SGS-6340 Series User Manual
Table Of Contents
- Chapter 1 INTRODUCTION
- Chapter 2 INSTALLATION
- Chapter 3 Switch Management
- Chapter 4 Basic Switch Configuration
- Chapter 5 File System Operations
- Chapter 6 Cluster Configuration
- Chapter 7 Port Configuration
- Chapter 8 Port Isolation Function Configuration
- Chapter 9 Port Loopback Detection Function Configuration
- Chapter 10 ULDP Function Configuration
- Chapter 11 LLDP Function Operation Configuration
- Chapter 12 Port Channel Configuration
- Chapter 13 MTU Configuration
- Chapter 14 EFM OAM Configuration
- Chapter 15 PORT SECURITY
- Chapter 16 DDM Configuration
- Chapter 17 LLDP-MED
- Chapter 18 bpdu-tunnel Configuration
- Chapter 19 EEE Energy-saving Configuration
- Chapter 20 VLAN Configuration
- Chapter 21 MAC Table Configuration
- Chapter 22 MSTP Configuration
- Chapter 23 QoS Configuration
- Chapter 24 Flow-based Redirection
- Chapter 25 Flexible Q-in-Q Configuration
- Chapter 26 Layer 3 Management Configuration
- Chapter 27 ARP Scanning Prevention Function Configuration
- Chapter 28 Prevent ARP Spoofing Configuration
- Chapter 29 ARP GUARD Configuration
- Chapter 30 Gratuitous ARP Configuration
- Chapter 31 DHCP Configuration
- Chapter 32 DHCPv6 Configuration
- Chapter 33 DHCP Option 82 Configuration
- Chapter 34 DHCP Option 60 and option 43
- Chapter 35 DHCPv6 Options 37, 38
- Chapter 36 DHCP Snooping Configuration
- Chapter 37 DHCP Snooping Option 82 Configuration
- Chapter 38 IPv4 Multicast Protocol
- Chapter 39 IPv6 Multicast Protocol
- Chapter 40 Multicast VLAN
- Chapter 41 ACL Configuration
- Chapter 42 802.1x Configuration
- 42.1 Introduction to 802.1x
- 42.2 802.1x Configuration Task List
- 42.3 802.1x Application Example
- 42.4 802.1x Troubleshooting
- Chapter 43 The Number Limitation Function of MAC and IP in Port, VLAN Configuration
- Chapter 44 Operational Configuration of AM Function
- Chapter 45 Security Feature Configuration
- 45.1 Introduction to Security Feature
- 45.2 Security Feature Configuration
- 45.2.1 Prevent IP Spoofing Function Configuration Task Sequence
- 45.2.2 Prevent TCP Unauthorized Label Attack Function Configuration Task Sequence
- 45.2.3 Anti Port Cheat Function Configuration Task Sequence
- 45.2.4 Prevent TCP Fragment Attack Function Configuration Task Sequence
- 45.2.5 Prevent ICMP Fragment Attack Function Configuration Task Sequence
- 45.3 Security Feature Example
- Chapter 46 TACACS+ Configuration
- Chapter 47 RADIUS Configuration
- Chapter 48 SSL Configuration
- Chapter 49 IPv6 Security RA Configuration
- Chapter 50 MAB Configuration
- Chapter 51 PPPoE Intermediate Agent Configuration
- Chapter 52 Web Portal Configuration
- Chapter 53 VLAN-ACL Configuration
- Chapter 54 SAVI Configuration
- Chapter 55 MRPP Configuration
- Chapter 56 ULPP Configuration
- Chapter 57 ULSM Configuration
- Chapter 58 Mirror Configuration
- Chapter 59 sFlow Configuration
- Chapter 60 RSPAN Configuration
- Chapter 61 ERSPAN
- Chapter 62 SNTP Configuration
- Chapter 63 NTP Function Configuration
- Chapter 64 Summer Time Configuration
- Chapter 65 DNSv4/v6 Configuration
- Chapter 66 Monitor and Debug
- Chapter 67 Reload Switch after Specified Time
- Chapter 68 Debugging and Diagnosis for Packets Received and Sent by CPU
- Chapter 69 Dying Gasp Configuration
- Chapter 70 PoE Configuration
To
area1, Layer 3 switches SwitchA and SwitchB are both in-area switches, area edge
switches SwitchC and SwitchD are responsible for reporting distance cost to all destination
outside the area, while they are also responsible for reporting the position of the AS edge
Layer 3 switches SwitchD and SwitchF, AS exterior link-state advertisement from SwitchD and
SwitchF are flooded throughout the whole autonomous system. When ASE LSA floods in area
1, those LSAs are included in the area 1 database to get the routes to network N11 and N15.
In addition, Layer 3 SwitchC and SwitchD must summary the topology of area 1 to the
backbone area (area 0, all non-0 areas must be connected via area 0, direct connections are
not allowed), and advertise the networks in area 1 (N1-N4) and the costs from SwitchC and
SwitchD to those networks. As the backbone area is required to keep connected, there must
be a virtual link between backbone Layer 3 Switch10 and Switch11. The area edge Layer 3
switches exchange summary information via the backbone Layer 3 switch, each area edge
Layer 3 switch listens to the summary information from the other edge Layer 3 switches.
Virtual link can not only maintain the connectivity of the backbone area, but also strengthen the
backbone area. For example, if the connection between backbone Layer 3 SwitchG and
Switch10 is cut down, the backbone area will become incontinuous. The backbone area can
become more robust by establishing a virtual link between backbone Layer 3 switches SwitchF
and Switch10. In addition, the virtual link between SwitchF and Switch10 provide a short path
from area 3 to Layer 3 Switch F.
Take area 1 as an example. Assume the IP address of Layer 3 SwitchA is 10.1.1.1, IP address
of Layer 3 Switch B interface VLAN2 is 10.1.1.2, IP address of Layer 3 SwitchC interface
VLAN2 is 10.1.1.3, IP address of Layer 3 SwitchD interface VLAN2 is 10.1.1.4. SwitchA is
connecting to network N1 through Ethernet interface VLAN1 (IP address 20.1.1.1); SwitchB is
connecting to network N2 through Ethernet interface VLAN1 (IP address 20.1.2.1); SwitchC is
connecting to network N4 through Ethernet interface VLAN3 (IP address 20.1.3.1). All the
three addresses belong to area 1. SwitchC is connecting to Layer 3 SwitchE through Ethernet
interface VLAN1 (IP address 10.1.5.1); SwitchD is connecting to Layer 3 SwitchD through
Ethernet interface VLAN1 (IP address 10.1.6.1); both two addresses belong to area 1. Simple
authentication is implemented among Layer 3 switches in area1, edge Layer 3 switches of
area 1 authenticate with the area 0 backbone Layer 3 switches by MD5 authentication.
The followings are just configurations for all Layer 3 switches in area 1, configurations for
Layer 3 switches of the other areas are omitted. The following are the configurations of
SwitchA, SwitchB, SwitchC and SwitchD:
1)Switch A:
Configure IP address for interface vlan2
SwitchA#config
SwitchA(config)# interface vlan 2
SwitchA(config-If-Vlan2)# ip address 10.1.1.1 255.255.255.0
SwitchA(config-If-Vlan2)#exit
26-38