Switch User Manual
Table Of Contents
- 00-1Cover.pdf
- 01-CLI Operation.pdf
- 02-Login Operation.pdf
- 1 Logging In to the Switching Engine
- 2 Logging In Through OAP
- 3 Logging In Through Telnet
- 4 Logging In from the Web-Based Network Management System
- 5 Logging In from NMS
- 6 Configuring Source IP Address for Telnet Service Packets
- 7 User Control
- 03-Configuration File Management Operation.pdf
- 04-VLAN Operation.pdf
- 1 VLAN Overview
- 2 VLAN Configuration
- 05-Auto Detect Operation.pdf
- 06-Voice VLAN Operation.pdf
- 07-GVRP Operation.pdf
- 08-Basic Port Configuration Operation.pdf
- 1 Basic Port Configuration
- Ethernet Port Overview
- Configuring Ethernet Ports
- Making Basic Port Configuration
- Configuring Port Auto-Negotiation Speed
- Setting the Ethernet Port Broadcast Suppression Ratio
- Enabling Flow Control on a Port
- Configuring Access Port Attribute
- Configuring Hybrid Port Attribute
- Configuring Trunk Port Attribute
- Disabling Up/Down Log Output on a Port
- Copying Port Configuration to Other Ports
- Configuring a Port Group
- Setting Loopback Detection for an Ethernet Port
- Configuring the Ethernet Port to Run Loopback Test
- Enabling the System to Test Connected Cable
- Configuring the Interval to Perform Statistical Analysis on Port Traffic
- Displaying and Maintaining Ethernet Ports
- Ethernet Port Configuration Example
- Troubleshooting Ethernet Port Configuration
- 1 Basic Port Configuration
- 09-Link Aggregation Operation.pdf
- 1 Link Aggregation Configuration
- 10-Port Isolation Operation.pdf
- 11-Port Security-Port Binding Operation.pdf
- 1 Port Security Configuration
- Port Security Overview
- Port Security Configuration
- Displaying and Maintaining Port Security Configuration
- Port Security Configuration Example
- 2 Port Binding Configuration
- 1 Port Security Configuration
- 12-DLDP Operation.pdf
- 13-MAC Address Table Management Operation.pdf
- 14-MSTP Operation.pdf
- 1 MSTP Configuration
- STP Overview
- MSTP Overview
- Configuring Root Bridge
- Configuration Prerequisites
- Configuring an MST Region
- Specifying the Current Device as a Root Bridge/Secondary Root Bridge
- Configuring the Bridge Priority of the Current Device
- Configuring the Mode a Port Recognizes and Sends MSTP Packets
- Configuring the MSTP Operation Mode
- Configuring the Maximum Hop Count of an MST Region
- Configuring the Network Diameter of the Switched Network
- Configuring the MSTP Time-related Parameters
- Configuring the Timeout Time Factor
- Configuring the Maximum Transmitting Speed on the Current Port
- Configuring the Current Port as an Edge Port
- Specifying Whether the Link Connected to a Port Is Point-to-point Link
- Enabling MSTP
- Configuring Leaf Nodes
- Configuration Prerequisites
- Configuring the MST Region
- Configuring the Mode a Port Recognizes and Sends MSTP Packets
- Configuring the Timeout Time Factor
- Configuring the Maximum Transmitting Speed on the Current Port
- Configuring a Port as an Edge Port
- Configuring the Path Cost for a Port
- Configuring Port Priority
- Specifying Whether the Link Connected to a Port Is a Point-to-point Link
- Enabling MSTP
- Performing mCheck Operation
- Configuring Guard Functions
- Configuring Digest Snooping
- Configuring Rapid Transition
- Configuring VLAN-VPN Tunnel
- STP Maintenance Configuration
- Enabling Trap Messages Conforming to 802.1d Standard
- Displaying and Maintaining MSTP
- MSTP Configuration Example
- VLAN-VPN tunnel Configuration Example
- 1 MSTP Configuration
- 15-802.1x and System Guard Operation.pdf
- 1 802.1x Configuration
- Introduction to 802.1x
- Introduction to 802.1x Configuration
- Basic 802.1x Configuration
- Advanced 802.1x Configuration
- Displaying and Maintaining 802.1x
- Configuration Example
- 2 Quick EAD Deployment Configuration
- 3 System-Guard Configuration
- 1 802.1x Configuration
- 16-AAA Operation.pdf
- 1 AAA Overview
- 2 AAA Configuration
- AAA Configuration Task List
- RADIUS Configuration Task List
- Creating a RADIUS Scheme
- Configuring RADIUS Authentication/Authorization Servers
- Configuring RADIUS Accounting Servers
- Configuring Shared Keys for RADIUS Messages
- Configuring the Maximum Number of RADIUS Request Transmission Attempts
- Configuring the Type of RADIUS Servers to be Supported
- Configuring the Status of RADIUS Servers
- Configuring the Attributes of Data to be Sent to RADIUS Servers
- Configuring the Local RADIUS Authentication Server Function
- Configuring Timers for RADIUS Servers
- Enabling Sending Trap Message when a RADIUS Server Goes Down
- Enabling the User Re-Authentication at Restart Function
- HWTACACS Configuration Task List
- Displaying and Maintaining AAA
- AAA Configuration Examples
- Troubleshooting AAA
- 3 EAD Configuration
- 17-MAC Address Authentication Operation.pdf
- 18-IP Address and Performance Operation.pdf
- 19-DHCP Operation.pdf
- 1 DHCP Overview
- 2 DHCP Relay Agent Configuration
- Introduction to DHCP Relay Agent
- Configuring the DHCP Relay Agent
- Displaying and Maintaining DHCP Relay Agent Configuration
- DHCP Relay Agent Configuration Example
- Troubleshooting DHCP Relay Agent Configuration
- 3 DHCP Snooping Configuration
- DHCP Snooping Overview
- DHCP Snooping Configuration
- Configuring DHCP Snooping
- Configuring DHCP Snooping to Support Option 82
- DHCP-Snooping Option 82 Support Configuration Task List
- Enable DHCP-snooping Option 82 support
- Configure a handling policy for DHCP packets with Option 82
- Configure the storage format of Option 82
- Configure the circuit ID sub-option
- Configure the remote ID sub-option
- Configure the padding format for Option 82
- Configuring IP Filtering
- DHCP Snooping Configuration Example
- Displaying and Maintaining DHCP Snooping Configuration
- 4 DHCP/BOOTP Client Configuration
- 20-ACL Operation.pdf
- 1 ACL Configuration
- ACL Overview
- ACL Configuration
- ACL Assignment
- Displaying and Maintaining ACL
- Examples for Upper-layer Software Referencing ACLs
- Examples for Applying ACLs to Hardware
- 1 ACL Configuration
- 21-QoS-QoS Profile Operation.pdf
- 1 QoS Configuration
- Overview
- QoS Supported by Devices
- QoS Configuration
- QoS Configuration Task List
- Configuring Priority Trust Mode
- Configuring Priority Mapping
- Setting the Priority of Protocol Packets
- Marking Packet Priority
- Configuring Traffic Policing
- Configuring Traffic Shaping
- Configuring Traffic Redirecting
- Configuring VLAN Mapping
- Configuring Queue Scheduling
- Collecting/Clearing Traffic Statistics
- Enabling the Burst Function
- Configuring Traffic Mirroring
- Displaying and Maintaining QoS
- QoS Configuration Example
- 2 QoS Profile Configuration
- 1 QoS Configuration
- 22-Mirroring Operation.pdf
- 23-ARP Operation.pdf
- 24-SNMP-RMON Operation.pdf
- 25-Multicast Operation.pdf
- 1 Multicast Overview
- 2 IGMP Snooping Configuration
- IGMP Snooping Overview
- IGMP Snooping Configuration
- IGMP Snooping Configuration Task List
- Enabling IGMP Snooping
- Configuring the Version of IGMP Snooping
- Configuring Timers
- Configuring Fast Leave Processing
- Configuring a Multicast Group Filter
- Configuring the Maximum Number of Multicast Groups on a Port
- Configuring IGMP Querier
- Suppressing Flooding of Unknown Multicast Traffic in a VLAN
- Configuring Static Member Port for a Multicast Group
- Configuring a Static Router Port
- Configuring a Port as a Simulated Group Member
- Configuring a VLAN Tag for Query Messages
- Configuring Multicast VLAN
- Displaying and Maintaining IGMP Snooping
- IGMP Snooping Configuration Examples
- Troubleshooting IGMP Snooping
- 3 Common Multicast Configuration
- 26-NTP Operation.pdf
- 1 NTP Configuration
- Introduction to NTP
- NTP Configuration Task List
- Configuring NTP Implementation Modes
- Configuring Access Control Right
- Configuring NTP Authentication
- Configuring Optional NTP Parameters
- Displaying and Maintaining NTP Configuration
- NTP Configuration Examples
- 1 NTP Configuration
- 27-SSH Operation.pdf
- 1 SSH Configuration
- SSH Overview
- Configuring the SSH Server
- SSH Server Configuration Tasks
- Configuring the Protocol Support for the User Interface
- Generating/Destroying a RSA or DSA Key Pair
- Exporting the RSA or DSA Public Key
- Creating an SSH User and Specify an Authentication Type
- Specifying a Service Type for an SSH User
- Configuring SSH Management
- Configuring the Client Public Key on the Server
- Assigning a Public Key to an SSH User
- Specifying a Source IP Address/Interface for the SSH Server
- Configuring the SSH Client
- Displaying and Maintaining SSH Configuration
- SSH Configuration Examples
- When the Device Acts as the SSH Server and the Authentication Type is Password
- When the Device Acts as an SSH Server and the Authentication Type is Publickey
- When the Switch Acts as an SSH Client and the Authentication Type is Password
- When the Device Acts as an SSH Client and the Authentication Type is Publickey
- When the Device Acts as an SSH Client and First-time authentication is not Supported
- 1 SSH Configuration
- 28-File System Management Operation.pdf
- 29-FTP-SFTP-TFTP Operation.pdf
- 1 FTP and SFTP Configuration
- Introduction to FTP and SFTP
- FTP Configuration
- SFTP Configuration
- 2 TFTP Configuration
- 1 FTP and SFTP Configuration
- 30-Information Center Operation.pdf
- 1 Information Center
- Information Center Overview
- Information Center Configuration
- Introduction to the Information Center Configuration Tasks
- Configuring Synchronous Information Output
- Configuring to Display the Time Stamp with the UTC Time Zone
- Setting to Output System Information to the Console
- Setting to Output System Information to a Monitor Terminal
- Setting to Output System Information to a Log Host
- Setting to Output System Information to the Trap Buffer
- Setting to Output System Information to the Log Buffer
- Setting to Output System Information to the SNMP NMS
- Displaying and Maintaining Information Center
- Information Center Configuration Examples
- 1 Information Center
- 31-System Maintenance and Debugging Operation.pdf
- 1 Host Configuration File Loading
- 2 Basic System Configuration and Debugging
- 3 Network Connectivity Test
- 4 Device Management
- Introduction to Device Management
- Device Management Configuration
- Displaying and Maintaining the Device Management Configuration
- 32-VLAN-VPN Operation.pdf
- 33-HWPing Operation.pdf
- 34-DNS Operation.pdf
- 35-Smart Link-Monitor Link Operation.pdf
- 36-PoE-PoE Profile Operation.pdf
- 1 PoE Configuration
- PoE Overview
- PoE Configuration
- PoE Configuration Task List
- Enabling the PoE Feature on a Port
- Setting the Maximum Output Power on a Port
- Setting PoE Management Mode and PoE Priority of a Port
- Setting the PoE Mode on a Port
- Configuring the PD Compatibility Detection Function
- Upgrading the PSE Processing Software Online
- Displaying and Maintaining PoE Configuration
- PoE Configuration Example
- 2 PoE Profile Configuration
- 1 PoE Configuration
- 37-Routing Protocol Operation.pdf
- 1 IP Routing Protocol Overview
- 2 Static Route Configuration
- 3 RIP Configuration
- 4 IP Route Policy Configuration
- 38-UDP Helper Operation.pdf
- 39-Appendix.pdf
1-6
rule 0 deny source 192.168.0.1 0
Configuring Advanced ACL
An advanced ACL can filter packets by their source and destination IP addresses, the protocols carried
by IP, and protocol-specific features such as TCP/UDP source and destination ports, ICMP message
type and message code.
An advanced ACL can be numbered from 3000 to 3999. Note that ACL 3998 and ACL 3999 cannot be
configured because they are reserved for cluster management.
Advanced ACLs support analysis and processing of three packet priority levels: type of service (ToS)
priority, IP priority and differentiated services codepoint (DSCP) priority.
Using advanced ACLs, you can define classification rules that are more accurate, more abundant, and
more flexible than those defined for basic ACLs.
Configuration Prerequisites
z To configure a time range-based advanced ACL rule, you need to create the corresponding time
ranges first. For information about of time range configuration, refer to
Configuring Time Range.
z The settings to be specified in the rule, such as source and destination IP addresses, the protocols
carried by IP, and protocol-specific features, are determined.
Configuration Procedure
Follow these steps to define an advanced ACL rule:
To do… Use the command… Remarks
Enter system view
system-view
—
Create an advanced
ACL and enter
advanced ACL view
acl number acl-number
[ match-order { auto | config } ]
Required
config by default
Define an ACL rule
rule [ rule-id ] { permit | deny }
protocol [ rule-string ]
Required
For information about protocol and
rule-string, refer to ACL Command.
Assign a description
string to the ACL rule
rule rule-id comment text
Optional
No description by default
Assign a description
string to the ACL
description text
Optional
No description by default
Note that:
z With the config match order specified for the advanced ACL, you can modify any existent rule. The
unmodified part of the rule remains. With the auto match order specified for the ACL, you cannot
modify any existent rule; otherwise the system prompts error information.
z If you do not specify the rule-id argument when creating an ACL rule, the rule will be numbered
automatically. If the ACL has no rules, the rule is numbered 0; otherwise, it is the maximum rule
number plus one.
z The content of a modified or created rule cannot be identical with the content of any existing rules;
otherwise the rule modification or creation will fail, and the system prompts that the rule already
exists.