3Com 4200G Bedienungsanleitung
- Schauen Sie die Anleitung online durch oderladen Sie diese herunter
- 336 Seiten
- 4.68 mb
Zur Seite of
Ähnliche Gebrauchsanleitungen
-
Switch
3Com 3C16950
60 Seiten 1.53 mb -
Switch
3Com 3500
784 Seiten 5.41 mb -
Switch
3Com 3CR17251-91
8 Seiten 1.09 mb -
Switch
3Com OfficeConnect 3C16792
2 Seiten 0.67 mb -
Switch
3Com OfficeConnect 3C1670500
2 Seiten 1.39 mb -
Switch
3Com Baseline 2226 Plus
2 Seiten 0.07 mb -
Switch
3Com OfficeConnect 3C16710
130 Seiten 0.06 mb -
Switch
3Com 5108M-TP
66 Seiten 0.65 mb
Richtige Gebrauchsanleitung
Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung 3Com 4200G an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von 3Com 4200G, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.
Was ist eine Gebrauchsanleitung?
Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung 3Com 4200G die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.
Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung 3Com 4200G. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.
Was sollte also eine ideale Gebrauchsanleitung beinhalten?
Die Gebrauchsanleitung 3Com 4200G sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts 3Com 4200G
- Den Namen des Produzenten und das Produktionsjahr des Geräts 3Com 4200G
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts 3Com 4200G
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen
Warum lesen wir keine Gebrauchsanleitungen?
Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von 3Com 4200G zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von 3Com 4200G und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service 3Com finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von 3Com 4200G zu überspringen, wie es bei der Papierform passiert.
Warum sollte man Gebrauchsanleitungen lesen?
In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts 3Com 4200G, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.
Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von 3Com 4200G widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.
Inhaltsverzeichnis der Gebrauchsanleitungen
-
Seite 1
3Com ® Stackable Switch Family Advanced Configuration Guide 3Com Switch 5500 3Com Switch 5500G 3Com Switch 4500 3Com Switch 4200G 3Com Switch 4210 www.3Com.com Part Number: 10016492 Rev. AB Published: February 2008[...]
-
Seite 2
3Com Corporation 350 Campus Drive Marlbor ough, MA USA 01752-3064 Copyright © 2006-2008, 3Com Corporation . All rights reserved . No part of this documentati on may be rep roduced in an y form or by any means or used to make any derivative work ( such as translation, transforma tion, or adaptation) without written permissio n from 3Com Corporat io[...]
-
Seite 3
C ONTENTS A BOUT T HIS G UIDE Conventions 9 Related Docum entation 9 Products Supported by this Docu ment 10 1 L OGIN C ONFIGURATION G UIDE Logging In fr om the Console Port 13 Logging In Thr ough T elnet 15 Configuring Login Access Contr ol 18 2 VLAN C ONFIGURATION G UIDE Configuring Port -Based VLAN 21 Configuring Pr otocol-Based VLAN 23 3 IP A D[...]
-
Seite 4
4 3C OM S TACKABLE S WITCHES A DVANCED C ONFIGURATION G UIDE 9 P ORT S ECURITY C ONFIGURATION G UIDE Configuring Port Security autolearn Mode 47 Configuring Port Security mac- authenticati on Mode 48 Configuring Port Security us erlogin-wit houi Mode 51 Configuring Port Security mac-els e-userlogin-secur e-ext Mode 55 10 P ORT B INDING C ONFIGURATI[...]
-
Seite 5
Contents 5 Configuring Anycast RP Application 159 17 802.1 X C ONFIGURATION G UIDE Configuring 802.1x Access Control 165 18 AAA C ONFIGURATION G UIDE Configuring RADIU S Authentication for T elnet User s 169 Configuring Dynamic VLAN Assignme nt with RADIUS Authentication 171 Configuring Local Authentica tion for T elnet Users 173 Configuring HWT AC[...]
-
Seite 6
6 3C OM S TACKABLE S WITCHES A DVANCED C ONFIGURATION G UIDE 25 M IRR ORING C ONFIGURATION G UIDE Local Port Mirroring Configuration 229 Remote Port Mirr oring Configur ation 231 T raf fic Mirr oring Configur ation 236 26 XRN C ONFIGURATION G UIDE XRN Fabric Configuration 239 27 C LUSTER C ONFIGURATION G UIDE Cluster Configuration 247 Network M ana[...]
-
Seite 7
Contents 7 Configuring a Switch as F TP Client 307 Configuring a Switch as TF TP Client 309 34 I NFORMATION C ENTER C ONFIGURATION G UIDE Outputting Log Infor mation to a Unix Log Host 311 Outputting Log Informatio n to a Linux Log Host 313 Outputting Log and T rap Information to a Log Host Thr ough the Same Ch annel 314 Outputting Log Information [...]
-
Seite 8
8 3C OM S TACKABLE S WITCHES A DVANCED C ONFIGURATION G UIDE[...]
-
Seite 9
A BOUT T HIS G UIDE Provides advanced configuration exampl es for the 3Com stackable switches, which includes the following: ■ 3Com Swi tch 55 00 ■ 3Com Swit ch 5500G ■ 3Com Swi tch 45 00 ■ 3Com Swit ch 4200G ■ 3Com Swi tch 42 10 This guide is intended for Qualified Se rvice personnel who are responsible for configuring, using, and managi[...]
-
Seite 10
10 A BOUT T HIS G UIDE ■ 3Com Switch Family Configuration Guides — Describe how to configure your Stackable Switch using the supported protocols and CLI commands. ■ 3Com Switch Family Quick Reference Guides — Pr ovide a summary of command line inte rface (CLI) co mmands that are required for you to manage your Stackable Sw itch . ■ 3Com S[...]
-
Seite 11
Products Supported by this Document 11[...]
-
Seite 12
12 A BOUT T HIS G UIDE[...]
-
Seite 13
1 L OGIN C ONFIGURATION G UIDE n Unless otherwise specified, all the switch es used in the following configuration examples and configuratio n procedures are Switch 5500 (r elease V03.02.04). Logging In from the Console Port Y ou can log in locally from the console por t to configure and ma intain your switch , including configuring other login mod[...]
-
Seite 14
14 C HAPTER 1: L OGIN C ONFIGURATION G UIDE # Set the history command buffer size to 20 for VTY 0. [3Com-ui-vty0] history-command max -size 20 # Set the idle-timeout time of VTY 0 to 6 minutes. [3Com-ui-vty0] idle-timeout 6 ■ Configure an authentication mode for T elnet login The following three authentication modes are available for T eln et log[...]
-
Seite 15
Logging In Th rough Telnet 15 Complete Configuration ■ T elnet login configuration with the authentication mode being none user-interface vty 0 authentication-mode none user privilege level 2 history-command max-size 20 idle-timeout 6 0 screen-length 30 protocol inbound telnet ■ T elnet login configuration wit h the authentication mode being pa[...]
-
Seite 16
16 C HAPTER 1: L OGIN C ONFIGURATION G UIDE Network Diagram Figure 2 T elneting to the switch to configure console login Networking and Configuration Requirements As shown in Figure 2, telnet to the switch to configure console login. The curr ent user level is manage level (level 3). Applicable Products Configuration Pr ocedur e ■ Common configur[...]
-
Seite 17
Logging In Th rough Telnet 17 The following three authentication modes are available for console login: none, password, and scheme. The configurat ion procedures for the three authentication modes are described below: 1 Configure not to authenticate console login users. [3Com] user-interface aux 0 [3Com-ui-aux0] authentication-mode none 2 Configure[...]
-
Seite 18
18 C HAPTER 1: L OGIN C ONFIGURATION G UIDE ■ Console login configuration w ith the authentication mode being scheme # local-user guest password simple 123456 service-type terminal level 2 # user-interface aux 0 authentication-mode scheme user privilege level 2 history-command max-size 20 idle-timeout 6 0 speed 19200 screen-length 30 Precautions [...]
-
Seite 19
Configuring Login Acce ss Control 19 [3Com-acl-basic-2000] rule 1 permit sou rce 10.110.100.52 0 [3Com-acl-basic-2000] rule 2 permit sou rce 10.110.100.46 0 [3Com-acl-basic-2000] rule 3 deny sourc e any [3Com-acl-basic-2000] quit # Reference ACL 2000 to control T elnet login by sour ce IP address. [3Com] user-interface vty 0 4 [3Com-ui-vty0-4] acl [...]
-
Seite 20
20 C HAPTER 1: L OGIN C ONFIGURATION G UIDE[...]
-
Seite 21
2 VLAN C ONFIGURATION G UIDE Configuring Port-Based VLAN The VLAN technology allows you to divide a broadcast LAN into multiple distinct broadc ast domains, each as a virtual work gr oup. Port-based VLAN is the simplest approach to VLAN implementation. The idea is to assign the ports on a switch to dif fer ent VLANs, confining t he pr opagation of [...]
-
Seite 22
22 C HAPTER 2: VLAN C ONFIGURATI ON G UIDE [SwitchA-vlan101] quit [SwitchA] vlan 201 [SwitchA-vlan201] port Ethernet 1/ 0/2 # Configure Ethernet 1/0/3 of Switch A to be a trunk port and to permit the packets carrying the tag of VLAN 101 or VLAN 201 to pass through. [SwitchA-vlan201] quit [SwitchA] interface Ethernet 1/0/3 [SwitchA-Ethernet1/0/3] po[...]
-
Seite 23
Configuring Protocol-Based VLAN 23 # interface Ethernet1/0/11 port access vlan 101 # interface Ethernet1/0/12 port access vlan 201 Precautions ■ After you assign the servers and the workstations to dif ferent VLANs, they cannot communicate with each other . For them to communicate, you need to configure a Layer 3 VLAN interface fo r each of them [...]
-
Seite 24
24 C HAPTER 2: VLAN C ONFIGURATI ON G UIDE Configuration Pr ocedur e # Create VLAN 100 and VLAN 200; a dd Ethernet 1/0/11 to VLAN 100 and Ethern et 1/0/12 to VLAN 20 0. 1 Create VLAN 100 and add Ethernet1/0/11 to VLAN 100. [3Com] vlan 100 [3Com-vlan100] port Ethernet 1/0/1 1 2 Create VLAN 200 and add Ethernet 1/0/12 to VLAN 200. [3Com-vlan100] quit[...]
-
Seite 25
Configuring Protocol-Based VLAN 25 port hybrid protocol-vlan vlan 200 0 # interface Ethernet1/0/11 port access vlan 100 # interface Ethernet1/0/12 port access vlan 200 Precautions Because IP depends on ARP for address r esolution in Ether net, you are recommended to configure the IP and ARP templates in the same VLAN and associate them with the sam[...]
-
Seite 26
26 C HAPTER 2: VLAN C ONFIGURATI ON G UIDE[...]
-
Seite 27
3 IP A DDR ESS C ONFIGURATION G UIDE IP Address Configuration Guide If you want to manage a re mote Ethern et switch through network management or telnet, you need to config ure an IP add ress f or the r emote switch and ensur e that the local device and the remote switch are r eachable to each other . A 32-bit IP address identifi es a host on the [...]
-
Seite 28
28 C HAPTER 3: IP A DDRESS C ONFIGURATION G UIDE Configuration Pr ocedur e Assign a primary and second ary IP addresses to VLAN-interface 1 of Switch to ensure that all the hosts on the LAN can acce ss external ne tworks through Switch. Set Switch as the gateway on all the ho sts of the two network segments to ensure that they can communica te with[...]
-
Seite 29
4 V OICE VLAN C ONFIGURATION G UIDE Configuring V oice VLAN In automatic mode, the switch configured with voice VLAN checks the source MAC address of each incoming packet agai nst the voice device vendor OUI. If a match is found, the switch assigns the receiving port to the voice VLAN and tags the packet with the voice VLAN ID automatically . When [...]
-
Seite 30
30 C HAPTER 4: V OICE VLAN C ONFIGURATION G UIDE ■ As the OUI address of IP phone 2 is not in the default voice device vendor OUI list of the switch, you need to add it s OUI address 000f-2200-0000. In addition, configure its description as IP Phone2 . Applicable Products Configuration Pr ocedur e # Create VLAN 2 and VLAN 6. <SwitchA> syste[...]
-
Seite 31
Configuring Voice VLAN 31 phone traffic arrives at Ethernet 1/0/1, the port automatically permits the voice VLAN and transmits the voice traffic with the voice VLAN tag, so that the IP phone can receive packets normally . ■ Y ou ca n set Etherne t 1/0/1 as a hybrid or trunk port fo llowing the same procedure. In either case, you need to set the s[...]
-
Seite 32
32 C HAPTER 4: V OICE VLAN C ONFIGURATION G UIDE Pre cautions ■ Y ou cannot add a port operating in automatic mode to the voice VLAN manually . Therefore, if you configure a VLAN as a voice VLAN and a pr otocol VLAN at the same time, you will be unable to associat e the pr otocol VLAN with such a port. Refer to “Configuring Protocol-Based VLAN?[...]
-
Seite 33
5 GVRP C ONFIGURATION G UIDE Configuring GVRP GVRP enables a switch to propagate loca l VLAN r egistration information to other participant switches and dynamically upda te the VLAN registration information from other switches to its local d ataba se about active VLAN members and through which port they can be reached. GVRP en sures that all switch[...]
-
Seite 34
34 C HAPTER 5: GVR P C ONFIGURATI ON G UIDE Configuration Pr ocedur e ■ Configu re Switch A # Enable GVRP globally . <SwitchA> system-view [SwitchA] gvrp # Configure Ethernet 1/0/1 to be a trunk port and to permit the packets of all the VLANs to pass through. [SwitchA] interface Ethernet 1/0/1 [SwitchA-Ethernet1/0/1] port link- type trunk [[...]
-
Seite 35
Configuring GVRP 35 # Configur e Et hernet 1/0/1 to be a trunk port and t o permit the packet s of all the VLANs to pass through. Enable GVRP globa lly and enable GVRP on the port. # The configuration on Switch C is similar to that on Switch A. n For simplicity , the following provides only configuration steps. For configurat ion commands, refer to[...]
-
Seite 36
36 C HAPTER 5: GVR P C ONFIGURATI ON G UIDE [SwitchA] display vlan dynamic Total 3 dynamic VLAN exist(s). The following dynamic VLANs exist: 5, 7, 8, # Display the dynamic VLAN information on Switch B. [SwitchB] display vlan dynamic Total 3 dynamic VLAN exist(s). The following dynamic VLANs exist: 5, 7, 8, # Display the dynamic VLAN information on [...]
-
Seite 37
Configuring GVRP 37 # interface Ethernet1/0/3 port link-type trunk port trunk permit vlan all gvrp ■ Configuratio n on Switch B # gvrp # interface Ethernet1/0/1 port link-type trunk port trunk permit vlan all gvrp # interface Ethernet1/0/2 port link-type trunk port trunk permit vlan all gvrp ■ Configuratio n on Switch C # gvrp # vlan 5 # interf[...]
-
Seite 38
38 C HAPTER 5: GVR P C ONFIGURATI ON G UIDE Precautions ■ The port trunk permit vlan all command is designed for GVRP only . T o prevent users of unauthorized VLANs fr om accessing r estrictive resour ces from a port, do not use the command when GVRP is disabled on the port. ■ Before enabling GVRP on a port, en able GVRP globally first. ■ Use[...]
-
Seite 39
6 P ORT B ASIC C ONFIGURATION G UIDE Configuring the Basic Functions of an Ethernet Port An Ether net port on a Switch 5500 can operate in one of the thr ee link types: ■ Access: an access port can belong to only one VLAN and is generally used to connect to a PC. ■ T runk: a trunk port can belong to multiple VLANs. It can r eceive/send pa ckets[...]
-
Seite 40
40 C HAPTER 6: P ORT B ASIC C ONFIGURATION G UIDE # Enter Ethernet port view of Ethernet 1/0/1. <3Com> system-view System View: return to User View w ith Ctrl+Z. [3Com] interface ethernet1/0/1 # Configure Ether net 1/0/1 as a trun k port. [3Com-Ethernet1/0/1] port link-typ e trunk # Configure Ethernet 1/0/1 to permit the packets of VLAN 2, VL[...]
-
Seite 41
7 L INK A GGR EGATION C ONFIGURATION G UIDE Configuring Link Aggregation Link aggregation aggr egates multiple ports into one logical link, also called an aggregation gr oup. Link aggregation allows you to in crease bandwidt h by distribu ting incoming/outgoing traffic on the member ports in the aggregation group. In addition, it provides r eliable[...]
-
Seite 42
42 C HAPTER 7: L INK A GGREGATION C ONFIGURATION G UIDE Configuration Pr ocedur e n The example only provides the configur ation on Switch A. Perform the same configuration on Swit ch B to implement link aggregation. 1 In manual aggregation mode # Create manual aggr egation group 1. <3Com> system-view [3Com] link-aggregation group 1 mo de man[...]
-
Seite 43
Configuring Link Aggreg ation 43 Complete Configuration 1 In manual aggregation mode # link-aggregation group 1 mode manual # interface Ethernet1/0/1 port link-aggregation group 1 # interface Ethernet1/0/2 port link-aggregation group 1 # interface Ethernet1/0/3 port link-aggregation group 1 # 2 In static LACP aggr egat ion mode # link-aggregation g[...]
-
Seite 44
44 C HAPTER 7: L INK A GGREGATION C ONFIGURATION G UIDE[...]
-
Seite 45
8 P ORT I SOLATION C ONFIGURATION G UIDE Configuring Port Isolation Port isolation allows you to add a port into an isolation group to isolate Layer -2 and Layer -3 tr affic of the port fr om that of all other ports in the isolation group. While incr easing network security , this allows for gr eat fl exibility . Currently , t he Switch 5500 suppor[...]
-
Seite 46
46 C HAPTER 8: P ORT I SOLATION C ON FIGURATIO N G UIDE Configuration Pr ocedur e # Add Ether net 1/0/2, Ether n et 1/0/3, and Ether net 1/0/4 to the isolation group. <3Com> system-view System View: return to User View w ith Ctrl+Z. [3Com] interface ethernet1/0/2 [3Com-Ethernet1/0/2] port isolate [3Com-Ethernet1/0/2] quit [3Com] interface eth[...]
-
Seite 47
9 P ORT S ECURITY C ONFIGURATION G UIDE Configuring Port Security autolearn Mode In autolear n mode, a port can learn a specified nu mber of MAC addr esses and save those addresses as secur e MAC addr esses . Once the numb er of secure MAC addresses learnt by the port exce eds the upper limit defined by the por t-security max-mac-count command, the[...]
-
Seite 48
48 C HAPTER 9: P ORT S ECURITY C ONFIGURAT ION G UIDE # Enter Ether net 1/0/1 port view . [3Com] interface Ethernet1/0/1 # Set the maximum number of MAC addresses allowed on the port to 80. [3Com-Ethernet1/0/1] port-security max-mac-count 80 # Set th e port se curity mo de to autolearn . [3Com-Ethernet1/0/1] port-security port-mode autolearn # Add [...]
-
Seite 49
Configuring Port Security mac-authentication Mode 49 Network Diagram Figure 13 Network diagram for configuring po rt security mac-authentication mode Networking and Configuration Requiremen ts The host connects to the switch through the port Ethernet 1/0/1, and the switch authenticates the host through the RADIUS server . If the authentication is s[...]
-
Seite 50
50 C HAPTER 9: P ORT S ECURITY C ONFIGURAT ION G UIDE # Specify the secondar y RADIUS authen tication server and secondary RADIUS accounting server . [3Com-radius-radius1] secondary au thentication 192.168.1.2 [3Com-radius-radius1] secondary ac counting 192.168.1.3 # Set the shar ed key for message exchan ge between the switch and the RADIUS authen[...]
-
Seite 51
Configuring Port Security userlogin-withoui Mode 51 [3Com-Ethernet1/0/1] port-security intr usion-mode blockmac Complete Configuration # domain default enable aabbcc.net # port-security enable # MAC-authentication domain aabbcc.net # radius scheme radius1 server-type standard primary authentication 192.168.1.3 primary accounting 192.168.1.2 seconda[...]
-
Seite 52
52 C HAPTER 9: P ORT S ECURITY C ONFIGURAT ION G UIDE On port Ether net 1/0/1 of the switch, perform configurat ions to meet the following requir ements: ■ Allow one 802.1x user to get online. ■ Set two OUI values, and allow only on e user whose MAC address matches one of the two OUI values to get online. ■ Configure port security trapping to[...]
-
Seite 53
Configuring Port Security userlogin-withoui Mode 53 [3Com-radius-radius1] timer 5 [3Com-radius-radius1] retry 5 # Set the timer for the switch to send re al-time accounting packets to the RADIUS server to 15 minutes. [3Com-radius-radius1] timer realtime-ac counting 15 # Configure the switch to send a username without the domain name to the RADIUS s[...]
-
Seite 54
54 C HAPTER 9: P ORT S ECURITY C ONFIGURAT ION G UIDE [3Com] interface Ethernet 1/0/1 [3Com-Ethernet1/0/1] port-security port-mode userlogin-withoui [3Com-Ethernet1/0/1] quit # Configure port security trapping. [3Com] port-security trap dot1xlog failure [3Com] port-security trap dot1xlog on [3Com] port-security trap dot1xlog off Complete Configurat[...]
-
Seite 55
Configuring Port Security mac-els e-userlogin-secure-ext Mode 55 Configuring Port Security mac-else-userlogin-sec ure-ext Mode In mac-else-userlogin-secure-ext mode, a port first performs MAC authentication of a user . If the authentication is successful, the user can access the port; otherwise, the port perfor ms 802.1x authentication of the user [...]
-
Seite 56
56 C HAPTER 9: P ORT S ECURITY C ONFIGURAT ION G UIDE # Cr eate a RADIUS scheme named radius1 . <3Com> system-view [3Com] radius scheme radius1 # Specify the primary RADIUS authentication server and primary RADIUS accounting server . [3Com-radius-radius1] primary auth entication 192.168.1.3 [3Com-radius-radius1] primary acco unting 192.168.1.[...]
-
Seite 57
Configuring Port Security mac-els e-userlogin-secure-ext Mode 57 # Set aabbcc.net as the default user domain. [3Com] domain default enable aabbcc.net # Set the maximum number of concurrent 802.1x users. [3Com] dot1x max-user 64 # Configure the switch to use MAC addresses as user names for authentication, specifying that the MAC addr esses shou ld b[...]
-
Seite 58
58 C HAPTER 9: P ORT S ECURITY C ONFIGURAT ION G UIDE idle-cut enable 20 2000 # interface Ethernet1/0/1 port-security max-mac-count 200 port-security port-mode mac-else-userlogin-secure-ext port-security ntk-mode ntkonly dot1x max-user 64 Precautions ■ Befor e enabling port security , be sure to disable 802.1x and MAC authentication g lobally . ?[...]
-
Seite 59
10 P ORT B INDING C ONFIGURATION G UIDE Configuring a Port Binding Port binding allows the network administ rator to bind the MAC and IP addresses of a user to a specific port. After the port binding operation, the switch forwards a packet received fr om the port only if the source MAC addr ess and IP addr ess carried in the packet have been bound [...]
-
Seite 60
60 C HAPTER 10: P ORT B INDING C ONFIGURATION G UIDE # Bind the MAC address and the IP addr ess of Host A to Ethernet 1/0/1. [3Com-Ethernet1/0/1] am user-bind mac-addr 0001-0002-0003 ip-addr 10.12.1.1 Complete Configuration <3Com> system-view [3Com] interface Ethernet1/0/1 [3Com-Ethernet1/0/1] am user-bind mac-addr 0001-0002-0003 ip-addr 10.1[...]
-
Seite 61
11 MAC A DDR ESS T ABLE M ANAGEMENT C ONFIGURATION G UIDE MAC Address T able Management The Switch 5500 provides the MAC address table managemen t function. Through configuration commands, you can add/m odify/remove a MAC addr ess, set the aging time for dynamic MAC addresses, and set the maximum number of MAC addresses an Ethernet port can learn. [...]
-
Seite 62
62 C HAPTER 11: MAC A DDRESS T ABLE M ANAGEMENT C ONFIGURATION G UIDE # Add a static MAC address entry . [3Com] mac-address static 000f-e20f-dc71 interface Ethernet 1/0/2 vlan 1 # Set the aging time of dynamic MAC address entries on Switch to 500 seconds. [3Com] mac-address timer aging 500 # Display the MAC address table configuration in system vie[...]
-
Seite 63
12 DLDP C ONFIGURATION G UIDE Configuring DLDP Sometimes, unidirectional lin ks may appear in networks. On a unidir ectional link, one end can receive packets fr om th e other end but the other end cannot. Unidirectional links can be ca used by fiber cross-connectio n or fiber cu t (including single-fiber cut and lack of a fiber connection). They c[...]
-
Seite 64
64 C HAPTER 12: DLDP C ONFIGURATION G UIDE # Configure the ports to work in mand atory full duplex mode at 100 0 Mbps. <SwitchA> system-view [SwitchA] interface GigabitEtherne t 1/1/3 [SwitchA-GigabitEthernet1/1/3] dup lex full [SwitchA-GigabitEthernet1/1/3] spe ed 1000 [SwitchA-GigabitEthernet1/1/3] qui t [SwitchA] interface GigabitEtherne t[...]
-
Seite 65
Configuring DLDP 65 The configuration on Switch B is th e same as that on Switch A. Precautions 1 When enabling DLDP on two connected devi ces, make sure that they ar e using the same software version. Othe rwise, DLDP may malfunction. 2 When optical fibers are cr oss-connected, two or three ports ar e in the disable state, and the r emaining ports[...]
-
Seite 66
66 C HAPTER 12: DLDP C ONFIGURATION G UIDE[...]
-
Seite 67
13 A UTO D ETECT C ONFIGURATION G UIDE Auto Detect Implementation in Static Routing Y ou can bind a stat ic r oute with a detecte d gr oup. The auto dete ct functio n will then detect the reachability of the static route through the path specified in the detected group. ■ The static route is valid if the detected group is r eachable . ■ The sta[...]
-
Seite 68
68 C HAPTER 13: A UTO D ETECT C ONFIGURATION G UIDE ■ Create detected gr oup 9 on Switch C; detect the r eachability of IP address 10.1.1.3, with the next hop being 192.168.1.1/24, an d the detecting numbe r being 1. Applicable Products Configuration Pr ocedur e Configure IP addresses for the interfaces according to Figure 19. The con figuration [...]
-
Seite 69
Auto Detect Implementation in VRRP 69 # Detect the reachability of 10.1.1.3, with the next hop being 192.1 68.1.1/24, and the detecting number being 1. [SwitchC-detect-group-9] detect-list 1 ip address 192.168.1.1 nextho p 10.1.1.3 [SwitchC-detect-group-9] quit # Configure a static route to Switch A. [SwitchC] ip route-static 192.168.1.1 2 4 10.1.1[...]
-
Seite 70
70 C HAPTER 13: A UTO D ETECT C ONFIGURATION G UIDE ■ The master swit ch remains as master when the detected group is reachable . ■ The priority of the master switch decr eases and thus becomes a backup when the detected group is unr eachable . Network Diagram Figure 20 Network diagram of applying auto detect to VRRP Networking and Configuratio[...]
-
Seite 71
Auto Detect Implementation in VRRP 71 # Configure an IP addr ess for VLAN-interface 2. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 10 .1.1.1 24 # Enable VRRP on VLAN-interface 2, and set the virtual IP address of the VRRP group to 10.1.1.10. [SwitchA-Vlan-interface2] vrrp vrid 1 v irtual-ip 10.1.1.10 # Set the VRRP pri[...]
-
Seite 72
72 C HAPTER 13: A UTO D ETECT C ONFIGURATION G UIDE Auto Detect Implementation in VLAN Interface Backup Y ou can imp lement VLAN interface backup through auto detect. When data can be transmitted through two VLAN interfaces on the switch to the same destination, conf igure one of the VLAN in terfaces as the active interface and the other as the sta[...]
-
Seite 73
Auto Detect Implementation in VLAN Interface Backup 73 Applicable Products Configuration Procedur e ■ Configure Switch A # Enter system view . <SwitchA> system-view # Configure an IP addr ess for VLAN-interface 1. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ip address 19 2.168.1.1 24 [SwitchA-Vlan-interface1] quit # Confi[...]
-
Seite 74
74 C HAPTER 13: A UTO D ETECT C ONFIGURATION G UIDE [SwitchC] interface vlan-interface 1 [SwitchC-Vlan-interface1] ip addre ss 10.1.2.1 24 [SwitchC-Vlan-interface1] quit # Cr eate detected group 9. [SwitchC] detect-group 9 # Detect the reachability of 192.168.1.1/24, with the next hop being 10.1.1.3, and the det ecting numb er being 1. [SwitchC-det[...]
-
Seite 75
Auto Detect Implementation in VLAN Interface Backup 75 ip address 10.1.1.4 255.255.255.0 # Precautions None[...]
-
Seite 76
76 C HAPTER 13: A UTO D ETECT C ONFIGURATION G UIDE[...]
-
Seite 77
14 MSTP C ONFIGURATION G UIDE Configuring MSTP The Switch 5500 suppor ts the Multiple Spanning T ree Pr ot ocol (MSTP), which allows you to map one or multiple VLANs to a multiple spanni ng tr ee instance (MSTI). Note that one VLAN can be ma pped to only one MSTI. With MSTP , the packets of a specifi c VLAN ar e transm itte d in the MSTI to which t[...]
-
Seite 78
78 C HAPTER 14: MSTP C ONFIGURATION G UIDE Applicable Products Configuration Pr ocedur e 1 Configuratio n on Switch A # Enter MST region view . <3Com> system-view [3Com] stp region-configuration # Configure the region name, VLAN-to-MST I mapping, and revi sion level of the MST r egi on. [3Com-mst-region] region-name example [3Com-mst-region] [...]
-
Seite 79
Configuring MSTP 79 3 Configuratio n on Switch C # Configure the MST region. <3Com> system-view [3Com] stp region-configuration [3Com-mst-region] region-name example [3Com-mst-region] instance 1 vlan 10 [3Com-mst-region] instance 3 vlan 30 [3Com-mst-region] instance 4 vlan 40 [3Com-mst-region] revision-level 0 # Activate the MST region conf i[...]
-
Seite 80
80 C HAPTER 14: MSTP C ONFIGURATION G UIDE instance 4 vlan 40 active region-configuration # ■ Configuratio n on Switch C # stp instance 4 root primary stp region-configuration region-name example instance 1 vlan 10 instance 3 vlan 30 instance 4 vlan 40 active region-configuration # ■ Configuratio n on Switch D # stp region-configuration instanc[...]
-
Seite 81
Configuring VLAN-VPN Tunneli ng 81 Applicable Products Configuration Procedur e 1 Configuratio n on Switch A # Enable MS TP . <3Com> system-view [3Com] stp enable # Add Ethernet 1/0/1 to VLAN 10. [3Com] vlan 10 [3Com-Vlan10] port Ethernet1/0/1 2 Configuratio n on Switch B # Enable MS TP . <3Com> system-view [3Com] stp enable # Add Ether[...]
-
Seite 82
82 C HAPTER 14: MSTP C ONFIGURATION G UIDE [3Com] interface Ethernet1/0/2 [3Com-Ethernet1/0/2] port link-typ e trunk # Add the trunk port Ethernet 1/0/2 to all the VLANs. [3Com-Ethernet1/0/2] port trunk pe rmit vlan all 4 Configuratio n on Switch D # Enable MSTP . <3Com> system-view [3Com] stp enable # Enable VLAN-VPN tunneling. [3Com] vlan-v[...]
-
Seite 83
Configuring RSTP 83 # stp enable # vlan-vpn tunnel # interface Ethernet1/0/1 port access vlan 10 vlan-vpn enable # interface Ethernet1/0/2 port link-type trunk port trunk permit vlan all # 4 Configuratio n on Switch D # stp enable # vlan-vpn tunnel # interface Ethernet1/0/2 port access vlan 10 vlan-vpn enable # interface Ethernet1/0/1 port link-typ[...]
-
Seite 84
84 C HAPTER 14: MSTP C ONFIGURATION G UIDE Network Diagram Figure 24 Network diagram for RSTP configuration Networking and Configuration Requirements ■ Switch A is operating at the core. ■ Switch B and Switch C are operating at the distribution layer . ■ Switch D, Switch E, and Switch F are operating at the access layer . At the distrib ution[...]
-
Seite 85
Configuring RSTP 85 Configuration Procedur e 1 Configuratio n on Switch A # Enable MS TP . <3Com> system-view [3Com] stp enable # Enabling MST P globally on the swi tch enables RST P on all the ports. Disab le MSTP on the ports that are not involved in RSTP calculation, for example GigabitEther net 2/0/4. [3Com] interface GigabitEthernet 2/0/[...]
-
Seite 86
86 C HAPTER 14: MSTP C ONFIGURATION G UIDE # Configure Switch C and Switch B to back up each other , and set the bridge priority of Switch B to 4096. [3Com] stp priority 4096 # Enable the root guard function on each designated port. [3Com] interface Ethernet 1/0/4 [3Com-Ethernet1/0/4] stp root-protection [3Com-Ethernet1/0/4] quit [3Com] interface E[...]
-
Seite 87
Configuring RSTP 87 # Enable MS TP . <3Com> system-view [3Com] stp enable # Enabling MST P globally on the swi tch enables RST P on all the ports. Disab le MSTP on the ports that ar e not involved in RSTP calculation, for example Ethe rnet 1/0/3. [3Com] interface Ethernet 1/0/3 [3Com-Ethernet1/0/3] stp disable # Configure the ports dir ectly [...]
-
Seite 88
88 C HAPTER 14: MSTP C ONFIGURATION G UIDE interface Ethernet1/0/8 stp disable # 3 Configuratio n on Switch C # stp instance 0 priority 8192 stp enable # interface Ethernet1/0/1 stp root-protection # interface Ethernet1/0/2 stp root-protection # interface Ethernet1/0/3 stp root-protection # interface Ethernet1/0/8 stp disable # 4 Configuratio n on [...]
-
Seite 89
Configuring Digest Snooping and Ra pid Transition 89 Network Diagram Figure 25 Network diagram for digest snooping and rapid transition configuration Networking and Configuration Requiremen ts ■ Use another vendor’ s switch, Swit ch A in this scenario, as the r oot switch. ■ Switch B and Switch C are connected to Switch A. For Switch B: ■ S[...]
-
Seite 90
90 C HAPTER 14: MSTP C ONFIGURATION G UIDE [3Com] interface Ethernet 1/0/1 [3Com-Ethernet1/0/1] stp config-di gest-snooping # Enable rapid transition on the r oot port Ether net 1/0/1. [3Com-Ethernet1/0/1] stp no-agreement-check [3Com-Ethernet1/0/1] quit 2 Configuratio n on Switch C # Enable MSTP . <3Com> system-view [3Com] stp enable # Set t[...]
-
Seite 91
Configuring Digest Snooping and Ra pid Transition 91 stp config-digest-snooping # interface Ethernet1/0/1 stp no-agreement-check # interface Ethernet1/0/2 stp config-digest-snooping #[...]
-
Seite 92
92 C HAPTER 14: MSTP C ONFIGURATION G UIDE[...]
-
Seite 93
15 R OUTING C ONFIGURATION G UIDE Configuring Static Routes A static route is manually configured by an administrator . In a simple network, you only need to configure static routes to make the network work normally . The pro per conf iguration and usag e of static r outes ca n impr ove ne twork pe rformanc e and ensure the bandwidth for important [...]
-
Seite 94
94 C HAPTER 15: R OUTING C ONFIGURATION G UIDE Configuration Pr ocedur e Configure the switches: ■ Configure static r outes on Switch A. <SwitchA> system-view [SwitchA] ip route-static 1.1.3.0 255.255.255.0 1.1.2.2 [SwitchA] ip route-static 1.1.4.0 255.255.255.0 1.1.2.2 [SwitchA] ip route-static 1.1.5.0 255.255.255.0 1.1.2.2 ■ Configure s[...]
-
Seite 95
Configuring RIP 95 ■ Y ou cannot configur e the next hop of a static r oute as the addr ess of an interface on the local switch. ■ Y ou can configur e dif fer ent pr e fer ences or an identical pr efer ence for r outes to the same destination for route backup or load sharing. ■ The default route has both the destinati on and mask configured a[...]
-
Seite 96
96 C HAPTER 15: R OUTING C ONFIGURATION G UIDE Configuration Pr ocedur e ■ Configu re Switch A. # Configure RIP . <SwitchA> system-view [SwitchA] interface Vlan-interface 1 [SwitchA-Vlan-interface1] ip addre ss 110.11.2.1 24 [SwitchA-Vlan-interface1] rip vers ion 2 [SwitchA-Vlan-interface1] quit [SwitchA] interface Vlan-interface 2 [SwitchA[...]
-
Seite 97
Configuring RIP 97 Complete Configuration ■ Perform the following config uration on Switch A. # vlan 1 # vlan 2 # interface Vlan-interface1 ip address 110.11.2.1 255.255.255.0 rip version 2 multicast # interface Vlan-interface2 ip address 155.10.1.1 255.255.255.0 rip version 2 multicast # rip undo summary network 110.0.0.0 network 155.10.0.0 # ?[...]
-
Seite 98
98 C HAPTER 15: R OUTING C ONFIGURATION G UIDE Precautions ■ RIPv2 supports automatic route summarization (with the summary command). This function is enabled by default. ■ Based on your needs, you can configure the switch to receive or send RIP packets with the rip input command or the rip output command. ■ RIPv2 can transmit packets in two [...]
-
Seite 99
Configuring OSPF 99 Networking and Configuration Requiremen ts Network devices run OSPF to forward pack ets. For network security , disable the device interfaces not enabled with OSPF from sending OSPF packets. Configuration Procedur e ■ Configure Switch A. # Create VLANs and configure IP addr esses for VLAN interfaces. The configuration pro cedu[...]
-
Seite 100
100 C HAPTER 15: R OUTING C ONFIGURATION G UIDE [SwitchC-ospf-1-area-0.0.0.1] netw ork 192.168.2.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.1] quit [SwitchC-ospf-1] quit ■ Configure Switch D (r efer to “Configure Switch C.” on page 99). Complete Configuration ■ Perform the following configur ation on Switch A. # vlan 100 # vlan 200 # interface [...]
-
Seite 101
Configuring OSPF 101 interface Vlan-interface20 ip address 192.168.2.1 255.255.255.0 # interface Vlan-interface200 ip address 10.1.2.2 255.255.255.0 # interface Vlan-interface300 ip address 10.1.4.1 255.255.255.0 # ospf 1 silent-interface Vlan-interface10 silent-interface Vlan-interface20 area 0.0.0.1 network 192.168.1.0 0.0.0.255 network 192.168.2[...]
-
Seite 102
102 C HAPTER 15: R OUTING C ONFIGURATION G UIDE Precautions ■ Befor e configuring OSPF basic functions, configure a router ID for each OSPF process to ensur e OSPF runs normally . Y ou ar e r ecommended to use the ospf command to configure r outer IDs for th e proc esses, especia lly on a de vice running multiple processes. ■ T o prevent r oute[...]
-
Seite 103
Configuring OSPF DR Election 103 Networking and Configuration Requiremen ts Use OSPF to enable communication betw een devices in a broadcast network. Devices with higher performance shoul d become the DR and BDR to improve network performance. Disable the devices with lower performance from taking part in the DR/BDR election. Based on the customer [...]
-
Seite 104
104 C HAPTER 15: R OUTING C ONFIGURATION G UIDE [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit ■ Configure Switch C. # Assign a r outer ID to Switch C. <SwitchC> system-view [SwitchC] router id 3.3.3.3 # Configure an IP addr ess for the VLAN interface. [SwitchC] interface Vlan-interface 1 [SwitchC-Vlan-interface1] ip addre ss 196.[...]
-
Seite 105
Configuring OSPF DR Election 105 area 0.0.0.0 network 196.1.1.0 0.0.0.255 ■ Perform the following configuration on Switch B. # router id 2.2.2.2 # vlan 1 # interface Vlan-interface 1 ip address 196.1.1.2 255.255.255.0 ospf dr-priority 0 # ospf 1 area 0.0.0.0 network 196.1.1.0 0.0.0.255 ■ Perform the following configuration on Switch C. # router[...]
-
Seite 106
106 C HAPTER 15: R OUTING C ONFIGURATION G UIDE Configuring a (T otally) Stub Area When a large number of OSPF routers ar e pr esent on a network, the LSDB of routers may become so large that a gr eat amount of storage space is occupied and CPU resour ces ar e exhausted when performing the SPF computation. In addition, as the topology of a large ne[...]
-
Seite 107
Configuring a (Totally) Stub Area 107 Configuration Procedur e Non-backbone ar ea and backbone ar ea configuration (ar ea 1 is a non-backbone area) ■ Configure Switch A. # Create VLANs and configure IP addr esses for the VLAN interfaces. The configurat ion pr ocedur e is omitt ed. # Configure OS PF for area 1. <SwitchA> system-view [SwitchA[...]
-
Seite 108
108 C HAPTER 15: R OUTING C ONFIGURATION G UIDE # Redistribute the stat ic route to specify Switch D as an ASBR. [SwitchD-ospf-1] import-route static [SwitchD-ospf-1] quit n ■ The above-mentioned steps configur e non-backbon e areas, backbon e area, and ABRs/AS BRs. ■ By using the display ospf lsdb command on Switch C, you can see that T ype-3 [...]
-
Seite 109
Configuring a (Totally) Stub Area 109 ip address 10.2.1.1 255.255.255.0 # ospf 1 router-id 1.1.1.1 area 0.0.0.1 network 10.2.1.0 0.0.0.255 # area 0.0.0.0 network 10.1.1.0 0.0.0.255 # ■ Perform the following configuration on Switch B. # vlan 100 # vlan 200 # interface Vlan-interface100 ip address 10.1.1.2 255.255.255.0 # interface Vlan-interface20[...]
-
Seite 110
110 C HAPTER 15: R OUTING C ONFIGURATION G UIDE ip address 10.5.1.1 255.255.255.0 # ospf 1 router-id 4.4.4.4 import-route static area 0.0.0.2 network 10.3.1.0 0.0.0.255 network 10.5.1.0 0.0.0.255 # ip route-static 1.0.0.0 255.0.0.0 10.5.1.2 preference 60 # Configuration information when ar ea 1 is a stub ar ea: ■ Perform the following configurati[...]
-
Seite 111
Configuring a (Totally) NSSA Area 111 Refer to the configuration of Switch D when area 1 is a non-backbone area. Configuration information when area 1 is a totally stub ar ea: ■ Perform the following configuration on Switch A. # vlan 100 # vlan 200 # interface Vlan-interface100 ip address 10.1.1.1 255.255.255.0 # interface Vlan-interface200 ip ad[...]
-
Seite 112
112 C HAPTER 15: R OUTING C ONFIGURATION G UIDE Network Diagram Figure 31 Network diagram for (totally) NSSA area configuration Networking and Configuration Requirements Run OSPF on the network devices. Based on actual conditions, you can configure an (totally) NSSA area to reduce the r outing table size in the area. Applicable Products Configurati[...]
-
Seite 113
Configuring a (Totally) NSSA Area 113 <SwitchC> system-view [SwitchC] ip route-static 2.0.0.0 8 10. 4.1.2 # Configure OS PF for area 1. [SwitchC] ospf 1 router-id 3.3.3.3 [SwitchC-ospf-1] area 1 [SwitchC-ospf-1-area-0.0.0.1] network 1 0.2.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.1] network 1 0.4.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.1] qui[...]
-
Seite 114
114 C HAPTER 15: R OUTING C ONFIGURATION G UIDE # Configure ar ea 1 as an NSSA area. [SwitchA-ospf-1-area-0.0.0.1] nssa [SwitchC-ospf-1-area-0.0.0.1] nssa n ■ The steps above configure an NSSA area. ■ Use the display ospf lsdb command on Switch C t o display the LSDB. Y ou can see that no T ype-4 LSAs or T ype-5 LSAs exist in the LSDB. But T yp[...]
-
Seite 115
Configuring a (Totally) NSSA Area 115 ■ Use the display ospf lsdb command on Switch C to display the LSDB. Y ou can see that no T ype-4 LSAs or T ype-5 LSAs exist in the LSDB. But T ype-7 LSAs and a T ype-7 default LSA are installed. T otally NSSA area configuration (ar ea 1 is a totally NSSA area) Based on the configuration in “Non -backbone a[...]
-
Seite 116
116 C HAPTER 15: R OUTING C ONFIGURATION G UIDE interface Vlan-interface200 ip address 10.3.1.1 255.255.255.0 # ospf 1 router-id 2.2.2.2 area 0.0.0.2 network 10.3.1.0 0.0.0.255 # area 0.0.0.0 network 10.1.1.0 0.0.0.255 # ■ Perform the following configuration on Switch C. # vlan 200 # vlan 300 # interface Vlan-interface200 ip address 10.2.1.2 255.[...]
-
Seite 117
Configuring OSPF Route Summarization 117 ■ After you configure an area as a totally NSSA ar ea, the ABR of the totally NSSA area will automatically generate a T ype -3 default LSA int o the totally NSSA are a. ■ For the ASBR of an NSSA ar ea to gene rate a default T ype-7 LSA, the default route with the destination addr ess 0.0.0. 0/0 must exis[...]
-
Seite 118
118 C HAPTER 15: R OUTING C ONFIGURATION G UIDE If this featur e is configured on the ABR of the NSSA ar ea, the ABR will summarize T ype-5 LSAs translated from T ype-7 LSAs. Network Diagram Figure 33 Network diagram for route summarization configuration Networking and Configuration Requirements Network devices run OSPF to forward packets. Configur[...]
-
Seite 119
Configuring OSPF Route Summarization 119 # Configur e the static r outes 2.1.3. 0/24 , 2.1.4.0/24, 2.1.5.0/ 24, 2.1.6.0/24, and 2.1.7.0/24. <SwitchC> system-view [SwitchC] ip route-static 2.1.3.0 24 20 .1.2.2 [SwitchC] ip route-static 2.1.4.0 24 20 .1.2.2 [SwitchC] ip route-static 2.1.5.0 24 20 .1.2.2 [SwitchC] ip route-static 2.1.6.0 24 20 .[...]
-
Seite 120
120 C HAPTER 15: R OUTING C ONFIGURATION G UIDE # Configure ABR r oute summarization to summarize the routes 30.1.1.0/24 and 30.1.2.0/24 in area 2 into 30.1.0.0/22. [SwitchB-ospf-1] area 2 [SwitchB-ospf-1-area-0.0.0.2] abr-summary 30.1.0.0 255.255 .252.0 [SwitchB-ospf-1-area-0.0.0.2] quit ASBR route summarization configuration 1 n This configuratio[...]
-
Seite 121
Configuring OSPF Route Summarization 121 network 20.1.1.0 0.0.0.255 nssa # area 0.0.0.0 network 10.1.1.0 0.0.0.255 # ■ Perform the following configuration on Switch B. # vlan 100 # vlan 200 # interface Vlan-interface100 ip address 10.1.1.2 255.255.255.0 # interface Vlan-interface200 ip address 30.1.1.1 255.255.255.0 # ospf 1 router-id 2.2.2.2 are[...]
-
Seite 122
122 C HAPTER 15: R OUTING C ONFIGURATION G UIDE vlan 300 # interface Vlan-interface200 ip address 30.1.1.2 255.255.255.0 # interface Vlan-interface300 ip address 30.1.2.1 255.255.255.0 # ospf 1 router-id 4.4.4.4 import-route static area 0.0.0.2 network 30.1.1.0 0.0.0.255 network 30.1.2.0 0.0.0.255 # ip route-static 1.1.3.0 255.255.255.0 30.1.2.2 pr[...]
-
Seite 123
Configuring OSPF Route Summarization 123 ospf 1 router-id 2.2.2.2 area 0.0.0.2 network 30.1.1.0 0.0.0.255 # area 0.0.0.0 network 10.1.1.0 0.0.0.255 # ■ Configure Switch C. # vlan 200 # vlan 300 # interface Vlan-interface200 ip address 20.1.1.2 255.255.255.0 # interface Vlan-interface300 ip address 20.1.2.1 255.255.255.0 # ospf 1 router-id 3.3.3.3[...]
-
Seite 124
124 C HAPTER 15: R OUTING C ONFIGURATION G UIDE ip route-static 1.1.7.0 255.255.255.0 30.1.2.2 preference 60 # ASBR route summarization configuration 2 n Configure ASBR route summarizat ion on Switch A to summarize the T ype-5 LSAs translated from T ype-7 LSAs. ■ Configure Switch A. # vlan 100 # vlan 200 # interface Vlan-interface100 ip address 1[...]
-
Seite 125
Configuring OSPF Route Summarization 125 ip address 20.1.1.2 255.255.255.0 # interface Vlan-interface300 ip address 20.1.2.1 255.255.255.0 # ospf 1 router-id 3.3.3.3 import-route static area 0.0.0.2 network 20.1.1.0 0.0.0.255 network 20.1.2.0 0.0.0.255 nssa # ip route-static 2.1.3.0 255.255.255.0 20.1.2.2 preference 60 ip route-static 2.1.4.0 255.2[...]
-
Seite 126
126 C HAPTER 15: R OUTING C ONFIGURATION G UIDE Configuring OSPF Virtual Link Among OSPF areas in an AS, one area is different fr om any other area. Its area ID is 0 and it is usually called the backbone ar ea. The backbone area is r esponsible for distributing routing information between none-backbone areas. Therefor e, OSPF req u ire s th a t: ?[...]
-
Seite 127
Configuring OSPF Virtual Link 127 Configuration Procedur e 1 Configure OSPF basic functions. # Configure Switch A. <SwitchA> system-view [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] ip address 19 6.1.1.2 255.255.255.0 [SwitchA-Vlan-interface1] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 19 [...]
-
Seite 128
128 C HAPTER 15: R OUTING C ONFIGURATION G UIDE # router id 1.1.1.1 # vlan 1 # vlan 2 # interface Vlan-interface1 ip address 196.1.1.2 255.255.255.0 # interface Vlan-interface2 ip address 197.1.1.2 255.255.255.0 # ospf 1 area 0.0.0.0 network 196.1.1.0 0.0.0.255 area 0.0.0.1 network 197.1.1.0 0.0.0.255 vlink-peer 2.2.2.2 # ■ Perform the following [...]
-
Seite 129
Configuring Routing Policies 129 Network Diagram Figure 35 Network diagram for r outing policy configuration Networking and Configuration Requiremen ts ■ As shown in the figure above, Switch A an d Switch B run OSPF . The router ID of Switch A is 1.1.1.1 and that of Switch B is 2.2.2.2. ■ Configure three static route s and enable OSPF on Switch[...]
-
Seite 130
130 C HAPTER 15: R OUTING C ONFIGURATION G UIDE # Configure an ACL. [SwitchA] acl number 2000 [SwitchA-acl-basic-2000] rule deny source 30.0.0.0 0.255.255.255 [SwitchA-acl-basic-2000] rule perm it source any [SwitchA-acl-basic-2000] quit # Configure a r outing policy . [SwitchA] route-policy ospf permit node 10 [SwitchA-route-policy] if-match ac l [...]
-
Seite 131
Configuring Routing Policies 131 [SwitchA] router id 1.1.1.1 [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 1 0.0.0.0 0.255.255.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure an ACL. [SwitchA] acl number 2000 [SwitchA-acl-basic-2000] rule deny sour ce 30.0.0.0 0.255.255.255 [SwitchA-acl-basic-[...]
-
Seite 132
132 C HAPTER 15: R OUTING C ONFIGURATION G UIDE # Configure r oute summarization to prevent network 30.0.0.0/8 from being advertised. [SwitchA-ospf-1] asbr-summary 30.0 .0.0 255.0.0.0 not-advertise # Redistribute the s tatic routes. [SwitchA-ospf-1] import-route stat ic ■ Configure Switch B. The configuration on Switch B is the same as that in me[...]
-
Seite 133
Configuring Routing Policies 133 ip address 10.0.0.2 255.0.0.0 # ospf 1 area 0.0.0.0 network 10.0.0.0 0.255.255.255 # Precautions In an OSPF network, when an ASBR redistributes r outes, you can use the command combination of filter -policy export and import-r oute , r oute-policy and import-route , or import-r oute and asbr -summary not-advertise t[...]
-
Seite 134
134 C HAPTER 15: R OUTING C ONFIGURATION G UIDE[...]
-
Seite 135
16 M ULTICAST C ONFIGURATION G UIDE Configuring IGMP Snooping Inter net Group Management Protocol Snooping (IGMP Snooping) is a multicas t constraint mechanis m that runs on Laye r 2 Ether net switch es to manage and control multicast gr oups. By listening to and an alyzing IGMP me ssages, a Layer 2 device runn ing IGMP Snooping establishes and mai[...]
-
Seite 136
136 C HAPTER 16: M ULTICAST C ONFIGURATION G UIDE Configuration Pr ocedur e Configuring IP a ddresses for the inte rfaces of each device Configure the IP address a nd subnet mask for each interface as per Figu re 36. The detailed configuration steps are omitted here. Configuring Router A # Enable IP multicast routing, enable PI M-DM on each interfa[...]
-
Seite 137
Configuring IGMP Snoopi ng 137 MAC group address: 0100-5e01-0101 Host port(s): Ethernet1/0/3 Ethernet1/0/4 As shown above, a multicast group entry for 224.1.1.1 has been cr eated on Switch A, with Ethernet 1/0/ 1 as the r o uter port and Ethe rnet 1/0/3 and Ethernet 1/0/4 as dynamic member ports. This means that Host A and Host B have join ed the m[...]
-
Seite 138
138 C HAPTER 16: M ULTICAST C ONFIGURATION G UIDE Configuring IGMP Snooping Only Network Diagram Figure 37 Network diagram for IGMP Snooping only configuration Networking and Configuration Requirements Where it is unnecessary or infeasible to build a Layer 3 multicast network, enabling IGMP Snooping on all the devices in th e Layer 2 network can im[...]
-
Seite 139
Configuring IGMP Snooping On ly 139 [SwitchA] vlan 100 [SwitchA-vlan100] port Ethernet 1/0/1 Ethernet 1/0/2 [SwitchA-vlan100] igmp-snooping enable # Enable IGMP Snooping querier in VLAN 100. [SwitchA-vlan100] igmp-snooping querier [SwitchA-vlan100] quit # Enable dropping unknown multicast packets. [SwitchA] unknown-multicast drop enable Configuring[...]
-
Seite 140
140 C HAPTER 16: M ULTICAST C ONFIGURATION G UIDE V erifying the configuration Check the reception of multicast stream for mult icast group 224.1.1.1 on Host A, and take the following steps to verify the configurations made on the switches. 1 View the information on Switch B # View the IGMP packet statistics on Switch B. <SwitchB> display igm[...]
-
Seite 141
Configuring IGMP Snooping On ly 141 <Switch A> display igmp-snooping group Total 1 IP Group(s). Total 1 MAC Group(s). Vlan(id):100. Total 1 IP Group(s). Total 1 MAC Group(s). Router port(s): IP group(s):the following ip group( s) match to one mac group. IP group address:224.1.1.1 Host port(s):Ethernet1/0/1 MAC group(s): MAC group address:0100[...]
-
Seite 142
142 C HAPTER 16: M ULTICAST C ONFIGURATION G UIDE vlan 100 igmp-snooping enable igmp-snooping querier # interface Ethernet1/0/1 port access vlan 100 # interface Ethernet1/0/2 port access vlan 100 # Configuration on Switch B # unknown-multicast drop enable # igmp-snooping enable # vlan 100 igmp-snooping enable # interface Ethernet1/0/1 port access v[...]
-
Seite 143
Configuring Multicast VLAN 143 Since multicast packets are transmitted within the multicast VLAN, which is isolated from user VLAN s, the band width and security can be guaranteed. Network Diagram Figure 38 Net work diagram for multicast VLAN Networking and Configuration Requiremen ts Configure the multica st VLAN feature so that Switch A just send[...]
-
Seite 144
144 C HAPTER 16: M ULTICAST C ONFIGURATION G UIDE Configuration Pr ocedur e Assume that the IP addresses have been configured and the devices have been connected co rrectly . 1 Configure Switch A. # Configure the IP address of VLAN-int erface 20 as 168.10.1.1, and enable PIM-DM. <SwitchA> system-view [SwitchA] multicast routing-enable [Switch[...]
-
Seite 145
Configuring Multicast VLAN 145 [SwitchB-vlan10] igmp-snooping enable [SwitchB-vlan10] quit # Configure Ethernet 1/0/10 as a Hybrid po rt, assign it to VLAN 2, VLAN 3 and VLAN 10, and configure it to send packets of VLAN 2, VLAN 3, and VLAN 10 with the respective VLAN tags kept. [SwitchB] interface Ethernet1/0/10 [SwitchB-Ethernet1/0/10] port link-t[...]
-
Seite 146
146 C HAPTER 16: M ULTICAST C ONFIGURATION G UIDE # v l a n1t o3 # vlan 10 service-type multicast igmp-snooping enable # interface Ethernet1/0/1 port link-type hybrid port hybrid vlan 1 to 2 10 untagged port hybrid pvid vlan 2 # interface Ethernet1/0/2 port link-type hybrid port hybrid vlan 1 3 10 untagged port hybrid pvid vlan 3 # interface Ethern[...]
-
Seite 147
Configuring PIM-SM plus IGMP plus IGMP Snoopi ng 147 Then, the multicast sour ce se nds the mu lticast tra ffi c along the SPT to the RP . Upon reaching the RP , the multicast traffic flows down the R PT to the receivers. Network Diagram Figure 39 Network diagram for PIM-SM, IGMP , and IGMP Snooping configuration Device Interface IP address Ports S[...]
-
Seite 148
148 C HAPTER 16: M ULTICAST C ONFIGURATION G UIDE Networking and Configuration Requirements Requirement Analysis When users receive VOD information through mult icast, the information receiving mode may vary depending on user requir ements: 1 T o avoid flooding of the video in formati on at Layer 2, IG MP Snooping needs to be enabled on Switch E, t[...]
-
Seite 149
Configuring PIM-SM plus IGMP plus IGMP Snoopi ng 149 [SwitchA-Vlan-interface100] igmp enable [SwitchA-Vlan-interface100] pim sm [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] pim sm [SwitchA-Vlan-interface101] quit [SwitchA] interface vlan-interface 102 [SwitchA-Vlan-interface102] pim sm n It is [...]
-
Seite 150
150 C HAPTER 16: M ULTICAST C ONFIGURATION G UIDE Using the following commands to de termine whether Host A and Host C can receive multicast data # View the PIM neighboring relationships on Switch E. <SwitchE> display pim neighbor Neighbor’s Address Interface Name Uptime Expires 192.168.9.1 Vlan-interface102 02:47:04 00:01:42 192.168.2.1 Vl[...]
-
Seite 151
Configuring PIM-SM plus IGMP plus IGMP Snoopi ng 151 Vlan-interface100, Protocol 0x1: IGMP, ne ver timeout Matched 1 (S,G) entries, 1 (*,G) entrie s, 0 (*,*,RP) entry The information on Switch B and Switch C is similar to that on Switch A. # View th e PIM routing table on Switch D. <SwitchD> display pim routing-table PIM-SM Routing Table Tota[...]
-
Seite 152
152 C HAPTER 16: M ULTICAST C ONFIGURATION G UIDE MAC group address:0100-5e01-0101 Host port(s):Ethernet1/0/19 # View the multicast group information that contains port information on Switch B. <SwitchB> display mpm group Total 1 IP Group(s). Total 1 MAC Group(s). Vlan(id):200. Total 1 IP Group(s). Total 1 MAC Group(s). Router port(s): IP gro[...]
-
Seite 153
Configuring PIM-SM plus IGMP plus IGMP Snoopi ng 153 Vlan(id):103. Total 0 IP Group(s). Total 0 MAC Group(s). Router port(s):Ethernet1/0/10 As shown above, Ether net 1/0/21 has be come a member port fo r multicast group 225.1.1.1. Complete Configuration Configuration on Switch A # multicast routing-enable # interface Vlan-interface100 ip address 10[...]
-
Seite 154
154 C HAPTER 16: M ULTICAST C ONFIGURATION G UIDE Configuration on Switch D # acl number 2005 rule 0 permit source 225.1.1.0 0.0.0.255 # multicast routing-enable # interface Vlan-interface101 ip address 192.168.1.2 255.255.255.0 pim sm # interface Vlan-interface105 ip address 192.168.4.2 255.255.255.0 pim sm # interface Vlan-interface300 ip address[...]
-
Seite 155
Configuring PIM-DM plus IGMP 155 vlan 100 igmp-snooping enable # Precautions ■ Only one C-BSR can be configured on a Layer 3 switch. Configuration of a C-BSR on another interface overwrites the previous configuratio n. ■ It is recommended that C-BSRs and C-RP s be configured on Layer 3 switches in the backbone network. ■ If you do not specify[...]
-
Seite 156
156 C HAPTER 16: M ULTICAST C ONFIGURATION G UIDE Network Diagram Figure 40 Network diagram for PI M-DM configuration Networking and Configuration Requirements ■ Receivers re ceive multicast VOD informat ion thr ough multicast. The receiver groups of dif fer ent organizations form two stub networks, and at least one receiver host exists in each s[...]
-
Seite 157
Configuring PIM-DM plus IGMP 157 Configuration Procedur e Configuring the interface IP addr esses and unicast r outing protocol for each switch Configure the IP address and subnet mask for each interface as per Figure 40. The detailed configuration steps are omitted her e. Configure OSPF for interoperation among the switches in the PIM-DM domain. E[...]
-
Seite 158
158 C HAPTER 16: M ULTICAST C ONFIGURATION G UIDE Use the display pim routing-table command to view the PIM routing information on the switches. For example: # View the PIM routing table on Switch A. <SwitchA> display pim routing-table PIM-DM Routing Table Total 1 (S,G) entry (10.110.5.100, 225.1.1.1) Protocol 0x40: PIMDM, Flag 0xC: SPT NE G_[...]
-
Seite 159
Configuring Anycast R P Application 159 ip address 192.168.2.1 255.255.255.0. pim dm # interface Vlan-interface200 ip address 10.110.2.1 255.255.255.0 igmp enable pim dm # Configuration on Switch C # multicast routing-enable # interface Vlan-interface102 ip address 192.168.3.1 255.255.255.0. pim dm # interface Vlan-interface200 ip address 10.110.2.[...]
-
Seite 160
160 C HAPTER 16: M ULTICAST C ONFIGURATION G UIDE Network Diagram Figure 41 Network diagram for anycast RP configuration Networking and Configuration Requirements ■ The PIM-SM domain in this example has multiple multicast sources and receivers. OSPF needs to run in the domain to provide unicast routes. ■ The anycast RP application needs to be i[...]
-
Seite 161
Configuring Anycast R P Application 161 Configure OSPF for interconnection between the switches. The detailed configuration steps are omitted here . Enabling IP multic ast r outing a nd enabling PIM-SM on each interface # Enable multicast routing on Switch C, and enable PIM-SM on each interface. <SwitchC> system-view [SwitchC] multicast routi[...]
-
Seite 162
162 C HAPTER 16: M ULTICAST C ONFIGURATION G UIDE As shown above, the multicast source has been registered on Switch C, which is deemed as the RP . # View the PIM routing in fo rmation on Swit ch F . <Switch F>dis pim routing-table PIM-SM Routing Table Total 0 (S,G) entry, 1 (*,G) entri es, 0 (*,*,RP) entry (*, 225.1.1.1), RP 10.1.1.1 Protoco[...]
-
Seite 163
Configuring Anycast R P Application 163 After the peering relationship is establis hed, the multicast r eceiver can r eceive multicast data from the source. # View th e PIM routing information on Switch C ag ain. [Switch C] display pim routing-table PIM-SM Routing Table Total 1 (S,G) entries, 0 (*,G) entry, 0 (*,*,RP) entry (10.110.5.100, 225.1.1.1[...]
-
Seite 164
164 C HAPTER 16: M ULTICAST C ONFIGURATION G UIDE ip address 3.3.3.3 255.255.255.255 pim sm # interface LoopBack10 ip address 10.1.1.1 255.255.255.255 pim sm # pim c-bsr LoopBack1 24 c-rp LoopBack10 # msdp originating-rp Vlan-interface101 peer 192.168.3.2 connect-interface Vlan-i nterface101 # Configuration on Switch F # multicast routing-enable # [...]
-
Seite 165
17 802.1 X C ONFIGURATION G UIDE n The following configurations involve most AAA/RADIUS configuration commands. Refer to “AAA Configuration” in the Configuration Guid e for your product for information about the co mmands. Configurations on the user host and the RADIUS servers are omitted. Configuring 802.1x Access Control As a port-based acces[...]
-
Seite 166
166 C HAPTER 17: 802 .1 X C ONFIGURATION G UIDE seconds, it retransmits the packet for up to 5 times. The swit ch sends real-time accounting packets at an interval of 15 minutes. A username is sent to th e RADIUS server with the domain name truncated. ■ The username an d password for local 802.1x authentication are localuser and localpass (in pla[...]
-
Seite 167
Configuring 802.1 x Access Control 167 # Set the interval and the number of packet transmission att empts for the switch to send packets to the RADIUS server . [3Com-radius-radius1] timer 5 [3Com-radius-radius1] retry 5 # Set the interval for the switch to se nd real-time accounting packets to the RADIUS server . [3Com-radius-radius1] timer realtim[...]
-
Seite 168
168 C HAPTER 17: 802 .1 X C ONFIGURATION G UIDE primary authentication 10.11.1.1 primary accounting 10.11.1.2 secondary authentication 10.11.1.2 secondary accounting 10.11.1.1 key authentication name key accounting money timer realtime-accounting 15 timer response-timeout 5 retry 5 user-name-format without-domain # domain aabbcc.net scheme radius-s[...]
-
Seite 169
18 AAA C ONFIGURATION G UIDE Configuring RADIUS Authentication for T elnet Users Authentication, Auth orization and Accounting (AAA) is a uniform fr amework used to configure the thr ee functions for network security management. It can be implemented by multiple protocols. RADIUS configurations are made in R ADIUS schemes. When performing RADIUS co[...]
-
Seite 170
170 C HAPTER 18: AAA C ONFIGURATION G UIDE usernames and logi n passwor ds. Note that t he T elnet us ernames added to the RADIUS server must be in the format of userid @ isp-name . ■ Configure the swit ch to inclu de domain names in the usernames to be sent to the RADIUS server in the RADIU S scheme. Applicable Products Configuration Pr ocedur e[...]
-
Seite 171
Configuring Dynamic VLAN Assignme nt with RADIUS Authentication 171 primary authentication 10.110.91.164 key authentication aabbcc server-type extended user-name-format with-domain quit # domain cams scheme radius-scheme cams Precautions The T elnet user needs to enter the userna me with the domain name ca ms , in the format userid @cams, so that t[...]
-
Seite 172
172 C HAPTER 18: AAA C ONFIGURATION G UIDE Configuration Pr ocedur e # Create a RADIUS scheme named cams and specify th e primary and secondary servers. <3Com> system-view [3Com] radius scheme cams [3Com-radius-cams] primary authent ication 192.168.1.19 [3Com-radius-cams] primary account ing 192.168.1.19 [3Com-radius-cams] secondary authe nti[...]
-
Seite 173
Configuring Local Authen ti cation for Telnet Users 173 radius scheme cams primary authentication 192.168.1.19 primary accounting 192.168.1.19 secondary authentication 192.168.1.20 secondary accounting 192.168.1.20 key authentication expert key accounting expert user-name-format with-domain server-type extended # domain abc radius-scheme cams vlan-[...]
-
Seite 174
174 C HAPTER 18: AAA C ONFIGURATION G UIDE Configuration Pr ocedur e # Enter system view . <3Com> system-view # Configure the switch to u se AAA authentication for T elnet users. [3Com] user-interface vty 0 4 [3Com-ui-vty0-4] authentication-mode scheme [3Com-ui-vty0-4] quit # Configure a local user named telnet . [3Com] local-user telnet [3Co[...]
-
Seite 175
Configuring HWTACACS Authen tication for Telnet Users 175 Network Diagram Figure 46 Network diagram for configuring HWT ACACS authentication for T elnet users Networking and Configuration Requiremen ts As shown in Figure 46, you ar e r equir ed to configure the switch so that T elnet users logging into the switch are authenticated and auth orized b[...]
-
Seite 176
176 C HAPTER 18: AAA C ONFIGURATION G UIDE Complete Configuration # system-view hwtacacs scheme hwtac primary authentication 10.110.91.1 64 49 primary authorization 10.110.91.16 4 49 key authentication expert key authorization expert user-name-format without-domain quit # domain hwtacacs scheme hwtacacs-scheme hwtac accounting optional Precautions [...]
-
Seite 177
Configuring EAD 177 Networking and Configuration Requiremen ts As shown in Figure 47, a user host is connected to Ether net 1/0/1 on the switch. On the host runs the 802.1x client sup porting 3Com EAD extended funct ion. Y o u are r equir ed to configure the switch to use the RADIUS server for r emote user authentication and the security policy ser[...]
-
Seite 178
178 C HAPTER 18: AAA C ONFIGURATION G UIDE quit domain system radius-scheme cams Precautions T o support all extended functio ns of CA MS, you are recommended to configur e the 802.1x authentication met hod as EAP an d the RADIUS scheme server type as extended on the switc h.[...]
-
Seite 179
19 MAC A UTHENTICATION C ONFIGURATION G UIDE Configuring MAC Authentication MAC authentication provides a way for authenticating users based on ports and MAC addresses, without requiring any client software to be installed on the hosts. Once detect ing a new M AC addr ess, a switch with MAC aut hentication configured will initiate the authenticatio[...]
-
Seite 180
180 C HAPTER 19: MAC A UTHENTICATION C ONFIGURATION G UIDE Configuration Pr ocedur e # Enable MAC authentication for por t Ethern et 1/0/2. <3Com> system-view [3Com] mac-authentication interfac e Ethernet 1/0/2 # Specify the MAC authentication username type as MAC addr ess and the MAC address format as with-hyphen . [3Com] mac-authentication [...]
-
Seite 181
Configuring MAC Authentic ation 181 h-hyphen # domain aabbcc.net # local-user 00-0d-88-f6-44-c1 password simple 00-0d-88-f6-44-c1 service-type lan-access # Precautions ■ Y ou cannot conf igure the maximum number of MAC addresses that can be learn t on a MAC authentication enabled port, or ena ble MAC authentication on a port that is configured wi[...]
-
Seite 182
182 C HAPTER 19: MAC A UTHENTICATION C ONFIGURATION G UIDE[...]
-
Seite 183
20 VRRP C ONFIGURATION G UIDE Single VRRP Group Configuration Virtual Router Red undancy Pr otocol (VRRP) is an error -tolerant protocol defined in RFC 2338. In LANs with multicast or broadcast capabilities (such as Ether net), VRRP can avoid single point failure through establishing backup links without modifying the configuration of dynamic routi[...]
-
Seite 184
184 C HAPTER 20: VRRP C ONFIGURATION G UIDE Applicable Products Configuration Pr ocedur e 1 Configure Switch A. # Configure VLAN 2. <LSW-A> system-view [LSW-A] vlan 2 [LSW-A-vlan2] port Ethernet1/0/6 [LSW-A-vlan2] quit [LSW-A] interface Vlan-interface 2 [LSW-A-Vlan-interface2] ip address 202.38.160.1 255.255.255.0 [LSW-A-Vlan-interface2] quit[...]
-
Seite 185
Single VRRP Group Configuration 185 [LSW-B] interface Vlan-interface 2 [LSW-B-Vlan-interface2] ip address 202.38.160.2 255.255.255.0 [LSW-B-Vlan-interface2] quit # Enable the VRRP group to r espond to ping operations destined for its virtual IP address. [LSW-B] vrrp ping-enable # Create a VRRP group. [LSW-B] interface vlan 2 [LSW-B-Vlan-interface2][...]
-
Seite 186
186 C HAPTER 20: VRRP C ONFIGURATION G UIDE ■ If both switches in the preemptive mode and switches in the non-preemptive mode exist in a VRRP group, the working mode of the VRRP group conforms to that of the master . For example, if th e master works in the pree mptive mode, when the master fails, the VRRP group will elect a new master thr ough p[...]
-
Seite 187
Multiple VRRP Groups Configuration 187 <LSW-A> system-view [LSW-A] vlan 2 [LSW-A-vlan2] port Ethernet1/0/6 [LSW-A-vlan2] quit [LSW-A] interface Vlan-interface 2 [LSW-A-Vlan-interface2] ip address 202. 38.160.1 255.255.255.0 # Create VRRP group 1. [LSW-A-Vlan-interface2] vrrp vrid 1 vir tual-ip 202.38.160.111 # Set the priority of Switch A in [...]
-
Seite 188
188 C HAPTER 20: VRRP C ONFIGURATION G UIDE ip address 202.38.160.2 255.255.25 5.0 vrrp vrid 1 virtual-ip 202.38.160. 111 vrrp vrid 2 virtual-ip 202.38.160. 112 vrrp vrid 2 priority 110 # interface Ethernet1/0/6 port access vlan 2 # Precautions ■ The Switch 5500 supports VRRP , while the Switch 4500 does not. ■ For the IP address owner , its pr[...]
-
Seite 189
VRRP Interface Tracking 189 Network Diagram Figure 51 Network diagram for VRRP Networking and Configuration Requiremen ts Switch A is the master and Switch B is the backup in a VRRP group. Both Switch A and Switch B have an interface connected with the Inter net. Configure the VRRP interface tracking function, so that wh en the interface connected [...]
-
Seite 190
190 C HAPTER 20: VRRP C ONFIGURATION G UIDE # Create VRRP group 1. [LSW-A] interface Vlan-interface 2 [LSW-A-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # Set the priority of Switch A in VRRP group 1 to 110. [LSW-A-Vlan-interface2] vrrp vrid 1 priority 110 # Set the interface to be tracked. [LSW-A-Vlan-interface2] vrrp vrid 1 track inter[...]
-
Seite 191
VRRP Port Tracking 191 port access vlan 2 # ■ Configuratio ns on Switch B # vrrp ping-enable # interface Vlan-interface2 ip address 202.38.160.2 255.255.255.0 vrrp vrid 1 virtual-ip 202.38.160.111 # interface Ethernet1/0/5 port access vlan 2 # Precautions ■ The Switch 5500 supports VRRP , while the Switch 4500 does not. ■ For the IP address o[...]
-
Seite 192
192 C HAPTER 20: VRRP C ONFIGURATION G UIDE Networking and Configuration Requirements ■ There ar e two switches, the master and the backup, in VRRP group 1. ■ The IP addresses of the master and the backup are 10.100.10.2 and 10.100.10.3 respectively . ■ The master is connected with the upstream network through port Ether net 1/0/1 that belong[...]
-
Seite 193
VRRP Port Tracking 193 [3Com] interface Vlan-interface 3 [3Com-Vlan-interface3] vrrp vrid 1 virt ual-ip 10.100.10.1 # Enter port view of Ethernet 1/0/1 and enable th e VRRP port tracking function. [3Com] interface Ethernet1/0/1 [3Com-Ethernet1/0/1] vrrp Vlan-interfac e 3 vrid 1 track reduced 50 Complete Configuration On the master: # interface Vlan[...]
-
Seite 194
194 C HAPTER 20: VRRP C ONFIGURATION G UIDE[...]
-
Seite 195
21 DHCP C ONFIGURATION G UIDE DHCP Server Global Address Pool Configuration Guide In general, there ar e two typical DHCP ne twork topologies. One is to deploy the DHCP server and DHCP clients in the sa me network segment. This enables the clients to communicate with the server directly . The other is to deploy the DHCP server and DHCP clients in d[...]
-
Seite 196
196 C HAPTER 21: DHCP C ONFIGURATION G UIDE Applicable Products Configuration Pr ocedur e # Enable DHCP . [SwitchA] dhcp enable # Exclude the IP addr esses of the DNS se rver , WINS server , and gateways from dynamic assignment. [SwitchA] dhcp server forbidden-ip 10.1.1.2 [SwitchA] dhcp server forbidden-ip 10.1.1.4 [SwitchA] dhcp server forbidden-i[...]
-
Seite 197
DHCP Server Global Address Po ol Configuration Guide 197 <SwitchA> %Apr 10 21:34:55:782 2000 3Com DHCPS/4/ DHCPS_LOCAL_SERVER:- 1 - Local DHCP server information(detect b y server):SERVER IP = 10.1.1. 5; Sourceclient information: interface = Vlan-interface2, type = DHC P_REQUEST, CHardAddr= 00e0-fc55-0011 Complete Configuration # dhcp server [...]
-
Seite 198
198 C HAPTER 21: DHCP C ONFIGURATION G UIDE DHCP Server Interface Address Pool Configuration Guide Network Diagram Figure 54 Network diagram for DHCP server in terface address pool configuration Networking and Configuration Requirements ■ Configure the IP address of VLAN-interfa ce 1 on the DHCP server (Switch A) as 192.168.0.1/24. ■ The DHCP c[...]
-
Seite 199
DHCP Relay Agent Configuration Guide 199 [SwitchA-Vlan-interface1] dhcp select i nterface # Configure a static IP-to-MAC binding in t he DHCP interface address pool. [SwitchA-Vlan-interface1] dhcp server s tatic-bind ip-address 192.168 .0.10 mac-address 000D-88F7-0001 # Specify the lease duration, DNS server address, and WINS server address in the [...]
-
Seite 200
200 C HAPTER 21: DHCP C ONFIGURATION G UIDE Network Diagram Figure 55 Network diagram for DHCP relay agent configuration Networking and Configuration Requirements ■ VLAN-interface 1 on the DHCP relay agen t (Switch A) connects to the network where DHCP clients r eside. The IP addre ss of VLAN-interface 1 is 10.10.1.1/24 and the IP addr ess of VLA[...]
-
Seite 201
DHCP Snooping Configuratio n Guide 201 [SwitchA] dhcp-security static 10.10.10 .5 0001-0010-0001 # Enable the address check function on the DHCP relay agent. [SwitchA] interface Vlan-interface 1 [SwitchA-Vlan-interface1] address-check enable Currently , a Switch 4500 operating as a DHCP relay agent does not support the address check function. Compl[...]
-
Seite 202
202 C HAPTER 21: DHCP C ONFIGURATION G UIDE Network Diagram Figure 56 Network diagram for DHCP snooping configuration Networking and Configuration Requirements As shown in Figur e 56, Ethernet 1/0/5 of Switch is connected to the DHCP serv er , and Eth ernet 1/0/1, Ethernet 1/ 0/2, a nd Ethernet 1/0/3 are respectively connected to Client A, Client B[...]
-
Seite 203
DHCP Accounting Configuration G uide 203 Precautions ■ Y ou need to specify the port connected to the auth orized DHCP server as a trusted port to ensure that DHCP clie nts can obtain valid IP addresses. The trusted port and the ports co nnected to th e DHCP clients must be in the same VLAN. ■ T o enable DHCP snooping on a Switch 5500 t hat bel[...]
-
Seite 204
204 C HAPTER 21: DHCP C ONFIGURATION G UIDE # Enter Ether net 1/0/1 view and add the port to VLAN 2. [3Com] interface Ethernet 1/0/1 [3Com-Ethernet1/0/1] port access v lan 2 [3Com-Ethernet1/0/1] quit # Enter Ether net 1/0/2 view and add the port to VLAN 3. [3Com] interface Ethernet 1/0/2 [3Com-Ethernet1/0/2] port access v lan 3 [3Com-Ethernet1/0/2][...]
-
Seite 205
DHCP Client Configuration G uide 205 # vlan 2 # vlan 3 # interface Vlan-interface2 ip address 10.1.1.1 255.255.255.0 # interface Vlan-interface3 ip address 10.1.2.1 255.255.255.0 # interface Ethernet1/0/1 port access vlan 2 # interface Ethernet1/0/2 port access vlan 3 # Precautions Befor e configuring DHCP accounting, make sure that: ■ The DHCP s[...]
-
Seite 206
206 C HAPTER 21: DHCP C ONFIGURATION G UIDE Complete Configuration # interface Vlan-interface1 ip address dhcp-alloc # Precautions None[...]
-
Seite 207
22 ACL C ONFIGURATION G UIDE Configuring Basic ACLs Basic ACLs filter packets base d on only sour ce IP address. The numbers of basic ACLs range from 2000 to 2999. Network Diagram Figure 58 Network diagram for basic ACL configuration Networking and Configuration Requiremen ts PC 1 and PC 2 connect to the switch th rough Ethernet 1/0/1 (assuming tha[...]
-
Seite 208
208 C HAPTER 22: ACL C ONFIGURATION G UIDE Complete Configuration # acl number 2000 rule 1 deny source 10.1.1.1 0 time-range test # interface Ethernet1/0/1 packet-filter inbound ip-group 2000 rule 1 # time-range test 08:00 to 18:00 daily # Precautions ■ If a packet m atches mult iple ACL r ules at the sa me time and some ac tions of the rules con[...]
-
Seite 209
Configuring Ethernet Frame He ader ACLs 209 Configuration Procedur e # Define a periodic time range that is from 8:00 to 18:00 on working days. <3Com> system-view [3Com] time-range test 8:00 to 18:00 wo rking-day # Define advanced ACL 3000 to filter pack ets destined for the wage query server . [3Com] acl number 3000 [3Com-acl-adv-3000] rule [...]
-
Seite 210
210 C HAPTER 22: ACL C ONFIGURATION G UIDE Network Diagram Figure 60 Network diagram for Ether net frame header ACL configuration Networking and Configuration Requirements PC 1 and PC 2 co nnect to the switch th rough Ethernet 1/0/1 (assuming t hat the switch is a Switch 5500). PC 1 ’ s MAC address is 0011-0011-0011. Apply an Ethern et frame head[...]
-
Seite 211
Configuring User-Defined ACLs 211 Precautions ■ If a packet matches multiple ACL rules at the same time and some ac tions of the rules conflict, th e last assigned rule takes effective. For an Ethernet frame header ACL appl ied to a port, you cannot configure the fo rmat-type argument as 802.3/802.2, 802.3, et her_ii or snap. ■ When applying mu[...]
-
Seite 212
212 C HAPTER 22: ACL C ONFIGURATION G UIDE # Define ACL 5000 to deny any ARP pa cket whose source IP addr ess is 192.168.0.1 from 8:00 to 18:00 everyday (provided that VLAN-VPN is not enabled on any port).In the ACL rule, 0806 is the AR P protocol number , 16 is the protocol type field offset of the internally processed Ethernet frame, c0a80001 is [...]
-
Seite 213
Configuring User-Defined ACLs 213 ■ W ith the Switch 5500/5500G, for a user - defined ACL to be assigned successfully , the maximum length of a user -defined rule string is 32 bytes. The string may or may not contain spaces, and can occupy up to eight mask offset units. Besides, any two offset units ca nnot belong to the same offset gr oup. ■ F[...]
-
Seite 214
214 C HAPTER 22: ACL C ONFIGURATION G UIDE[...]
-
Seite 215
23 Q O S/Q O S P R OFILE C ONFIGURATION G UIDE Configuring T raffic Policing and LR Network Diagram Figure 62 Network diagram for traf fic policing and LR configuration Networking and Configuration Requiremen ts A company uses a switch (a Switch 5500 in this example) to inter connect all the departments. PC 1 with IP address 192 .1 68.0.1 belongs t[...]
-
Seite 216
216 C HAPTER 23: Q O S/Q O S P ROFILE C ONFIGURATION G UIDE Configuration Pr ocedur e 1 Define traffic classification rules # Create basic ACL 2000 and enter b asic ACL view . <3Com> system-view [3Com] acl number 2000 # Define a rule to match th e packets with source IP address 192.168.0.1. [3Com-acl-basic-2000] rule permit source 192.168.0.1[...]
-
Seite 217
Configuring Priority Marki ng and Queue Scheduling 217 Configuring Priority Marking and Queue Scheduling Network Diagram Figure 63 Network diagram for priority marking and queue scheduling configuration Networking and Configuration Requiremen ts A company uses a switch (a Switch 5500 in this example) to inter connect all the departments. PC 1, PC 2[...]
-
Seite 218
218 C HAPTER 23: Q O S/Q O S P ROFILE C ONFIGURATION G UIDE Configuration Pr ocedur e 1 Define traffic classification rules # Cr eate advanced ACL 3000 and enter advanced ACL view . <3Com> system-view [3Com] acl number 3000 # Define traffic classification rules wi th destination IP address as the match criterion. [3Com-acl-adv-3000] rule 0 pe[...]
-
Seite 219
Configuring Priority Marki ng and Queue Scheduling 219 acl number 3000 rule 0 permit IP destination 192.168.0 .1 0 rule 1 permit IP destination 192.168.0 .2 0 rule 2 permit IP destination 192.168.0 .3 0 # interface Ethernet1/0/1 traffic-priority inbound ip-group 3000 rule 0 local-precedence 4 traffic-priority inbound ip-group 3000 rule 1 local-prec[...]
-
Seite 220
220 C HAPTER 23: Q O S/Q O S P ROFILE C ONFIGURATION G UIDE ■ The Switch 4210 supports the WRR queue schedulin g algorithm and the high queue-WRR (HQ-WRR) queue schedulin g algorithm. HQ-WRR is implemented based on WRR. HQ-WRR selects queue 3 as the high-prior ity queue from the four output queues. If the bandwidth o ccupied by the four queues ex[...]
-
Seite 221
Configuring Traffic Redirecti on and Traffic Accounting 221 ■ During non-working time, count the HTTP traffic from PC 1 to the Internet. Applicable Products Configuration Procedur e 1 Define a time range for working days # Create time range tr1 , setting it to become acti ve between 8:30 to 18:00 during working days. <3Com> system-view [3Co[...]
-
Seite 222
222 C HAPTER 23: Q O S/Q O S P ROFILE C ONFIGURATION G UIDE rule 1 permit TCP source 192.168.0.1 0 destination-port eq www time-range tr2 # interface Ethernet1/0/1 traffic-redirect inbound ip-group 3000 rule 0 interface Ethernet1/0/2 traffic-statistic inbound ip-group 3000 rule 1 # time-range tr2 00:00 to 08:30 working-day time-range tr2 18:00 to 2[...]
-
Seite 223
Configuring QoS Profile 223 Applicable Products Configuration Procedur e 1 Configurat ion on the AAA serv er Configure authentication information and user name-t o-QoS-profile mapping for the user on the AAA server . Refer to “AAA Configuration” in the Configuration Guide for your product for detailed information. 2 Configuratio n on the switch[...]
-
Seite 224
224 C HAPTER 23: Q O S/Q O S P ROFILE C ONFIGURATION G UIDE # Enable 802.1x. [3Com] dot1x [3Com] dot1x interface Ethernet 1/ 0/1 Complete Configuration # dot1x # radius scheme system radius scheme radius1 server-type standard primary authentication 10.11.1.1 primary accounting 10.11.1.2 secondary authentication 10.11.1.2 secondary accounting 10.11.[...]
-
Seite 225
24 W EB C ACHE R EDIR ECTION C ONFIGURATION G UIDE Configuring Web Cache Redirection The Web cache r edirection function r edire cts the packets accessing We b pages to a Web cache server , thus reducing the load on the links between a LAN and the Inter net and improving the speed of ob taining information from the Internet. Network Diagram Figure [...]
-
Seite 226
226 C HAPTER 24: W EB C ACHE R EDIRE CTION C ONFIGURATION G UIDE ■ The Web cache server belongs to VLAN 40 and is connected to Ether net 1/0/4 of the switch. The IP ad dress of the VLAN interface for VLAN 40 is 192.168.4.1/24. The IP address and the MAC address of the W eb cache server is 192.168.4.2 and 0012-0990-2 250. ■ The router is connect[...]
-
Seite 227
Configuring Web Cache Redirection 227 [3Com-Vlan-interface40] ip address 192.168.4.1 24 [3Com-Vlan-interface40] quit # Create VLAN 50 for the switch to connect to t he router and configure the IP address of VLAN-interface 50 as 192.168.5.1. [3Com] vlan 50 [3Com-vlan50] port Ethernet 1/0/5 [3Com-vlan50] quit [3Com] interface Vlan-interface 50 [3Com-[...]
-
Seite 228
228 C HAPTER 24: W EB C ACHE R EDIRE CTION C ONFIGURATION G UIDE interface Ethernet1/0/1 port access vlan 10 # interface Ethernet1/0/2 port access vlan 20 # interface Ethernet1/0/3 port access vlan 30 # interface Ethernet1/0/4 port link-type trunk port trunk permit vlan 1 40 50 webcache address 192.168.4.2 mac 0012-0990-2250 vlan 40 # webcache redi[...]
-
Seite 229
25 M IRR ORING C ONFIGURATION G UIDE Local Port Mirroring Configuration In local port mirroring, packets of one or more source ports of a device are copied to a destination port on the device for pac ket analysis a nd monito ring. In local port mirroring, the sour ce ports and the destination port are on the same device. Network Diagram Figure 67 N[...]
-
Seite 230
230 C HAPTER 25: M IRRORING C ONFIGURATION G UIDE Configuration Pr ocedur e Configu re Switch C: # Create a local mirr oring group. <3Com> system-view [3Com] mirroring-group 1 local # Configure the source ports and destination port for the local mirroring group. [3Com] mirroring-group 1 mirroring-port Ethernet 1/0/1 Ethernet 1/0/2 both [3Com][...]
-
Seite 231
Remote Port Mirroring Configuration 231 Remote Port Mi rroring Configuration Remote port mirroring does not require th e source and destination ports to be on the same devic e. The sour c e and destina tion por ts can be lo cated on mu ltiple devices acr oss the network. Ther efor e, ad ministrators can monitor the traffic on remote devices conv en[...]
-
Seite 232
232 C HAPTER 25: M IRRORING C ONFIGURATION G UIDE Network Diagram Figure 69 Network diagram for r emote port mirr oring Networking and Configuration Requirements The departments of a company connect to each other through Switch 5500s: ■ Switch A, Switch B, and Switch C are Switch 5500s. ■ Department 1 is connected to Ether net 1/0/1 of Switch A[...]
-
Seite 233
Remote Port Mirroring Configuration 233 Configuration Procedur e 1 Configure the sour ce switch (Switch A) # Create r emote source mirr oring group 1. <3Com> system-view [3Com] mirroring-group 1 remote-source # Configure VLAN 10 as the remote-probe VLAN. [3Com] vlan 10 [3Com-vlan10] remote-probe vlan enable [3Com-vlan10] quit # Configure the [...]
-
Seite 234
234 C HAPTER 25: M IRRORING C ONFIGURATION G UIDE [3Com] vlan 10 [3Com-vlan10] remote-probe vlan en able [3Com-vlan10] quit # Configure the destination port and remote-probe VLAN for the remote destinatio n mirroring gr oup. [3Com] mirroring-group 1 monitor-p ort Ethernet 1/0/2 [3Com] mirroring-group 1 remote-pr obe vlan 10 # Configure Ether net 1/[...]
-
Seite 235
Remote Port Mirroring Configuration 235 3 Configurat ion on the dest ination switch (Switch C) # mirroring-group 1 remote-destination # vlan 10 remote-probe vlan enable # interface Ethernet1/0/1 port link-type trunk port trunk permit vlan 1 10 # interface Ethernet1/0/2 port access vlan 10 mirroring-group 1 monitor-port # Precautions Note the follow[...]
-
Seite 236
236 C HAPTER 25: M IRRORING C ONFIGURATION G UIDE ■ Packets received on the destination p o rt are those pr ocessed and forwarded by the switch. ■ The destination port to be configured cannot be a member port of an existing mirroring group; a fabric port (only the Switch 5500/5 500G have this limitation), a member port of an aggreg ation gr oup[...]
-
Seite 237
Traffic Mirroring Config uration 237 Configuration Procedur e # Configure a basic ACL 2000, matching th e packets whose source IP address is 192.168.0.1. <3Com> system-view [3Com] acl number 2000 [3Com-acl-basic-2000] rule permit sourc e 192.168.0.1 0 [3Com-acl-basic-2000] quit # Configure traf fic mirr oring on Ethernet 1/ 0/1. Mirror packet[...]
-
Seite 238
238 C HAPTER 25: M IRRORING C ONFIGURATION G UIDE[...]
-
Seite 239
26 XRN C ONFIGURATION G UIDE XRN Fabric Configuration Several Expandable Resilient Networking (XRN) supported switches can be interconnected to form a fabric, in wh ich each switch is a unit, the ports connecting the units are called fabric ports, and the other ports that are used to connect the fabric to users are called user ports. In this way , [...]
-
Seite 240
240 C HAPTER 26: XRN C ONFIGURATION G UIDE Fabric Cable Connection n Y ou are recommended to connect the switches with cables after the configuration in “Configuration Procedure” on page 241 “Config uration Procedure” on page 241. Fabric cable connection mode of Switch 5500s When building an XRN fabric of Switch 5500s, note the fabric cable[...]
-
Seite 241
XRN Fabric Configuration 241 ■ An Switch 5500Gs switch has two ports: up port and down port. Given a switch, its up port is connected to the down port of an other switch, and its down port is connected to the up port of a third one. ■ Plug the cable connectors completely into the fabric ports. n On a Switch 5500Gs Ethernet switch, on ly two spe[...]
-
Seite 242
242 C HAPTER 26: XRN C ONFIGURATION G UIDE # Configure the fabric name as hello . [3Com] sysname hello # Configure the authentication mode as simple and password as welcome . [hello] XRN-fabric authentication- mode simple welcome 2 Configure Switch B. # Bring up the fabric ports. <3Com> system-view [3Com] fabric-port GigabitEthernet 1/1/1 ena[...]
-
Seite 243
XRN Fabric Configuration 243 By viewing the Left Port and Right Port fields in the output information, yo u can know the running status of the current fabric ports. The above prompt information indicates that the fabric por ts are working normally (displayed as Normal). Y ou can also use the display XRN command to view the switches in the current X[...]
-
Seite 244
244 C HAPTER 26: XRN C ONFIGURATION G UIDE [3Com] sysname hello The configurations and verification on Sw itch C are the same as those on a Switch 5500. Therefore they ar e omitted here. Complete Configuration Complete configuration on the Switch 5500 n T o avoid repetition, only the complete c onfiguration of Switch A is listed below . ■ Configu[...]
-
Seite 245
XRN Fabric Configuration 245 Otherwise, you cannot enable the fab ric port. For detailed restrictions, refer to the error information output by devices. ■ When configuring XRN, do not confi gure other functions, and before configuring other funct ions, make sure the fabric has been established and works normally . ■ After a fabric is establishe[...]
-
Seite 246
246 C HAPTER 26: XRN C ONFIGURATION G UIDE[...]
-
Seite 247
27 C LUSTER C ONFIGURATION G UIDE Cluster Configuration The cluster function is implemented th rough 3Com Group Management Protocol version 2 (Switch Clusteringv2). Using Switch Clusteringv2, yo u can manage multiple switches through the public IP addr ess of a master device. In a c luster , the master switch is called the management device, and th[...]
-
Seite 248
248 C HAPTER 27: C LUSTER C ONFIGURATI ON G UIDE ■ Ethern et 1/0/1 belongs to VLAN 2, whos e interface IP address is 163.172.55 .1. ■ All the devices in t he cluster share the same F T P/TF TP server . ■ The F TP/TF TP server uses IP address 63.172.55.1. ■ The NMS/logging host uses IP address 69.172.55.4. Applicable Products n The Switch 42[...]
-
Seite 249
Cluster Configuration 249 [3Com] ndp enable [3Com] undo ndp enable intferface Ethernet 1/0/1 [3Com] interface Ethernet 1/0/1 [3Com-Ethernet1/0/1] undo ntdp enable [3Com-Ethernet1/0/1] quit # Enable NDP on Ethernet 1/0/2 and Eth ernet 1/0/3. [3Com] interface Ethernet 1/0/2 [3Com-Ethernet1/0/2] ndp enable [3Com-Ethernet1/0/2] quit [3Com] interface Et[...]
-
Seite 250
250 C HAPTER 27: C LUSTER C ONFIGURATI ON G UIDE [3Com] cluster [3Com-cluster] # Configure a private IP address pool for a cluster . The IP address pool contains six IP addresses, starting fr om 172.16.0.1. [3Com-cluster] ip-pool 172.16.0.1 255.255.255.248 # Name and build a cluster . [3Com-cluster] build aaa [aaa_0.3Com-cluster] # Add the two swit[...]
-
Seite 251
Network Management Interface Configuration 251 Complete Configuration 1 Configurat ions on the manage ment devic e # interface Vlan-interface2 ip address 163.172.55.1 255.255.255.0 # ntdp hop 2 ntdp timer port-delay 15 ntdp timer hop-delay 150 ntdp timer 3 # ndp timer hello 70 ndp timer aging 200 # cluster ip-pool 172.16.0.1 255.255.255.248 build a[...]
-
Seite 252
252 C HAPTER 27: C LUSTER C ONFIGURATI ON G UIDE Network Diagram Figure 75 Network diagram for network mana gement interface configuration Networking and Configuration Requirements ■ Configure VLAN-interface 2 as th e network management interface. ■ Configur e VLAN 3 as the ma nagement VLAN . ■ The IP address of the F TP server is 192.168.4.3[...]
-
Seite 253
Network Management Interface Configuration 253 # Add Ethernet 1/0/2 to VLAN 2. [3Com] vlan 2 [3Com-vlan2] port Ethernet 1/0/2 [3Com-vlan2] quit # Configure the IP address of VLAN-interface 2 as 192.168.4.22. [3Com] interface Vlan-interface 2 [3Com-Vlan-interface2] ip address 192.168.4.22 255.255.255.0 [3Com-Vlan-interface2] quit # Enable the cluste[...]
-
Seite 254
254 C HAPTER 27: C LUSTER C ONFIGURATI ON G UIDE ■ The netwo rk manageme nt interfa ce can be conf igur ed on the ma nagement switch only . n The network management in terface cannot be co nfigured on the Switch 4 210. Cluster Configuration in Real Networking In a complicated network, you can manage switches remotely in a bulk thr ough Switch Clu[...]
-
Seite 255
Cluster Configuration in Real Networking 255 The member switches: ■ Member switch Switch B is connected to Switch D through Ethernet 1/0/2. ■ Switch B is connected to Switch E through Ethernet 1/0/3. ■ Switch B is connected to Switch F through Ethernet 1/0/4. n ■ Switch A, Switch B and Switch C are usually the Switch 5500 and Switch 5500G. [...]
-
Seite 256
256 C HAPTER 27: C LUSTER C ONFIGURATI ON G UIDE [3Com] interface Ethernet 1/0/2 [3Com-Ethernet1/0/2] ntdp enable [3Com-Ethernet1/0/2] quit [3Com] interface Ethernet 1/0/3 [3Com-Ethernet1/0/3] ntdp enable [3Com-Ethernet1/0/3] quit [3Com] interface Ethernet 1/0/4 [3Com-Ethernet1/0/4] ntdp enable [3Com-Ethernet1/0/4] quit # Enable the cluster functio[...]
-
Seite 257
Cluster Configuration in Real Networking 257 [3Com] ntdp timer hop-delay 180 # Set the delay for a port of a member device to forward topology collection request to 20 ms. [3Com] ntdp timer port-delay 20 # Set the topology collection interval to three minutes. [3Com] ntdp timer 3 # Enable the cluster fun ction. [3Com] cluster enable # Enter cluster[...]
-
Seite 258
258 C HAPTER 27: C LUSTER C ONFIGURATI ON G UIDE Complete Configuration 1 Configuratio n on Switch A # ntdp hop 2 ntdp timer port-delay 20 ntdp timer hop-delay 180 ntdp timer 3 # ndp timer hello 100 ndp timer aging 300 # cluster ip-pool 172.16.0.1 255.255.255.248 build aaa holdtime 100 tftp-server 10.1.1.15 snmp-host 10.1.1.16 #[...]
-
Seite 259
28 P O E/P O E P R OFILE C ONFIGURATION G UIDE PoE Configuration Power over Ether net (PoE)-enabled devices use 10BASE- T , 100BASE-TX and 1000BASE-T twisted pair cables to sup p ly power to powered devices (PD) and implement power supply and data transmission simultaneously . Network Diagram Figure 77 Network diagram for PoE configuration Networki[...]
-
Seite 260
260 C HAPTER 28: P O E/P O E P ROFI LE C ONFIGURATION G UIDE Configuration Pr ocedur e # Upgrade the power processing software. <SwitchA> system-view [SwitchA] poe update refresh 0290_ 021.s19 Update PoE board successfully # Enable the PoE feature on ports Ethernet 1/0/1, Ether net 1/0/2 and Ether net 1/0/8. [SwitchA] interface Ethernet 1/0/1[...]
-
Seite 261
PoE Profile Configuration 261 Ethernet1/0/8 on enable signal critical Standard PD was detected ...... # View the PoE pow er information of all the ports on the switch. <SwitchA> display poe interface power PORT INDEX POWER (mW) PORT INDEX POWER (mW) Ethernet1/0/1 11500 Ethernet1/0/2 2300 Ethernet1/0/3 0 Ethernet1/0/4 0 Ethernet1/0/5 0 Etherne[...]
-
Seite 262
262 C HAPTER 28: P O E/P O E P ROFI LE C ONFIGURATION G UIDE Network Diagram Figure 78 Network diagram for PoE profile configuration Networking and Configuration Requirements Switch A is a Switch 5500 supporting PoE. Ethern et 1/0/1 through Ether net 1/0/10 of Switch A are used by users of group A, whom have the following requir ements: ■ The PoE[...]
-
Seite 263
PoE Profile Configuration 263 # In Pr ofile1, add the Po E policy configuratio n applicabl e to Ethe rnet 1/0/1 through Ethernet 1/0/5 for users of group A. [SwitchA-poe-profile-Profile1] poe enable [SwitchA-poe-profile-Profile1] poe mode signal [SwitchA-poe-profile-Profile1] poe prio rity critical [SwitchA-poe-profile-Profile1] poe max- power 3000[...]
-
Seite 264
264 C HAPTER 28: P O E/P O E P ROFI LE C ONFIGURATION G UIDE # interface Ethernet1/0/7 apply poe-profile Profile2 # interface Ethernet1/0/8 apply poe-profile Profile2 # interface Ethernet1/0/9 apply poe-profile Profile2 # interface Ethernet1/0/10 apply poe-profile Profile2 Precautions 1 When the apply poe-profile command is used to apply a PoE prof[...]
-
Seite 265
29 UDP H ELPER C ONFIGURATION G UIDE UDP Helper Configuration Guide The Switch 5500 provides the UDP Helper f unction to relay specified UDP packets. In other words, U DP Helper functions as a relay agent that converts UDP br oadc ast packets into unicast packets and forwards them to a specified destination server . W ith UDP Helper enabled, the de[...]
-
Seite 266
266 C HAPTER 29: UDP H ELPER C ONFIGURATION G UIDE [SwitchA] udp-helper enable # Configure the switch to forward br oadcasts containing the destination UDP port number 137. (By default, the device, after enabled with UDP Helper , forwards the broadcasts containing the destination UDP port n umber 137.) [SwitchA] udp-helper port 137 # Specify the de[...]
-
Seite 267
30 SNMP-RMON C ONFIGURATION G UIDE SNMP Configuration The Simple Network Management Protoc ol (SNMP) is used for ensuring the transmission of t he management informat ion b etween any two network nodes. In this way , network administrators can ea sily retrieve and modify the information about any node on the network, locate an d diagnose network pr[...]
-
Seite 268
268 C HAPTER 30: SNMP-RMON C ONFIGURATION G UIDE # For SNMPv3, set the SNMPv3 group and user , set the security level to authentication with p rivacy , authentication protocol to HMAC-MD5 , authentication password to passmd5 , encryption protocol to DES , and encryption password to cfb128cfb128 . [3Com] snmp-agent group v3 managev 3group privacy wr[...]
-
Seite 269
RMON Configuration 269 RMON Configuration Remote Monitoring (RMON) is a kind of MI B defined by Inter net Engineering T as k Force (IETF). It is an important enhancem ent to MIB II standards. RMON is mainly used to monitor the data traffic acr oss a network segment or even the entire network, a nd is curr ent ly a commo nly used network management [...]
-
Seite 270
270 C HAPTER 30: SNMP-RMON C ONFIGURATION G UIDE [3Com] rmon prialarm 2 (.1.3.6.1.2 .1.16.1.1.1.9.1+.1.3.6.1.2.1.16. 1. 1.1.10.1) test 10 changeratio risi ng_threshold 50 1 falling_thresh ol d 5 2 entrytype forever owner user 1 Complete Configuration # rmon event 1 description null log owner n ull rmon event 2 description null trap 10.21. 30.55 own[...]
-
Seite 271
31 NTP C ONFIGURATION G UIDE NTP Client/Server Mode Configuration Defined in RFC 1305, the Network T ime Protocol (NTP) sync hronizes timekeeping among distributed time servers and client s. NTP runs over the User Datagram Protocol (UDP), using UDP port 123. The purpose of using NTP is to keep consistent timekeeping among all clock-depe ndent devic[...]
-
Seite 272
272 C HAPTER 31: NTP C ONFIGURATION G UIDE [DeviceB] display ntp-service sess ions Complete Configuration # ntp-service unicast-server 1.0.1.11 Precautions The local clock of a 3Com Switch 5500, 550 0G, or 4210 cannot be set as a refer ence clock. It can synchr onize other de vices as a r efer ence clock only when its clock is synchr on ized. NTP S[...]
-
Seite 273
NTP Broadcast Mode Configuration 273 # Set Device C as the symmetric-peer . <DeviceB> system-view [DeviceB] ntp-service unicast-peer 3.0. 1.33 # View NTP status and NTP session information of Device C after clock synchronization. [DeviceC] display ntp-service status [DeviceC] display ntp-service sessions Complete Configuration ■ Configurati[...]
-
Seite 274
274 C HAPTER 31: NTP C ONFIGURATION G UIDE Applicable Products Configuration Pr ocedur e ■ Configu re Device C. # Set Device C to work as the br oadc as t sever and send br oadcasts through its VLAN-interface 2. <DeviceC> system-view [DeviceC] interface Vlan-interface 2 [DeviceC-Vlan-interface2] ntp-serv ice broadcast-server ■ Configure D[...]
-
Seite 275
NTP Multicast Mode Configuration 275 Precautions The local clock of the Switch 5500, 5500G, or 4210 cannot be set as a r eference clock. It can synchronize ot her devices as a r efer ence clock only when its clock is synchronized. NTP Multicast Mode Configuration Network Diagram Figure 85 Network diagram for NTP multicast mode configuration Network[...]
-
Seite 276
276 C HAPTER 31: NTP C ONFIGURATION G UIDE <DeviceA> system-view [DeviceA] interface Vlan-interface 2 [DeviceA-Vlan-interface2] ntp-serv ice multicast-client ■ View the NTP status and NTP session information of Device D after clock synchr onizati on (Y ou can use the same command to view t he NTP status and NTP session information of Device[...]
-
Seite 277
NTP Client/Server Mode with Authentication Configuration 277 ■ Device B is a Switch 5500, which takes Device A as the time server and works in the client mode. Device A automa tically works in the server mode. ■ Configur e NTP auth entication between Device A and Device B. Applicable Products Configuration Procedur e ■ Configure Device B. # S[...]
-
Seite 278
278 C HAPTER 31: NTP C ONFIGURATION G UIDE ntp-service reliable authentication-keyid 42 ntp-service unicast-server 1.0.1.11 ■ Configuration on Device A. # ntp-service authentication enable ntp-service authentication-keyid 42 authe ntication-mode md5 X&9#$^U (!:[Q=^Q‘MAF4<1!! ntp-service reliable authentication-keyid 42 Precautions The lo[...]
-
Seite 279
32 SSH C ONFIGURATION G UIDE Configuring the Switch to Act as the SSH Server and Use Password Authentication Network Diagram Figure 87 Network diagram for configuring the switch to act as the SSH server and use password authentication Networking and Configuration Requiremen ts In scenarios where users log into a switch over an insecure network, SSH[...]
-
Seite 280
280 C HAPTER 32: SSH C ONFIGURATION G UIDE # Set the authentication mode for the user interfaces to AAA. [3Com] user-interface vty 0 4 [3Com-ui-vty0-4] authentication-mo de scheme # Enable the user inter faces to support SSH. [3Com-ui-vty0-4] protocol inbound ssh [3Com-ui-vty0-4] quit # Create local user client001 , and set the authen tication pass[...]
-
Seite 281
Configuring the Switch to Act as the SSH Server and Use Password Authentication 281 T ake SSH client software PuTTY v0.58 as an example: 1 Run PuTTY .exe to enter the following configuration interface. Figure 88 SSH client configuration interface In the Host Name (or IP address) text box, enter the IP address of the SSH server . 2 From the category[...]
-
Seite 282
282 C HAPTER 32: SSH C ONFIGURATION G UIDE Figure 89 SSH client configuration interface 2 Under Protocol options , select 2 fr om Pr eferred SSH pr otocol version . 3 As shown in Figure 89, click Open . If the connect ion is normal, you can enter the username client001 and password abc at pr ompt. Once auth entication succeeds, you will log onto th[...]
-
Seite 283
Configuring the Switch to Act as th e SSH Server and Use RSA Authentication 283 Configuring the Switch to Act as the SSH Server and Use RSA Authentication Network Diagram Figure 90 Network diagram for configuring the switch to act as the SSH server and use RSA authentication Networking and Configuration Requiremen ts In scenarios where users log in[...]
-
Seite 284
284 C HAPTER 32: SSH C ONFIGURATION G UIDE [3Com-ui-vty0-4] user privilege le vel 3 [3Com-ui-vty0-4] quit # Configure the authentication method of the SSH client n amed client001 as RSA. [3Com] ssh user client001 authenti cation-type rsa n Before performing the following steps, yo u mu st generate an RSA key pair by using the client software on the[...]
-
Seite 285
Configuring the Switch to Act as th e SSH Server and Use RSA Authentication 285 n During the generation process, you must move the mo use continuously and keep the mouse off the green process bar shown in Figure 92. Otherwise, the process bar stops moving and the key pair generation process is stopped. Figure 92 Client key pair generation interface[...]
-
Seite 286
286 C HAPTER 32: SSH C ONFIGURATION G UIDE Figure 93 Client key pair generation interface 3 Likewise, to save the private ke y , click Save private key . A warning window pops up to prompt you whether to save the private key without any protection. Click Ye s and enter the name of the file for saving the private key ( private.ppk in th is case). Fi[...]
-
Seite 287
Configuring the Switch to Act as th e SSH Server and Use RSA Authentication 287 T ake SSH client software PuTTY v0.58 as an example: 1 Run PuTTY .exe to enter the following configuration interface. Figure 95 SSH client configuration interface 1 In the Host Name (or IP address) text box, enter the IP address of the SSH server . 2 From the category o[...]
-
Seite 288
288 C HAPTER 32: SSH C ONFIGURATION G UIDE Figure 96 SSH client configuration interface 2 Under Protocol options , select 2 fr om Pr eferred SSH pr otocol version . 3 From the category , select Connection / SSH / Auth . The following window app ears.[...]
-
Seite 289
Configuring the Switch to Act as th e SSH Server and Use RSA Authentication 289 Figure 97 SSH client configuration interface 2 Click Br owse... to bring up the file selection wi ndow , navigate to the private key file and click OK . 4 In the window shown in Figure 97, click Open . If the connection is normal, you will be prompted to enter the usern[...]
-
Seite 290
290 C HAPTER 32: SSH C ONFIGURATION G UIDE Configuring the Switch to Act as the SSH Client and Use Password Authenticati on Network Diagram Figure 98 Network diagram for configuring the switch to act as the SSH client and use password authentication Networking and Configuration Requirements In scenarios where users log into a switch over an insecur[...]
-
Seite 291
Configuring the Switch to Act as the SS H Client and Use Password Authenticati on 291 [3Com-ui-vty0-4] protocol inbound ssh [3Com-ui-vty0-4] quit # Cre ate local user client001 , and set the authentication password to abc , protocol type to SSH, and command privilege level to 3 for the client. [3Com] local-user client001 [3Com-luser-client001] pass[...]
-
Seite 292
292 C HAPTER 32: SSH C ONFIGURATION G UIDE authentication-mode scheme protocol inbound ssh ■ Configure Switch A # interface Vlan-interface1 ip address 10.165.87.137 255.255.255.0 # Precautions None Configuring the Switch to Act as the SSH Client and Use RSA Authenticati on Network Diagram Figure 99 Network diagram for configuring the switch to ac[...]
-
Seite 293
Configuring the Switch to Act as the SSH Client and Use RSA Authentication 293 [3Com] rsa local-key-pair create # Set the authentication mode for the user interfaces to AAA. [3Com] user-interface vty 0 4 [3Com-ui-vty0-4] authentication-mode sc heme # Enable the user interfaces to support SSH. [3Com-ui-vty0-4] protocol inbound ssh # Set the client?[...]
-
Seite 294
294 C HAPTER 32: SSH C ONFIGURATION G UIDE # Display the host p ublic key . <3Com> display rsa local-key-pair public ================================== =================== Time of Key pair created: 05:15:04 2006/12/08 Key name: 3Com_Host Key type: RSA encryption Key ================================== =================== Key code: 3047 0240 C8[...]
-
Seite 295
Configuring the Switch to Act as the SSH Client and Not to Support First-Time Authentication 295 ip address 10.165.87.136 255.255.255.0 # ssh user client001 assign rsa-key Swit ch001 ssh user client001 authentication-type rsa ssh user client001 service-type stelne t # user-interface vty 0 4 authentication-mode scheme user privilege level 3 protocol[...]
-
Seite 296
296 C HAPTER 32: SSH C ONFIGURATION G UIDE # Create a VLAN interface on the switch and assign an IP address for it. The SSH client will use this address as the destination for SSH connection. <3Com> system-view [3Com] interface vlan-interface 1 [3Com-Vlan-interface1] ip address 10.165.87.136 255.255.255.0 [3Com-Vlan-interface1] quit # Generat[...]
-
Seite 297
Configuring the Switch to Act as the SSH Client and Not to Support First-Time Authentication 297 # Display the server host public key . [3Com] display rsa local-key-pair public ======================================= ============== Time of Key pair created: 09:04:41 2000/04/04 Key name: 3Com_Host Key type: RSA encryption Key =======================[...]
-
Seite 298
298 C HAPTER 32: SSH C ONFIGURATION G UIDE n After generating a key pair on a client, y ou need to manually configur e the host public key on the server and have the co nfiguration on the ser ver done before continuing configurat ion on the client. # Disable first-time authentication. [3Com] undo ssh client first-time n When the switch acting as th[...]
-
Seite 299
Configuring the Switch to Act as the SSH Client and Not to Support First-Time Authentication 299 D5E2C4F8 AED72834 74D3404A 0B14363D D709 CC63 68C8CE00 57C0EE6 B 074C0CA9 0203 010001 public-key-code end peer-public-key end # vlan 1 # interface Vlan-interface1 ip address 10.165.87.136 255.255.255.0 # ssh user client001 assign rsa-key Swit ch001 ssh [...]
-
Seite 300
300 C HAPTER 32: SSH C ONFIGURATION G UIDE Configuring SF TP Network Diagram Figure 101 Network diagram for configuring SF TP Networking and Configuration Requirements As shown in Figure 101, establish an SS H connection between the SF TP client (Switch A) and the SF TP server (Switch B) . Log in to Switch B with the user name client001 and passwor[...]
-
Seite 301
Configuring SFTP 301 [3Com] ssh user client001 authenticatio n-type password # Specify the service type as SF TP . [3Com] ssh user client001 service-type sftp # Enable the SF TP server . [3Com] sftp server enable ■ Configure the SF TP client (Switch A) # Create a VLAN interface on the switch and assign an IP address for it. This address must be i[...]
-
Seite 302
302 C HAPTER 32: SSH C ONFIGURATION G UIDE drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new -rwxrwxrwx 1 noone nogroup 225 Sep 01 06:55 pub # Add a directory named new1 , and then check that the new directory has been successfully created. sftp-client> mkdir new1 New directory created sftp-client> dir -rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52[...]
-
Seite 303
Configuring SFTP 303 Complete Configuration ■ Configure Switch B # local-user client001 password simple abc service-type ssh # interface Vlan-interface1 ip address 192.168.0.1 255.255.255.0 # sftp server enable ssh user client001 authentication-type password ssh user client001 service-type sftp # user-interface vty 0 4 authentication-mode scheme [...]
-
Seite 304
304 C HAPTER 32: SSH C ONFIGURATION G UIDE[...]
-
Seite 305
33 F TP AND TF TP C ONFIGURATION G UIDE Configuring a Switch as F TP Server The Ethernet switch can act as an F TP serv er to provide file transfer services. Y ou can run F TP client software on a PC to log into the F TP server to access the files on the server . Note that you need to configure the IP address of the F TP server correctly for the se[...]
-
Seite 306
306 C HAPTER 33: FTP AND TFTP C ONFIGURATI ON G UIDE # Assign IP address 1.1.1.1/16 to VLAN-int erface 1. (Y ou can log in to the switch through the Console port. For detailed info rmatio n, r efer to “Logging in through the Console Port” in the Configuration Guide for your product.) <3Com> <3Com> system-view [3Com] interface Vlan-i[...]
-
Seite 307
Configuring a Swit ch as FTP Client 307 Complete Configuration Configure the switch # local-user switch password simple hello service-type ftp # vlan 1 # interface Vlan-interface1 ip address 1.1.1.1 255.255.0.0 # FTP server enable Precautions ■ If the fr ee Flash memory of the switch is not enough for t he application file to be uploaded, remove [...]
-
Seite 308
308 C HAPTER 33: FTP AND TFTP C ONFIGURATI ON G UIDE Applicable Products Configuration Pr ocedur e ■ Perform F TP service-r elated configuratio ns on the PC, that is, create a user account on th e F TP server with the user name switch and password hello . For detailed configuration, refer to the configuration instruction of the F TP server softwa[...]
-
Seite 309
Configuring a Switch as TFTP Client 309 <3Com> boot boot-loader switch.bin <3Com> reboot Complete Configuration # vlan 1 # interface Vlan-interface1 ip address 1.1.1.1 255.255.0.0 Precautions ■ If the fr ee Flash memory of the switch is not enough for downloading the application file from the F T P server , remove those unused ap plic[...]
-
Seite 310
310 C HAPTER 33: FTP AND TFTP C ONFIGURATI ON G UIDE ■ Configure the TF TP client (the switch): # Assign IP address 1.1.1.1/16 to VLAN-int erface 1. (Y ou can log in to the switch through the Console port. For detailed info rmatio n, see “Logging in through the Console Port” in the Configuration Guide fo r your product.) <3Com> <3Com[...]
-
Seite 311
34 I NFORMATION C ENTER C ONFIGURATION G UIDE Outputting Log Information to a Unix Log Host Network Diagram Figure 105 Network diagram for outpu tting log information to a Unix log host Networking and Configuration Requiremen ts Send log information with severity higher than informational to a Unix log host with an IP address of 202.38.1.10 . The i[...]
-
Seite 312
312 C HAPTER 34: I NFORMATION C ENTER C ONFIGURATION G UIDE [3Com] info-center source ip chann el loghost log level information al debug state off trap state off ■ Configuration on the log host. The following configurations were perfo rmed on SunO S 4.0 which has similar configurations with the Unix operating systems imp lemented by other vendors[...]
-
Seite 313
Outputting Log Information to a Linux Log Host 313 Outputting Log Information to a Linux Log Host Network Diagram Figure 106 Network diagram for outpu tting log information to a Linux log host Networking and Configuration Requiremen ts Send log information to a Linux log host with an IP address of 202.38.1.10; Log information with severity higher t[...]
-
Seite 314
314 C HAPTER 34: I NFORMATION C ENTER C ONFIGURATION G UIDE # ps -ae | grep syslogd 147 # kill -9 147 # syslogd -r & Complete Configuration ■ Configurat ion on the switch. # info-center source default channel 2 log level error trap state off info-center loghost 202.38.1.10 ■ Configuration on the log host. # # mkdir /var/log/3Com # touch /va[...]
-
Seite 315
Outputting Log and Trap Information to a Log Host Through the Same Channel 315 Applicable Products Configuration Procedur e ■ Configuratio n on the switch. # Enable the information center . <3Com> system-view [3Com] info-center enable # The system outputs information of al l modules through channel6 by default. Therefor e, you need to disab[...]
-
Seite 316
316 C HAPTER 34: I NFORMATION C ENTER C ONFIGURATION G UIDE # Open the TF TPD32 application program on the W indows operating system as shown in the following figure: 1 Current Dir ectory indicates the dir ectory of the log file syslog.t xt . Y ou can click the Browse button to set it. In this example, the dir ectory is D:T oolsTF TP . 2 Server int[...]
-
Seite 317
Outputting Log Informa tion to the Console 317 Precautions On the Windows operating system, software settings vary with log host software. Outputting Log Information to the Console Network Diagram Figure 108 Network diagram for outpu tting log information to the console Networking and Configuration Requiremen ts Log information with a severity high[...]
-
Seite 318
318 C HAPTER 34: I NFORMATION C ENTER C ONFIGURATION G UIDE info-center source IP channel 0 trap stat e off undo info-center source default channel 0 Precautions None Displaying the Time Stamp with the UTC Time Zone Network Diagram Figure 109 Network diagram for displaying the time stamp with the UTC time zone Networking and Configuration Requireme[...]
-
Seite 319
Use of the Facility Argument in Log Information Output 319 Use of the Facility Argument in Log Information Output Network Diagram Figure 110 Network diagram for use of the facility argument in log information output Networking and Configuration Requiremen ts Multiple switches in a LAN send log in format ion to the same log host. Y ou can know the r[...]
-
Seite 320
320 C HAPTER 34: I NFORMATION C ENTER C ONFIGURATION G UIDE [SwitchA]info-center enable [SwitchA]info-center source default channel loghost log level debugging [SwitchA]info-center loghost 192.168.0.208 facility local0 channel loghost ■ Perform the same configurations on Swit ch B, Switch C, Switch D and Switch E, and specify the facility argumen[...]
-
Seite 321
35 VLAN-VPN C ONFIGURATION G UIDE Configuring VLAN-VPN W ith VLAN-VPN en abled, a device tags a priv ate net work pack et with an oute r VLAN tag, thus enabling the packet to be transmitted through the service providers’ backbone network with both i nner and outer VLAN ta gs. After reaching the peer private network, the packet’ s outer VLAN tag[...]
-
Seite 322
322 C HAPTER 35: VLAN-VPN C ONFIGUR ATION G UID E n Only the Switch 5 500 supports the configuration of TPID. The Switch 5500G and the Switch 4210 do not support that configur ation. ■ Configure VLAN-VPN on Switch A and Switch B to enab le the PC users and the terminal users to communicate with their respective servers. Applicable Products Config[...]
-
Seite 323
Configuring VLAN-VPN 323 # Set the TPID valu e of Ethernet 1/0/12 to 0x 9200. [SwitchA-Ethernet1/0/12] vlan-vpn tpid 9200 ■ Configure Switch B # Enable VLAN-VPN on Ether net 1/0/21 of Switch B, using the tag of VLAN 1040 as the outer VLAN tag for packets received on this port. <SwitchB> system-view [SwitchB] vlan 1040 [SwitchB-vlan1040] por[...]
-
Seite 324
324 C HAPTER 35: VLAN-VPN C ONFIGUR ATION G UID E ■ Configure Switch B # vlan 1040 # interface Ethernet1/0/21 port access vlan 1040 undo ntdp enable stp disable vlan-vpn enable vlan-vpn tpid 9200 # interface Ethernet1/0/22 port link-type trunk port trunk permit vlan 1 1040 vlan-vpn tpid 9200 Precautions ■ Do not configure VLAN 1040 as the defau[...]
-
Seite 325
Configuring BPDU Tunnel 325 ■ Configure the service provider network to transmit NDP packets of the customer network through a BPDU tunnel. ■ Enable VLAN-VPN for the service provider network, and enable the service provider network to use VLAN 100 to transmit data packets of the customer network . Applicable Products Configuration Procedur e ?[...]
-
Seite 326
326 C HAPTER 35: VLAN-VPN C ONFIGUR ATION G UID E [3Com] interface Ethernet 1/0/3 [3Com-Ethernet1/0/3] port link-typ e trunk [3Com-Ethernet1/0/3] port trunk pe rmit vlan 100 Complete Configuration ■ Configure Provider 1 # interface Ethernet1/0/1 undo ndp enable port access vlan 100 vlan-vpn enable bpdu-tunnel ndp # interface Ethernet1/0/2 port li[...]
-
Seite 327
36 R EMOTE - PING C ONFIGURATION G UIDE Remote-ping Configuration Remote-ping is a network diagnostic tool. It is used to test the performance of various protocols running in networks. Re mote-ping provides more functions than the ping command. The ping command can only use the Internet Co ntrol Message Protocol (ICMP) to test the round trip time ([...]
-
Seite 328
328 C HAPTER 36: R EMOTE - PING C ONFIGURATION G UIDE Configuration procedur e # Enable the Remote-ping client. <3Com> system-view System View: return to User View w ith Ctrl+Z. [3Com] remote-ping-agent enable # Create a Remote-ping test gr oup, configuring the administrator name as administrator and test operation tag as ICMP . [3Com] remote[...]
-
Seite 329
37 DNS C ONFIGURATION G UIDE Static Domain Name Resolution Configuration Guide Static domain name resolution is ba sed on manually configured domain name-to-IP address mappings. If you teln et a r emote device using its name, the local device will look up th e corr esponding IP address in the static domain name reso lution table . Network Diagram F[...]
-
Seite 330
330 C HAPTER 37: DNS C ONFIGURATION G UIDE 0.00% packet loss round-trip min/avg/max = 2/3/5 ms Complete Configuration # ip host host.com 10.1.1.2 Dynamic Domain Name Resolution Configuration Guide Domain Name System (DNS) is a distribute d database used by TCP/IP applications to translate domain names into correspond ing IP addresses. With DNS, you[...]
-
Seite 331
Dynamic Domain Name Resolution Configuration Guide 331 PING host.com (3.1.1.1): 56 data bytes, press CTRL_C to break Reply from 3.1.1.1: bytes=56 Sequen ce=1 ttl=125 time=4 ms Reply from 3.1.1.1: bytes=56 Sequen ce=2 ttl=125 time=4 ms Reply from 3.1.1.1: bytes=56 Sequen ce=3 ttl=125 time=4 ms Reply from 3.1.1.1: bytes=56 Sequen ce=4 ttl=125 time=4 [...]
-
Seite 332
332 C HAPTER 37: DNS C ONFIGURATION G UIDE[...]
-
Seite 333
38 A CCESS M ANAGEMENT C ONFIGURATION G UIDE Configuring Access Management The access management f unction is de signed to co ntrol user accesses on access switches. It allows you to control the access of hosts to external networks. The idea is to bind a range of IP addresses to a port by configuring an access management IP address pool on the port[...]
-
Seite 334
334 C HAPTER 38: A CCESS M ANAGEMENT C ONFIGURATION G UIDE ■ Permit all the PCs of organization 1 to access the Inter net through Ethernet 1/0/1 on Switch A. Ethernet 1/0/ 1 carrie s VLAN 1. The IP a ddr ess assigned to the interface of VLAN 1 is 202.10.20.200/24. ■ PCs that do not belong to organization 1, such as P C 2 and PC 3, are not allow[...]
-
Seite 335
Configuring Access Management with Port Isolation 335 Configuring Access Management with Port Isolation Network Diagram Figure 117 Network diagram for access management and port isolation configuration Networking and Configuration Requiremen ts Client PCs are connected to the Internet through Switch A. The IP address range for organization 1 is 202[...]
-
Seite 336
336 C HAPTER 38: A CCESS M ANAGEMENT C ONFIGURATION G UIDE # Configure the IP address of VL AN-interface 1 as 202.10.20.200/24. [SwitchA] interface Vlan-interface 1 [SwitchA-Vlan-interface1] ip address 202.10.20.200 24 [SwitchA-Vlan-interface1] quit # Configur e an acce ss manageme nt IP addr ess pool for Ethe rnet 1/0/1. [SwitchA] interface Ethern[...]