User's Manual
Table Of Contents
- Chapter 1 INTRODUCTION
- Chapter 2 INSTALLATION
- Chapter 3 Switch Management
- Chapter 4 Basic Switch Configuration
- Chapter 5 File System Operations
- Chapter 6 Cluster Configuration
- Chapter 7 Port Configuration
- Chapter 8 Port Isolation Function Configuration
- Chapter 9 Port Loopback Detection Function Configuration
- Chapter 10 ULDP Function Configuration
- Chapter 11 LLDP Function Operation Configuration
- Chapter 12 Port Channel Configuration
- Chapter 13 Jumbo Configuration
- Chapter 14 EFM OAM Configuration
- Chapter 15 VLAN Configuration
- Chapter 16 MAC Table Configuration
- Chapter 17 MSTP Configuration
- Chapter 18 QoS Configuration
- Chapter 19 Flow-based Redirection
- Chapter 20 Egress QoS Configuration
- Chapter 21 Flexible Q-in-Q Configuration
- Chapter 22 Layer 3 Forward Configuration
- Chapter 23 ARP Scanning Prevention Function Configuration
- Chapter 24 Prevent ARP, ND Spoofing Configuration
- Chapter 25 ARP GUARD Configuration
- Chapter 26 ARP Local Proxy Configuration
- Chapter 27 Gratuitous ARP Configuration
- Chapter 28 Keepalive Gateway Configuration
- Chapter 29 DHCP Configuration
- Chapter 30 DHCPv6 Configuration
- Chapter 31 DHCP option 82 Configuration
- Chapter 32 DHCPv6 option37, 38
- Chapter 33 DHCP Snooping Configuration
- Chapter 34 Routing Protocol Overview
- Chapter 35 Static Route
- Chapter 36 RIP
- Chapter 37 RIPng
- Chapter 38 OSPF
- Chapter 39 OSPFv3
- Chapter 40 BGP
- 40.1 Introduction to BGP
- 40.2 BGP Configuration Task List
- 40.3 Configuration Examples of BGP
- 40.3.1 Examples 1: configure BGP neighbor
- 40.3.2 Examples 2: configure BGP aggregation
- 40.3.3 Examples 3: configure BGP community attributes
- 40.3.4 Examples 4: configure BGP confederation
- 40.3.5 Examples 5: configure BGP route reflector
- 40.3.6 Examples 6: configure MED of BGP
- 40.3.7 Examples 7: example of BGP VPN
- 40.4 BGP Troubleshooting
- Chapter 41 MBGP4+
- Chapter 42 Black Hole Routing Manual
- Chapter 43 GRE Tunnel Configuration
- Chapter 44 ECMP Configuration
- Chapter 45 BFD
- Chapter 46 BGP GR
- Chapter 47 OSPF GR
- Chapter 48 IPv4 Multicast Protocol
- 48.1 IPv4 Multicast Protocol Overview
- 48.2 PIM-DM
- 48.3 PIM-SM
- 48.4 MSDP Configuration
- 48.4.1 Introduction to MSDP
- 48.4.2 Brief Introduction to MSDP Configuration Tasks
- 48.4.3 Configuration of MSDP Basic Function
- 48.4.4 Configuration of MSDP Entities
- 48.4.5 Configuration of Delivery of MSDP Packet
- 48.4.6 Configuration of Parameters of SA-cache
- 48.4.7 MSDP Configuration Examples
- 48.4.8 MSDP Troubleshooting
- 48.5 ANYCAST RP Configuration
- 48.6 PIM-SSM
- 48.7 DVMRP
- 48.8 DCSCM
- 48.9 IGMP
- 48.10 IGMP Snooping
- 48.11 IGMP Proxy Configuration
- Chapter 49 IPv6 Multicast Protocol
- Chapter 50 Multicast VLAN
- Chapter 51 ACL Configuration
- Chapter 52 802.1x Configuration
- 52.1 Introduction to 802.1x
- 52.2 802.1x Configuration Task List
- 52.3 802.1x Application Example
- 52.4 802.1x Troubleshooting
- Chapter 53 The Number Limitation Function of Port, MAC in VLAN and IP Configuration
- 53.1 Introduction to the Number Limitation Function of Port, MAC in VLAN and IP
- 53.2 The Number Limitation Function of Port, MAC in VLAN and IP Configuration Task Sequence
- 53.3 The Number Limitation Function of Port, MAC in VLAN and IP Typical Examples
- 53.4 The Number Limitation Function of Port, MAC in VLAN and IP Troubleshooting Help
- Chapter 54 Operational Configuration of AM Function
- Chapter 55 TACACS+ Configuration
- Chapter 56 RADIUS Configuration
- Chapter 57 SSL Configuration
- Chapter 58 IPv6 Security RA Configuration
- Chapter 59 VLAN-ACL Configuration
- Chapter 60 MAB Configuration
- Chapter 61 PPPoE Intermediate Agent Configuration
- Chapter 62 SAVI Configuration
- Chapter 63 Web Portal Configuration
- Chapter 64 VRRP Configuration
- Chapter 65 IPv6 VRRPv3 Configuration
- Chapter 66 MRPP Configuration
- Chapter 67 ULPP Configuration
- Chapter 68 ULSM Configuration
- Chapter 69 Mirror Configuration
- Chapter 70 RSPAN Configuration
- Chapter 71 sFlow Configuration
- Chapter 72 SNTP Configuration
- Chapter 73 NTP Function Configuration
- Chapter 74 DNSv4/v6 Configuration
- Chapter 75 Summer Time Configuration
- Chapter 76 Monitor and Debug
- Chapter 77 Reload Switch after Specified Time
- Chapter 78 Debugging and Diagnosis for Packets Received and Sent by CPU
- Chapter 79 VSF
- Chapter 80 PoE Configuration
- Chapter 81 SWITCH OPERATION
- Chapter 82 TROUBLESHOOTING
- Chapter 83 APPENDIX A
- Chapter 84 GLOSSARY
34-3
To achieve routing policy, first we have to define the characteristics of the routing messages to be applied with
routing policies, namely define a group matching rules. We can configure by different properties in the routing
messages such as destination address, the router address publishing the routing messages. The matching
rules can be previously configured to be applied in the routing publishing, receiving and distributing policies.
Five filters are provided in switch: route-map, acl, as-path, community-list and ip-prefix for use. We will
introduce each filter in following sections:
1. route-map
For matching certain properties of the specified routing information and setting some routing prosperities
when the conditions are fulfilled.
Route-map is for controlling and changing the routing messages while also controlling the redistribution
among routes. A route-map consists of a series of match and set commands in which the match command
specifies the conditions required matching, and the set command specifies the actions to be taken when
matches. The route-map is also for controlling route publishing among different route process. It can also
used on policy routing which select different routes for the messages other than the shortest route.
A group matches and set clauses make up a node. A route-map may consist of several nodes each of
which is a unit for matching test. We match among nodes with by sequence-number. Match clauses define
matching rules. The matching objects are some properties of routing messages. Different match clause in
the same node is “and” relation logically, which means the matching test of a node, will not be passed until
conditions in its entire match clause are matched. Set clause specifies actions, namely configure some
properties of routing messages after the matching test is passed.
Different nodes in a route-map is an “or” relation logically. The system checks each node of the route-map
in turn and once certain node test is passed the route-map test will be passed without taking the next node
test.
2. access control list(acl)
ACL (Access Control Lists) is a data packet filter mechanism in the switch. The switch controls the network
access and secure the network service by permitting or denying certain data packet transmitting out from or
into the network. Users can establish a group of rules by certain messages in the packet, in which each rule
to be applied on certain amount of matching messages: permit or deny. The users can apply these rules to
the entrance or exit of specified switch, with which data stream in certain direction on certain port would
have to follow the specified ACL rules in-and-out the switch. Please refer to chapter “ACL Configuration”.
3. Ip-prefix list
The ip-prefix list acts similarly to acl while more flexible and more understandable. The match object of
ip-prefix is the destination address messages field of routing messages when applied in routing messages
filtering.
An ip-prefix is identified by prefix list name. Each prefix list may contain multiple items, each of which
specifies a matching range of a network prefix type and identifies with a sequence-number which specifies
the matching check order of ip-prefix.
In the process of matching, the switch check each items identified by sequence-number in ascending order
and the filter will be passed once certain items is matched( without checking rest items)