commands concerning ACL configuration are listed here. 1) Define the time range. Define the time range from 8:00 to 18:00. [SW8800] time-range 3Com 8:00 to 18:00 working-day 2) Define inbound traffic to the wage server. Create a name-based advanced ACL “traffic-of-payserver” and enter it. [SW8800] acl name traffic-of-payserver advanced Define ACL rule for the wage server.
3Com Switch 8800 Configuration Guide Chapter 32 ACL Configuration Note: Only the commands concerning ACL configuration are listed here. 1) Define the time range. Define the time range from 8:00 to 18:00. [SW8800] time-range 3Com 8:00 to 18:00 daily 2) Define the traffic with source IP 10.1.1.1. Create a name-based basic ACL “traffic-of-host” and enter it. [SW8800] acl name traffic-of-host basic Define ACL rule for source IP 10.1.1.1. [SW8800-acl-basic-traffic-of-host] rule 1 deny source 10.1.1.
3Com Switch 8800 Configuration Guide 1) Chapter 32 ACL Configuration Define the time range. Define the time range from 8:00 to 18:00. [SW8800] time-range 3Com 8:00 to 18:00 daily 2) Define a user-defined flow template [SW8800] flow-template user-defined slot 3 ethernet-protocol smac 0-0-0 dmac 0-0-0 3) Define the traffic with source MAC 00e0-fc01-0101 and destination MAC 00e0-fc01-0303. Create a name-based L2 ACL “traffic-of-link” and enter it.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration Chapter 33 QoS Configuration 33.1 QoS Overview Conventional packet network treats all packets equally. Each switch/router processes all packets in First-in-First-out (FIFO) mode and then transfers them to the destination in the best effort, but it provides no commitment and guarantee to such transmission performance as delay and jitter.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration There are two key steps in packet filtering: Step 1: Classify the traffic at the port according to a specific rule. Step 2: Run filtering operation (deny or permit) to the identified traffic. By default, deny operation is selected. IV. Traffic policing QoS can police traffic at the ingress port, to provide better services with the limited network resources. V.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration Figure 33-2 Ethernet frame with 802.1Q tag header In the above figure, each host supporting 802.1Q protocol adds a 4-byte 802.1Q tag header after the source address in Ethernet header. The 802.1Q tag header contains a 2-byte TPID (Tag protocol Identifier, with the value 8100) and a 2-byte TCI (tag control information). TPID is newly defined by IEEE to represent a packet with 802.1Q tag added. The contents of 802.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration high priority queue 7 Packets sent via this interface queue 6 Packets sent queue 5 queue 4 Dequeue Sending queue queue 3 Classify queue 2 queue 1 queue 0 Low priority Figure 33-4 Priority queues SP algorithm is designed for key services. One of the characteristics of key services is these services should be processed first to minimize response delay during switch congestion.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration Another merit for WRR algorithm: Though the queues are scheduled by turn, they are not configured with fixed time quantum. If a queue has no packets, the system immediately schedules the next queue. Then bandwidth resources can be fully utilized. VIII. Traffic mirroring Traffic mirroring duplicates specified packets to CPU for network test and troubleshooting. IX.
3Com Switch 8800 Configuration Guide Item Chapter 33 QoS Configuration Command Description Optional. Apply template flow flow-template user-defined Refer to section 32.2.2 “Defining and Applying Flow Template”. Optional. Activate ACL packet-filter inbound Configure local precedence for port Configure policing traffic Configure shaping traffic Configure priority traffic Refer to section “Activating ACL”. 32.2.4 Optional. priority priority-level Refer to section 33.3.
3Com Switch 8800 Configuration Guide Item Display QoS configuration Chapter 33 QoS Configuration Command Description You can execute the display command in any view to check the QoS configuration. display Refer to section 33.3.11 “Displaying and Debugging QoS Configuration”. For the common interface boards except XP4, note that: z The port group members must be on the same board and each port can only be added to one port group. z The aggregated port cannot be added to the port group.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration II. Network diagram 3.0.0.1/8 PC3 GE7/1/8 GE7/1/1 VLAN2, 1.0.0.1/8 GE7/1/2 VLAN3, 2.0.0.1/8 PC1 PC2 Figure 33-5 Network diagram for traffic redirection configuration III. Configuration procedure 1) Define the time range. Define the time range from 8:00 to 18:00. [SW8800] time-range 3Com 8:00 to 18:00 daily 2) Define the traffic from PC1. Create a number-based basic ACL 2000 and enter it.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration z Configuring Traffic Shaping z Configuring Traffic Priority z Configuring Traffic Redirection z Configuring Queue Scheduling z Configuring Traffic Mirroring z Configuring Port Mirroring z Configuring Traffic Statistics Before initiating any of these QoS configuration tasks, you should first define the corresponding ACL. Then you can achieve packet filtering just by activating the right ACL.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration After receiving a packet, the switch allocates a set of service parameters to it according to a specific rule. The switch first gets its local precedence and drop precedence according to the packet 802.1p priority value, by searching in the CoS — > Local-precedence mapping table and the CoS —> Drop-precedence mapping table.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration Table 33-4 Configure default local precedence for port Operation Command Configure default local precedence for a port priority priority-level Restore the default local precedence for a port undo priority 33.3.2 Configuring Traffic Policing Traffic policing refers to rate limit based on traffic.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration Restore the default values of the Local-precedence + Conform-Level —> mapping table (conform level view) undo local-precedence The system provides default mapping tables. II.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration Note: z The parameters of traffic policy must be the same if you configure the same tc-index for different traffic; otherwise the system prompts you for the wrong configuration. z For traffic policing configuration over the port group, all ports in the group shares the same bandwidth, that is, the traffic parameters you define take effect on all ports in the group.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration rates, while traffic policing drops excessive packets. Therefore, traffic shaping may increase transmission delay, but not for traffic policing. Perform the following configurations in Ethernet port view or port group view.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration Remove traffic priority setting which applies IP group ACL and link group ACL at same time undo traffic-priority inbound ip-group { acl-number | acl-name } { rule rule link-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } rule rule } Configure traffic priority which only applies link group ACL traffic-priority inbound link-group { acl-number | acl-name } [ rule rule [ system-index index ] ] { auto | re
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration Table 33-9 Configure traffic redirection Operation Command Configure traffic redirection which only applies IP group ACL traffic-redirect inbound ip-group { acl-number | acl-name } [ rule rule [ system-index index ] ] { cpu | interface { interface-name | interface-type interface-num } destination-vlan { l2-vpn | l3-vpn } | next-hop ip-addr1 [ ip-addr2 ] | slot slotid vlanid } Remove traffic redirection setting which only applies IP grou
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration 33.3.6 Configuring Queue Scheduling Each port supports eight outbound queues except that port of XP4 board only supports four queues. The switch puts the packets into the queues according to the local precedence of packets. Queue scheduling is used to resolve problems of resource contention by many packets. The switch supports SP algorithm and WRR algorithm. Different outbound queues at the port may use different algorithms.
3Com Switch 8800 Configuration Guide 1) Chapter 33 QoS Configuration Tail drop mode: Different queues (red, yellow and red) are allocated with different drop thresholds. When these thresholds are exceeded respectively, excessive packets will be dropped. 2) WRED drop mode: Drop precedence is taken into account in drop action. When only min-thresholds of red, yellow and green packets are exceeded, excessive packets are dropped randomly at given probability.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration II. Configuring drop algorithm Please perform the following configurations in Ethernet port view. Table 33-12 Configure drop algorithm Operation Command Configure drop algorithm drop-mode { tail-drop | wred } [ wred-index ] Restore the default algorithm undo drop-mode By default, tail drop mode is selected. See the corresponding Command Manual for details of the commands. 33.3.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration a system index for it when delivering an ACL rule with this command. However, you are not recommended to assign a system index if not urgently necessary. See the corresponding Command Manual for details of the commands. 33.3.9 Configuring Port Mirroring Port mirroring duplicates data on the monitored port to the designated monitoring port, for purpose of data analysis and supervision.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration port. You can only choose port B on board 2 as its monitoring port when configuring a second mirroring group in the same direction on board 1. z One mirroring group can contain as many as 24 monitored ports at most. z You can configure as many as 24 monitored ports for all the mirroring groups in transmit group. z You can configure 24 mirroring groups in both directions in total.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration Configure traffic statistics which only applies link group ACL traffic-statistic inbound link-group { acl-number | acl-name } [ rule rule [ system-index index ] ] [ tc-index index ] Remove traffic statistics setting which only applies link group ACL undo traffic-statistic inbound link-group { acl-number | acl-name } [ rule rule ] Display traffic statistics for the port display qos-interface [ interface-name | interface-type interface-n
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration Operation Display traffic configuration of a port Command limit display qos-interface [ interface-name interface-type interface-num ] traffic-limit | Display queue scheduling configuration of a port display qos-interface [ interface-name | interface-type interface-num ] queue-scheduler Display traffic shaping configuration of a port display qos-interface [ interface-name interface-type interface-num ] traffic-shape Display the param
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration 33.4 Configuration Example 33.4.1 Traffic Shaping Configuration Example I. Network requirements Set traffic shaping for the outbound queue 2 at the port GE7/1/8: maximum rate 500kbps, burst size 12k bytes. II. Network diagram GE7/1/8 GE7/1/1 VLAN2, 1.0.0.1/8 GE7/1/2 VLAN3, 2.0.0.1/8 PC2 PC1 Figure 33-6 Network diagram for QoS configuration III. Configuration procedure 1) Enter Ethernet port view.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration II. Network diagram GE3/1/1 E3/0/1 GE3/1/1 GE3/1/8 E3/0/8 Ser ver Server E3/0/2 GE3/1/2 Figure 33-7 Networking for port mirroring configuration III. Configuration procedure Define a mirroring group, with monitoring port as GigabitEthernet3/1/8.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration Create a number-based basic ACL 2000 and enter it. [SW8800] acl number 2000 Define ACL rule for the traffic from PC1. [SW8800-acl-basic-2000] rule 0 permit source 1.0.0.1 0 time-range 3Com 3) Define the CoS—> Conform-Level mapping table. Define the CoS — > Conform-Level mapping table. The switch allocates drop precedence (all as 0 for the sake of simplification) for them when receiving packets.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration Re-allocate service parameters for the packets from PC1. [SW8800-GigabitEthernet7/1/1] traffic-priority inbound ip-group 2000 remark-policed-service dscp 63 33.4.4 Traffic Redirection Configuration Example I. Network requirements Forward the packets sent from PC1 (IP 1.0.0.1) during the time range from 8:00 to 18:00 every day to the address 2.0.0.1. II. Network diagram GE7/1/8 GE7/1/1 VLAN2, 1.0.0.1/8 GE7/1/2 VLAN3, 2.0.0.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration 33.4.5 Queue Scheduling Configuration Example I. Network requirements Modify the correspondence between 802.1p priority levels and local priority levels to change the mapping between 802.1p priority levels and queues. That is, put packets into outbound queues according to the new mapping. Use WRR algorithm for the queues 0 to 5 at the port GE7/1/1.
3Com Switch 8800 Configuration Guide 2) Chapter 33 QoS Configuration Use WRR algorithm for the queues 0 to 5. Set the queues 0, 1 and 2 into WRR queue 1, with weight respectively as 20, 20 and 30; set the queues 3, 4 and 5 into WRR queue 2, with weight respectively as 20, 20 and 40. Use SP algorithm for the queues 6 and 7.
3Com Switch 8800 Configuration Guide Chapter 33 QoS Configuration III. Configuration procedure 1) Configure WRED parameters Configure parameters for WRED 0. [SW8800] wred 0 [SW8800-wred-0] queue 7 150 500 5 100 150 10 50 100 15 10 2) Set drop algorithm and thresholds. Define the port GE7/1/1 in WRED drop mode, set the parameters of WRED 0. [SW8800-GigabitEthernet7/1/1] drop-mode wred 0 33.4.7 Traffic Statistics Configuration Example I. Network requirements Suppose the IP address of PC1 is 1.0.0.
3Com Switch 8800 Configuration Guide 3) Chapter 33 QoS Configuration Count the packets to PC1 and display the result using the display command.
3Com Switch 8800 Configuration Guide Chapter 34 Logon User ACL Control Configuration Chapter 34 Logon User ACL Control Configuration 34.1 Overview As the Ethernet switches are used more and more widely over the networks, the security issue becomes even more important. The switches provide several logon and device accessing measures, mainly including TELNET access, SNMP access, and HTTP access (currently the Switch 8800 does not support it).
3Com Switch 8800 Configuration Guide Chapter 34 Logon User ACL Control Configuration Operation Command Delete a sub-rule (basic ACL view) undo rule rule-id [ source ] [ fragment ] [ time-range ] Delete an ACL or all ACLs (system view) undo acl { number acl-number | name acl-name | all } Enter advanced ACL view from system view acl { number acl-number | name acl-name advanced } [ match-order { config | auto } ] Define sub-rule( ACL view) rule [ rule-id ] { permit | deny } protocol [ source { sourc
3Com Switch 8800 Configuration Guide Chapter 34 Logon User ACL Control Configuration 34.2.3 Configuration Example I. Network requirements Only the Telnet users from 10.110.100.52 and 10.110.100.46 can access the switch. II. Network diagram Internet Switch Figure 34-1 ACL configuration for Telnet users III. Configuration procedure Define a basic ACL. [SW8800] acl number 2000 match-order config [SW8800-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [SW8800-acl-basic-2000] rule 2 permit source 10.
3Com Switch 8800 Configuration Guide Chapter 34 Logon User ACL Control Configuration 34.3.2 Importing ACL Import the defined ACL into the commands with SNMP community, username and group name configured, to achieve ACL control over SNMP users. Perform the following configurations in system view.
3Com Switch 8800 Configuration Guide Chapter 34 Logon User ACL Control Configuration 34.3.3 Configuration Example I. Network requirements Only SNMP users from 10.110.100.52 and 10.110.100.46 can access the switch. II. Network diagram Internet Switch Figure 34-2 ACL configuration for SNMP users III. Configuration procedure Define a basic ACL. [SW8800] acl number 2000 match-order config [SW8800-acl-baisc-2000] rule 1 permit source 10.110.100.52 0 [SW8800-acl-baisc-2000] rule 2 permit source 10.110.100.
3Com Switch 8800 Configuration Guide Chapter 35 MPLS Architecture Chapter 35 MPLS Architecture Note: A Switch 8800 running MPLS can serve as a router. Routers mentioned in this manual can be either a router in common sense, or a layer 3 Ethernet switch running MPLS. To enable MPLS function on the Switch 8800, you must select the interface cards that support MPLS. Note that all the B cards do not support MPLS. For example, FT48C card supports MPLS, but FT48B does not. 35.
3Com Switch 8800 Configuration Guide Chapter 35 MPLS Architecture 35.2.2 Label I. Label definition A label is a locally significant short identifier with fixed length, which is used to identify a FEC. When reaching at MPLS network ingress, packets are divided into different FECs, based on their FECs, different labels are encapsulated into the packets. Later forwarding is based on these labels. II. Label structure The structure of the label is shown in Figure 35-1.
3Com Switch 8800 Configuration Guide Chapter 35 MPLS Architecture Ethernet SONET/SDH packet Ethernet header/PPP header Flag Lay er 3 data Frame mode ATM packet ATM header Flag Lay er 3 data Cell mode ATM packet VPI/VCI Lay er 3 data Figure 35-2 Label position in packet In Ethernet packets and PPP packets, label stack lies between layer 2 header and layer 3 data, acting like a shim. In ATM cell mode packets, VPI/VCI is used as the label.
3Com Switch 8800 Configuration Guide Chapter 35 MPLS Architecture In independent control mode, each LSR can send label mapping messages to the LSRs it connects to at anytime. In ordered control mode, a LSR can send label mapping messages to upstream only when it receives a specific label mapping messages of the next hop of a FEC or the LSR serves as LSP (Label Switching Path) egress node. Note: Currently, the Switch 8800 adopts the ordered label control mode.
3Com Switch 8800 Configuration Guide Chapter 35 MPLS Architecture with labels, distributes label binding messages, establishes and maintains label forwarding table. The network consisting of LSRs is called MPLS domain. The LSR that is located at the edge of the domain is called edge LSR (LER, Labeled Edge Router). It connects an MPLS domain with a non-MPLS domain or with another MPLS domain, classifies packets, distributes labels (as ingress LER) and distracts labels (as egress LER).
3Com Switch 8800 Configuration Guide Chapter 35 MPLS Architecture 35.3.3 Establishing LSP Actually, the establishment of LSP refers to the process of binding FEC with the label, and then advertising this binding to the adjacent LSR on LSP. This process is implemented through LDP, which regulates the message in interactive processing and message structure between LSRs as well as routing mode. I.
3Com Switch 8800 Configuration Guide Chapter 35 MPLS Architecture received the returned label map message from its downstream LSR. Usually, the upstream LSR selects the downstream LSR according to the information in its routing table. In Figure 35-4, LSRs on the way along LSP1 use the sequential label control mode, and the LSR F on LSP2 uses independent label control mode.
3Com Switch 8800 Configuration Guide Chapter 35 MPLS Architecture As shown in Figure 35-5, LSP is a tunnel between R2 and R3. II. Multi-layer label stack In MPLS, a packet may carry multiple labels which are in the form of stack. Operations to the stack follow the “last in first out” principle and it is always the labels at the top of the stack that decide how to forward packets.
3Com Switch 8800 Configuration Guide Chapter 35 MPLS Architecture there are obvious advantages to implement VPN by MPLS. MPLS VPN connects the geographically different branches of private network by using LSP, forming a united network. MPLS VPN also supports the interconnection between different VPNs.
3Com Switch 8800 Configuration Guide Chapter 36 MPLS Basic Capability Configuration Chapter 36 MPLS Basic Capability Configuration 36.1 MPLS Basic Capability Overview Basic MPLS forwarding functions includes LDP session establishment and LSP path maintenance.
3Com Switch 8800 Configuration Guide Chapter 36 MPLS Basic Capability Configuration Table 36-1 Define MPLS LSR ID Operation Command Define LSR ID mpls lsr-id ip-address Delete LSR ID undo mpls lsr-id By default, LSR ID is not defined. 36.2.2 Enabling MPLS and Entering MPLS View In system view, you can first enable MPLS globally and enter MPLS view using the mpls command. Then you can directly enter MPLS view after using the mpls command in system view.
3Com Switch 8800 Configuration Guide Chapter 36 MPLS Basic Capability Configuration be the ingress node, an intermediate node (also called transit node), or the egress node. Note that an LSP operates normally only after all the LSRs along the LSP have been properly configured. The undo static-lsp command is used to delete a specified LSP established manually. Perform the following configuration in MPLS view.
3Com Switch 8800 Configuration Guide Chapter 36 MPLS Basic Capability Configuration Table 36-5 Enable/disable LDP view Operation Command Enable LDP protocol mpls ldp Disable LDP undo mpls ldp By default, LDP is disabled. 36.3.2 Enabling LDP on VLAN interface To make the VLAN interface support LDP, you must enable LDP function on virtual interface in VLAN interface mode. After enabling the LDP function, the virtual interface then sets up session. It begins to set up LSP if in topology-driven mode,.
3Com Switch 8800 Configuration Guide Chapter 36 MPLS Basic Capability Configuration There is no default remote-peer. II. Configuring an address for the remote-peer You can specify the address of any LDP-enabled interface on the remote-peer or the address of the loopback interface on the LSR that has advertised the route as the address of the remote-peer. Perform the following configuration in the remote-peer view.
3Com Switch 8800 Configuration Guide Chapter 36 MPLS Basic Capability Configuration Table 36-9 Configure basic session hold-time Operation Command Configure session hold-time mpls ldp timer { session-hold session-holdtime | hello hello-holdtime } Return to the default value undo mpls ldp timer { session-hold | hello } By default, the session-holdtime is 60 seconds and hello-holdtime is 15 seconds. Perform the following configuration in remote-peer view.
3Com Switch 8800 Configuration Guide Chapter 36 MPLS Basic Capability Configuration 36.3.5 Configuring LDP Loop Detection Control I. Enabling loop detection It is used to enable or disable the loop detection function during LDP signaling process. The loop detection includes maximum hop count mode and path vector mode. The maximum hop count method refers to that the hop-count information is contained in the message bound with the forwarding label, and the value pluses one for each hop.
3Com Switch 8800 Configuration Guide Chapter 36 MPLS Basic Capability Configuration III. Setting the maximum hop count in path vector mode When path vector mode is adopted for loop detection, it is also necessary to specify the maximum value of LSP path. In this way, when one of the following conditions is met, it is considered that a loop happens and the LSP establishment fails. z The record of this LSR already exists in the path vector recording table. z The path hop count exceeds this maximum value.
3Com Switch 8800 Configuration Guide Chapter 36 MPLS Basic Capability Configuration Table 36-16 Display the static LSP information Operation Command display mpls static-lsp [ include text | verbose ] Display the static LSP information II. Displaying MPLS-enabled interfaces After accomplishing the configuration tasks mentioned previously, you can execute the display command in any view to view the information related to the MPLS-enabled interfaces and thus to evaluate the effect of the configurations.
3Com Switch 8800 Configuration Guide Chapter 36 MPLS Basic Capability Configuration V. Trapping MPLS This command is used to enable the trap function of MPLS during an LSP/LDP setup process. Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 36 MPLS Basic Capability Configuration II.
3Com Switch 8800 Configuration Guide Chapter 36 MPLS Basic Capability Configuration II. Network diagram SwitchB Switch A VLAN201 168.1.1.2 VLAN201 168.1.1.1 VLAN203 172.17.1.1 VLAN202 100.10.1.2 SwitchD VLAN203 172.17.1.2 VLAN202 100.10.1.1 SwitchC Figure 36-1 Network diagram III. Configuration procedure 1) Configure Switch A Configure LSR ID and enable MPLS and LDP. [SW8800] mpls lsr-id 168.1.1.
3Com Switch 8800 Configuration Guide Chapter 36 MPLS Basic Capability Configuration [SW8800] mpls [SW8800-mpls] quit [SW8800] mpls ldp Configure IP address and enable MPLS and LDP for VLAN interface 201. [SW8800] vlan 201 [SW8800-vlan201] port gigabitethernet 2/1/1 [SW8800-vlan201] quit [SW8800] interface Vlan-Interface 201 [SW8800-Vlan-interface201] ip address 168.1.1.2 255.255.0.
3Com Switch 8800 Configuration Guide Chapter 36 MPLS Basic Capability Configuration Configure LSR ID and enable MPLS and LDP. [SW8800] mpls lsr-id 100.10.1.1 [SW8800] mpls [SW8800-mpls] quit [SW8800] mpls ldp Configure IP address and enable LDP and MPLS for VLAN interface 202. [SW8800] vlan 202 [SW8800-vlan202] port gigabitethernet 2/1/1 [SW8800-vlan202] quit [SW8800] interface Vlan-interface 202 [SW8800-Vlan-interface202] ip address 100.10.1.1 255.255.255.
3Com Switch 8800 Configuration Guide Chapter 36 MPLS Basic Capability Configuration 36.6 Troubleshooting MPLS Configuration Symptom: Session cannot be setup with the peer after LDP is enabled on the interface. Troubleshooting: Cause 1: Loop detection configuration is different at the two ends. Solution: Check loop detection configuration at both ends to see if one end is configured while the other end is not (this will result in session negotiation failure).
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Chapter 37 BGP/MPLS VPN Configuration 37.1 BGP/MPLS VPN Overview Traditional VPN, for which layer 2 tunneling protocols (L2TP, L2F and PPTP, and so on.) or layer 3 tunnel technology (IPSec, GRE and so on.) is adopted, is a great success and is therefore widely used.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration 37.1.1 BGP/MPLS VPN Model I. BGP/MPLS VPN model site 1 VPN1 site 1 PE Backbone network of the service provider CE P P CE VPN 2 PE CE site 2 VPN2 site 3 P PE PE VPN1 site 2 CE CE Figure 37-1 MPLS VPN model As shown in Figure 37-1, MPLS VPN model contains three parts: CE, PE and P.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration VPNs. These disadvantages not only increase the network operating cost, but also bring relevant management and security issues. The nested VPN is a better solution. Its main idea is to transfer VPNv4 route between PE and CE of common BGP MPLS/VPN such that user themselves can manage their internal VPN division, and the service provider can be saved from participating into users' internal VPN management.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration compatibility: It not only supports traditional IPv4 address family, but also supports other address families, for example, VPN-IPv4 address family. MP-BGP ensures that VPN private routes are only advertised within VPNs, as well as implementing communication between MPLS VPN members. 3) VPN-IPv4 address VPN is just a private network, so it can use the same IP address to indicate different sites.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration ERT: Export Route Targets RD IPv4 address ... ERT1 ERT2 ... ERTn MPLS VPN Route Import Route Targets: ( IRT1, IRT2, ... ,IRTm ) Figure 37-3 Route filtering through matching VPN Target attribute Note: The routes for other VPNs will not appear in the VPN's routing table by using VPN Target attribute to filter routing information received at PE router, so the CE-transmitted data will only be forwarded within the VPN. 37.1.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration LSPs must be set up between PEs for VPN data traffic forwarding with MPLS LSP. The PE router which receives packets from CE and create label protocol stack is called ingress LSR, while the BGP next hop (egress PE router) is egress LSR. Using LDP to create fully connected LSPs among PEs. 3) Between PE and CE A CE can learn remote VPN routes from the PE connected through static routes, RIP, OSPF or EBGP.
3Com Switch 8800 Configuration Guide 3) Chapter 37 BGP/MPLS VPN Configuration Each P router on LSP forwards MPLS packets using exterior-layer label to the penultimate-hop router, namely the P router before PE2. The penultimate-hop router extracts the exterior-layer and sends MPLS packet to PE2. 4) PE2 looks up in the MPLS forwarding table according to the interior-layer label and destination address to determine the egress interface for labeling operation and the packet.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration As shown in Figure 37-5, the PEs directly connected with user devices are called UPE (underlayer PE or user-end PE); the devices in the core network connected with the UPEs are called SPE (superstratum PE or service-provider-end PE). Hierarchical PEs have the same appearance as that of the traditional PEs and can coexist with other PEs in the same MPLS network.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration interface, routing table, and sends VPN routing information over MPLS network using BGP/OSPF interaction. If supporting OSPF multi-instance, one router can run multiple OSPF procedures, which can be bound to different VPN instances. In practice, you can create one OSPF instance for each service type.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration compromised method brings additional configuration burden and has limitation in actual use. To resolve this problem, the idea of multi-role host is generated. Specifically to say, this idea is to differentiate the accesses to different VPNs through configuring policy routing based on IP addresses, and transmit downstream data flow from PE to CE by configuring static routing.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration I. Creating static route If you select static route mode for CE-PE route switching, you should then configure a private static route pointing to PE on CE. Perform the following configuration in the system view.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration 37.2.2 Configuring PE Router I. Configuring basic MPLS capability It includes configuring MPLS LSR ID, enable MPLS globally and enable MPLS in the corresponding VLAN interface view. See MPLS Basic Capacity Configure for details. II. Defining BGP/MPLS VPN site 1) Create vpn-instance and enter vpn-instance view The VPN instance is associated with a site.
3Com Switch 8800 Configuration Guide 3) Chapter 37 BGP/MPLS VPN Configuration Configure vpn-instance description Perform the following configuration in vpn-instance view Table 37-5 Configure vpn-instance description Operation Command Configure vpn-instance description description vpn-instance-description Delete vpn-instance description undo description 4) Configure vpn-target attribute for the vpn-instance VPN-target attribute, a BGP extension community attribute, controls advertisement of VPN r
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration By default, the value is both. In general all sites in a VPN can be interconnected, and the import-extcommunity and export-extcommunity attributes are the same, so you can execute the command only with the both option. Up to 16 vpn-targets can be configured with a command, and up to 20 vpn-targets can be configured for a VPN-instance.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Table 37-8 Configure basic ACL Operation z Command Configure basic ACL acl { number acl-number | name acl-name basic } [ match-order { config | auto } ] Delete basic ACL undo acl { number acl-number | name acl-name | all } Defines subrules for the basic ACL Perform the following configuration in corresponding ACL view.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Both VLAN ID and IP address-based packet redirection. z Perform the following configuration in the Ethernet port view. Table 37-12 Configure packet redirection at the Ethernet port on the B card Operation Command Configure packet redirection to the specific port on the supporting MPLS card.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration You can configure a static route pointing to CE on PE for it to learn VPN routing information from CE. Perform the following configuration in the system view.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration routes should also be imported into OSPF. Here only introduces OSPF multi-instance configuration in detail. First step: Configure OSPF procedure. Perform the following configuration in the system view.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Caution: The configured value will not take effect unit the command reset ospf is executed. Step 3: Configure tag for imported VPN route (optional) If a VPN site links to multiple PEs, routing ring may present when the routes learned by MPLS/BGP are received by another PE router in being advertised by category-5/-7 LSA of a PE to the VPN site. To solve this problem, you should configure route-tag.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Table 37-19 Configure sham link Operation Command Configure sham link sham-link source-addr destination-addr [ cost cost-value ] [ simple password | md5 keyid key ] [ dead seconds ] [ hello seconds ] [ retransimit seconds ] [ trans-delay seconds ] Delete a sham link undo sham-link source-addr destination-addr By default, the cost value is 1, dead value is 40 seconds, hello value is 10 seconds, retransmit value is 5 seconds an
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration By default, BGP neighbor is active while MBGP neighbor is inactive. You should activate MBGP neighbor in VPNv4 sub-address family view. Perform the following configuration in VPNv4 sub-address family view.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration In the case of standard BGP, BGP tests routing loop via AS number to avoid generating routing loop. In the case of Hub&Spoke networking, however, PE carries the AS number of the local autonomous system when advertising the routing information to CE, if EBGP is run between PE and CE. Accordingly, the updated routing information will carry the AS number of the local autonomous system when route update is received from CE.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Table 37-26 Permit BGP session over any operable TCP interface Operation Command Permit BGP session over any operable TCP interface peer { peer-address | group-name } connect-interface { interface-type interface_num } Use the best local address for TCP connection undo peer { peer-address group-name } connect-interface | BGP creates BGP adjacency to the peer end using specific interfaces, which is usually the loopback interfa
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Table 37-29 Enable/disable IBGP peer group Operation Command Enable a peer group peer group-name enable Disable a specific peer group undo peer group-name enable Step 4: Configure the local address as the next hop in route advertisement (optional) Since the default value is no configuration, you must show clearly to add in this configuration command when configuring MBGP of PE-PE.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Operation Command Remove to advertise default route to the peer (group) undo peer { peer-address | group-name } default-route-advertise [ vpn-instance vpn-instancename] Step 7: Configure BGP neighbor as the UPE of BGP/MPLS VPN This command is only used for UPE (user port function) of BGP/MPLS VPN. Configuring the following commands in the VPNv4 sub-address family view.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration II. Displaying IP routing table associated with vpn-instance After the above configuration, you can execute display command in any view to display the corresponding information in the IP routing tables related to vpn-instance, and to verify the effect of the configuration.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration V. Displaying MPLS l3vpn-lsp information Table 37-38 Display MPLS l3vpn-lsp information Operation Command Display MPLS l3vpn LSP information display mpls l3vpn-lsp [ verbose] include text Display MPLS l3vpn LSP vpn-instance information display mpls l3vpn-lsp [ vpn-instance vpn-instance-name ] [ transit | egress | ingress ] [include text | verbose ] VI.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration II. Network diagram AS 65410 CE1 AS 65430 CE3 VLAN201 168.1.1.1/16 VLAN201 168.3.1.1/16 AS 100 VPN-A PE1 RD(100:1) VLAN202 168.1.1.2/16 Loopback0 202.100.1.1./32 VLAN201 172.1.1.1/16 VLAN201 168.2.1.1/16 VLAN201 172.3.1.1/16 VLAN202 168.3.1.2/16 VLAN303 Loopback0 202.100.1.3./32 P VLAN301 VLAN302 PE2 RD(100:2) VLAN201 AS 65420 VLAN202 168.2.1.2/16 172.2.1.1.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Note: The configuration on the other three CE switches (CE2 to CE4) is similar to that on CE1, the details are omitted here. 2) Configure PE1 Configure vpn-instance for VPN-A on PE1, as well as other associated attributes to control advertisement of VPN routing information.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE1] mpls lsr-id 202.100.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1] vlan 201 [PE1-vlan201] port gigabitethernet 2/1/1 [PE1-vlan201] quit [PE1] interface Vlan-interface 201 [PE1-Vlan-interface201] ip address 172.1.1.1 255.255.0.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [P-LoopBack 0] quit [P] vlan 301 [P-vlan301] port gigabitethernet 3/1/1 [P-vlan301] quit [P] interface Vlan-interface 301 [P-Vlan-interface301] ip address 172.1.1.2 255.255.0.0 [P-Vlan-interface301] mpls [P-Vlan-interface301] mpls ldp enable [P-Vlan-interface301] quit [P] vlan 302 [P-vlan302] port gigabitethernet 3/1/2 [P-vlan302] quit [P] interface Vlan-interface 302 [P-Vlan-interface302] ip address 172.2.1.2 255.255.0.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [P-ospf-1] import-route direct 4) Configure PE3 Note: The configuration on PE3 is similar to that on PE1, you should pay more attention to VPN routing attribute setting on PE3 to get information about how to control advertisement of a same VPN routing information (with same VPN-target) over MPLS network. Create VPN-instance for VPN-A on PE3, configure correlative attributes to control advertisement of VPN routing information.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE3] mpls lsr-id 202.100.1.3 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3] vlan 201 [PE3-vlan201] interface gigabitethernet 2/1/1 [PE3-vlan201] quit [PE3] interface Vlan-interface 201 [PE3-Vlan-interface201] ip address 172.3.1.1 255.255.0.
3Com Switch 8800 Configuration Guide z Chapter 37 BGP/MPLS VPN Configuration Two Switch 8800s serve as PE devices, which support MPLS feature. CE-1 and CE-2 are two mid-range switches; a Layer 2 switch serves as both CE-3 and CE-4, which is accessed directly with users. z Two PEs are configured with the same interface cards: Slot 2 holds the common interface card with FE ports (B card) and slot 3 holds the enhanced interface card with GE ports (C card). II. Network diagram CE-1 vlan 10 vlan 20 192.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Note: The configuration on VPN-B is similar to that on VPN-A and only VPN-A configuration is detailed here. [PE1] ip vpn-instance vpna [PE1-vpn-vpna] route-distinguisher 100:1 [PE1-vpn-vpna] vpn-target 100:1 both [PE1-vpn-vpna] quit Bind the VLAN interface connecting PE 1 and CE-1 to VPN-A.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Globally enable MPLS. [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1] mpls ldp Configure the public network interface and enable MPLS on it. [PE1] interface loopback0 [PE1-LoopBack0] ip address 1.1.1.9 255.255.255.255 [PE1-LoopBack0] quit [PE1] vlan 100 [PE1-vlan100] port GigabitEthernet 3/1/1 [PE1-vlan100] interface vlan-interface 100 [PE1-vlan-interface100] ip address 192.168.1.1 255.255.255.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Note: The configuration on VPN-B is similar to that on VPN-A and only VPN-A configuration is detailed here. [PE2] ip vpn-instance vpna [PE2-vpn-vpna] route-distinguisher 100:1 [PE2-vpn-vpna] vpn-target 100:1 both [PE2-vpn-vpna] quit Configure the VLAN interface connecting PE 2 with CE-3 and bind the VLAN interface to VPN-A.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2-bgp-af-vpn] peer 2 enable [PE2-bgp-af-vpn] peer 1.1.1.9 group 2 Globally enable MPLS. [PE2] mpls lsr-id 2.2.2.9 [PE2] mpls [PE2] mpls ldp Configure the public network interface and enable MPLS on it. [PE2] interface loopback0 [PE2-LoopBack0] ip address 2.2.2.9 255.255.255.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Note: Cautions and configuration limitations in hybrid networking: z For a trunk port on the common interface card, you can configure to redirect MPLS VPN of multiple VLANs to the same destination port. z In a VLAN you can configure only one source port to redirect MPLS VPN to the destination port.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration 37.4.3 Extranet Configuration Example I. Network requirements Company A and Company B are located at City A and City B respectively. Their headquarters is located at City C. They respectively own VPN1 and VPN2. In this case, VPN function is provided by MPLS. There are some shared resources at the City C for the two VPNs.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration III. Configuration procedure Note: This configuration procedure has omitted configurations between PE and P, and configurations on CEs. For these details refer to the former example. 1) Configure PE-A: Configure VPN-instance 1 for VPN1 on PE-A, so that it can transceive VPN routing information of VPN-target 111:1.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE-A-mpls] quit [PE-A] mpls ldp Set up MP-IBGP adjacency between PEs to exchange inter-PE VPN routing information and activate MP-IBGP peer in VPNv4 sub-address family view. [PE-A] bgp 100 [PE-A-bgp] group 20 internal [PE-A-bgp] peer 20.1.1.1 group 20 [PE-A-bgp] peer 20.1.1.1 connect-interface loopback 0 [PE-A-bgp] ipv4-family vpnv4 [PE-A-bgp-af-vpn] peer 20 enable [PE-A-bgp-af-vpn] peer 20.1.1.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE-C-LoopBack0] ip address 20.1.1.1 255.255.255.255 [PE-C-LoopBack0] quit Configure MPLS basic capacity. [PE-C] mpls lsr-id 20.1.1.1 [PE-C] mpls [PE-C-mpls] quit [PE-C] mpls ldp Set up MP-IBGP adjacency between PEs to exchange inter-PE VPN routing information and activate MP-IBGP peer in VPNv4 sub-address family view. [PE-C] bgp 100 [PE-C-bgp] group 10 [PE-C-bgp] peer 10.1.1.1 group 10 [PE-C-bgp] peer 10.1.1.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE-B] vlan 301 [PE-B-vlan301] port gigabitethernet 3/1/1 [PE-B-vlan301] quit [PE-B] interface Vlan-interface 301 [PE-B-Vlan-interface301] ip binding vpn-instance vpn-instance3 [PE-B-Vlan-interface301] ip address 172.17.0.1 255.255.0.0 [PE-B-Vlan-interface301] quit Configure loopback interface [PE-B] interface loopback 0 [PE-B-LoopBack0] ip address 30.1.1.1 255.255.255.255 [PE-B-LoopBack0] quit Configure MPLS basic capacity.
3Com Switch 8800 Configuration Guide z Chapter 37 BGP/MPLS VPN Configuration Set up IBGP adjacency between PE1 and PE2 or PE1 and PE3, but not between PE2 and PE3, that is, VPN routing information cannot be exchanged between PE2 and PE3. z Create two VPN-instances on PE1, import VPN routes of VPN-target 100:11 and 100:12, set VPN-target for VPN routes advertised as 100:2. z Create a VPN-instance on PE2, import VPN routes of VPN-target 100:2, set VPN-target for VPN routes advertised as 100:11.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration II. Network diagram CE1 Hub Site VLAN202 172.17.0.1/16 VLAN201 172.16.0.1/16 PE1 Loopback0 11.1.1.1/32 Internet Spoke Site CE2 Spoke Site PE3 20.1.1.2 PE2 VLAN201 172.15.0.1/16 Loopback0 22.1.1.1/32 Loopback0 33.1.1.1/32 CE3 VLAN201 172.18.0.1/16 Figure 37-11 Network diagram for Hub&Spoke III.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn-instance2 [PE1-bgp-af-vpn-instance] import-route static [PE1-bgp-af-vpn-instance] import-route direct [PE1-bgp-af-vpn-instance] group 17216 external [PE1-bgp-af-vpn-instance] peer 172.16.1.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE1-bgp] peer 22.1.1.1 group 22 as-number 100 [PE1-bgp] peer 22.1.1.1 connect-interface loopback 0 [PE1-bgp] group 33 [PE1-bgp] peer 33.1.1.1 group 33 as-number 100 [PE1-bgp] peer 33.1.1.1 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpn] peer 22 enable [PE1-bgp-af-vpn] peer 22.1.1.1 group 22 [PE1-bgp-af-vpn] peer 33 enable [PE1-bgp-af-vpn] peer 33.1.1.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2-LoopBack0] quit Set up MP-IBGP adjacency between PE2 and PE1 to exchange inter-PE VPN routing information and activate MP-IBGP peer in VPNv4 sub-address family view. [PE2] bgp 100 [PE2] group 11 [PE2-bgp] peer 11.1.1.1 group 11 as-number 100 [PE2-bgp] peer 11.1.1.1 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpn] peer 11 enable [PE2-bgp-af-vpn] peer 11.1.1.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE3] interface loopback 0 [PE3-LoopBack0] ip address 33.1.1.1 255.255.255.255 [PE3-LoopBack0] quit Set up MP-IBGP adjacency between PE3 and PE1 to exchange inter-PE VPN routing information and activate MP-IBGP peer in VPNv4 sub-address family view. [PE3] bgp 100 [PE3-bgp] group 11 [PE3-bgp] peer 11.1.1.1 group 11 [PE3-bgp] peer 11.1.1.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration II. Network diagram AS:65003 AS:65004 CE3 CE4 VLAN211 192.168.13.2/24 VLAN311 192.168.13.1/24 VLAN211 192.168.23.2/24 Loopback0 3.3.3.3/32 VLAN312 30.1.1.1/24 PE3 VLAN214 30.1.1.2/24 Loopback0 1.1.1.1/32 VLAN211 172.11.11.1/24 VLAN211 172.11.11.2/24 VLAN314 192.168.23.1/24 VLAN313 20.1.1.2/24 AS:100 Loopback0 2.2.2.2/32 VLAN213 10.1.1.2/24 VLAN213 10.1.1.1/24 PE1 VLAN214 20.1.1.1/24 VLAN212 172.21.21.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE1-vpn-vpn-instance1.2] quit Set up MP-EBGP adjacency between PE1 and CE1, import intra-CE1 VPN routes learned into VPN-instance 1.1. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn-instance1.1 [PE1-bgp-af-vpn-instance] import-route direct [PE1-bgp-af-vpn-instance] import-route static [PE1-bgp-af-vpn-instance] group 17211 external [PE1-bgp-af-vpn-instance] peer 172.11.11.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Configure MPLS basic capacity, enable LDP on the interface connecting PE1 and PE2 and the interface connecting PE1 and PE3. [PE1] mpls lsr-id 1.1.1.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE1-bgp] peer 3.3.3.3 group 3 [PE1-bgp] peer 3.3.3.3 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpn] peer 2 enable [PE1-bgp-af-vpn] peer 2.2.2.2 group 2 [PE1-bgp-af-vpn] peer 3 enable [PE1-bgp-af-vpn] peer 3.3.3.3 group 3 [PE1-bgp-af-vpn] quit 2) Configure PE2 Note: The configuration of PE2 is similar to that of PE1, so only VPN-instance configuration is detailed here. Create two VPN-instances 2.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2-bgp-af-vpn-instance] peer 172.22.22.2 group 17222 as-number 65002 [PE2-bgp-af-vpn] quit [PE2-bgp] quit Bind the interface connecting PE2 and CE1 to VPN-instance 2.1 and the interface connecting PE2 and CE2 to VPN-instance 2.2. [PE2] vlan 212 [PE2-vlan212] port gigabitethernet 2/1/2 [PE2-vlan212] quit [PE2] interface Vlan-interface 212 [PE2-Vlan-interface212] ip binding vpn-instance vpn-instance2.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE3-bgp-af-vpn-instance] import-route direct [PE3-bgp-af-vpn-instance] import-route static [PE3-bgp-af-vpn-instance] group 192 external [PE3-bgp-af-vpn-instance] peer 192.168.13.2 group 192 as-number 65003 [PE3-bgp-af-vpn-instance] quit [PE3-bgp] quit Set up MP-EBGP adjacency between PE3 and CE4, import intra-CE4 VPN routes learned into VPN-instance3.2. [PE3-bgp] ipv4-family vpn-instance vpn-instance3.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration II. Network diagram AS 200 AS 100 VLAN205 VLAN205 20.1.1.1/24 20.1.1.2/24 VLAN206 PE2:2.2.2.2/32 98.98.98.1/24 98.98.98.2/24 VLAN202 VLAN203 VLAN204 VLAN206 172.12.12.1/24 172.22.22.1/24 172.21.21.1/24 P1 P1:3.3.3.3/32 P2:4.4.4.4/32 VLAN201 VLAN201 VLAN201 172.21.21.2/24 172.12.12.2/24 172.22.22.2/24 VLAN205 10.1.1.2/24 PE1:1.1.1.1/32 VLAN201 172.11.11.1/24 VLAN201 172.11.11.2/24 VLAN205 10.1.1.1/24 CE1 PC1 192.168.11.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE1] vlan 205 [PE1-vlan205] port gigabitethernet 2/2/1 [PE1-vlan205] quit [PE1] interface Vlan-interface 205 [PE1-Vlan-interface205] mpls [PE1-Vlan-interface205] mpls ldp enable [PE1-Vlan-interface205] ip address 10.1.1.2 255.255.255.0 Bind the VLAN interface with the VPN-instance. [PE1] interface Vlan-interface 201 [PE1-Vlan-interface201] ip binding vpn-instance vpna [PE1-Vlan-interface201] ip address 172.11.11.1 255.255.255.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp Configure the VLAN interface connecting CE. [PE2] vlan 203 [PE2-vlan203] port gigabitethernet 2/1/1 [PE2-vlan203] quit [PE2] vlan 204 [PE2-vlan204] port gigabitethernet 2/1/2 [PE2-vlan204] quit Configure loopback interface. [PE2] interface loopback 0 [PE2-LoopBack0] ip address 2.2.2.2 255.255.255.255 Configure VPN-instance.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2-bgp-af-vpn-instance] import-route direct [PE2-bgp-af-vpn-instance] group 172-12 external [PE2-bgp-af-vpn-instance] peer 172.12.12.2 group 172-12 as-number 65012 [PE2-bgp] ipv4-family vpn-instance vpnb [PE2-bgp-af-vpn-instance] import-route direct [PE2-bgp-af-vpn-instance] group 172-22 external [PE2-bgp-af-vpn-instance] peer 172.22.22.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [P1-Vlan-interface206] mpls ldp enable [P1-Vlan-interface206] ip address 98.98.98.1 255.255.255.0 [P1-Vlan-interface206] quit Configure IBGP neighbors and EBGP neighbors. [P1] bgp 100 [P1-bgp] group 1 internal [P1-bgp] peer 1.1.1.1 group 1 [P1-bgp] peer 1.1.1.1 connect-interface loopback0 [P1-bgp] group 4 external [P1-bgp] peer 98.98.98.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration III. Configuration procedure z Configuring OSPF on the MPLS backbone network z Configuring basic MPLS capability on the MPLS backbone network z Configuring a VPN instance on PEs. z Configuring MP-BGP 1) Configure OSPF as the IGP protocol on the MPLS backbone network; making OSPFs on PEs can learn routes from each other. Create OSPF neighbor between ASBR-PE and PE in the same AS. Configure PE1.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2] interface pos1/1/0 [PE2-Pos1/1/0] ip address 162.1.1.2 255.255.0.0 [PE2-Pos1/1/0] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 162.1.0.0 0.0.255.255 [PE2-ospf-1-area-0.0.0.0] network 202.200.1.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit Configure ASBR-PE2 [ASBR-PE2] interface loopback0 [ASBR-PE2-LoopBack0] ip address 202.200.1.1 255.255.255.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE1-Pos1/1/0] mpls ldp [PE1-Pos1/1/0] quit Configure basic MPLS capability on ASBR-PE1, enable LDP on the interface connected to PE1, and enable MPLS on the interface connected to ASBR-PE2. [ASBR-PE1] mpls lsr-id 172.1.1.
3Com Switch 8800 Configuration Guide 3) Chapter 37 BGP/MPLS VPN Configuration Create a VPN instance on each PE, and bind the instance to the interface connected to the corresponding CE. Configure CE1 [CE1] interface ethernet 1 [CE1-Ethernet1] ip address 168.1.1.2 255.255.0.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Note: z Enable the exchanging of label-carried IPv4 route between the following routers: PE1 and ASBR-PE1, PE2 and ASBR-PE2, ASBR-PE1 and ASBR-PE2. z Make each ASBR-PE change the next hop to its own when it advertises routes to the PE in the same AS.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [ASBR-PE1-acl-basic-2001] quit [ASBR-PE1] route-policy rtp-ebgp permit node 1 [ASBR-PE1-route-policy] if-match acl 2001 [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] route-policy rtp-ibgp permit node 10 [ASBR-PE1-route-policy] if-match mpls-label [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit Configure ASBR-PE1: set up EBGP peer relation with ASBR-PE2, and IBGP peer relatio
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2-bgp] group 30 external [PE2-bgp] peer 30 ebgp-max-hop [PE2-bgp] peer 202.100.1.2 group 30 as-number 100 [PE2-bgp] peer 202.100.1.2 connect-interface loopback0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpn] peer 30 enable [PE2-bgp-af-vpn] peer 202.100.1.2 group 30 [PE2-bgp-af-vpn] quit [PE2-bgp] quit Configure ASBR-PE2: configure the route policy. [ASBR-PE2] acl number 2001 [ASBR-PE2-acl-basic-2001] rule permit source 200.200.1.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration networks at the city level into a single MPLS VPN will impose a high requirement in performance on the equipment on the entire network, in the event that the network topology size is large. However, the requirement in equipment performance can become lower if this MPLS VPN is separated into two VPNs, the network at the province level and the network at the city level, for example.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [SPE] mpls ldp Configure VPN-instance [SPE] ip vpn-instance vpn1 [SPE-vpn-vpn1] route-distinguisher 100:1 [SPE-vpn-vpn1] vpn-target 100:1 both Configure interfaces (So far as a PE router concerned, its LOOPBACK 0 interface must be assigned with a host address of 32-bit mask. [SPE] vlan 201 [SPE-vlan201] port gigabitethernet 2/1/1 [SPE-vlan201] quit [SPE] interface Vlan-interface 201 [SPE-Vlan-interface201] ip address 10.0.0.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration Configure the basic MPLS capability. [UPE] mpls lsr-id 1.0.0.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration 37.4.9 OSPF Multi-instance sham link Configuration Example I. Network requirements As shown in the following picture, a company connects to a WAN through OSPF multi-instance function of a router. OSPF is bind to VPN1.MPLS VPN backbone runs between PEs and OSPF runs between PE and CE.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE1] vlan 203 [PE1-vlan203] port gigabitethernet 2/1/3 [PE1-vlan203] quit [PE1] interface Vlan-interface 203 [PE1-Vlan-interface203] ip address 168.1.12.1 255.255.255.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE1-bgp-af-vpn-instance] import-route ospf-ase 100 [PE1-bgp-af-vpn-instance] import-route ospf-nssa 100 [PE1-bgp-af-vpn-instance] import-route direct [PE1-bgp-af-vpn-instance] undo synchronization Create and activate peer in MBGP. [PE1-bgp-af-vpn] ipv4-family vpnv4 [PE1-bgp-af-vpn] peer fc enable [PE1-bgp-af-vpn] peer fc advertise-community [PE1-bgp-af-vpn] peer 50.1.1.2 group fc Bind OSPF process to VPN-instance.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2-Vlan-interface203] mpls ldp enable [PE2-Vlan-interface203] quit [PE2] vlan 201 [PE2-vlan201] port gigabitethernet 2/1/1 [PE2-vlan201] quit [PE2] interface Vlan-interface 201 [PE2-Vlan-interface201] ip binding vpn-instance vpn1 [PE2-Vlan-interface201] ip address 20.1.1.2 255.255.255.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2-bgp-af-vpn] peer fc enable [PE2-bgp-af-vpn] peer fc advertise-community [PE2-bgp-af-vpn] peer 50.1.1.1 group fc Configure OSPF and import BGP and direct-connect route. [PE2] ospf 100 router-id 2.2.2.2 vpn-instance vpn1 [PE2-ospf-100] import-route bgp [PE2-ospf-100] import-route static [PE2-ospf-100] area 0.0.0.0 [PE2-ospf-100-area-0.0.0.0] network 20.1.1.0 0.0.0.255 Configuring sham link [PE2-ospf-100-area-0.0.0.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [CE1-ospf-100-area-0.0.0.0] network 12.1.1.0 0.0.0.255 4) Configure CE2 Configure interface. [CE2] vlan 202 [CE2-vlan202] port gigabitethernet 2/1/2 [CE2-vlan202] quit [CE2] interface Vlan-interface 202 [CE2-Vlan-interface202] ip address 12.1.1.2 255.255.255.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration II. Network diagram CE5 VPN1 AS50003 Pos1/1/0: 18.1.1.2/8 Pos2/1/0: 18.1.1.1/8 prov_pe1 5.5.5.5 AS100 Pos1/1/0: 10.1.1.1/8 CE7 cust_pe1 6.6.6.6 CE1 Pos1/1/0: 2.1.1.1/8 AS600 Pos1/1/0: 15.1.1.1/8 VPN1 AS50001 Pos2/1/0: 16.1.1.2/8 CE3 CE2 VPN2 VPN2 Pos3/1/0: 2.1.1.2/8 Pos1/1/0: 1.1.1.1/8 Pos2/1/0: 15.1.1.2/8 VPN1 AS50002 III.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [prov_pe1-ospf-area-0.0.0.0] network 10.0.0.0 0.255.255.255 Configure prov_pe2 system-view [SW8800] sysname prov_pe2 [prov_pe2] interface LoopBack0 [prov_pe2-LoopBack0] ip address 4.4.4.4 255.255.255.255 [prov_pe2-LoopBack0] quit [prov_pe2] interface pos 1/1/0 [prov_pe2-Pos1/1/0] link-protocol ppp [prov_pe2-Pos1/1/0] ip address 10.1.1.2 255.0.0.0 [prov_pe2] ospf [prov_pe2-ospf] area 0 [prov_pe2-ospf-area-0.0.0.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [prov_pe1-bgp] quit Configure prov_pe2 [prov_pe2] bgp 100 [prov_pe2-bgp] group ibgp internal [prov_pe2-bgp] peer 5.5.5.5 group ibgp [prov_pe2-bgp] peer 5.5.5.5 connect-interface LoopBack0 [prov_pe2-bgp] ipv4-family vpnv4 [prov_pe2-bgp-af-vpn] peer ibgp enable [prov_pe2-bgp-af-vpn] peer ibgp next-hop-local [prov_pe2-bgp-af-vpn] peer 5.5.5.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [prov_pe2-Pos3/1/0] ip binding vpn-instance customer_vpn [prov_pe2-Pos3/1/0] link-protocol ppp [prov_pe2-Pos3/1/0] ip address 2.1.1.2 255.0.0.0 [prov_pe2-Pos3/1/0] mpls [prov_pe2-Pos3/1/0] quit Configure cust_pe1 system-view [SW8800] sysname cust_pe1 [cust_pe1] interface LoopBack0 [cust_pe1-LoopBack0] ip address 6.6.6.6 255.255.255.255 [cust_pe1-LoopBack0] quit [cust_pe1] mpls lsr-id 6.6.6.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [prov_pe1-bgp-af-vpn] peer ebgp vpn-instance customer_vpn enable [prov_pe1-bgp-af-vpn] peer 1.1.1.1 vpn-instance customer_vpn group ebgp [prov_pe1-bgp-af-vpn] peer 1.1.1.1 vpn-instance customer_vpn route-policy comm import [prov_pe1-bgp-af-vpn] quit Configure prov_pe1 to access CE5 [prov_pe1-bgp] ipv4-family vpn-instance vpn1 [prov_pe1-bgp-af-vpn-instance] group ebgp external [prov_pe1-bgp-af-vpn-instance] peer 18.1.1.
3Com Switch 8800 Configuration Guide 4) Chapter 37 BGP/MPLS VPN Configuration On each Customer PE, configure the sub-VPN that accesses the network through the Customer PE. Configure cust_pe1 [cust_pe1] ip vpn-instance vpn1 [cust_pe1-vpn-instance] route-distinguisher 1:1 [cust_pe1-vpn-instance] vpn-target 1:1 [cust_pe1-vpn-instance] quit [cust_pe1] interface pos 2/1/0 [cust_pe1-Pos2/1/0] ip binding vpn-instance vpn1 [cust_pe1-Pos2/1/0] link-protocol ppp [cust_pe1-Pos2/1/0] ip address 15.1.1.2 255.0.0.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration II. Network diagram vpn1 VLAN202 ospf 100 VLAN201 10.2.1.2/24 vpn1 10.1.1.2/24 MPLS Network PE vpn2 ospf 300 VLAN204 VLAN203 20.1.1.2/24 20.2.1.2/24 Multi-VPN-Instance CE vpn2 Figure 37-18 Network diagram for OSPF multi-instance CE configuration III.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [CE] vlan 203 [CE-vlan203] port gigabitethernet 2/1/3 [CE-vlan203] quit [CE] interface Vlan-interface 203 [CE-Vlan-interface203] ip binding vpn-instance vpn2 [CE-Vlan-interface203] ip address 20.1.1.2 255.255.255.0 Configure VLAN204 [CE] vlan 204 [CE-vlan204] port gigabitethernet 2/1/4 [CE-vlan204] quit [CE] interface Vlan-interface 204 [CE-Vlan-interface204] ip binding vpn-instance vpn2 [CE-Vlan-interface204] ip address 20.2.1.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration II. Network diagram PC1 172.18.0.1/16 AS65410 Ethernet2/1/0 172.18.0.2/16 CE1 Ethernet1/1/0 20.2.1.1/24 AS100 Ethernet3/1/0 20.2.1.2/24 Loopback0: 2.2.2.9/32 Ethernet1/1/0 Ethernet1/1/0 192.168.1.2/24 PE2 192.168.1.1/24 Loopback0: 1.1.1.9/32 PE1 Ethernet1/1/0 20.1.1.1/24 Ethernet2/1/0 20.3.1.2/24 Ethernet2/1/0 20.1.1.2/24 Ethernet1/1/0 20.3.1.1/24 CE2 AS65420 CE3 Ethernet2/1/0 172.19.0.2/ 172.19.0.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2-LoopBack0] ip address 2.2.2.9 32 [PE2-LoopBack0] quit [PE2] interface Ethernet1/1/0 [PE2-Ethernet1/1/0] ip address 192.168.1.2 24 [PE2-Ethernet1/1/0] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit 2) Configure basic MPLS capability and create VPN instances.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2] mpls lsr-id 2.2.2.9 [PE2-mpls] lsp-trigger all [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface Ethernet1/1/0 [PE2-Ethernet1/1/0] mpls [PE2-Ethernet1/1/0] mpls ldp [PE2-Ethernet1/1/0] quit Create a VPN instance for VPN1 on PE2, and bind Ethernet2/1/0 to VPN1.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [CE3-Ethernet1/1/0] quit [CE3] bgp 65430 [CE3-bgp] import-route direct [CE3-bgp] group 10 external [CE3-bgp] peer 20.3.1.2 group 10 as-number 100 [CE3-bgp] quit Configure PE1: set up IBGP peer relation with PE2 in BGP-VPNv4 sub-address family view; set up EBGP peer relation with CE2 in BGP-VPN instance view. [PE1] bgp 100 [PE1-bgp] group 10 [PE1-bgp] peer 2.2.2.9 group 10 [PE1-bgp] peer 2.2.2.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration [PE2-bgp] quit Configure multi-role host feature. Configure a default route pointing to PE1 on CE2. [CE2] ip route-static 0.0.0.0 0.0.0.0 20.1.1.2 If routing protocol is used between CE2 and PE1, to avoid routing loop, disable PE1 from advertising any route to CE2.
3Com Switch 8800 Configuration Guide Chapter 37 BGP/MPLS VPN Configuration III. Symptom 3 In Hub&Spoke networking mode, spoke PE cannot learn the private networking route of Hub PE. Solution: z Check whether the LSP tunnel is established using the display mpls lsp command. z Check whether the BGP adjacent is established correctly. z Check whether the routing import/export relation of the VPN-instance is correct. z Check whether allow-as-loop is configured between spoke PE and hub PE. IV.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration Chapter 38 MSTP Region-configuration 38.1 Introduction to MSTP MSTP stands for Multiple Spanning Tree Protocol, which is compatible with Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP). STP is not fast in state transition. Even on a point-to-point link or a edge port, it has to take an interval twice as long as forward delay before the port transits to the forwarding state.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration CIST: common and internal spanning tree Area A0 VLAN 1 mapped to Instance 1 VLAN 2 mapped to Instance 2 Other VLANs mapped to CIST MSTI: multiple spanning tree instance BPDU BPDU A B C CST: common spanning tree D Area D0 VLAN 1 mapped to Instance 1, domain root as B VLAN 2 mapped to Instance 2, domain root as C Other VLANs mapped to CIST BPDU Area B0 VLAN 1 mapped to Instance 1 VLAN 2 mapped to Instance 2 Other VLANs mapped
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration IV. CST Common Spanning Tree (CST): a LAN has only one CST. CST connects the spanning trees of all MST regions. Regard every MST region as a “switch”, and the CST is generated by the computing of “switches” through STP/RSTP. For example, the red line in Figure 38-1 indicates the CST. V. CIST Common and Internal Spanning Tree (CIST): A single spanning tree made up of ISTs and CST. It connects all switches in a switching network.
3Com Switch 8800 Configuration Guide z Chapter 38 MSTP Region-configuration Master port is the port connecting the entire region to the Common Root Bridge and located on the shortest path between them. z An alternate port is a backup of the mater port, and also a backup port of a root port in the region. As a backup of the mater port, an alternate port will become a new master port after a master port is blocked. z If two ports of a switch are connected, there must be a loop.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration Figure 38-3 BPDU packet format Figure 38-4 MSTI information format of the last part in BPDU packets Besides field root bridge priority, root path cost, local bridge priority and port priority, the field flags which takes one byte in an instance is also used for role selection.
3Com Switch 8800 Configuration Guide 7 6 TcAck Agreement Chapter 38 MSTP Region-configuration 5 4 Forwarding Learning 3 2 1 0 Proposal Tc Figure 38-5 Meaning of 1-byte Flags in BPDU packets The second and third bits together indicate MSTP port role. 2) TC packet A TC packet is also an MSTP BPDU packet, but the lowest bit of its flags field is set to 1, which endows the TC packet with special meaning. So the TC packet has its special meaning.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration Switch A AP1 AP2 CP1 BP1 Switch C Switch B CP2 BP2 LAN Figure 38-6 Designated bridge and designated port For a switch, the designated bridge is a switch in charge of forwarding BPDU to the local switch via a port called the designated port accordingly. For a LAN, the designated bridge is a switch that is in charge of forwarding BPDU to the network segment via a port called the designated port accordingly.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration priorities of Switch A, B and C are 0, 1 and 2 and the path costs of their links are 5, 10 and 4 respectively. 1) Initial state When initialized, each port of the switches generates the configuration BPDU taking itself as the root with a root path cost as 0, designated bridge IDs as their own switch IDs and the designated ports as their ports.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration BPDU for every port: substituting the root ID with the root ID in the configuration BPDU of the root port, the cost of path to root with the value made by the root path cost plus the path cost corresponding to the root port, the designated bridge ID with the local switch ID and the designated port ID with the local port ID. Switch compares the calculated BPDU with the BPDU of corresponding port.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration CP2 receives from the BP2 of Switch B the configuration BPDU {1, 0, 1, BP2} that has not been updated and then the updating process is launched. The configuration BPDU is updated as {1, 0, 1, BP2}. CP1 receives the configuration BPDU {0, 0, 0, AP2} from Switch A and Switch C launches the updating. The configuration BPDU is updated as {0, 0, 0, AP2}.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration configuration BPDUs besides the first four items will make modifications according to certain rules. The basic calculation process is described below: In addition, with identical priority, the path cost of an aggregation port is smaller than that of a non-aggregation port. Therefore, under identical root ID, path cost value and designated switch ID, the switch will generally select the aggregation port as the root port.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration 38.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration Setting the Timeout Factor of a Specific Bridge z Configuring the Max Transmission Speed on a Port z Configuring a Port as an Edge Port or Non-edge Port z Configuring the Path Cost of a Port z STP Path Cost Calculation Standards on STP port z Configuring the Priority of a Port z Configuring the Port (Not) to Connect with the Point-to-Point Link z Configuring the mCheck Variable of a Port z Configuring the Switch Prote
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration Table 38-1 Enter MST region view Operation Command Enter MST region view (from system view) stp region-configuration Restore the default settings of MST region undo stp region-configuration II. Configuring parameters for the MST region Perform the following configuration in MST region view.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration III. Activating the MST region configuration,and exit the MST region view Perform the following configuration in MST region view. Table 38-3 Activate the MST region configuration and exit the MST region view Operation Command Show the configuration information of the MST region under revision check region-configuration Manually activate the MST region configuration active region-configuration Exit MST region view quit 38.2.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration If the primary root is down or powered off, the secondary root will take its place, unless you configure a new primary root. Of two or more configured secondary root bridges, MSTP selects the one with the smallest MAC address to take the place of the failed primary root. When configuring the primary and secondary switches, you can also configure the network diameter and hello time of the specified switching network.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration Restore the default MSTP running mode undo stp mode Generally, if there is a STP switch on the switching network, the port connected to it will automatically transit from MSTP mode to STP-compatible mode. But the port cannot automatically transit back to MSTP mode after the STP switch is removed. In this case, you can execute the stp mcheck command to restore the MSTP mode. By default, MSTP runs in MSTP mode. 38.2.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration discards the configuration BPDU with 0 hops left. This makes it impossible for the switch beyond the max hops to take part in the spanning tree calculation, thereby limiting the scale of the MST region. You can use the following command to configure the max hops in an MST region. Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration Note: The stp bridge-diameter command configures the switching network diameter and determines the three MSTP time parameters (Hello Time, Forward Delay, and Max Age) accordingly. 38.2.7 Configuring the Time Parameters of a Switch The switch has three time parameters, Forward Delay, Hello Time, and Max Age. Forward Delay is the switch state transition mechanism.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration Caution: The Forward Delay configured on a switch depends on the switching network diameter. Generally, the Forward Delay is supposed to be longer when the network diameter is longer. Note that too short a Forward Delay may redistribute some redundant routes temporarily, while too long a Forward Delay may prolong the network connection resuming. The default value is recommended.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration 38.2.8 Setting the Timeout Factor of a Specific Bridge A switch transmits hello packet regularly to the adjacent bridges to check if there is link failure. Generally, if the switch does not receive the STP packets from the upstream switch for 3 times of hello time, the switch will decide the upstream switch is dead and will recalculate the topology of the network.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration II. Configuration in Ethernet port view Perform the following configuration in Ethernet port view. Table 38-12 Configure the max transmission speed on a port Operation Command Configure the max transmission speed on a port stp transmit-limit packetnum Restore the default max transmission speed on a port undo stp transmit-limit You can configure the max transmission speed on a port with either of the earlier-mentioned measures.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration Table 38-14 Configure a port as an edge port or a non-edge port Operation Command Configure a port as an edge port. stp edged-port enable Configure a port as a non-edge port. stp edged-port disable Restore the default setting of the port as a non-edge port. undo stp edged-port You can configure a port as an edge port or a non-edge port with either of the earlier-mentioned measures.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration I. Configuration in system view Perform the following configuration in system view. Table 38-15 Configure the path cost of a port Operation Command Configure the path cost of a port. stp interface interface-list [ instance instance-id ] cost cost Restore the default path cost of a port. undo stp interface interface-list [ instance instance-id ] cost II.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration The actual rate counts. 2) Calculating the path cost z Full-duplex and non-aggregation port at a rate less than 1 GE Path cost = [200,000,000 / (rate × 10)] – 1 Other ports z Path cost = 200,000,000 / (rate × 10) II. DOT1D-1998 calculation standard 1) Calculating the rate z Aggregation port If the port is up, the actual rate counts.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration The rate of the primary port in an aggregation group is determined by the sum of the port rates in this group. No calculation is performed for secondary port. Non-aggregation port z The actual rate counts, but the rate is 0 if the port is down. 2) Calculating the path cost Table 38-18 details the correspondence between the rate range and the value range of the path cost of the ports.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration Table 38-20 Configure the port priority Operation Configure priority. the Command port stp interface interface-list instance instance-id port priority priority Restore the default port priority. undo stp interface interface-list instance instance-id port priority II. Configuration in Ethernet port view Perform the following configuration in Ethernet port view.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration Operation Command Configure MSTP to automatically detect if the port is directly connected with the point-to-point link. stp interface interface-list point-to-point auto Configure MSTP to automatically detect if the port is directly connected with the point-to-point link, as defaulted. undo stp interface interface-list point-to-point II.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration By default, the parameter is configured as auto. 38.2.15 Configuring the mCheck Variable of a Port The port of an MSTP switch operates in either STP-compatible or MSTP mode. Suppose a port of an MSTP switch on a switching network is connected to an STP switch, the port will automatically transit to operate in STP-compatible mode.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration You can configure mCheck variable on a port with either of the earlier-mentioned measures. Note that the command can be used only if the switch runs MSTP. The command does not make any sense when the switch runs in STP-compatible mode. 38.2.16 Configuring the Switch Protection Function An MSTP switch provides BPDU protection, Root protection functions, loop protection and TC-protection. I.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration Note: For the loop protection-enabled port, if the port participates in STP calculation, all the instances of the port will be always set to be in discarding state regardless of the port role. IV. TC-protection As a general rule, the switch deletes the corresponding entries in the MAC address table and ARP table upon receiving TC-BPDU packets.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration Operation Command Configure TC protection of the switch (from system view) stp tc-protection enable Disable TC protection (from system view) stp tc-protection disable By default, only the protection from TC-BPDU packet attack is enabled on the switch. BPDU protection, Root protection and loop protection are disabled.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration Table 38-27 Enable/Disable MSTP on a device Operation Command Enable MSTP on a device. stp enable Disable MSTP on a device. stp disable Restore the disable state of MSTP, as defaulted. undo stp Only if MSTP has been enabled on the device will other MSTP configurations take effect. If MSTP is disabled on the device, MSTP cannot be enabled on a port. By default, MSTP is disabled. 38.2.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration disabled, upon receiving TC/TCN packets, the port broadcasts TC packets to delete the MAC address entries of the port in the STP active state on the bridge. Perform the following configuration in system view. Table 38-29 Enable/disable ARP address update Operation Command Enable/disable ARP address update stp update-arp { enable | disable } By default, ARP address update is enabled.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration Table 38-31 Enable/Disable MSTP on a port Operation Command Enable MSTP on a port. stp enable Disable MSTP on a port. stp disable You can enable/disable MSTP on a port with either of the earlier-mentioned measures. Note that redundant route may be generated after MSTP is disabled. By default, MSTP is enabled on all the ports after it is enabled on the device. 38.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration Operation Command Enable STP global error or event debugging debugging stp global-event } { global-error | Disable STP global error or event debugging undo debugging stp { global-error | global-event } 38.4 Typical MSTP Configuration Example I. Network requirements MSTP provides different forwarding paths for packets of different VLANs.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration III. Configuration procedure 1) Configurations on Switch A MST region [SW8800] stp region-configuration [SW8800-mst-region] region-name example [SW8800-mst-region] instance 1 vlan 10 [SW8800-mst-region] instance 3 vlan 30 [SW8800-mst-region] instance 4 vlan 40 [SW8800-mst-region] revision-level 0 Manually activate MST region configuration.
3Com Switch 8800 Configuration Guide Chapter 38 MSTP Region-configuration MST region [SW8800] stp region-configuration [SW8800-mst-region] region-name example [SW8800-mst-region] instance 1 vlan 10 [SW8800-mst-region] instance 3 vlan 30 [SW8800-mst-region] instance 4 vlan 40 [SW8800-mst-region] revision-level 0 Manually activate MST region configuration.
3Com Switch 8800 Configuration Guide Chapter 39 802.1x Configuration Chapter 39 802.1x Configuration 39.1 802.1x Overview 39.1.1 802.1x Standard Overview IEEE 802.1x (hereinafter simplified as 802.1x) is a port-based network access control protocol that is used as the standard for LAN user access authentication. In the LANs complying with the IEEE 802 standards, the user can access the devices and share the resources in the LAN through connecting the LAN access control device like the LAN Switch.
3Com Switch 8800 Configuration Guide Chapter 39 802.1x Configuration is to be encapsulated in the packets of other AAA upper layer protocols (e.g. RADIUS) so as to go through the complicated network to reach the Authentication Server. Such procedure is called EAP Relay. There are two types of ports for the Authenticator. One is the Uncontrolled Port, and the other is the Controlled Port. The Uncontrolled Port is always in bi-directional connection state.
3Com Switch 8800 Configuration Guide Chapter 39 802.1x Configuration 802.1x provides an implementation solution of user ID authentication. However, 802.1x itself is not enough to implement the scheme. The administrator of the access device should configure the AAA scheme by selecting RADIUS or local authentication so as to assist 802.1x to implement the user ID authentication. For detailed description of AAA, refer to the corresponding AAA configuration. 39.1.4 Implementing 802.
3Com Switch 8800 Configuration Guide Chapter 39 802.1x Configuration Checking the Users that Log on the Switch via Proxy z Setting Supplicant Number on a Port z Setting the Authentication in DHCP Environment z Configuring Authentication Method for 802.
3Com Switch 8800 Configuration Guide Chapter 39 802.1x Configuration Configuring 802.1x Timers Enabling/Disabling quiet-period Timer z Among the above tasks, the first one is compulsory, otherwise 802.1x will not take any effect. The other tasks are optional. You can perform the configurations at requirements. 39.2.1 Enabling/Disabling 802.1x The following command can be used to enable/disable the 802.1x on the specified port or globally.
3Com Switch 8800 Configuration Guide Chapter 39 802.1x Configuration auto (automatic identification mode, which is also called protocol control mode). That is, the initial state of the port is unauthorized. It only permits EAPoL packets receiving/transmitting and does not permit the user to access the network resources. If the authentication flow is passed, the port will be switched to the authorized state and permit the user to access the network resources.
3Com Switch 8800 Configuration Guide Chapter 39 802.1x Configuration 39.2.4 Checking the Users that Log on the Switch via Proxy The following commands are used for checking the users that log on the switch via proxy. Perform the following configuration in system view or Ethernet port view.
3Com Switch 8800 Configuration Guide Chapter 39 802.1x Configuration Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 39 802.1x Configuration Perform the following configuration in system view or Ethernet interface view. Table 39-8 Enable/Disable Guest VLAN Operation Command vlan-id [ Enable Guest VLAN dot1x guest-vlan interface-list ] interface Disable Guest VLAN undo dot1x guest-vlan vlan-id [ interface interface-list ] Note that: z Guest VLAN is only supported when the switch performs port-based authentication. z A switch can have only one Guest VLAN.
3Com Switch 8800 Configuration Guide Chapter 39 802.1x Configuration 39.2.10 Configuring 802.1x Timers The following commands are used for configuring the 802.1x timers. Perform the following configuration in system view. Table 39-10 Configure 802.
3Com Switch 8800 Configuration Guide Chapter 39 802.1x Configuration supp-timeout-value: Specifies how long the duration of an authentication timeout timer of a Supplicant is. The value ranges from 10 to 120 in units of second and defaults to 30. tx-period: Specifies the transmission timeout timer. After the Authenticator sends the Request/Identity request packet which requests the user name or user name and password together, the tx-period timer of the Authenticator begins to run.
3Com Switch 8800 Configuration Guide Chapter 39 802.1x Configuration Enable the error/event/packet/all debugging of 802.1x debugging dot1x { error | event | packet | all } Disable the error/event/packet/all debugging of 802.1x. undo debugging dot1x { error | event | packet | all } 39.4 802.1x Configuration Example I. Network requirements As shown in Figure 39-2, the workstation of a user is connected to the port Ethernet 3/1/1 of the Switch. The switch administrator will enable 802.
3Com Switch 8800 Configuration Guide Chapter 39 802.1x Configuration II. Network diagram Authentication Servers (RADIUS Server Cluster IP Address: 10.11.1.1 10.11.1.2) Switch Ethernet3/1/1 Supplicant Internet Authenticator Figure 39-2 Enable 802.1x and RADIUS to perform AAA on the supplicant III. Configuration procedure Note: The following examples concern most of the AAA/RADIUS configuration commands. For details, refer to the chapter AAA and RADIUS/TACACS+ Protocol Configuration.
3Com Switch 8800 Configuration Guide Chapter 39 802.1x Configuration [SW8800-radius-radius1] primary accounting 10.11.1.2 Set the IP address of the secondary authentication/accounting RADIUS servers. [SW8800-radius-radius1] secondary authentication 10.11.1.2 [SW8800-radius-radius1] secondary accounting 10.11.1.1 Set the encryption key when the system exchanges packets with the authentication RADIUS server.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide Chapter 40 AAA and RADIUS/TACACS+ Protocol Configuration 40.1 AAA and RADIUS/TACACS+ Protocol Overview 40.1.1 AAA Overview Authentication, Authorization and Accounting (AAA) provide a uniform framework used for configuring these three security functions to implement the network security management.
3Com Switch 8800 Configuration Guide Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration in PSTN environment or Ethernet switch with access function in Ethernet environment), NAS, namely RADIUS client end, will transmit user AAA request to the RADIUS server. RADIUS server has a user database recording all the information of user authentication and network service access.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide Table 40-1 TACACS+ vs. RADIUS TACACS+ RADIUS Adopts TCP, providing more reliable network transmission. Adopts UDP. Encrypts the entire packet except for the standard TACACS+ header. Encrypts only the password field in authentication packets. Separates authentication from authorization. For example, you can use RADIUS to authenticate but TACACS+ to authorize. Binds authentication authorization.
3Com Switch 8800 Configuration Guide z Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration The TACACS server sends back an authentication response, requesting for the login password. Upon receiving the response, the TACACS client requests the user for the login password. z After receiving the login password, the TACACS client sends an authentication continuance packet carrying the login password to the TACACS server.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide TACACS Client User User logs on Requests the user for username The user inputs username Requests the user for password User inputs the password TACACS Server Authentication start packet Authentication response packet, requesting username Authentication continuance packet, sending username to the server Authentication response packet, requesting password Authentication continuance packet, sending password to
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide PC user1 Authentication PC user2 8800 Series ISP1 Accounting Server1 SW5500 PC user3 PC user4 8800 Series Internet ISP2 SW5500 Figure 40-3 Network diagram for using RADIUS to authenticate 40.2 AAA Configuration The following sections describe AAA configuration tasks.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide Switch 8800 ISP domain view, you can configure a complete set of exclusive ISP domain attributes on a per-ISP domain basis, which includes AAA policy ( RADIUS scheme applied etc.) For the Switch 8800, each supplicant belongs to an ISP domain. Up to 16 domains can be configured in the system. If a user has not reported its ISP domain name, the system will put it into the default domain.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide users already online. An ISP is in active state once it is created, that is, at that time, all the users in the domain are allowed to request network services. z Maximum number of supplicants specifies how many supplicants can be contained in the ISP. For any ISP domain, there is no limit to the number of supplicants by default.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide Once this function is enabled on the switch, users can locate the self-service server through the following operations: z Select "Change user password" on the 802.1x client. z After the client opens the default explorer (IE or NetScape), locate the specified URL page used to change the user password on the self-service server. z Change user password on this page.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide 40.2.5 Setting the Attributes of a Local User The attributes of a local user include its password display mode, state, service type and some other settings. I. Setting the password display mode Perform the following configuration in system view.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide Operation Set the priority specified user Command of the level level Restore the default priority of the specified user undo level Configure the attributes of lan-access users attribute { ip ip-address | mac mac-address | idle-cut second | access-limit max-user-number | vlan vlanid | location { nas-ip ip-address port portnum | port portnum }* Remove the attributes defined for the lan-access users undo a
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide Table 40-9 Configure VLAN delivering mode Operation Command Configure the VLAN delivering mode to be of string type private-group-id mode standard Revert to the default VLAN delivering mode. undo private-group-id mode standard By default, a VLAN ID cannot be a string. 40.3 Configuring RADIUS Protocol For the Switch 8800, the RADIUS protocol is configured on the per RADIUS scheme basis.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide Among the above tasks, creating RADIUS scheme and setting IP address of RADIUS server are required, while other takes are optional and can be performed as your requirements. 40.3.1 Creating/Deleting a RADIUS scheme As mentioned above, RADIUS protocol configurations are performed on the per RADIUS scheme basis.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide Table 40-11 Set IP Address and Port Number of RADIUS Server Operation Command Set IP address and port number of primary RADIUS authentication/authorization server. primary authentication ip-address [ port-number ] Restore IP address and port number of primary RADIUS authentication/authorization or server to the default values.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide 4 RADIUS servers, or specify one of the two servers as primary authentication/authorization server and secondary accounting server and the other one as secondary authentication/authorization server and primary accounting server, or you may also set 4 groups of exactly same data so that every server serves as a primary and secondary AAA server.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide Set RADIUS accounting packet encryption key key accounting string Restore the default encryption key undo key accounting RADIUS accounting packet By default, the encryption keys of RADIUS authentication/authorization and accounting packets are all “3Com”. 40.3.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide By default, RADIUS request packet will be retransmitted up to three times. 40.3.6 Enabling the Selection Of Radius Accounting Option If no RADIUS server is available or if RADIUS accounting server fails when the accounting optional is configured, the user can still use the network resource, otherwise, the user will be disconnected. Perform the following configuration in RADIUS scheme view.
3Com Switch 8800 Configuration Guide Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration Table 40-17 Recommended real-time accounting intervals for different number of users Number of users Real-time accounting interval in minutes 1 to 99 3 100 to 499 6 500 to 999 12 ≥1000 ≥15 By default, minute is set to 12 minutes. 40.3.8 Setting the Maximum Times of Real-time Accounting Request Failing to be Responded RADIUS server usually checks if a user is online with timeout timer.
3Com Switch 8800 Configuration Guide Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 40.3.9 Enabling/Disabling Stopping Accounting Request Buffer Because the stopping accounting request concerns account balance and will affect the amount of charge, which is very important for both the subscribers and the ISP, NAS shall make its best effort to send the request to RADIUS accounting server.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide 40.3.11 Setting the Supported Type of RADIUS Server The Switch 8800 supports the standard RADIUS protocol and the extended RADIUS service platforms, such as IP Hotel, 201+ and Portal. You can use the following command to set the supported types of RADIUS servers. Perform the following configuration in RADIUS scheme view.
3Com Switch 8800 Configuration Guide Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 40.3.13 Setting the Username Format Transmitted to RADIUS Server As mentioned above, the supplicants are generally named in userid@isp-name format. The part following “@” is the ISP domain name. The Switch 8800 will put the users into different ISP domains according to the domain names. However, some earlier RADIUS servers reject the username including ISP domain name.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide By default, the default data unit is byte and the default data packet unit is one packet. 40.3.15 Creating/Deleting a Local RADIUS authentication Server RADIUS service, which adopts authentication/authorization/accounting servers to manage users, is widely used in the Switch 8800.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide Configuring TACACS+ Authentication Servers z Configuring TACACS+ Authorization Servers z Configuring TACACS+ Accounting Servers and the Related Attributes z Configuring the Source Address for TACACS+ Packets Sent by NAS z Setting a Key for Securing the Communication with TACACS Server z Setting the Username Format Acceptable to the TACACS Server z Setting the Unit of Data Flows Destined for the TACACS
3Com Switch 8800 Configuration Guide Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 40.4.2 Configuring TACACS+ Authentication Servers Perform the following configuration in TACACS+ view.
3Com Switch 8800 Configuration Guide Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration Note: If only authentication and accounting servers are configured and no authorization server is configured, both authentication and accounting can be performed normally for the ftp, telnet, and ssh users, but the priority of these users is 0 (that is, the lowest privilege level) by default, The primary and secondary authorization servers cannot use the same IP address. The default port number is 49.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide Table 40-30 Configure stop-accounting packet retransmission Operation Command Enable stop-accounting packet retransmission and set the allowed maximum number of transmission attempts retry stop-accounting retry-times Disable stop-accounting packet retransmission undo retry stop-accounting Clear the stop-accounting request packets that have no response reset stop-accounting-buffer TACACS+-scheme TACACS+-sc
3Com Switch 8800 Configuration Guide Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration Table 40-32 Set a key for securing the communication with the TACACS+ server Operation Command Configure a key for securing the communication with the accounting, authorization or authentication server key { accounting | authorization | authentication } string Delete the configuration undo key { accounting | authorization | authentication } No key is configured by default. 40.4.
3Com Switch 8800 Configuration Guide Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 40.4.9 Setting Timers Regarding TACACS Server I. Setting the response timeout timer Since TACACS+ is implemented on the basis of TCP, server response timeout or TCP timeout may terminate the connection to the TACACS server. Perform the following configuration in TACACS+ view.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide Table 40-37 Set a real-time accounting interval Operation Command Set a real-time accounting interval timer realtime-accounting minutes Restore the default real-time accounting interval undo timer realtime-accounting The interval is in minutes and must be a multiple of 3.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide Operation Command Display related information of user’s connection display connection { access-type { dot1x | gcm } | domain isp-name | interface interface-type interface-number | ip ip-address | mac mac-address | radius-scheme radius-scheme-name | vlan vlanid | ucibindex ucib-index | user-name user-name } Display related information of the local user display local-user [ domain isp-name | idle-cut { disabl
3Com Switch 8800 Configuration Guide Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration Operation Command Enable debugging of local RADIUS authentication server debugging local-server { all | error | event | packet } Disable debugging of local RADIUS authentication server undo debugging local-server { all | error | event | packet } Enable TACACS+ debugging debugging TACACS+ { all | error | event | message | receive-packet | send-packet } Disable TACACS+ debugging undo debugging TACACS+ { a
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide II. Network Topology Authentication Servers ( IP address:10.110.91.164 ) Switch Internet Internet telnet user Figure 40-4 Network diagram for the remote RADIUS authentication of Telnet users III. Configuration procedure Add a Telnet user. Omitted Note: For details about configuring FTP and Telnet users, refer to User Interface Configuration of Getting Started Operation in this manual.
Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration 3Com Switch 8800 Configuration Guide 40.6.2 Configuring Authentication at Local RADIUS Authentication Server Local RADIUS authentication of Telnet/FTP users is similar to the remote RADIUS authentication described in section 40.6.1 . But you should modify the server IP address in Figure 40-4 of section 40.6.1 to 127.0.0.1, authentication password to 3Com, the UDP port number of the authentication server to 1645.
3Com Switch 8800 Configuration Guide Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration III. Configuration procedure Configure the Telnet user. Here it is omitted. Note: The configuration of the FTP and Telnet users can refer to User Interface Configuration of Getting Started Operation section of this manual. Configure a TACACS+ scheme. [SW8800] TACACS+ scheme hwtac [SW8800-TACACS+-hwtac] primary authentication 10.110.91.164 [SW8800-TACACS+-hwtac] primary authorization 10.110.91.
3Com Switch 8800 Configuration Guide z Chapter 40 AAA and RADIUS/TACACS+ Protocol Con figuration There might be some communication fault between NAS and RADIUS/TACACS+ server, which can be discovered through pinging RADIUS/TACACS+ server from NAS. So please ensure the normal communication between NAS and RADIUS/TACACS+ server. II. Symptom: RADIUS/TACACS+ packet cannot be transmitted to RADIUS/TACACS+ server.
3Com Switch 8800 Configuration Guide Chapter 41 VRRP Configuration Chapter 41 VRRP Configuration 41.1 Introduction to VRRP Virtual Router Redundancy Protocol (VRRP) is a fault-tolerant protocol. In general, a default route (for example, 10.100.10.
3Com Switch 8800 Configuration Guide Chapter 41 VRRP Configuration Network Actual IP address10.100.10.2 Actual IP address10.100.10.3 Master Backup Virtual IP address10.100.10.1 10.100.10.7 Host 1 Ethernet Virtual IP address10.100.10.1 10.100.10.8 Host 2 10.100.10.9 Host 3 Figure 41-2 Network diagram for virtual router This virtual router has its own IP address: 10.100.10.1 (which can be the interface address of a switch within the virtual router).
3Com Switch 8800 Configuration Guide Chapter 41 VRRP Configuration 41.2.1 Enabling/Disabling the Function to Ping the Virtual IP Address This operation enables or disables the function to ping the virtual IP address of the virtual router. The standard protocol of VRRP does not support the ping function, then the user cannot judge with ping command whether an IP address is used by the virtual router.
3Com Switch 8800 Configuration Guide Chapter 41 VRRP Configuration Due to the chips installed, some switches support matching one IP address to multiple MAC addresses. The Switch 8800 not only guarantees correct data forwarding in the sub-net, but also support such function: the user can choose to match the virtual IP address with the real MAC address or virtual MAC address of the routing interface. The following commands can be used to set correspondence between the IP address and the MAC address.
3Com Switch 8800 Configuration Guide Chapter 41 VRRP Configuration The virtual-address can be an unused address in the network segment where the virtual router resides, or the IP address of an interface in the virtual router. If the IP address is of the switch in the virtual router, it can also be configured as virtual-address. In this case, the switch will be called an IP Address Owner. When adding the first IP address to a virtual router, the system will create a new virtual router accordingly.
3Com Switch 8800 Configuration Guide Chapter 41 VRRP Configuration is higher than that of the current Master switch. Accordingly, the former Master switch will become the Backup switch. Together with preemption settings, a delay can also be set. In this way, a Backup will wait for a period of time before becoming a Master. In an unstable network if the Backup switch has not received the packets from the Master switch punctually, it will become the Master switch.
3Com Switch 8800 Configuration Guide Chapter 41 VRRP Configuration to authenticate the VRRP packets. In this case an authentication key not exceeding 8 characters should be configured. Those packets failing to pass the authentication will be discarded and a trap packet will be sent to the network management system. Perform the following configuration in VLAN interface view.
3Com Switch 8800 Configuration Guide Chapter 41 VRRP Configuration Table 41-8 Configure virtual router timer Operation Command Configure virtual router timer vrrp vrid virtual-router-ID advertise adver-interval timer Clear virtual router timer undo vrrp vrid virtual-router-ID timer advertise By default, adver-interval is configured to be 1. 41.2.9 Configuring Switch to Track a Specified Interface VRRP interface track function has expanded the backup function.
3Com Switch 8800 Configuration Guide Chapter 41 VRRP Configuration 41.3 Displaying and debugging VRRP After the above configuration, execute display command in any view to display the running of the VRRP configuration, and to verify the configuration. Execute debugging command in user view to debug VRRP configuration.
3Com Switch 8800 Configuration Guide Chapter 41 VRRP Configuration II. Networking diagram 10.2.3.1 Host B In te rne t V LAN-interface3: 10.100 .1 0.2 Switch_A VLAN-interf ace2: 202.38.160.1 Switch_B Virt ual IP address: 202.38.160.111 VLAN-int erface2: 202.38.160.2 202.38. 160.3 Host A Figure 41-3 Network diagram for VRRP configuration III. Configuration Procedure Configure switch A Configure VLAN 2. [LSW-A] vlan 2 [LSW-A-vlan2] interface vlan 2 [LSW-A-vlan-interface2] ip address 202.38.160.
3Com Switch 8800 Configuration Guide Chapter 41 VRRP Configuration [LSW-B-vlan-interface2] ip address 202.38.160.2 255.255.255.0 [LSW-B-vlan-interface2] quit Configure VRRP. [LSW-B] vrrp ping-enable [LSW-B] interface vlan 2 [LSW-B-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 [LSW-B-vlan-interface2] vrrp vrid 1 preempt-mode The virtual router can be used soon after configuration. Host A can configure the default gateway as 202.38.160.111.
3Com Switch 8800 Configuration Guide Chapter 41 VRRP Configuration [LSW_A-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 Set the priority for the virtual router. [LSW_A-vlan-interface2] vrrp vrid 1 priority 110 Set the authentication key for the virtual router. [LSW_A-vlan-interface2] vrrp authentication-mode md5 switch Set Master to send VRRP packets every 5 seconds. [LSW_A-vlan-interface2] vrrp vrid 1 timer advertise 5 Track an interface.
3Com Switch 8800 Configuration Guide Chapter 41 VRRP Configuration switch for virtual router 2 and vice versa for switch B. Some hosts employ virtual router 1 as the gateway, while others employ virtual router 2 as the gateway. In this way, both load balancing and mutual backup are implemented. II. Networking diagram See Figure 41-3. III. Configuration Procedure Configure switch A Configure VLAN2. [LSW-A] vlan 2 [LSW-A-vlan2] interface vlan 2 [LSW-A-vlan-interface2] ip address 202.38.160.1 255.255.255.
3Com Switch 8800 Configuration Guide Chapter 41 VRRP Configuration 41.5 Troubleshooting VRRP As the configuration of VRRP is not very complicated, almost all the malfunctions can be found through viewing the configuration and debugging information. Here are some possible failures you might meet and the corresponding troubleshooting methods. I. Fault 1: Frequent prompts of configuration errors on the console This indicates that an incorrect VRRP packet has been received.
3Com Switch 8800 Configuration Guide Chapter 42 HA Configuration Chapter 42 HA Configuration 42.1 Introduction to HA HA (high availability) is to achieve a high availability of the system and to recover the system as soon as possible in the event of Fabric failures so as to shorten the MTBF (Mean Time Between Failure) of the system. The functions of HA are mainly implemented by the application running on the Fabric and slave board.
3Com Switch 8800 Configuration Guide z Chapter 42 HA Configuration Configuring the Load Mode of the Fabric and Slave Board 42.2.1 Restarting the Slave System Manually In the environment in which the slave system is available, the user can restart the slave system manually. Perform the following configuration in user view. Table 42-1 Restart the slave system manually Operation Command Restart the slave system manually slave restart 42.2.
3Com Switch 8800 Configuration Guide Chapter 42 HA Configuration Table 42-3 Enable/Disable automatic synchronization Operation Command Enable automatic synchronization slave auto-update config Disable automatic synchronization undo slave auto-update config By default, the automatic synchronization of system is enabled. 42.2.
3Com Switch 8800 Configuration Guide Chapter 42 HA Configuration Caution: When a single Fabric is in position, the load-balance mode is not effective and the Fabric changes to the load-single mode automatically. 42.3 Displaying and Debugging HA Configuration After the above configuration, execute display command in relevant view to display the running of the ACL configuration, and to verify the configuration. Execute debugging command in user view to enable HA module debugging function.
3Com Switch 8800 Configuration Guide Chapter 43 File System Management Chapter 43 File System Management 43.1 File System Configuration 43.1.1 File System Overview The Ethernet switch provides a file system module for user’s efficient management over the storage devices such as flash memory. The file system offers file access and directory management, mainly including creating the file system, creating, deleting, modifying and renaming a file or a directory and opening a file.
3Com Switch 8800 Configuration Guide Chapter 43 File System Management 43.1.2 Directory Operation The file system can be used to create or delete a directory, display the current working directory, and display the information about the files or directories under a specified directory. You can use the following commands to perform directory operations. Perform the following configuration in user view.
3Com Switch 8800 Configuration Guide Chapter 43 File System Management Caution: When you use the delete command without the unreserved option to delete a file, the file is in fact saved in the recycle bin and still occupies some of the storage space.
3Com Switch 8800 Configuration Guide Chapter 43 File System Management 43.1.5 Setting the Prompt Mode of the File System The following command can be used for setting the prompt mode of the current file system. Perform the following configuration in system view. Table 43-4 File system operation Operation Command Set the file system prompt mode. file prompt { alert | quiet } 43.2 Configuration File Management 43.2.
3Com Switch 8800 Configuration Guide will begin the initialization Chapter 43 File System Management with the default parameters. Relative to the saved-configuration, the configuration in effect during the operating process of the system is called current-configuration. You can use the following commands to display the current-configuration and saved-configuration information of the Ethernet switch. Perform the following configuration in any view.
3Com Switch 8800 Configuration Guide Chapter 43 File System Management 43.2.4 Erasing Configuration Files from Flash Memory The reset saved-configuration command can be used to erase configuration files from Flash Memory. The system will use the default configuration parameters for initialization when the Ethernet switch is powered on for the next time. Perform the following configuration in user view.
3Com Switch 8800 Configuration Guide Chapter 43 File System Management Note: The system supports FTP services over VPN. 43.3.1 FTP Overview FTP (File Transfer Protocol) is a universal method for transmitting files on the Internet and IP networks. In this method, files are copied from one system to another. FTP supports definite file types (such as ASCII and Binary) and file structures (byte stream and record). Even now, FTP is still used widely, while most users transmit files by Email and Web.
3Com Switch 8800 Configuration Guide Chapter 43 File System Management Table 43-11 lists the configuration of the switching as FTP server. Table 43-11 Configuration of the switch as FTP server Device Switch PC Configuration Default Description Start FTP server. FTP server is disabled. You can view the configuration information of FTP server with the display ftp-server command. Configure authentication and authorization for FTP server.
3Com Switch 8800 Configuration Guide Chapter 43 File System Management authorized users. You can use the following commands to configure FTP server authentication and authorization. The authorization information of FTP server includes the top working directory provided for FTP clients. Perform the following configuration in corresponding view.
3Com Switch 8800 Configuration Guide Chapter 43 File System Management 43.3.5 Displaying and Debugging FTP Server After the above configuration, execute display command in any view to display the running of the FTP Server configuration, and to verify the effect of the configuration. Table 43-15 Display and debug FTP Server Operation Command Display FTP server display ftp-server Display the connected FTP users.
3Com Switch 8800 Configuration Guide Chapter 43 File System Management The switch application switch.app is stored on the PC. Using FTP, the switch can download the switch.app from the remote FTP server and upload the vrpcfg.cfg to the FTP server under the switch directory for backup purpose. II. Network diagram Network Switch PC Figure 43-2 Network diagram for FTP configuration III.
3Com Switch 8800 Configuration Guide Chapter 43 File System Management Use the put command to upload the vrpcfg.cfg to the FTP server. [ftp] put vrpcfg.cfg Use the get command to download the switch.app from the FTP server to the Flash directory on the FTP server. [ftp] get switch.app Use the quit command to release FTP connection and return to user view. [ftp] quit Use the boot boot-loader command to specify the downloaded program as the application at the next login and reboot the switch.
3Com Switch 8800 Configuration Guide Chapter 43 File System Management [SW8800] ftp server enable [SW8800] local-user switch [SW8800-luser-switch] service-type ftp ftp-directory flash: [SW8800-luser-switch] password simple hello 2) Run FTP client on the PC and establish FTP connection. Upload the switch.app to the switch under the Flash directory and download the vrpcfg.cfg from the switch. FTP client is not shipped with the switch, so you need to buy it separately.
3Com Switch 8800 Configuration Guide Chapter 43 File System Management Network Switch PC Figure 43-4 TFTP configuration Table 43-17 lists the configuration of the switch as TFTP client. Table 43-17 Configuration of the switch as TFTP client Device Configuration — Switch Configure IP address for the VLAN interface of the switch, in the same network segment as that of TFTP server. TFTP is right for the case where no complicated interactions are required between the client and server.
3Com Switch 8800 Configuration Guide Chapter 43 File System Management 43.4.3 Uploading Files by Means of TFTP To upload a file, the client sends a request to the TFTP server and then transmits data to it and receives the acknowledgement from it. You can use the following commands to upload files. Perform the following configuration in user view.
3Com Switch 8800 Configuration Guide Chapter 43 File System Management system-view [SW8800] Caution: If the Flash Memory of the switch is not enough, you need to first delete the existing programs in the Flash Memory and then upload the new ones. Configure IP address 1.1.1.1 for the VLAN interface, ensure the port connecting the PC is also in this VALN (VLAN 1 in this example). [SW8800] interface vlan 1 [SW8800-vlan-interface1] ip address 1.1.1.1 255.255.255.
3Com Switch 8800 Configuration Guide Chapter 44 MAC Address Table Management Chapter 44 MAC Address Table Management 44.1 MAC Address Table Management Overview An Ethernet Switch maintains a MAC address table for fast forwarding packets. A table entry includes the MAC address of a device and the port ID of the Ethernet switch connected to it. The dynamic entries (not configured manually) are learned by the Ethernet switch.
3Com Switch 8800 Configuration Guide Chapter 44 MAC Address Table Management You can configure (add or modify) the MAC address entries manually according to the actual networking environment. The entries can be static ones or dynamic ones. 44.2 MAC Address Table Management Configuration The following sections describe the MAC address table management configuration tasks.
3Com Switch 8800 Configuration Guide Chapter 44 MAC Address Table Management If aging time is set too short, the Ethernet switch may delete valid MAC address table. You can use the following commands to set the MAC address aging time for the system. Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 44 MAC Address Table Management 44.3.
3Com Switch 8800 Configuration Guide Chapter 44 MAC Address Table Management Sequence number Configuration item 5 Set the maximum number of MAC addresses learned by an Ethernet port, and when the current number of MAC addresses exceeds the threshold value, whether the switch forwards packets or gives the network administrator an alarm, Command [SW8800-EthernetX/1/ X] mac-address max-mac-count count or [SW8800-EthernetX/1/ X]mac-address max-mac-count enable forward alarm Description By default, the
3Com Switch 8800 Configuration Guide Chapter 44 MAC Address Table Management Execute the debugging command in user view to debug MAC address table configuration.
3Com Switch 8800 Configuration Guide Chapter 44 MAC Address Table Management II. Network diagram Internet Network Port Console Port Switch Figure 44-2 Network diagram for address table management configuration III. Configuration procedure Enter the system view of the switch. system-view Add a MAC address (specify the native VLAN, port and state). [SW8800] mac-address static 00e0-fc35-dc71 interface ethernet2/1/2 vlan 1 Set the address aging time to 500s.
3Com Switch 8800 Configuration Guide Chapter 45 Device management Chapter 45 Device management 45.1 Device Management Overview With the device management function, the Ethernet Switch can display the current running state and event debugging information about the slots, thereby implementing the maintenance and management of the state and communication of the physical devices. In addition, there is a command available for rebooting the system, when some function failure occurs. 45.
3Com Switch 8800 Configuration Guide Chapter 45 Device management Table 45-2 Enable the Timing Reboot Function Operation Command Enable the timing reboot function of the switch, and set specified time and date schedule reboot [ yyyy/mm/dd ] Enable the timing reboot function of the switch, and set waiting time schedule reboot delay { hhh:mm | mmm } Cancel the parameter configuration of timing reboot function of the switch undo schedule reboot Check the parameter configuration of the reboot terminal
3Com Switch 8800 Configuration Guide Chapter 45 Device management 45.2.4 Upgrading BootROM You can use followed command to upgrade the BootROM with the BootROM program in the Flash Memory. This configuration task facilitates the remote upgrade. You can upload the BootROM program file from a remote end to the switch by FTP and then use this command to upgrade the BootROM. Perform the following configuration in user view.
3Com Switch 8800 Configuration Guide Chapter 45 Device management main control board of a 16 MB flash, the service processing board cannot be updated according to the original procedure. To update it, you need to execute the following command to download host software containing the app file of service processing board host application to the system’s synchronous dynamic random access memory (SDRAM).
3Com Switch 8800 Configuration Guide Chapter 45 Device management Display CPU occupancy display cpu [slot slot-no ] 45.4 Device Management Configuration Example 45.4.1 Using the Switch as an FTP Client to Implement the Remote Upgrade I. Network requirements The user logs into the switch using Telnet, downloads the application from the FTP server to the flash memory of the switch, and implements remote upgrade using the right commands.
3Com Switch 8800 Configuration Guide Chapter 45 Device management Caution: If the flash memory of the switch is not enough, you need to first delete the existing programs in the flash memory and then download the new ones to the memory. Enter the corresponding command in user view to establish FTP connection. Then enter correct username and password to log into the FTP server. ftp 2.2.2.2 Trying ... Press CTRL+K to abort Connected. 220 WFTPD 2.
3Com Switch 8800 Configuration Guide Chapter 45 Device management 45.4.2 Use the Switch as an FTP Server to Implement the Remote Upgrade I. Network requirements The switch serves as an FTP server and the PC as an FTP client. The configuration on the FTP server is as follows: an FTP user is configured with the name switch, the password hello and the read & write authority over the root directory of the switch. The IP address of a VLAN interface on the switch is 1.1.1.1, and the IP address of the PC is 2.2.
3Com Switch 8800 Configuration Guide Chapter 45 Device management Caution: If the flash memory on the switch is not sufficient, delete the original application program in the flash before uploading the new one into the flash of the switch. 3) After uploading, performs upgrading on the switch. You can use the boot boot-loader command to specify the new file as the application program on the next booting and reboot the switch to implement the upgrading of the application program.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Chapter 46 System Maintenance and Debugging 46.1 Basic System Configuration The basic system configuration and management include: z Switch name setting z System clock setting z Time zone setting z Summer time setting 46.1.1 Setting a Name for a Switch Perform the operation of sysname command in the system view.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Table 46-3 Set the time zone Operation Command Set the local time clock timezone zone_name { add | minus } HH:MM:SS Restore to the default UTC time zone undo clock timezone By default, the UTC time zone is adopted. 46.1.4 Setting the Summer Time You can set the name, starting and ending time of the summer time. Perform the following configuration in user view.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Operation Command display fiber-module Display the information about the optical module connected with a in-place optical port on current frame or display fiber-module [ interface-type interface-number | interface-name ] 46.3 System Debugging 46.3.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Table 46-6 Enabling/Disabling the debugging Operation Command Enable the protocol debugging debugging { all [ timeout interval ] | module-name [ debugging-option ] } Disable the protocol debugging undo debugging { all | module-name [ debugging-option ] } Enable the terminal debugging terminal debugging Disable the terminal debugging undo terminal debugging For more about the usage and format of the debugging command
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging 46.4 Testing Tools for Network Connection 46.4.1 ping The ping command can be used to check the network connection and if the host is reachable. Perform the following configuration in any view.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging 46.4.3 tracert The tracert is used for testing the gateways passed by the packets from the source host to the destination one. It is mainly used for checking if the network is connected and analyzing where the fault occurs in the network.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging The description of the components of log information is as follows: 1) % In practical output, some of the information is started with the % character, which means a logging is necessary. 2) Priority The priority is computed according to following formula: facility*8+severity-1. The default value for the facility is 23. The range of severity is 1~8, and the severity will be introduced in separate section.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Module name Description DEV Device management module DHCP Dynamic host configuration protocol module DIAGCLI Diagnosis module DNS Domain name server module DRVMPLS Multiprotocol label switching drive module DRVL2 Layer 2 drive module DRVL3 Layer 3 drive module DRVL3MC Layer 3 multicast module MPLS MPLS drive module DRVQACL QACL drive module DRVVPLS Virtual private LAN service drive module ETH Ethernet
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Module name Description MPM Multicast port management module MSDP Multicast source discovery protocol module MSTP Multiple spanning tree protocol module NAT Network address translation module NTP Network time protocol module OSPF Open shortest path first module PHY Physical sublayer & physical layer module PPP Point to point protocol module PSSINIT PSSINIT module RDS RADIUS module RM Routing management
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Switch information falls into three categories: log information, debugging information and trap information. The info-center classifies every kind of information into 8 severity or urgent levels. The log filtering rule is that the system prohibits outputting the information whose severity level is greater than the set threshold. The more urgent the logging packet is, the smaller its severity level is.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Logging buffer 4 logbuf snmp 5 snmpagent Log file 6 logfile Note: The settings in the 7 directions are independent from each other. The settings will take effect only after enabling the information center. The info-center of Ethernet Switch has the following features: Support to output log in 7 directions, i.e., Console, monitor to Telnet terminal, z logbuffer, loghost, trapbuffer, and SNMP log file.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Table 46-15 Send the configuration information to the console terminal. Device Default value Configuration description Enable info-center By default, info-center is enabled. Other configurations are valid only if the info-center is enabled.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Table 46-17 Send the configuration information to the log buffer Device Default value Configuration description Enable info-center By default, info-center is enabled. Other configurations are valid only if the info-center is enabled. Set the information output direction to the logbuffer — You can configure the size of the log buffer at the same time.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Set the information output direction to SNMP Network management workstation — — Set information source — You can define which modules and information to be sent out and the time-stamp format of information, and so on. You must turn on the switch of the corresponding module before defining output debugging information.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Table 46-21 Configure to output information to the loghost Operation Command Output information to the loghost info-center loghost host-ip-addr [ channel { channel-number | channel-name } | facility local-number | language { chinese | english } ]* Cancel the configuration of outputting information to loghost undo info-center loghost host-ip-addr Note that the IP address of log host must be correct.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Every channel has been set with a default record, whose module name is default and the module number is 0xffff0000. However, for different channels, the default record may have different default settings of log, trap and debugging. When there is no specific configuration record for a module in the channel, use the default one.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Note: Info-center is enabled by default. After info-center is enabled, system performances are affected when the system processes much information because of information classification and outputting. 2) Configuring to output information to console terminal Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging may have different default settings of log, trap and debugging. When there is no specific configuration record for a module in the channel, use the default one. Note: If you want to view the debugging information of some modules on the switch, you must select debugging as the information type when configuring information source, meantime using the debugging command to turn on the debugging switch of those modules.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Enable terminal display function of trap information terminal trapping Disable terminal display function of trap information undo terminal trapping 46.5.5 Sending the Configuration Information to Telnet Terminal or Dumb Terminal To send configuration information to Telnet terminal or dumb terminal, follow the steps below: 1) Enabling info-center Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Table 46-31 Define information source Operation Command Define information source info-center source { modu-name | default } channel { channel-number | channel-name } [ debug { level severity | state state }* | log { level severity | state state }* | trap { level severity | state state }* ]* Cancel the configuration of information source undo info-center source { modu-name | default | all } channel { channel-number | cha
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging This configuration will affect the timestamp of the displayed information.
3Com Switch 8800 Configuration Guide 1) Chapter 46 System Maintenance and Debugging Enabling info-center Perform the following configuration in system view. Table 46-34 Enable/disable info-center Operation Command Enable info-center info-center enable Disable info-center undo info-center enable Note: Info-center is enabled by default. After info-center is enabled, system performances are affected when the system processes much information because of information classification and outputting.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging modu-name specifies the module name; default represents all the modules; all represents all the information filter configuration in channelnum chunnel except default; level refers to the severity levels; severity specifies the severity level of information. The information with the level below it will not be output. channel-number specifies the channel number and channel-name specifies the channel name.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Disable info-center undo info-center enable Note: Info-center is enabled by default. After info-center is enabled, system performances are affected when the system processes much information because of information classification and outputting. 2) Configuring to output information to the trap buffer Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Every channel has been set with a default record, whose module name is default and the module number is 0xffff0000. However, for different channels, the default record may have different default settings of log, trap and debugging. When there is no specific configuration record for a module in the channel, use the default one.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Note: Info-center is enabled by default. After info-center is enabled, system performances are affected when the system processes much information because of information classification and outputting. 2) Configuring to output information to SNMP NM Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Every channel has been set with a default record, whose module name is default and the module number is 0xffff0000. However, for different channels, the default record may have different default settings of log, trap and debugging. When there is no specific configuration record for a module in the channel, use the default one.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Table 46-46 Display and debug info-center Operation Command Display the content of information channel display channel [ channel-number | channel-name ] Display configuration of system log and memory buffer display info-center Display the attribute of logbuffer and the information recorded in logbuffer display logbuffer [ summary ] [ level [ levelnum | emergencies | alerts | critical | debugging | errors | informationa
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging III. Configuration steps 1) Configuration on the switch Enable info-center [SW8800] info-center enable Set the host with the IP address of 202.38.1.10 as the loghost; set the severity level threshold value as informational, set the output language to English; set that the modules which are allowed to output information are ARP and IP. [SW8800] info-center loghost 202.38.1.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging kill -HUP 147 After the above operation, the switch system can record information in related log files. Note: To configure facility, severity, filter and the file syslog.conf synthetically, you can get classification in great detail and filter the information. 46.5.11 Configuration examples of sending log to Linux loghost I.
3Com Switch 8800 Configuration Guide 2) Chapter 46 System Maintenance and Debugging Configuration on the loghost This configuration is performed on the loghost. Step 1: Perform the following command as the super user (root). mkdir /var/log/SW8800 touch /var/log/SW8800/information Step 2: Edit file /etc/syslog.conf as the super user (root), add the following selector/actor pairs. SW8800 configuration messages local7.
3Com Switch 8800 Configuration Guide Chapter 46 System Maintenance and Debugging Note: To configure facility, severity, filter and the file syslog.conf synthetically, you can get classification in great detail and filter the information. 46.5.12 Configuration Examples of Sending Log to the Console Terminal I.
3Com Switch 8800 Configuration Guide Chapter 47 SNMP Configuration Chapter 47 SNMP Configuration 47.1 SNMP Overview By far, the Simple Network Management Protocol (SNMP) has gained the most extensive application in the computer networks. SNMP has been put into use and widely accepted as an industry standard in practice. It is used for ensuring the transmission of the management information between any two nodes.
3Com Switch 8800 Configuration Guide Chapter 47 SNMP Configuration 1 2 1 1 1 B 2 2 6 5 A Figure 47-1 Architecture of the MIB tree The MIB (Management Information Base) is used to describe the hierarchical architecture of the tree and it is the set defined by the standard variables of the monitored network device. In the above figure, the managed object B can be uniquely specified by a string of numbers {1.2.1.1}. The number string is the Object Identifier of the managed object.
3Com Switch 8800 Configuration Guide MIB attribute Private MIB Chapter 47 SNMP Configuration MIB content References DHCP MIB — QACL MIB — ADBM MIB — RSTP MIB — VLAN MIB — Device management — Interface management — 47.3 Configuring SNMP The following sections describe the SNMP configuration tasks.
3Com Switch 8800 Configuration Guide Chapter 47 SNMP Configuration Table 47-2 Set community names Operation Command Set the community name and the access authority snmp-agent community { read | write } community-name [ [ mib-view view-name ] [ acl acl-list ] ] Remove the community name and the access authority undo snmp-agent community community-name 47.3.
3Com Switch 8800 Configuration Guide Chapter 47 SNMP Configuration Table 47-4 Enable/disable SNMP Agent to send Trap Operation Command Enable the sending of trap(system view) snmp-agent trap enable [ standard [ authentication ] [ coldstart ] [ linkdown ] [ linkup ] | bgp [ backwardtransition ] [ established ] | vrrp [ authfailure | newmaster ] ] Disable the sending of trap(system view) undo snmp-agent trap enable [ standard [ authentication ] [ coldstart ] [ linkdown ] [ linkup ] | bgp [ backwardtran
3Com Switch 8800 Configuration Guide Chapter 47 SNMP Configuration Table 47-6 Set the lifetime of Trap message Operation Command Set lifetime of Trap message snmp-agent trap life seconds Restore lifetime of Trap message undo snmp-agent trap life By default, the lifetime of Trap message is 120 seconds. 47.3.6 Setting the Engine ID of a Local or Remote Device You can use the following commands to set the engine ID of a local or remote device. Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 47 SNMP Configuration 47.3.8 Setting the Source Address of Trap You can use the following commands to set or remove the source address of the trap. Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 47 SNMP Configuration 47.3.10 Creating/Updating View Information or Deleting a View You can specify the view to control the access to the MIB by SNMP manager. You can use either the predefined views or the self-defined views. You can use the following commands to create, update the information of views or delete a view. Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 47 SNMP Configuration 47.4 Displaying and Debugging SNMP After the above configuration, execute the display command in any view to display the running of the SNMP configuration, and to verify the effect of the configuration.
3Com Switch 8800 Configuration Guide Chapter 47 SNMP Configuration II. Network diagram 129.102.149.23 129.102.0.1 NMS Ethernet Figure 47-2 Network diagram for SNMP configuration III. Configuration procedure Enter the system view. system-view Set the community name, group and user. [SW8800] snmp-agent sys-info version all [SW8800] snmp-agent community write public [SW8800] snmp-agent mib include internet 1.3.6.
3Com Switch 8800 Configuration Guide Chapter 47 SNMP Configuration Users can query and configure the Ethernet switch through the network management system. For details, see the manuals for the network management products.
3Com Switch 8800 Configuration Guide Chapter 48 RMON Configuration Chapter 48 RMON Configuration 48.1 RMON Overview Remote Network Monitoring (RMON) is a type of IETF-defined MIB. It is the most important enhancement to the MIB II standard. It mainly used for monitoring the data traffic on a segment and even on a whole network. It is one of the widely used Network Management standards by far.
3Com Switch 8800 Configuration Guide Chapter 48 RMON Configuration Note: Before configuring RMON, you must ensure that the SNMP agent is properly configured. See Chapter 50 SSH Terminal Service for the SNMP agent configuration. The following sections describe the RMON configuration tasks.
3Com Switch 8800 Configuration Guide Chapter 48 RMON Configuration Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 48 RMON Configuration Table 48-4 Add/delete an entry to/from the extended RMON alarm table Operation Command Add an entry to the extended RMON alarm table rmon prialarm entry-number alarm-var [ alarm-des ] sampling-timer { delta | absolute | changeratio } rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 entrytype { forever | cycle cycle-period } [ owner text ] Delete an entry from the extended RMON alarm table
3Com Switch 8800 Configuration Guide Delete an entry from the history control table. Chapter 48 RMON Configuration undo rmon history entry-number History control entry calculates various data at the sampling time interval.You can use the display rmon history command to view the information of the history control entry. 48.2.5 Adding/Deleting an Entry to/from the Statistics Table The RMON statistics management concerns the port usage monitoring and error statistics when using the ports.
3Com Switch 8800 Configuration Guide Chapter 48 RMON Configuration display rmon [ event-number ] Display the event log of RMON eventlog 48.4 RMON Configuration Example I. Network requirements Set an entry in RMON Ethernet statistics table for the Ethernet port performance, which is convenient for network administrators’ query. II. Network diagram Internet Network Port Console Port Switch Figure 48-1 Network diagram for RMON configuration III. Configuration procedure Configure RMON.
3Com Switch 8800 Configuration Guide Chapter 48 RMON Configuration Packets received according to length (in octets): 64 :644 , 65-127 :518 256-511:101 , 512-1023:3 48-7 , 128-255 :688 , 1024-1518:0
3Com Switch 8800 Configuration Guide Chapter 49 NTP Configuration Chapter 49 NTP Configuration 49.1 Brief Introduction to NTP 49.1.1 NTP Functions As the network topology gets more and more complex, it becomes important to synchronize the clocks of the equipment on the whole network. Network Time Protocol (NTP) is the TCP/IP that advertises the accurate time throughout the network.
3Com Switch 8800 Configuration Guide z Chapter 49 NTP Configuration Before synchronizing the system clocks on Ethernet Switch A and B, the clock on Ethernet Switch A is set to 10:00:00am, and that on B is set to 11:00:00am. z Ethernet Switch B serves as an NTP time server. That is, Ethernet Switch A synchronizes the local clock with the clock of B. z It takes 1 second to transmit a data packet from either A or B to the opposite end.
3Com Switch 8800 Configuration Guide Chapter 49 NTP Configuration time server of the local equipment. In this case the local Ethernet Switch works as an NTP client. If you set a remote server as a peer of the local Ethernet Switch, the local equipment operates in symmetric active mode. If you configure an interface on the local Ethernet Switch to transmit NTP broadcast packets, the local Ethernet Switch will operates in broadcast mode.
3Com Switch 8800 Configuration Guide Chapter 49 NTP Configuration II. Configuring NTP Peer Mode Set a remote server whose ip address is ip-address as the peer of the local equipment. In this case, the local equipment operates in symmetric active mode. ip-address specifies a host address other than a broadcast, multicast or reference clock IP address. In this mode, both the local Ethernet Switch and the remote server can synchronize their clocks with the clock of opposite end.
3Com Switch 8800 Configuration Guide Chapter 49 NTP Configuration IV. Configuring NTP Broadcast Client Mode Designate an interface on the local Ethernet Switch to receive NTP broadcast messages and operate in broadcast client mode. The local Ethernet Switch listens to the broadcast from the server. When it receives the first broadcast packets, it starts a brief client/server mode to switch messages with a remote server for estimating the network delay.
3Com Switch 8800 Configuration Guide Chapter 49 NTP Configuration VI. Configuring NTP Multicast Client Mode Designate an interface on the local Ethernet Switch to receive NTP multicast messages and operate in multicast client mode. The local Ethernet Switch listens to the multicast from the server. When it receives the first multicast packets, it starts a brief client/server mode to switch messages with a remote server for estimating the network delay.
3Com Switch 8800 Configuration Guide Chapter 49 NTP Configuration Table 49-8 Configure NTP authentication key Operation Command Configure NTP authentication key ntp-service authentication-keyid number authentication-mode md5 value Remove NTP authentication key undo ntp-service number authentication-keyid Key number number ranges from 1 to 4294967295; the key value contains 1 to 32 ASCII characters. 49.2.
3Com Switch 8800 Configuration Guide Chapter 49 NTP Configuration ntp-service unicast-server or ntp-service unicast-peer command also designates a transmitting interface, use the one designated by them. 49.2.6 Setting NTP Master Clock This configuration task is to set the external reference clock or the local clock as the NTP master clock. Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Chapter 49 NTP Configuration server: Allow local NTP time service request and control query. However, the local clock will not be synchronized by a remote server. peer: Allow local NTP time service request and control query. And the local clock will also be synchronized by a remote server. 49.2.8 Setting Maximum Local Sessions This configuration task is to set the maximum local sessions. Perform the following configurations in system view.
3Com Switch 8800 Configuration Guide Chapter 49 NTP Configuration 49.4 NTP Configuration Example 49.4.1 Configuring a NTP Server I. Network requirements On SW88001, set local clock as the NTP master clock at stratum 2. On SW88002, configure SW88001 as the time server in server mode and set the local equipment as in client mode. (Note: SW88001 supports to configure the local clock as the master clock) II. Network diagram Vlan-interface2: 3.0.1.31 Vlan-interface2: 1.0.1.11 Quidway1 1.0.1.2 3.0.1.
3Com Switch 8800 Configuration Guide Chapter 49 NTP Configuration clock stratum: 16 reference clock ID: none nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^17 clock offset: 0.0000 ms root delay: 0.00 ms root dispersion: 0.00 ms peer dispersion: 0.00 ms reference time: 00:00:00.000 UTC Jan 1 1900(00000000.
3Com Switch 8800 Configuration Guide Chapter 49 NTP Configuration II. Network diagram See Figure 7-2. III. Configuration procedure Configure Ethernet Switch SW88003: Enter system view. system-view Set the local clock as the NTP master clock at stratum 2. [SW88003] ntp-service refclock-master 2 Configure Ethernet Switch SW88004: Enter system view. system-view Set SW88001 as the NTP server at stratum 3 after synchronization. [SW88004] ntp-service unicast-server 3.0.1.
3Com Switch 8800 Configuration Guide Chapter 49 NTP Configuration Reference time: 19:21:32.287 UTC Oct 24 2004(C5267F3C.49A61E0C) By this time, SW88004 has been synchronized by SW88005 and it is at stratum 2, or higher than SW88005 by 1. Display the sessions of SW88004 and you will see SW88004 has been connected with SW88005. [Quidwa4] display ntp-service sessions source reference stra reach poll now offset delay disper ******************************************************************** [12345]3.0.
3Com Switch 8800 Configuration Guide Chapter 49 NTP Configuration Configure Ethernet Switch SW88001: Enter system view. system-view Enter Vlan-interface2 view. [SW88001] interface vlan-interface 2 [SW88001-Vlan-Interface2] ntp-service broadcast-client The above examples configured SW88004 and SW88001 to listen to the broadcast through Vlan-interface2, SW88003 to broadcast packets from Vlan-interface2.
3Com Switch 8800 Configuration Guide Chapter 49 NTP Configuration their respective Vlan-interface2. (Note: SW88003 supports to configure the local clock as the master clock) II. Network diagram See Figure 7-2. 1) Configuration procedure Configure Ethernet Switch SW88003: Enter system view. system-view Set the local clock as a master NTP clock at stratum 2. [SW88003] ntp-service refclock-master 2 Enter Vlan-interface2 view. [SW88003] interface vlan-interface 2 Set it as a multicast server.
3Com Switch 8800 Configuration Guide Chapter 49 NTP Configuration 49.4.5 Configure Authentication-Enabled NTP Server Mode I. Network requirements SW88001 sets the local clock as the NTP master clock at stratum 2. SW88002 sets SW88001 as its time server in server mode and itself in client mode and enables authentication. (Note: SW88001 supports to configure the local clock as the master clock) II. Network diagram See Figure 7-2. III.
3Com Switch 8800 Configuration Guide [SW88001] ntp-service Chapter 49 NTP Configuration authentication-keyid 42 authentication-mode aNiceKey Configure the key as reliable.
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service Chapter 50 SSH Terminal Service 50.1 SSH Terminal Service 50.1.1 SSH Overview This chapter introduces the secure shell (SSH) feature. When a user telnets to the switch from an insecure network, the SSH feature can provide secure information and powerful authentication functionality, thereby protecting the switch from attacks such as IP address spoofing and clear text password interception attacks.
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service W orkstation Local switch Local Ethernet Laptop Server W orkstation PC SSH client WAN Remote Ethernet Remote switch SSH server Laptop PC Server Figure 50-2 Establish an SSH channel through a WAN To establish an SSH authentication secure connection, the server and the client must go through the following five phases: 1) Version number negotiation: z The client sends a TCP connection request.
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service The server initiates a procedure to authenticate the user. If the server is configured z not to authenticate the user, the process proceeds to session request phase directly. The client employs an authentication mode to authenticate the server till the z authentication succeeds or the server tears down the connection because of timeout. Note: SSH provides two authentication modes: password authentication and RSA authentication.
3Com Switch 8800 Configuration Guide Num Chapter 50 SSH Terminal Service Item Command Description 2 Entering VTY type of user interface view [SW8800] vty X X user-interface 3 Configure the protocol supported by current user interface [SW8800-ui-vtyX-X] protocol inbound { all | ssh | telnet } Optional 4 Returning to system view [SW8800-ui-vtyX-X] quit – Generating a local RSA key pair [SW8800] local-key-pair create Destroying a local RSA key pair [SW8800] rsa local-key-pair destroy Conf
3Com Switch 8800 Configuration Guide Num Chapter 50 SSH Terminal Service Item Command Description Optional 15 Configure the compatibility mode SSH [SW8800] ssh server compatible_ssh1x enable By default, the server is compatible with the SSH1.x client. I. Configuring the protocol the current user interface supports Use this configuration task to specify the protocol the current user interface supports. Perform the following configuration in VTY user interface view.
3Com Switch 8800 Configuration Guide z Chapter 50 SSH Terminal Service The minimum and maximum lengths for the host key and the server key are 512 bits and 2048 bits respectively. Perform the following configuration in system view. Table 50-3 Generate an RSA key pair Operation Command Generate an RSA key pair rsa local-key-pair create Destroy an RSA key pair rsa local-key-pair destroy Caution: z Generating the RSA key pair of the server is the first step to perform after SSH login.
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service Table 50-5 Configure the updating cycle of the server key Operation Command Configure the updating cycle of the server key ssh server rekey-interval hours Cancel the updating cycle configuration undo ssh server rekey-interval By default, the system does not update the server key. V. Configuring the authentication timeout Use this configuration task to set the authentication timeout of SSH connections.
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service Table 50-8 Public key configuration Operation Command Enter the public key view rsa peer-public-key key-name Exit the public view and return to the system view peer-public-key end Note: The configuration commands are applicable to the environments where the server employs RSA authentication on SSH users. If the server adopts password authentication on SSH users, these configurations are not necessary. VIII.
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service While the Generator is running, move your mouse over the blank area of the window. Save the pair of keys as publickey and privatekey. 50-9 File names are aaa.pub and aaa.
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service Convert the file aaa.pub into key configuration data in Hex.
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service X. Exiting the public key edit view Use this configuration task to return from the public key edit view to the public key view and save the input public key. Before saving the input public key, the system will check the validity of the key: z If the public key string contains any illegal character, the configured key is invalid; z If the configured key is valid, it will be saved to the public key list.
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service 50.1.3 SSH Client Configuration The following sections describe the SSH client configuration tasks. z Set to perform the first-time authentication on the SSH server to be accessed z Specifying the public key of the server z Configuring the first-time authentication of the server I.
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service Perform the following configuration in system view. Table 50-16 Configure the first-time authentication of the server Operation Command Configure the first-time authentication of the server ssh client first-time enable Cancel the first-time authentication of the server undo ssh client first-time By default, the client does not perform the first-time authentication. 50.1.
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service II. Network diagram Switch PC SSH server SSH client Figure 50-3 Network diagram for SSH server III. Configuration procedure 1) Generate the RSA key. [SW8800] rsa local-key-pair create Note: If the configuration for generating the local key has already been completed, skip this step. 2) Set the user login authentication mode.
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service Note: You can use the default values for SSH authentication timeout and retries. After completing the above configurations, you can run the SSH 2.0-enabled client software on any other terminal connected with the switch and access the switch with the username client001 and password 3Com. z RSA public key authentication. Create the local user client001, and set the authentication mode of the user interface to AAA.
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service 50.1.6 SSH Client Configuration Example I. Network requirements As shown in Figure 50-4: z Switch A is used as an SSH client. z Switch B is used as the SSH server, and the IP address is 10.165.87.136. II. Network diagram Switch B SSH server IP address : 10.165.87.136 Switch A SSH client PC Figure 50-4 Network diagram for SSH client III.
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service [SW8800] ssh client first-time enable Access the remote server and perform operations. z Employ RSA public key authentication mode, and start using the corresponding encryption algorithm configured. [SW8800] ssh2 10.165.87.136 22 perfer_kex dh_group1 perfer_ctos_cipher des perfer_stoc_cipher 3des perfer_ctos_hmac md5 perfer_stoc_hmac md5 Please input the username: client003 Trying 10.165.87.136...
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service Table 50-18 Configure the service type to be used Operation Command Configure the service type to be used ssh user username { telnet | sftp | all } service-type Restore the default service type undo ssh user username service-type By default, the service type is telnet. II. Starting the SFTP server Perform the following configuration in system view.
3Com Switch 8800 Configuration Guide Num Chapter 50 SSH Terminal Service Item Command Description sftp-client> bye 3 Shut down the SFTP client Optional sftp-client> exit sftp-client> quit 4 5 SFTP directory operation SFTP file operation Chang the current directory sftp-client> [remote-path ] Return to the upper directory sftp-client> cdup Display the current directory sftp-client> pwd Display the file list in the specified directory sftp-client> [remote-path ] dir sftp-client> [remote
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service Perform the following configuration in system view. Table 50-21 Start the SFTP client Operation Start the client Command SFTP sftp ipaddr [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | 3des | aes128 } ] [ prefer_stoc_cipher { des | 3des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ] II.
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service Operation Command directory ls [ remote-path ] Create a new directory on the server mkdir remote-path Delete a directory from the server rmdir remote-path Note: The dir command and the ls command have the same functionality. IV. SFTP file operations As shown in Table 50-24, available SFTP file operations include: change the name of a file, download a file, upload a file, display the list of files, and delete a file.
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service Table 50-25 Display help information for client commands Operation Command Display help information for client commands help [ command-name ] 50.2.4 SFTP Configuration Example I. Network requirements As shown in Figure 50-5: z Switch B is used as the SFTP server, and its IP address is 10.111.27.91; z Switch B is used as the SFTP client; z An SFTP user is configured with the username 8040 and password SW8800. II.
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service [SW8800-rsa-public-key] public-key-code begin [SW8800-rsa-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463 [SW8800-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913 [SW8800-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4 [SW8800-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC [SW8800-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16 [SW8800-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDD
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service -rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2 -rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1 drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new -rwxrwxrwx 1 noone nogroup 225 Sep 01 06:55 pub Create a new directory new1, and check if the new directory has been created successfully. sftp-client> mkdir new1 New path created sftp-client> dir -rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 vrpcfg.
3Com Switch 8800 Configuration Guide Chapter 50 SSH Terminal Service sftp-client> Exit SFTP.
3Com Switch 8800 Configuration Guide Chapter 51 PoE Configuration Chapter 51 PoE Configuration 51.1 PoE Overview 51.1.1 PoE on the Switch The Switch 8800 supports power-over-Ethernet (PoE). Equipped with external power supply and PoE-capable cards, Switch 8800s can provide 48 VDC power for remote powered devices (PDs, such as IP phones, WLAN APs, and Network cameras) through twisted pairs. z The Switch 8800 supports IEEE802.3af standard.
3Com Switch 8800 Configuration Guide Chapter 51 PoE Configuration 51.1.2 External PSE4500-A Power System If PSE4500-A power system is taken as the external power supply of the switch, the power distribution is as follows: 1) Input voltage: 90 VAC to 160 VAC z One PSU (power supply unit) of the PSE4500-A power system can provide 1200 W of power. 2) Input voltage: 160 VAC to 264 VAC z One PSU of the PSE4500-A power system can provide 2500 W of power.
3Com Switch 8800 Configuration Guide Chapter 51 PoE Configuration Table 51-1 PoE configuration tasks on the Switch 8800 No 1 Item Enter view system Command Description system-view — 2 Enter Ethernet port view interface interface-type interface-number As a result of this command, a port view prompt is displayed, which varies with the port type you selected. 3 Enable PoE on the port poe enable By default, PoE is disabled on a port.
3Com Switch 8800 Configuration Guide Chapter 51 PoE Configuration To cancel the configurations, use the corresponding undo commands. For details about the parameters, refer to the Command Manual. Note: z When setting the maximum PoE power supplied by the switch, you must set it to a value greater than the total power that has been distributed to the cards. Otherwise, the command cannot be executed successfully. The maximum power ranges from 3000 mW to 16800 mW.
3Com Switch 8800 Configuration Guide Chapter 51 PoE Configuration II. Network diagram Figure 51-1 PoE remote power supplying III. Configuration procedure Set the maximum power to 400 W on the card in slot 3. By default, the power of each card is full, so the power on the card in slot 5 need not be configured. [SW8800] poe max-power 400 slot 3 Enable PoE on the ports GigabitEthernet3/1/1 through GigabitEthernet3/1/48.
3Com Switch 8800 Configuration Guide Chapter 52 PoE PSU Supervision Configuration Chapter 52 PoE PSU Supervision Configuration 52.1 Introduction to PoE PSU Supervision The PoE-capable Switch 8800 can monitor the external PoE PSUs through the power supervision module on the PoE external power system. The PoE PSU supervision module enables you to: z Set the alarm thresholds for the AC input voltages of the PoE PSUs. z Set the alarm thresholds for the DC output voltages of the PoE PSUs.
3Com Switch 8800 Configuration Guide Chapter 52 PoE PSU Supervision Configuration Note: z You can set the thresholds to any appropriate values in the range, but make sure the lower threshold is less than the upper threshold. z For 220 VAC input, it is recommended to set the upper threshold to 264 V and the lower threshold to 181 V. z For 110 VAC input, it is recommended to set the upper threshold to 132 V and the lower threshold to 90 V. 52.2.2 AC Input Alarm Thresholds Configuration Example I.
3Com Switch 8800 Configuration Guide Chapter 52 PoE PSU Supervision Configuration 52.3.1 DC Output Alarm Thresholds Configuration Tasks Table 52-2 DC output alarm thresholds configuration tasks No Operation Command Description 1 Enter system view system-view — 2 Set the overvoltage alarm threshold of DC output (upper threshold) for the PoE PSUs poe-power output-thresh upper string Required, and the range is 55.0 V to 57.0 V.
3Com Switch 8800 Configuration Guide Chapter 52 PoE PSU Supervision Configuration [SW8800] poe-power output-thresh lower 45.0 Display the DC output state of the PoE PSUs. [SW8800] display poe-power dc-output state Display the DC output voltage/current values of the PoE PSUs. [SW8800] display poe-power dc-output value 52.4 Displaying PoE Supervision Information After completing the above configurations, you can execute the display command in any view to query the PoE state of the switch.
3Com Switch 8800 Configuration Guide Chapter 52 PoE PSU Supervision Configuration II. Network diagram Figure 52-1 Network diagram for PoE supervision configuration III. Configuration procedure Enter system view. system-view Set the overvoltage alarm threshold of AC input for PoE PSUs to 264.0 V. [SW8800] poe-power input-thresh upper 264.0 Set the undervoltage alarm threshold of AC input for PoE PSUs to 181.0 V. [SW8800] poe-power input-thresh lower 181.
