User's Manual
Table Of Contents
- Chapter 1 INTRODUCTION
- Chapter 2 INSTALLATION
- Chapter 3 witch Management
- Chapter 4 Basic Switch Configuration
- Chapter 5 File System Operations
- Chapter 6 Cluster Configuration
- Chapter 7 USB Function Configuration
- Chapter 8 Device Management
- Chapter 9 Port Configuration
- Chapter 10 Port Isolation Function Configuration
- Chapter 11 Port Loopback Detection Function Configuration
- Chapter 12 ULDP Function Configuration
- Chapter 13 LLDP Function Operation Configuration
- Chapter 14 Port Channel Configuration
- Chapter 15 MTU Configuration
- Chapter 16 bpdu-tunnel-protocol Configuration
- Chapter 17 DDM Configuration
- Chapter 18 EFM OAM Configuration
- Chapter 19 LLDP-MED
- Chapter 20 PORT SECURITY
- Chapter 21 QSFP+ Port Split and Combination Configuration
- Chapter 22 VLAN Configuration
- Chapter 23 MAC Table Configuration
- Chapter 24 MSTP Configuration
- Chapter 25 QoS Configuration
- Chapter 26 PBR Configuration
- Chapter 27 IPv6 PBR Configuration
- Chapter 28 Flow-based Redirection
- Chapter 29 Egress QoS Configuration
- Chapter 30 Flexible QinQ Configuration
- Chapter 31 Layer 3 Management Configuration
- Chapter 32 ARP Scanning Prevention Function Configuration
- Chapter 33 Prevent ARP, ND Spoofing Configuration
- Chapter 34 ARP GUARD Configuration
- Chapter 35 Gratuitous ARP Configuration
- Chapter 36 DHCP Configuration
- Chapter 37 DHCPv6 Configuration
- Chapter 38 DHCP option 82 Configuration
- Chapter 39 DHCPv6 option37, 38
- Chapter 40 DHCP Snooping Configuration
- Chapter 41 DHCP option 60 and option 43
- Chapter 42 IPv4 Multicast Protocol
- Chapter 43 IPv6 Multicast Protocol
- Chapter 44 Multicast VLAN
- Chapter 45 ACL Configuration
- Chapter 46 Self-defined ACL Configuration
- Chapter 47 802.1x Configuration
- 47.1 Introduction to 802.1x
- 47.2 802.1x Configuration Task List
- 47.3 802.1x Application Example
- 47.4 802.1x Troubleshooting
- Chapter 48 The Number Limitation Function of MAC and IP in Port, VLAN Configuration
- 48.1 Introduction to the Number Limitation Function of MAC and IP in Port, VLAN
- 48.2 The Number Limitation Function of MAC and IP in Port, VLAN Configuration Task Sequence
- 48.3 The Number Limitation Function of MAC and IP in Port, VLAN Typical Examples
- 48.4 The Number Limitation Function of MAC and IP in Port, VLAN Troubleshooting Help
- Chapter 49 Operational Configuration of AM Function
- Chapter 50 Security Feature Configuration
- 50.1 Introduction to Security Feature
- 50.2 Security Feature Configuration
- 50.2.1 Prevent IP Spoofing Function Configuration Task Sequence
- 50.2.2 Prevent TCP Unauthorized Label Attack Function Configuration Task Sequence
- 50.2.3 Anti Port Cheat Function Configuration Task Sequence
- 50.2.4 Prevent TCP Fragment Attack Function Configuration Task Sequence
- 50.2.5 Prevent ICMP Fragment Attack Function Configuration Task Sequence
- 50.3 Security Feature Example
- Chapter 51 TACACS+ Configuration
- Chapter 52 RADIUS Configuration
- Chapter 53 SSL Configuration
- Chapter 54 IPv6 Security RA Configuration
- Chapter 55 VLAN-ACL Configuration
- Chapter 56 MAB Configuration
- Chapter 57 PPPoE Intermediate Agent Configuration
- Chapter 58 SAVI Configuration
- Chapter 59 Captive Portal Authentication
- 59.1 Captive Portal Authentication Configuration
- 59.2 Accounting Function Configuration
- 59.3 Free-resource Configuration
- 59.4 Authentication White-list Configuration
- 59.5 Automatic Page Pushing after Successful Authentication (it is not supported currently)
- 59.6 http-redirect-filter
- 59.7 Portal Non-perception
- 59.8 Portal Escaping
- Chapter 60 VRRP Configuration
- Chapter 61 IPv6 VRRPv3 Configuration
- Chapter 62 MRPP Configuration
- Chapter 63 ULPP Configuration
- Chapter 64 ULSM Configuration
- Chapter 65 Mirror Configuration
- Chapter 66 RSPAN Configuration
- Chapter 67 SNTP Configuration
- Chapter 68 NTP Function Configuration
- Chapter 69 DNSv4/v6 Configuration
- Chapter 70 Summer Time Configuration
- Chapter 71 Monitor and Debug
- Chapter 72 Reload Switch after Specified Time
- Chapter 73 Debugging and Diagnosis for Packets Received and Sent by CPU
- Chapter 74 VSF
- Chapter 75 SWITCH OPERATION
- Chapter 76 TROUBLESHOOTING
- Chapter 77 APPENDIX A
- Chapter 78 GLOSSARY
Configuration Guide of XGS-5240-Series
31-8
First of all, the 128 bits addressing scheme of IPv6 Protocol can guarantee to provide
enough globally unique IP addresses for global IP network nodes in the range of time and
space. Moreover, besides increasing address space, IPv6 also enhanced many other
essential designs of IPv4.
Hierarchical addressing scheme facilitates Route Aggregation, effectively reduces route
table entries and enhances the efficiency and expansibility of routing and data packet
processing.
The header design of IPv6 is more efficient compared with IPv4. It has less data fields and
takes out header checksum, thus expedites the processing speed of basic IPv6 header. In
IPv6 header, fragment field can be shown as an optional extended field, so that data packets
fragmentation process won’t be done in router forwarding process, and Path MTU Discovery
Mechanism collaborates with data packet source which enhances the processing efficiency of
router.
Address automatic configuration and plug-and-play is supported. Large amounts of hosts
can find network routers easily by address automatic configuration function of IPv6 while
obtaining a globally unique IPv6 address automatically as well which makes the devices using
IPv6 Internet plug-and-play. Automatic address configuration function also makes the
readdressing of existing network easier and more convenient, and it is more convenient for
network operators to manage the transformation from one provider to another.
Support IPSec. IPSec is optional in IPv4, but required in IPv6 Protocol. IPv6 provides
security extended header, which provides end-to-end security services such as access control,
confidentiality and data integrity, consequently making the implement of encryption, validation
and Virtual Private Network easier.
Enhance the support for Mobile IP and mobile calculating devices. The Mobile IP Protocol
defined in IETF standard makes mobile devices movable without cutting the existing
connection, which is a network function getting more and more important. Unlike IPv4, the
mobility of IPv6 is from embedded automatic configuration to get transmission address
(Care-Of-Address); therefore it doesn’t need Foreign Agent. Furthermore, this kind of binding
process enables Correspondent Node communicate with Mobile Node directly, thereby avoids
the extra system cost caused by triangle routing choice required in IPv4.
Avoid the use of Network Address Translation. The purpose of the introduction of NAT
mechanism is to share and reuse same address space among different network segments.
This mechanism mitigates the problem of the shortage of IPv4 address temporally; meanwhile
it adds the burden of address translation process for network device and application. Since the
address space of IPv6 has increased greatly, address translation becomes unnecessary, thus
the problems and system cost caused by NAT deployment are solved naturally.
Support extensively deployed Routing Protocol. IPv6 has kept and extended the supports
for existing Internal Gateway Protocols (IGP for short), and Exterior Gateway Protocols (EGP