User's Manual
Table Of Contents
- Chapter 1. INTRODUCTION
- Chapter 2. INSTALLATION
- 2.1 Hardware Description
- 2.2 Installing the Chassis Switch
- 2.2.1 Desktop Installation
- 2.2.2 Rack-mounting Installation
- 2.2.3 Installing the SFP/SFP+ Transceiver
- 2.2.4 Chassis Switch Grounding
- 2.2.5 Module Installation
- 2.2.6 Removing and Installing the Dust Gauze
- 2.2.7 Removing and Installing the Fan Tray
- 2.2.8 Installing and Removing the Power Supply Unit into/from the Compartment
- 2.2.9 Installing Wire Rack in the Chassis Switch
- Chapter 3. Chassis Switch Management
- Chapter 4. Basic Configuration
- 4.1 System Management Configuration
- 4.2 Terminal Configuration
- 4.3 Network Management Configuration
- Chapter 5. Network Management Configuration
- 5.1 Network Management Configuration
- 5.2 LLC2 Configuration Task
- 5.2.1 Configuring Idle Time Value
- 5.2.2 Configuring the Time Value of Waiting for Acknowledgement
- 5.2.3 Configuring Busy Time Value of Remote Terminal
- 5.2.4 Configuring Time Value of Response
- 5.2.5 Configuring the Time of Rejection
- 5.2.6 Configuring the Redial Times
- 5.2.7 Configuring the Size of Window for Resending
- 5.2.8 Configuring the Size of Accumulated Data Packet
- 5.2.9 Setting the Acknowledgement Time-Delay
- 5.2.10 Setting the Maximum Numbers of Acknowledgement
- 5.2.11 Showing LLC2 Link Information
- 5.2.12 Debugging LLC2 Link Information
- 5.2.13 Example of LLC2 Configuration
- 5.2.14 Configuring SDLC as Two-Way and Concurrent Mode
- 5.2.15 Configuring SDLC Timer and Re-Sending Times
- 5.2.16 Configuring the Number of SDLC Frame and Information Frame
- 5.2.17 Controlling the Size of Cache
- 5.2.18 Controlling the polling of slave station
- 5.2.19 Configuring SDLC Interface as Half-Duplex Mode
- 5.2.20 Configuring XID Value
- 5.2.21 Configuring the Maximum Value of SDLC Information Frame
- 5.2.22 Monitoring SDLC Workstation
- Chapter 6. Security Configuration
- 6.1 AAAConfiguration
- 6.1.1 AAA Overview
- 6.1.2 AAA Configuration Process
- 6.1.3 AAA Authentication Configuration Task List
- 6.1.4 AAA Authentication Configuration Task
- 6.1.4.1 Configuring Login Authentication Using AAA
- 6.1.4.2 Enabling Password Protection at the Privileged Level
- 6.1.4.3 Configuring Message Banners for AAA Authentication
- 6.1.4.4 Configuring a Login Banner
- 6.1.4.5 Configuring a Failed-Login Banner
- 6.1.4.6 Instruction
- 6.1.4.7 AAA authentication username-prompt
- 6.1.4.8 AAA authentication password-prompt
- 6.1.4.9 Establishing Username Authentication
- 6.1.4.10 Enabling password
- 6.1.5 AAA Authentication Configuration Example
- 6.1.6 AAA Authorization Configuration Task List
- 6.1.7 AAA Authorization Configuration Task
- 6.1.8 AAA Authorization Example
- 6.1.9 AAA Accounting Configuration Task List
- 6.1.10 AA Accounting Configuration Task
- 6.2 Configuring RADIUS
- 6.3 Web Authentication Configuration
- 6.1 AAAConfiguration
- Chapter 7. Web Configuration
- 7.1 HTTP Switch Configuration
- 7.2 Configuration Preparation
- 7.3 Basic Configuration
- 7.4 Port Config
- 7.5 Layer 2 Configuration
- 7.6 Layer 3 Configuration
- 7.7 Advanced Configuration
- 7.8 Network Management Configuration
- 7.9 Diagnosis Tools
- 7.10 System Management
- Chapter 8. Interface Configuration
- Chapter 9. Interface Range Configuration
- Chapter 10. Port Physical Characteristics Configuration
- Chapter 11. Port Additional Characteristics Configuration Interface Configuration
- Chapter 12. Configuring Port Mirroring
- Chapter 13. Configuring MAC Address Attribute
- Chapter 14. Configuring MAC List
- Chapter 15. Configuring 802.1x
- 15.1 802.1x Configuration Task List
- 15.2 802.1x Configuration Task
- 15.2.1 Configuring 802.1x Port Authentication
- 15.2.2 Configuring 802.1x Multiple Port Authentication
- 15.2.3 Configuring Maximum Times for 802.1x ID Authentication
- 15.2.4 Configuring 802.1x Re-authentication
- 15.2.5 Configuring 802.1x Transmission Frequency
- 15.2.6 Configuring 802.1x User Binding
- 15.2.7 Configuring Authentication Method for 802.1x Port
- 15.2.8 Selecting Authentication Type for 802.1x Port
- 15.2.9 Configuring 802.1x Accounting
- 15.2.10 Configuring 802.1x guest-vlan
- 15.2.11 Forbidding Supplicant with Multiple Network Cards
- 15.2.12 Resuming Default 802.1x Configuration
- 15.2.13 Monitoring 802.1x Authentication Configuration and State
- 15.3 802.1x Configuration Example
- Chapter 16. VLAN Configuration
- Chapter 17. GVRP Configuration
- Chapter 18. Private VLAN Settings
- 18.1 Private VLAN Settings
- 18.2 Overview of Private VLAN
- 18.3 Private VLAN Type and Port Type in Private VLAN
- 18.4 Private VLAN Configuration Task List
- 18.5 Private VLAN Configuration Tasks
- 18.5.1 Configuring Private VLAN
- 18.5.2 Configuring the Association of Private VLAN Domains
- 18.5.3 Configuring the L2 Port of Private VLAN to Be the Host Port
- 18.5.4 Configuring the L2 Port of Private VLAN to Be the Promiscuous Port
- 18.5.5 Modifying Related Fields of Egress Packets in Private VLAN
- 18.5.6 Displaying the Configuration Information of Private VLAN
- 18.6 Configuration Example
- Chapter 19. STP Configuration
- 19.1 Configuring STP
- 19.1.1 STP Introduction
- 19.1.2 SSTP Configuratiom Task List
- 19.1.3 SSTP Configuration Task
- 19.1.3.1 Selecting STP Mode
- 19.1.3.2 Disabling/Enabling STP
- 19.1.3.3 Configuring the Switch Priority
- 19.1.3.4 Configuring the Hello Time
- 19.1.3.5 Configuring the Max-Age Time
- 19.1.3.6 Configuring the Forward Delay Time
- 19.1.3.7 Configuring the Port Priority
- 19.1.3.8 Configuring the Path Cost
- 19.1.3.9 Configuring Auto-Designated Port
- 19.1.3.10 Monitoring STP State
- 19.1.4 Configuring VLAN STP
- 19.1.5 RSTP Configuration Task List
- 19.1.6 RSTP Configuration Task
- 19.2 Configuring MTSP
- 19.2.1 MSTP Overview
- 19.2.2 MSTP Configuration Task List
- 19.2.3 MSTP Configuration Task
- 19.2.3.1 Default MSTP Configuration
- 19.2.3.2 Enabling and Disabling MSTP
- 19.2.3.3 Configuring MST Area
- 19.2.3.4 Configuring Network Root
- 19.2.3.5 Configuring Secondary Root
- 19.2.3.6 Configuring Bridge Priority
- 19.2.3.7 Configuring STP Time Parameters
- 19.2.3.8 Configuring Network Diameter
- 19.2.3.9 Configuring Maximum Hop Count
- 19.2.3.10 Configuring Port Priority
- 19.2.3.11 Configuring Path Cost of the Port
- 19.2.3.12 Configuring Port Connection Type
- 19.2.3.13 Activating MST-Compatible Mode
- 19.2.3.14 Restarting Protocol Conversion Check
- 19.2.3.15 Checking MSTP Information
- 19.1 Configuring STP
- Chapter 20. STP Optional Characteristic Configuration
- Chapter 21. Link Aggregation Configuration
- Chapter 22. PDP Configuration
- Chapter 23. LLDP Configuration
- 23.1 LLDP
- 23.1.1 LLDP Introduction
- 23.1.2 LLDP Configuration Task List
- 23.1.3 LLDP Configuration Task
- 23.1.3.1 Disabling / enabling LLDP
- 23.1.3.2 Configuring holdtime
- 23.1.3.3 Configuring timer
- 23.1.3.4 Configuring reinit
- 23.1.3.5 Configuring To-Be-Sent TLV
- 23.1.3.6 Configuring the Transmission or Reception Mode
- 23.1.3.7 Configuring Show-Relative Commands
- 23.1.3.8 Configuring the Deletion Commands
- 23.1.3.9 Configuring Debugging Commands
- 23.1 LLDP
- Chapter 24. FlexLinkLite Configuration
- Chapter 25. BackupLink Configuration
- Chapter 26. EAPS Configuration
- 26.1 Introduction of Fast Ethernet Ring Protection
- 26.2 Fast Ethernet Ring Protection Configuration
- Chapter 27. MEAPS Settings
- 27.1 MEAPS Introduction
- 27.1.1 MEAPS Overview
- 27.1.2 Basic Concepts of MEAPS
- 27.1.2.1 Domain
- 27.1.2.2 Ring
- 27.1.2.3 Major Ring
- 27.1.2.4 Sub Ring
- 27.1.2.5 Control VLAN
- 27.1.2.6 Data VLAN
- 27.1.2.7 Master Node
- 27.1.2.8 Transit Node
- 27.1.2.9 Edge Node and Assistant Node
- 27.1.2.10 Primary Port and Secondary Port
- 27.1.2.11 Transit Port
- 27.1.2.12 Common Port and Edge Port
- 27.1.2.13 FLUSH MAC FDB
- 27.1.2.14 Complete Flag of Ring
- 27.1.3 Types of EAPS Packets
- 27.1.4 Fast Ethernet Ring Protection Mechanism
- 27.2 Fast Ethernet Ring Protection Configuration
- 27.3 Appendix
- 27.1 MEAPS Introduction
- Chapter 28. ELPS Configuration
- Chapter 29. UDLD Configuration
- Chapter 30. IGMP-Snooping Configuration
- 30.1 IGMP-snooping Configuration
- 30.1.1 IGMP-snooping Configuration Task
- 30.1.1.1 Enabling/Disabling IGMP-Snooping of VLAN
- 30.1.1.2 Adding/Deleting Static Multicast Address of VLAN
- 30.1.1.3 Configuring immediate-leave of VLAN
- 30.1.1.4 Configuring the Function to Filter Multicast Message Without Registered Destination Addresss
- 30.1.1.5 Configuring Router Age Timer of IGMP-snooping
- 30.1.1.6 Configuring Response Time Timer of IGMP-Snooping
- 30.1.1.7 Configuring Querier of IGMP-Snooping
- 30.1.1.8 Monitoring and Maintaining IGMP-Snooping
- 30.1.1.9 IGMP-Snooping Configuration Example
- 30.1.1 IGMP-snooping Configuration Task
- 30.1 IGMP-snooping Configuration
- Chapter 31. IGMP-Proxy Configuration
- Chapter 32. MLD-Snooping Configuration
- 32.1 MLD-Snooping Configuration
- 32.1.1 IPv6 Multicast Overview
- 32.1.2 MLD-Snooping Multicast Configuration Tasks
- 32.1.2.1 Enabling/Disabling MLD-Snooping Multicast
- 32.1.2.2 Enabling/Disabling the Solicitation of Hardware Forward of Multicast Group
- 32.1.2.3 Adding/Canceling the Static Multicast Address of VLAN
- 32.1.2.4 Setting Router Age Timer of MLD-Snooping
- 32.1.2.5 Setting Response Time Timer of MLD-Snooping
- 32.1.2.6 Setting the Port of the Static Multicast Router
- 32.1.2.7 Enabling/Disabling Immediate Leave
- 32.1.2.8 Monitoring and Maintaining MLD-Snooping Multicast
- 32.1 MLD-Snooping Configuration
- Chapter 33. OAM Configuration
- Chapter 34. CFM Configuration
- Chapter 35. DHCP-Snooping Configuration
- 35.1 DHCP-Snooping Configuration
- 35.1.1 DHCP-Snooping Configuration Tasks
- 35.1.1.1 Enabling/Disabling DHCP-Snooping
- 35.1.1.2 Enabling DHCP-Snooping in a VLAN
- 35.1.1.3 Setting an Interface to a DHCP-Trusting Interface
- 35.1.1.4 Enabling DAI in a VLAN
- 35.1.1.5 Setting an Interface to an ARP-Trusting Interface
- 35.1.1.6 Enabling Source IP Address Monitoring in a VLAN
- 35.1.1.7 Setting an Interface to the One Which is Trusted by IP Source Address Monitoring
- 35.1.1.8 Configuring the TFTP Server for Backing up Interface Binding
- 35.1.1.9 Configuring a File Name for Interface Binding Backup
- 35.1.1.10 Configuring the Interval for Checking Interface Binding Backup
- 35.1.1.11 Configuring Interface Binding Manually
- 35.1.1.12 L2 Switch Forwarding DHCP Packets
- 35.1.1.13 Monitoring and Maintaining DHCP-Snooping
- 35.1.1.14 Example of DHCP-Snooping Configuration
- 35.1.1 DHCP-Snooping Configuration Tasks
- 35.1 DHCP-Snooping Configuration
- Chapter 36. MACFF Configuration
- Chapter 37. IEEE 1588 Transparent Clock Configuration
- Chapter 38. Layer 2 Tunnel Protocol Configuration
- Chapter 39. Loopback Detection Configuration
- 39.1 Setting Loopback Detection
- 39.1.1 Introduction of Loopback Detection
- 39.1.2 Loopback Detection Configuration Tasks
- 39.1.3 Setting Loopback Detection
- 39.1.3.1 Configuring Loopback Detection Globally
- 39.1.3.2 Configuring Port Loop Check
- 39.1.3.3 Configuring a Port to Conduct Loopback Detection in Specified VLAN
- 39.1.3.4 Configuring the Loopback Detection Interval of Port (Packet transmission interval, controlled port recovery time)
- 39.1.3.5 Configuring Port Control
- 39.1.3.6 Configuring the Destination MAC Address of Loopback Detection Packet
- 39.1.3.7 Configuring Loopback to Exist on a Port by Default
- 39.1.3.8 Displaying the Configuration of Global Loopback Detection
- 39.1.3.9 Displaying the Configuration of Port Loopback Detection
- 39.1.4 Configuration Example
- 39.1 Setting Loopback Detection
- Chapter 40. QoS Configuration
- 40.1 QoS Configuration
- 40.1.1 QoS Overview
- 40.1.2 QoS Configuration Task List
- 40.1.3 QoS Configuration Tasks
- 40.1.3.1 Setting the Global CoS Priority Queue
- 40.1.3.2 Setting the Bandwidth of the CoS Priority Queue
- 40.1.3.3 Setting the Schedule Policy of the CoS Priority Queue
- 40.1.3.4 Configuring the Minimum and Maximum Bandwidths of CoS Priority Queue
- 40.1.3.5 Configuring Weighted Random Early Detection
- 40.1.3.6 Setting the Default CoS Value of a Port
- 40.1.3.7 Setting the CoS Priority Queue of a Port
- 40.1.3.8 Setting the CoS Priority Queue of a Port
- 40.1.3.9 Establishing the QoS Policy Mapping
- 40.1.3.10 Setting the Description of the QoS Policy Mapping
- 40.1.3.11 Setting the Matchup Data Flow of the QoS Policy Mapping
- 40.1.3.12 Setting the Actions of the Match-up Data Flow of the QoS Policy Mapping
- 40.1.3.13 pplying the QoS Policy on a Port
- 40.1.3.14 Displaying the QoS Policy Mapping Table
- 40.1.4 QoS Configuration Example
- 40.1 QoS Configuration
- Chapter 41. DoS Attack Prevention Configuration
- Chapter 42. Attack Prevention Configuration
- Chapter 43. Network Protocol Configuration
- 43.1 Configuring IP Addressing
- 43.1.1 IP Introduction
- 43.1.2 Configuring IP Address Task List
- 43.1.3 Configuring IP Address
- 43.1.3.1 Configuring IP Address at Network Interface
- 43.1.3.2 Configuring Multiple IP Addresses on Network Interface
- 43.1.3.3 Configuring Address Resolution
- 43.1.3.4 Configuring Routing Process
- 43.1.3.5 Configuring Broadcast Message Handling
- 43.1.3.6 Detecting and Maintaining IP Addressing
- 43.1.3.7 IP Addressing Example
- 43.2 Configuring NAT
- 43.3 Configuring DHCP
- 43.3.1 Introduction
- 43.3.2 Configuring DHCP Client
- 43.3.3 Configuring DHCP Server
- 43.3.3.1 DHCP Server Configuration Tasks
- 43.3.3.2 Configuring DHCP Server
- 43.3.3.3 Enabling DHCP server
- 43.3.3.4 Disabling DHCP server
- 43.3.3.5 Configuring ICMP detection parameter
- 43.3.3.6 Configuring database storage parameter
- 43.3.3.7 Configuring DHCP server address pool
- 43.3.3.8 Configuring DHCP server address pool
- 43.3.3.9 Monitoring DHCP server
- 43.3.3.10 Clearing up information about DHCP server
- 43.3.3.11 DHCP Server Configuration Example
- 43.4 IP Service Configuration
- 43.1 Configuring IP Addressing
- Chapter 44. IP ACL Application Configuration
- Chapter 45. Routing Configuration
- 45.1 Configuring RIP
- 45.1.1 Overview
- 45.1.2 Configuring RIP Task List
- 45.1.3 Configuring RIP Tasks
- 45.1.3.1 Starting up RIP
- 45.1.3.2 Allowing RIP Routing to Update the Single-Program Broadcast
- 45.1.3.3 Applying the Offset to the Routing Weight
- 45.1.3.4 Adjusting the Timer
- 45.1.3.5 Specifying the RIP Version Number
- 45.1.3.6 Activating RIP Authentication
- 45.1.3.7 Forbidding Routing summary
- 45.1.3.8 Forbidding the Authentication of the Source IP Address
- 45.1.3.9 Configuring the Maximum Number of Routes
- 45.1.3.10 Aactivating or Forbidding Horizon Split
- 45.1.3.11 Monitoring and Maintaining RIP
- 45.1.4 RIP Configuration Example
- 45.2 Configuring BEIGRP
- 45.2.1 Overview
- 45.2.2 BEIGRP Configuration Task List
- 45.2.3 BEIGRP Configuration Task
- 45.2.3.1 Activating BEIGRP
- 45.2.3.2 Configuring Bandwidth Occupancy Percent
- 45.2.3.3 Regulating Coefficient of BEIGRP Compound Distance
- 45.2.3.4 Regulating the Compound Distance Through Offset
- 45.2.3.5 Disabling Automatic Route summary
- 45.2.3.6 Customizing Routing summary
- 45.2.3.7 Configuring Forwarding Route
- 45.2.3.8 Configuring Other BEIGRP Parameters
- 45.2.3.9 Monitoring and Maintaining BEIGRP
- 45.2.4 BEIGRP Configuration Example
- 45.3 Configuring OSPF
- 45.3.1 Overview
- 45.3.2 OSPF Configuration Task List
- 45.3.3 OSPF Configuration Task
- 45.3.3.1 Starting up OSPF
- 45.3.3.2 Configuring Interface Parameters of OSPF
- 45.3.3.3 Configuring OSPF in Different Physical Networks
- 45.3.3.4 Configuring OSPF Network Type
- 45.3.3.5 Configuring OSPF Area Parameters
- 45.3.3.6 Configuring Routing Summary in the OSPF Area
- 45.3.3.7 Configuring Forwarded Routing Summary
- 45.3.3.8 Generating Default Route
- 45.3.3.9 Choosing Route ID Through the LOOPBACK Interface
- 45.3.3.10 Configuring OSPF Management Distance
- 45.3.3.11 onfiguring Timer for Routing Calculation
- 45.3.3.12 onitoring and Maintaining OSPF
- 45.3.4 OSPF Configuration Example
- 45.4 Configuring BGP
- 45.4.1 Overview
- 45.4.2 BGP Configuration Task
- 45.4.2.1 Configuring Basic BGP Characteristic
- 45.4.2.1.1 Activating BGP Routing Choice
- 45.4.2.1.2 Configuring BGP Neighbor
- 45.4.2.1.3 Configuring BGP Soft Reconfiguration
- 45.4.2.1.4 Resetting BGP Connection
- 45.4.2.1.5 Configuring Synchronization Between BGP and IGPs
- 45.4.2.1.6 Configuring BGP Route Weight
- 45.4.2.1.7 Configuring Neighbor-Based BGP Routing Filtration
- 45.4.2.1.8 Configuring Port-Based BGP Route Filtration
- 45.4.2.1.9 Cancelling BGP-Updated Next Hop Processing
- 45.4.2.2 Configuring Senior BGP Characteristics
- 45.4.2.2.1 Filtering and Modifying Route Update Through Route Map
- 45.4.2.2.2 Configuring Aggregation Addres
- 45.4.2.2.3 Configuring BGP Community Attribute
- 45.4.2.2.4 Configuring Autonomous System Alliance
- 45.4.2.2.5 Configuring Route Reflector
- 45.4.2.2.6 Shutting down peers
- 45.4.2.2.7 Configuring multihop external peers
- 45.4.2.2.8 Setting BGP route management distance
- 45.4.2.2.9 Modifying BGP timer
- 45.4.2.2.10 omparing MED of the routes from different ASs
- 45.4.2.1 Configuring Basic BGP Characteristic
- 45.4.3 Monitoring and Maintaining BGP
- 45.4.4 BGP Configuration Example
- 45.4.4.1 BGP route map example
- 45.4.4.2 BGP neighbor configuration example
- 45.4.4.3 Example for neighbor-based BGP path filtration
- 45.4.4.4 Example for port-based BGP route filtration
- 45.4.4.5 Example for prefix-list-based route filtration configuration
- 45.4.4.6 BGP route aggregation example
- 45.4.4.7 BGP route reflector configuration example
- 45.4.4.8 BGP autonomous system alliance example
- 45.4.4.9 Example for route map using BGP community attribute
- 45.1 Configuring RIP
- Chapter 46. IP Hardware Subnet Routing Configuration
- Chapter 47. IP-PBR Configuration
- Chapter 48. Multi-VRF CE Configuration
- Chapter 49. Reliability Configuration
- 49.1 Configuring Port Backup
- 49.2 Configuring HSRP protocol
- 49.3 Configuring VRRP
- 49.3.1 VRRP Overview
- 49.3.2 VRRP Configuration Task List
- 49.3.3 VRRP Configuration Tasks
- 49.3.3.1 Enabling VRRP
- 49.3.3.2 Configuring the Time of VRRP
- 49.3.3.3 Setting the VRRP Learning Mode
- 49.3.3.4 Configuring the Description String of VRRP
- 49.3.3.5 Configuring the Privilege for VRRP Hot Backup
- 49.3.3.6 Configuring the Preemption Mode
- 49.3.3.7 Configuring the Privilege for Tracking Other Ports
- 49.3.3.8 Configuring the Authentication String
- 49.3.3.9 Monitoring and Maintaining VRRP
- 49.3.4 VRRP Configuration Example
- Chapter 50. Multicast Configuration
- 50.1 Multicast Overview
- 50.2 Basic Multicast Routing Configuration
- 50.2.1 Starting up Multicast Routing
- 50.2.2 Starting up the Multicast Function on the Port
- 50.2.3 Configuring TTL Threshold
- 50.2.4 Cancelling Rapid Multicast Forwarding
- 50.2.5 Configuring Static Multicast Route
- 50.2.6 Configuring IP Multicast Boundary
- 50.2.7 Configuring IP Multicast Rate Control
- 50.2.8 Configuring IP Multicast Helper
- 50.2.9 Configuring Stub Multicast Route
- 50.2.10 Monitoring and Maintaining Multicast Route
- 50.3 IGMP Configuration
- 50.3.1 Overview
- 50.3.2 IGMP Configuration
- 50.3.2.1 Changing Current IGMP Version
- 50.3.2.2 Configuring IGMP Query Interval
- 50.3.2.3 Configuring IGMP Querier Interval
- 50.3.2.4 Configuring Maximum IGMP Response Time
- 50.3.2.5 Configuring IGMP Query Interval for the Last Group Member
- 50.3.2.6 Static IGMP Configuration
- 50.3.2.7 Configuring the IGMP Immediate-leave List
- 50.3.3 IGMP Characteristic Configuration Example
- 50.3.3.1 Example for changing the IGMP version
- 50.3.3.2 IGMP query interval configuration example
- 50.3.3.3 IGMP Querier interval configuration example
- 50.3.3.4 Maximum IGMP response time example
- 50.3.3.5 Example for configuring IGMP query interval for the last group member
- 50.3.3.6 Static IGMP configuration example
- 50.3.3.7 IGMP Immediate-leave list configuration example
- 50.4 PIM-DM Configuration
- 50.5 Configuring PIM-SM
- Chapter 51. IPv6 Configuration
- Chapter 52. ND Configuration
- Chapter 53. RIPNG Configuration
- 53.1 Configuring RIPNG
- 53.1.1 Overview
- 53.1.2 Setting RIPng Configuration Task List
- 53.1.3 RIPng Configuration Tasks
- 53.1.3.1 Allowing to Set the Unicast Routing Protocol
- 53.1.3.2 Enabling a RIPng Case
- 53.1.3.3 Redistributing the Routes of an Unlocal Instance
- 53.1.3.4 Allowing the RIPng Route to Update the Unicasting Broadcast of a Packet
- 53.1.3.5 Applying the Offset on the Routing Weight
- 53.1.3.6 Filtering the Received or Transmitted Routes
- 53.1.3.7 Setting the Management Distance
- 53.1.3.8 Adjusting the Timer
- 53.1.3.9 Summarizing the Routes Manually
- 53.1.3.10 Activating or Forbidding Horizontal Fragmentation
- 53.1.3.11 Monitoring and Maintaining RIPng
- 53.1.4 RIPng Configuration Example
- 53.1 Configuring RIPNG
- Chapter 54. OSPFv3 Configuration
- 54.1 Overview
- 54.2 OSPFv3 Configuration Task List
- 54.3 OSPFv3 Configuration Tasks
- 54.3.1 Enabling OSPFv3
- 54.3.2 Setting the Parameters of the OSPFv3 Interface
- 54.3.3 Setting OSPFv3 on Different Physical Networks
- 54.3.4 Setting the OSPF Network Type
- 54.3.5 Setting the Parameters of the OSPFv3 Domain
- 54.3.6 Setting the Route Summary in the OSPFv3 Domain
- 54.3.7 Setting the Summary of the Forwarded Routes
- 54.3.8 Generating a Default Route
- 54.3.9 Choosing the Route ID on the Loopback Interface
- 54.3.10 Setting the Management Distance of OSPFv3
- 54.3.11 Setting the Timer of Routing Algorithm
- 54.3.12 Monitoring and Maintaining OSPFv3
- 54.4 OSPFv3 Configuration Example
- Chapter 55. BFD Configuration
- Chapter 56. SNTP Configuration
- Chapter 57. Cluster Management Configuration
383
Users Manual of CS-6306R
Chapter 41. DoS Attack Prevention Configuration
DoS Attack Prevention Configuration 41.1
41.1.1 DoS Attack Overview
41.1.1.1 Concept of DoS Attack
The DoS attack is also called the service rejection attack. Common DoS attacks include network bandwidth
attacks and connectivity attacks. DoS attack is a frequent network attack mode triggered by hackers. Its
ultimate purpose is to break down networks to stop providing legal users with normal network services.
DoS attack prevention requires a switch to provide many attack prevention methods to stop such attacks as
Pingflood, SYNflood, Landattack, Teardrop, and illegal-flags-contained TCP. When a switch is under attack, it
needs to judge which attack type it is and handles these attack packets specially, for example, sending them
to CPU and drop them.
41.1.1.2 DoS Attack Type
Hackers will make different types of DoS attack packets to attack the servers. The following are common DoS
attack packets:
41.1.1.3 Ping of Death
Ping of Death is the abnormal Ping packet, which claims its size exceeds the ICMP threshold and causes the
breakdown of the TCP/IP stack and finally the breakdown of the receiving host.
41.1.1.4 TearDrop
TearDrop uses the information, which is contained in the packet header in the trusted IP fragment in the
TCP/IP stack, to realize the attack. IP fragment contains the information that indicates which part of the
original packet is contained, and some TCP/IP stacks will break down when they receive the fake fragment
that contains the overlapping offset.
41.1.1.5 SYN Flood
A standard TCP connection needs to experience three hand-shake processes. A client sends the SYN
message to a server, the server returns the SYN-ACK message, and the client sends the ACK message to the
server after receiving the SYN-ACK message. In this way, a TCP connection is established. SYN flood
triggers the DoS attack when the TCP protocol stack initializes the hand-shake procedure between two hosts.
41.1.1.6 Land Attack
The attacker makes a special SYN message (the source address and the destination address are the same
service address). The SYN message causes the server to send the SYN-ACK message to the sever itself,
hence this address also sends the ACK message and creates a null link. Each of this kinds of links will keep
until the timeout time, so the server will break down. Landattack can be classified into IPland and MACland.