Planet XGS3-24042 User Manual

1 User's Manual XGS3-24042 XGS3-24242 24-Port Gigabit with 4 Optional 10G slots Layer 3 Managed Stackable Switch

8 32.4 DHCPV6 OPTION37, 38 TROUBLESHOOTING ... 32-15 CHAPTER 33 DHCP SN

10-3 Global configuration mode uldp aggressive-mode no uldp aggressive-mode Set the global working mode. 4. Configure aggressive mode on a port

10-4 Command Explanation Admin mode show uldp [interface ethernet IFNAME] Display ULDP information. No parameter means to display global ULDP inform

10-5 connected and works normally, but the data link layer is abnormal. ULDP can discover and disable this kind of error state of link. The final res

10-6 the port is considered as “Down”.  In order to make sure that neighbors can be correctly created and unidirectional links can be correctly dis

11-1 Chapter 11 LLDP Function Operation Configuration 11.1 Introduction to LLDP Function Link Layer Discovery Protocol (LLDP) is a new protocol defin

11-2 11.2 LLDP Function Configuration Task Sequence 1. Globally enable LLDP function 2. Configure the port-based LLDP function switch 3. Configure

11-3 Command Explanation Global Mode lldp msgTxHold <value> no lldp msgTxHold Configure the aging time multiplier of LLDP messages as the

11-4 lldp neighbors max-num < value > no lldp neighbors max-num Configure the size of space to store Remote Table of the port as the sp

11-5 11.3 LLDP Function Typical Example Figure 11-1 LLDP Function Typical Configuration Example In the network topology graph above, the port 1,3 o

12-1 Chapter 12 Port Channel Configuration 12.1 Introduction to Port Channel To understand Port Channel, Port Group should be introduced first. Port

9 37.3.1 Typical RIPng Examples ... 37-7 37.3.2 RIPn

12-2 should also be the same. If Port Channel is configured manually or dynamically on switch, the system will automatically set the port with the

12-3 1. The summary of the dynamic LACP aggregation Dynamic LACP aggregation is an aggregation created/deleted by the system automatically, it does n

12-4 2. Add physical ports to the port group Command Explanation Port Mode port-group <port-group-number> mode {active | passive | on} no por

12-5 12.4 Port Channel Examples Scenario 1: Configuring Port Channel in LACP. Figure 12-2 Configuring Port Channel in LACP The switches

12-6 Scenario 2: Configuring Port Channel in ON mode. Figure 12-3 Configuring Port Channel in ON mode As shown in the figure, ports 1, 2

12-7 Configuration result: Add ports 1, 2, 3, 4 of S1 to port-group1 in order, and we can see a group in “on” mode is completely joined forcedly, swi

13-1 Chapter 13 Jumbo Configuration 13.1 Introduction to Jumbo So far the Jumbo (Jumbo Frame) has not reach a determined standard in the industry (in

14-2 Chapter 14 EFM OAM Configuration 14.1 Introduction to EFM OAM Ethernet is designed for Local Area Network at the beginning, but link length and

14-3 need to wait until it receives the connection request. After an Ethernet OAM connection is established, the Ethernet OAM entities on both sides

14-4 4. Remote loopback testing Remote loopback testing is available only after an Ethernet OAM connection is established. With remote loopback ena

10 42.3 IPV6 BLACK HOLE ROUTING CONFIGURATION TASK ... 42-1 42.4 BLACK HOLE ROUT

14-5 ethernet-oam mode {active | passive} Configure work mode of EFM OAM, default is active mode. ethernet-oam no ethernet-oam Enable EFM OAM of po

14-6 no ethernet-oam remote-failure (failure means critical-event or link-fault event of the local), no command disables the function. (optional)

14-7 CEPE802.1ah OAMPDUEthernet 1/0/1Ethernet 1/0/1 Figure 14-3 Typical OAM application topology Configuration procedure: (Omitting SNMP and Log con

14-8 exclusive.  When enabling OAM, the negotiation of the port will be disabled automatically. So the negotiation in the peer of the link must be

15-1 Chapter 15 VLAN Configuration 15.1 VLAN Configuration 15.1.1 Introduction to VLAN VLAN (Virtual Local Area Network) is a technology that divides

15-2 XGS3 Switch Ethernet Ports can works in three kinds of modes: Access, Hybrid and Trunk, each mode has a different processing method in forwardin

15-3 3. Assigning Switch ports for VLAN Command Explanation VLAN Mode switchport interface <interface-list> no switchport interface <int

15-4 8. Disable/Enable VLAN Ingress Rules Command Explanation Port Mode vlan ingress enable no vlan ingress enable Enable/Disable VLAN ingress rul

15-5 Figure 15-2 Typical VLAN Application Topology The existing LAN is required to be partitioned to 3 VLANs due to security and application requir

15-6 Switch(Config-Vlan200)#switchport interface ethernet 1/0/8-10 Switch(Config-Vlan200)#exit Switch(config)#interface ethernet 1/0/11 Switch(Config

11 48.1 IPV4 MULTICAST PROTOCOL OVERVIEW ... 48-1 48.1.1 Intro

15-7 PC1 connects to the interface Ethernet 1/0/7 of SwitchB, PC2 connects to the interface Ethernet 1/0/9 of SwitchB, Ethernet 1/0/10 of SwitchA con

15-8 15.2 GVRP Configuration 15.2.1 Introduction to GVRP GVRP, i.e. GARP VLAN Registration Protocol, is an application of GARP (Generic Attribute

15-9 Command Explanation Global Mode garp timer join <200-500> garp timer leave <500-1200> garp timer leaveall <5000-60000> no gar

15-10 Figure 15-5 Typical GVRP Application Topology To enable dynamic VLAN information register and update among switches, GVRP protocol is to be co

15-11 Switch(config)#interface ethernet 1/0/11 Switch(Config-If-Ethernet1/0/11)#switchport mode trunk Switch(Config-If-Ethernet1/0/11)# gvrp Switch(C

15-12 transmitted in VLAN3 when traveling in the ISP internet network while carrying two VLAN tags (the inner tag is added when entering PE1, and the

15-13 network. Configuration Item Configuration Explanation VLAN3 Port1 of PE1 and PE2. dot1q-tunnel Port1 of PE1 and PE2. tpid 9100 Configuration

15-14 15.4 VLAN-translation Configuration 15.4.1 Introduction to VLAN-translation VLAN translation, as one can tell from the name, which translates t

15-15 Command Explanation Admin mode show vlan-translation Show the related configuration of vlan-translation. 15.4.3 Typical application of VLAN-t

15-16 15.4.4 VLAN-translation Troubleshooting Normally the VLAN-translation is applied on trunk ports. Priority of vlan translation and vlan ingress

12 48.9 IGMP ...

15-17 1. Configure the MAC-based VLAN function on the port Command Explanation Port Mode switchport mac-vlan enable no switchport mac-vlan enable E

15-18 protocol-vlan mode {ethernetii etype <etype-id>|llc {dsap <dsap-id> ssap <ssap-id>}|snap etype <etype-id>} vlan <vla

15-19 For example, M at E1/0/1 of SwitchA, then the configuration procedures are as follows: Switch A, Switch B, Switch C: SwitchA (Config)#mac-vlan

15-20 15.6 Voice VLAN Configuration 15.6.1 Introduction to Voice VLAN Voice VLAN is specially configured for the user voice data traffic. By setting

15-21 <voice-name>] no voice-vlan {mac <mac-address> mask <mac-mask>|name <voice-name> |all} 3. Enable the Voice VLAN of the

15-22 Switch(Config-If-Ethernet1/0/10)#exit Switch(Config)#interface ethernet 1/0/1 Switch(Config-If-Ethernet1/0/1)#switchport mode hybrid Switch(Con

16-1 Chapter 16 MAC Table Configuration 16.1 Introduction to MAC Table MAC table is a table identifies the mapping relationship between destination M

16-2 The topology of the figure above: 4 PCs connected to switch, where PC1 and PC2 belongs to a same physical segment (same collision domain), the p

16-3 Three types of frames can be forwarded by the switch:  Broadcast frame  Multicast frame  Unicast frame The following describes how the s

16-4 <interface-name>] | [source|destination|both] no mac-address-table {static | blackhole | dynamic} [address <mac-addr>] [vlan <vla

13 49.6.2 MLD Configuration Task List ... 49-25 49.6.3 MLD T

16-5 1. Set the MAC address 00-01-11-11-11-11 of PC1 as a filter address. Switch(config)#mac-address-table static 00-01-11-11-11-11 discard vlan 1

16-6 4. mac-notification trap configuration 1. Enable MAC address binding function for the ports Command Explanation Port Mode switchport port-se

16-7 switchport port-security violation {protect | shutdown} no switchport port-security violation Set the violation mode for the port; the “no switc

17-1 Chapter 17 MSTP Configuration 17.1 Introduction to MSTP The MSTP (Multiple STP) is a new spanning-tree protocol which is based on the STP and th

17-2 Figure 17-1 Example of CIST and MST Region In the above network, if the bridges are running the STP or the RSTP, one port between Bridge M and

17-3 17.1.2 Port Roles The MSTP bridge assigns a port role to each port which runs MSTP.  CIST port roles: Root Port, Designated Port, Alternate Po

17-4 2. Configure instance parameters Command Explanation Global Mode spanning-tree mst <instance-id> priority <bridge-priority> no spa

17-5 name <name> no name Set MSTP region name. revision-level <level> no revision-level Set MSTP region revision level. abort Quit MSTP r

17-6 Port Mode spanning-tree format standard spanning-tree format privacy spanning-tree format auto no spanning-tree format Configure the format of

17-7 topology changes. Port Mode spanning-tree tcflush {enable| disable| protect} no spanning-tree tcflush Configure the port flush mode. The no com

14 53.2 THE NUMBER LIMITATION FUNCTION OF PORT, MAC IN VLAN AND IP CONFIGURATION TASK SEQUENCE ...

17-8 Port 4 200000 200000 Port 5 200000 200000 Port 6 200000 200000 Port 7 200000 200000 By default, the MSTP establishes a tree topology (i

17-9 Switch3(Config-Vlan30)#exit Switch3(config)#vlan 40 Switch3(Config-Vlan40)#exit Switch3(config)#vlan 50 Switch3(Config-Vlan50)#exit Switch3(conf

17-10 forwarding. Because the instance 3 and the instance 4 are only valid in the MSTP region, the following figure only shows the topology of the MS

17-11 Figure 17-5 The Topology Of the Instance 4 after the MSTP Calculation 17.4 MSTP Troubleshooting  In order to run the MSTP on the switch po

18-1 Chapter 18 QoS Configuration 18.1 Introduction to QoS QoS (Quality of Service) is a set of capabilities that allow you to create differentiated

18-2 Drop Precedence: When processing the packets, firstly drop the packets with the bigger drop precedence, the ranging is 0-1. It’s shortening is D

18-3 Figure 18-3 Basic QoS Model Classification: Classify traffic according to packet classification information and generate internal DSCP value

18-4 StartDSCP-to-Int-Prio conversion according to DSCP value of the packetCOS -to-Int-Prio conversion according to L2 COS value of the packetYTrust

18-5 Policing and remark: Each packet in classified ingress traffic is assigned an internal priority value, and can be policed and remarked. Polici

18-6 Note 1: Int-Prio will be covered with the after setting, Set Int-Prio of the specific color action will cover Set Int-Prio of the unrelated acti

15 CHAPTER 59 VLAN-ACL CONFIGURATION ...59-1 59.1 INTRODUCTION TO VLAN-ACL ...

18-7 18.2 QoS Configuration Task List 1. Configure class map Set up a classification rule according to ACL, CoS, VLAN ID, IPv4 Precedent, DSCP, IPV6

18-8 Global Mode policy-map <policy-map-name> no policy-map <policy-map-name> Create a policy map and enter policy map mode; the no comm

18-9 drop no drop transmit no transmit Drop or transmit the traffic that match the class, the no command cancels the assigned action. 3. Apply QoS

18-10 mls qos map (cos-dp <dp1…dp8> | dscp-dscp <in-dscp list> to <out-dscp> | dscp-intp <in-dscp list> to <intp> | dsc

18-11 Switch(Config-If-Ethernet 1/0/1)#mls qos trust cos Switch(Config-If-Ethernet1/0/1)#mls qos cos 5 Configuration result: When QoS enabled in Glo

18-12 Figure 18-7 Typical QoS topology As shown in the figure, inside the block is a QoS domain, Switch1 classifies different traffics and assigns

18-13 18.4 QoS Troubleshooting  trust cos and EXP can be used with other trust or Policy Map.  trust dscp can be used with other trust or Policy

19-14 Chapter 19 Flow-based Redirection 19.1 Introduction to Flow-based Redirection Flow-based redirection function enables the switch to transmit th

19-15 19.3 Flow-based Redirection Examples Example: User’s request of configuration is listed as follows: redirecting the frames whose source IP is 1

20-16 Chapter 20 Egress QoS Configuration 20.1 Introduction to Egress QoS In traditional IP networks, all packets are treated in the same way. All ne

16 65.1 INTRODUCTION TO VRRPV3 ... 65-1 65.1

20-17 20.1.2 Basic Egress QoS Model Classification schedulingRemarkPolicingGenerate internal priorityIngressEgresscolorSort packet traffic according

20-18 Description of action that modify QoS attribute according to egress remark table: cos-cos：for cos value of packets, modify cos value of packets

20-19 access-group} 2. Configure a policy-map Command Explanation Global Mode policy-map <policy-map-name> no policy-map <policy-map-name

20-20 class map mode, add statistic function to the flow of the policy class map. In single bucket mode, packets can only red or green when passing p

20-21 Admin Mode clear mls qos statistics [interface <interface-name> | vlan <vlan-id>] Clear accounting data of the specified ports or

20-22 switch(config)#class-map 1 switch(config-classmap-1)#match ipv6 dscp 7 switch(config-classmap-1)#exit Create a policy map: switch(config)#poli

20-23 switch(config-if-port-range)#mls qos trust dscp Bind policy to egress of port1 switch(config-if-ethernet1/0/1)#service-policy output p1 20.4

21-24 Chapter 21 Flexible QinQ Configuration 21.1 Introduction to Flexible QinQ 21.1.1 QinQ Technique Dot1q-tunnel is also called QinQ (802.1Q-in-802

21-25 Command Explanation Global mode class-map <class-map-name> no class-map <class-map-name> Create a class-map and enter class-map mo

21-26 vlan<vid> no service-policy input<policy-map-name> vlan <vid> command deletes the specified policy-map applied to the VLAN.

17 70.3 TYPICAL EXAMPLES OF RSPAN ... 70-4 70.4 RS

21-27 Switch(config-classmap-c1)#match vlan 1001 Switch(config-classmap-c1)#exit Switch(config)#class-map c2 Switch(config-classmap-c2)#match vlan 20

21-28 21.4 Flexible QinQ Troubleshooting If flexible QinQ policy can not be bound to the port, please check whether the problem is caused by the foll

22-29 Chapter 22 Layer 3 Forward Configuration Switch supports Layer 3 forwarding which forwards Layer 3 protocol packets (IP packets) across VLANs.

22-30 1. Create Layer 3 Interface Command Explanation Global Mode interface vlan <vlan-id> no interface vlan <vlan-id> Creates a VLAN

22-31 Global Mode ip vrf <vrf-name> no ip vrf <vrf-name> Create VRF instance; VRF instance is not created by default. VRF Mode rd &

22-32 every connection status which increases network delay greatly and decreases network performance. Moreover, the translation of network data pack

22-33 22.2.2 IP Configuration Layer 3 interface can be configured as IPv4 interface, IPv6 interface. 22.2.2.1 IPv4 Address Configuration IPv4 addre

22-34 via DHCPv6 (15) Set the flag representing whether the address information will be obtained via DHCPv6 3. IPv6 Tunnel configuration (1) Create/

22-35 makes duplicate address detection. The no command resumes default value (1). (2) Configure Send Neighbor solicitation Message Interval Com

22-36 Interface Configuration Mode ipv6 nd prefix <ipv6-address/prefix-length> <valid-lifetime> <preferred-lifetime> [off-link] [n

2 Trademarks Copyright © PLANET Technology Corp. 2012. Contents subject to which revision without prior notice. PLANET is a registered trademark of PL

18 76.7 SYSTEM LOG ...

22-37 Interface Configuration Mode ipv6 nd retrans-timer <seconds> Set the retrans-timer of sending router advertisement. (14) Set the flag r

22-38 Tunnel Configuration Mode tunnel destination {<ipv4-address> | <ipv6-address>} no tunnel destination Configure tunnel destinatio

22-39 address 192.168.2.1 255.255.255.0 in VLAN2. 3． Configure two VLANs on Switch2, respectively VLAN2 and VLAN3. 4． Configure IPv4 address 192.168

22-40 Configuration Description: 1． Configure two VLANs on Switch1, namely, VLAN1 and VLAN2. 2． Configure IPv6 address 2001::1/64 in VLAN1 of Switch1

22-41 no login ! end Switch2#show run interface Vlan2 ipv6 address 2002::2/64 ! interface Vlan3 ipv6 address 2003::1/64 ! interface Loopback m

22-42 3. Configure two VLANs on SwitchB, namely, VLAN3 and VLAN4, VLAN4 is IPv6 domain, and VLAN3 connects to IPv4 domain. 4. Configure IPv6 addres

22-43 22.3 IP Forwarding 22.3.1 Introduction to IP Forwarding Gateway devices can forward IP packets from one subnet to another; such forwarding uses

22-44 Figure 22-4 URPF application situation In the above figure, Router A sends requests to the server Router B by faking messages whose source a

22-45 In the network, topology shown in the graph above, IP URPF function is enabled on SW3. When there is someone in the network pretend

22-46 3. Clear dynamic ARP 4. Clear the statistic information of ARP messages 1. Configure static ARP Command Explanation VLAN Interface Mode ar

19 81.3.1 Create BGP MPLS VPN between PE-CE via EBGP ... 81-41 81.3.2 Create BGP MPLS VPN between

22-47 22.5.3 ARP Troubleshooting If ping from the switch to directly connected network devices fails, the following can be used to check the possible

23-48 Chapter 23 ARP Scanning Prevention Function Configuration 23.1 Introduction to ARP Scanning Prevention Function ARP scanning is a common method

23-49 anti-arpscan enable no anti-arpscan enable Enable or disable the ARP Scanning Prevention function globally. 2. Configure the threshold of the

23-50 anti-arpscan log enable no anti-arpscan log enable Enable or disable the log function of ARP scanning prevention. anti-arpscan trap enable

23-51 SWITCHB configuration task sequence: Switch B(config)# anti-arpscan enable SwitchB(config)#interface ethernet1/0/1 SwitchB (Config-If-Ethernet

24-52 Chapter 24 Prevent ARP, ND Spoofing Configuration 24.1 Overview 24.1.1 ARP (Address Resolution Protocol) Generally speaking, ARP (RFC-826) prot

24-53 What the essential method on preventing attack and spoofing switches based on ARP in networks is to disable switch automatic update function; t

24-54 24.3 Prevent ARP, ND Spoofing Example Equipment Explanation Equipment Configuration Quality switch IP:192.168.2.4; IP:192.168.1.4; mac:

24-55 If the environment changing, it enable to forbid ARP refresh, once it learns ARP property, it wont be refreshed by new ARP reply packet, and pr

25-56 Chapter 25 ARP GUARD Configuration 25.1 Introduction to ARP GUARD There is serious security vulnerability in the design of ARP protocol, which

1-1 Chapter 1 INTRODUTION The PLANET XGS3-24042 / XGS3-24242 is 24-Port Gigabit with 4 Optional 10G slots Layer 3 Managed Stackable Switch. It boast

25-57 Command Explanation Port configuration mode arp-guard ip <addr> no arp-guard ip <addr> Configure/delete ARP GUARD address

26-58 Chapter 26 ARP Local Proxy Configuration 26.1 Introduction to ARP Local Proxy function In a real application environment, the switches in the a

26-59 26.2 ARP Local Proxy Function Configuration Task List 1．Enable/disable ARP local proxy function Command Explanation Interface vlan mode ip lo

26-60 26.4 ARP Local Proxy Function Troubleshooting ARP local proxy function is disabled by default. Users can view the current configuration with d

27-61 Chapter 27 Gratuitous ARP Configuration 27.1 Introduction to Gratuitous ARP Gratuitous ARP is a kind of ARP request that is sent by the host wi

27-62 27.3 Gratuitous ARP Configuration Example Figure 27-1 Gratuitous ARP Configuration Example For the network topology shown in the figure above

28-63 Chapter 28 Keepalive Gateway Configuration 28.1 Introduction to Keepalive Gateway Ethernet port is used to process backup or load balance, for

28-64 show keepalive gateway [interface-name] Show keepalive running status of the specified interface, if there is no interface is specified, show k

28-65 Send ARP detection once 3 seconds to detect whether gateway A is reachable, after 3 times detection is failing, gateway A is considered to be u

29-66 Chapter 29 DHCP Configuration 29.1 Introduction to DHCP DHCP [RFC2131] is the acronym for Dynamic Host Configuration Protocol. It is a protocol

1-2 Support 10Gb Ethernet 10Gb Ethernet which adopts full-duplex technology instead of low-speed, half-duplex CSMA/CD protocol, is a big leap in the

29-67 allocation and manual IP address binding are: 1) IP address obtained dynamically can be different every time; manually bound IP address will be

29-68 dns-server [<address1>[<address2>[…<address8>]]] no dns-server Configure DNS server for DHCP clients. The no command deletes

29-69 host <address> [<mask> | <prefix-length> ] no host Specify/delete the IP address to be assigned to the specified client when

29-70 4. On receiving DHCPREQUEST, the DHCP server responds with a DHCPACK packet via DHCP relay to the DHCP client. DHCP Relay Configuration Task

29-71 Switch(config)#service dhcp Switch(config)#interface vlan 1 Switch(Config-Vlan-1)#ip address 10.16.1.2 255.255.0.0 Switch(Config-Vlan-1)#exit

29-72 Figure 29-3 DHCP Relay Configuration As shown in the above figure, route switch is configured as a DHCP relay. The DHCP server address is 10.

29-73 servers are not in the same physical network, verify the router responsible for DHCP packet forwarding has DHCP relay function. If DHCP relay i

30-1 Chapter 30 DHCPv6 Configuration 30.1 Introduction to DHCPv6 DHCPv6 [RFC3315] is the IPv6 version for Dynamic Host Configuration Protocol (DHCP).

30-2 4. The selected DHCPv6 server then confirms the client about the IPv6 address and any other configuration with the REPLY message. The above f

30-3 （2）To configure parameter of DHCPv6 address pool Command Explanation DHCPv6 address pool Configuration Mode network-address <ipv6-pool-star

1-3 1.3 Product Features  Physical Port XGS3-24042  24-Port 10/100/1000Base-T RJ-45 copper  4 100/1000Base-X mini-GBIC/SFP slots, shared wi

30-4 Command Explanation Interface Configuration Mode ipv6 dhcp relay destination {[<ipv6-address>] [interface { <interface-name> | vlan

30-5 ipv6 dhcp pool <poolname> no ipv6 dhcp pool <poolname> To configure DHCPv6 address pool. （2）To configure prefix delegation pool use

30-6 30.5 DHCPv6 Prefix Delegation Client Configuration DHCPv6 prefix delegation client configuration task list as below: 1. To enable/disable DHCPv

30-7 Usage guide: Switch3 configuration： Switch3>enable Switch3#config Switch3(config)#service dhcpv6 Switch3(config)#ipv6 dhcp pool EastDormPo

30-8 Switch2(config)#interface vlan 1 Switch2(Config-if-Vlan1)#ipv6 address 2001:da8:1:1::2/64 Switch2(Config-if-Vlan1)#exit Switch2(config)#interfac

30-9 Usage guide: Switch2 configuration Switch2>enable Switch2#config Switch2(config)#interface vlan 2 Switch2(Config-if-Vlan2)#ipv6 address 2001

30-10 Switch1(Config-if-Vlan3)#ipv6 dhcp server foo Switch1(Config-if-Vlan3)#ipv6 nd other-config-flag Switch1(Config-if-Vlan3)#no ipv6 nd suppre

31-1 Chapter 31 DHCP option 82 Configuration 31.1 Introduction to DHCP option 82 DHCP option 82 is the Relay Agent Information Option, its option cod

31-2 31.1.2 option 82 Working Mechanism DHCP option 82 flow chart If the DHCP Relay Agent supports option 82, the DHCP client should go through the

31-3 1. Enabling the DHCP option 82 of the Relay Agent. Command Explanation Global mode ip dhcp relay information option no ip dhcp relay informat

1-4 − IEEE 802.1Q Tagged VLAN − Up to 4K VLANs groups, out of 4096 VLAN IDs − Provider Bridging (VLAN Q-in-Q) support (IEEE 802.1ad) − GVRP pro

31-4 ip dhcp relay information option remote-id {standard | <remote-id>} no ip dhcp relay information option remote-id Set the suboption2 (remo

31-5 ip dhcp relay information option self-defined remote-id format [ascii | hex] Set self-defined format of remote-id for relay option82. ip dhcp re

31-6 In the above example, layer 2 switches Switch1 and Switch2 are both connected to layer 3 switch Switch3, Switch 3 will transmit the request mess

31-7 max-lease-time 86400; #24 Hours allow members of "Switch3Vlan2Class2"; } } Now, the DHCP server will allocate addresses for the netwo

32-8 Chapter 32 DHCPv6 option37, 38 32.1 Introduction to DHCPv6 option37, 38 DHCPv6 (Dynamic Host Configuration Protocol for IPv6) is designed for IP

32-9 ipv6 dhcp snooping remote-id option no ipv6 dhcp snooping remote-id option This command enables DHCPv6 SNOOPING to support option 37 option, no

32-10 ipv6 dhcp snooping subscriber-id select (sp | sv | pv | spv) delimiter WORD (delimiter WORD |) no ipv6 dhcp snooping subscriber-id select delim

32-11 ipv6 dhcp relay remote-id delimiter WORD no ipv6 dhcp relay remote-id delimiter Configures user configuration options to generate remote-id. Th

32-12 ipv6 dhcp use class no ipv6 dhcp use class This command enables DHCPv6 server to support the using of DHCPv6 class during address assignment,

32-13 32.3 DHCPv6 option37, 38 Examples 32.3.1 DHCPv6 Snooping option37, 38 Example Figure 32-1 DHCPv6 Snooping option schematic As is shown in the

1-5  WEB-based, Telnet, Console Command Line management  SSH( Secure Shell), SSL  Accesses through SNMPv1, v2c and v3 security set and get requ

32-14 SwitchB(config)#service dhcpv6 SwitchB(config)#ipv6 dhcp server remote-id option SwitchB(config)#ipv6 dhcp server subscriber-id option Switch

32-15 Network topology: In access layer, layer2 access device Switch1 connects users in dormitory; in first-level aggregation layer, aggregation devi

32-16 execute adding, discarding or forwarding operation. Therefore, please check policy configuration of snooping option37,38 on second device when

33-1 Chapter 33 DHCP Snooping Configuration 33.1 Introduction to DHCP Snooping DHCP Snooping means that the switch monitors the IP-getting process of

33-2 33.2 DHCP Snooping Configuration Task Sequence 1. Enable DHCP Snooping 2. Enable DHCP Snooping binding function 3. Enable DHCP Snooping bindi

33-3 Globe mode ip dhcp snooping information enable no ip dhcp snooping information enable Enable/disable DHCP Snooping option 82 function. 5． Set

33-4 Command Explanation Port mode ip dhcp snooping binding user-control no ip dhcp snooping binding user-control Enable or disable the DHCP snoopi

33-5 Command Explanation Globe mode ip dhcp snooping information option subscriber-id format {hex | acsii | vs-hp} This command is used to set subsc

33-6 option subscriber-id {standard | <circuit-id>} no ip dhcp snooping information option subscriber-id option 82 added by DHCP request packet

33-7 33.4 DHCP Snooping Troubleshooting Help 33.4.1 Monitor and Debug Information The “debug ip dhcp snooping” command can be used to monitor the deb

1-6 Back pressure for Half-Duplex Jumbo Frame 9Kbytes LED System: Power, SYS diagnostic, Redundant Power, Alert Malfunction Ports: 10/100/1000 Link/A

33-1 33.5 DHCPv6 Snooping Typical Application Figure 4-1 Sketch Map of preventing lawless DHCPv6 Server As showed in the above chart, MAC-AA and M

33-2 The “debug ipv6 dhcp snooping” command can be used to monitor the debug information. 33.6.2 DHCPv6 Snooping Troubleshooting Help If there is any

34-1 Chapter 34 Routing Protocol Overview To communicate with a remote host over the Internet, a host must choose a proper route via a set of routers

34-2  Destination address: used to identify the destination address or destination network of an IP packet.  Network mask: used together with d

34-3 To achieve routing policy, first we have to define the characteristics of the routing messages to be applied with routing policies, namely defin

34-4 autonomic system path field. As for relevant as-path configurations, please refer to the ip as-path command in BGP configuration. 5. community-l

34-5 match community <community-list-name | community-list-num > [exact-match] no match community [<community-list-name | community-list-num

34-6 set aggregator as <as-number> <ip_addr> no set aggregator as [ <as-number> <ip_addr> ] Distribute an AS No. for BGP aggr

34-7 set tag <tag_val> no set tag [ <tag_val> ] Set OSPF routing tag value; The no command deletes the configuration set vpnv4 next-hop &

34-8 Figure 34-1 Policy routing Configuration Configuration procedure: (only SwitchA is listed, configurations for other switches are omitted.) Th

1-7 MSTP, IEEE 802.1s (Multiple Spanning Tree Protocol, spanning tree by VLAN) Root Guard BPDU Guard Link Aggregation Static Trunk IEEE 802.3ad LAC

35-1 Chapter 35 Static Route 35.1 Introduction to Static Route As mentioned earlier, the static route is the manually specified path to a network or

35-2 2. VRF configuration Command Explanation Global mode ip route vrf <name> {<ip-prefix> <mask>|<ip-prefix/<prefix-length

35-3 Switch(config)#ip route 10.1.1.0 255.255.255.0 10.1.2.1 Next hop use the partner IP address Switch(config)#ip route 10.1.4.0 255.255.255.0 10.1.

36-1 Chapter 36 RIP 36.1 Introduction to RIP RIP is first introduced in ARPANET, this is a protocol dedicated to small, simple networks. RIP is a dis

36-2 (simple plaintext password and MD5 password authentication are supported), and support variable length subnet mask. RIP-II used some of the zero

36-3 4) Configure and apply route filter 5) Configure Split Horizon (3) Configure other RIP protocol parameters 1) Configure the managing distance of

36-4 Command Explanation Router Configuration Mode neighbor <A.B.C.D> no neighbor <A.B.C.D> Specify the IP address of the neighbor route

36-5 ip rip authentication key-chain <name-of-chain> no ip rip authentication key-chain [<name-of-chain>] Sets the key chain used in auth

36-6 distribute-list {< access-list-number |access-list-name >|prefix<prefix-list-name>}{in|out} [<ifname>] no distribute-list {<

36-7 version { 1 | 2 } no version Configure the versions of all the RIP data packets transmitted/received by the Layer 3 switch port sending/receivin

1-8 LLDP MAU-MIB Management Function System Configuration Console, Telnet, SSH, Web Browser, SSL, SNMPv1, v2c and v3 Management Support the unite f

36-8 Command Explanation Interface Configuration Mode ip rip aggregate-address A.B.C.D/M no ip rip aggregate-address A.B.C.D/M To configure or d

36-9 exit-address-family This command exits the address family mode. 36.3 RIP Examples 36.3.1 Typical RIP Examples Figure 36-1 RIP example In the

36-10 Configure that the interface vlan 2 do not transmit RIP messages to SwitchC SwitchA(config)#router rip SwitchA(config-router)#passive-interface

36-11 Figure 36-2 Typical application of RIP aggregation As the above network topology, S2 is connected to S1 through interface vlan1, there are o

36-12 sending route updating messages to all neighboring Layer 3 switches every 30 seconds. A Layer 3 switch is considered inaccessible if no route u

37-1 Chapter 37 RIPng 37.1 Introduction to RIPng RIPng is first introduced in ARPANET, this is a protocol dedicated to small, simple networks. RIPng

37-2 destination, and route table is built based on this database. When a RIPng layer3 switch sent route update packets to its neighbor devices, the

37-3 3. Configure other RIPng parameters (1) Configure timer for RIPng update, timeout and hold-down 4. Delete the specified route in RIPng route

37-4 1）Configure route introduction (default route metric, configure routes of the other protocols to be introduced in RIP) Command Explanation Rout

37-5 4）Configure split horizon Command Explanation Interface configuration mode IPv6 rip split-horizon [poisoned] Configure that take the split-hor

1 Content CHAPTER 1 INTRODUTION ... 1-1 1.1 PACKET CONTENTS .

2-1 Chapter 2 INSTALLATION This section describes the hardware features and installation of the Managed Switch on the desktop or rack mount. For eas

37-6 ipv6 rip aggregate-address X:X::X:X/M no ipv6 rip aggregate-address X:X::X:X/M To configure or delete IPv6 aggregation route on interface. (3

37-7 37.3 RIPng Configuration Examples 37.3.1 Typical RIPng Examples Figure 37-1 RIPng Example As shown in the above figure, a network consists of

37-8 SwitchA(config-router)#passive-interface Vlan1 SwitchA(config-router)#exit Layer 3 SwitchB Enable RIPng protocol SwitchB (config)#router IPv6 r

37-9 Figure 37-2 Typical application of RIPng aggregation As the above network topology, S2 is connected to S1 through interface vlan1, there are o

37-10 route updating messages every 30 seconds. A Layer 3 switch is considered inaccessible if no route updating messages from the switch are receive

38-1 Chapter 38 OSPF 38.1 Introduction to OSPF OSPF is abbreviation for Open Shortest Path First. It is an interior dynamic routing protocol for auto

38-2 One major advantage of link-state routing protocols is the fact that infinite counting is impossible, this is because of the way link-state rout

38-3 In conclusion, LSA can only be transferred between neighboring Layer3 switches, OSPF protocol includes 5 types of LSA: router LSA, network LSA,

38-4 38.2 OSPF Configuration Task List The OSPF configuration for XGS3 series switches may be different from the configuration procedure to switches

38-5 [no] router ospf [process <id>] Enables OSPF protocol; the “no router ospf” command disables OSPF protocol. (required) OSPF Protocol Confi

2-2 2.1.2 LED Indications The front panel LEDs indicates instant status of port links, data activity, system operation, Stack status and system pow

38-6 Command Explanation Interface Configuration Mode ip ospf hello-interval <time> no ip ospf hello-interval Sets interval for sending HELLO

38-7 Admin Mode or Configure Mode show ip ospf [<process-id>] redistribute Display the configuration information of the OSPF process import

38-8 4）Configure the priority of the interface when electing designated layer3 switch (DR). Command Explanation Interface Configuration Mode ip os

38-9 Figure 38-1 Network topology of OSPF autonomous system The configuration for layer3 Switch1 and Switch5 is shown below: Layer 3 Switch1 Co

38-10 Switch2(config-if-vlan1)# ip address 10.1.1.2 255.255.255.0 Switch2(config-if-vlan1)#no shutdown Switch2(config-if-vlan1)#exit Switch2(config)#

38-11 Switch4(config)#exit Switch4# Layer 3 Switch5: Configuration of the IP address for interface vlan2 Switch5#config Switch5(config)# interface

38-12 Figure 38-2 Typical complex OSPF autonomous system This scenario is a typical complex OSPF autonomous system network topology. Area1 include

38-13 SwitchB interface VLAN2 is 10.1.1.2, IP address of layer3 SwitchC interface VLAN2 is 10.1.1.3, IP address of layer3 SwitchD interface VLAN2 is

38-14 SwitchB(config)# interface vlan 2 SwitchB(config-If-Vlan2)# ip address 10.1.1.2 255.255.255.0 SwitchB(config-If-Vlan2)#exit Enable OSPF protoc

38-15 SwitchC(config-If-Vlan2)#exit Configure IP address and area number for interface vlan3 SwitchC(config)# interface vlan 3 SwitchC(config-If-Vla

2-3 10/100/1000Base-T and SFP interfaces LED Color Function LNK/ACT Red Lights to indicate the link through that port is successfully establ

38-16 SwitchD(config-If-Vlan2)#ip ospf authentication-key DCS SwitchD(config-If-Vlan2)#exit Configure the IP address and the area number for the int

38-17 Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip address 1.1.1.1 255.255.255.0 Switch(Config-if-Vlan1)#exit Switch(config)#interface

38-18 Associate the vlan 1 and vlan 2 respectively with vpnb and vpnc while configuring IP address SwitchA(config)#in vlan1 SwitchA(config-if-Vlan1)#

38-19 SwitchC(config-router)#exit 38.4 OSPF Troubleshooting The OSPF protocol may not be working properly due to errors such as physic connection, c

39-1 Chapter 39 OSPFv3 39.1 Introduction to OSPFv3 OSPFv3（Open Shortest Path First） is the third version for Open Shortest Path First, and it is the

39-2 be flooded throughout the network very soon. Those advantages release some layer3 switch resources, as the process ability and bandwidth used by

39-3 In one word, LSA can only be transferred between neighboring Layer3 switches, and OSPFv3 protocol includes seven kinds of LSA: link LSA, inter

39-4 39.2 OSPFv3 Configuration Task List OSPFv3 Configuration Task List: 1. Enable OSPFv3 (required) （1） Enable/disable OSPFv3(required) （2） Confi

39-5 router-id <router_id> no router-id Configure router for OSPFv3 process. The no router-id command returns ID to 0.0.0.0 .(required) [no] p

39-6 IPv6 ospf transit-delay <time> [instance-id <id>] no IPv6 ospf transit-delay [instance-id <id>] Sets the delay time before sen

2-4 10/100/1000Base-T and SFP interfaces LED Color Function LNK/ACT Green Lights: To indicate the link through that port is successfully estab

39-7 Command Explanation Admin Mode debug ipv6 ospf redistribute message send no debug ipv6 ospf redistribute message send debug ipv6 ospf redistrib

39-8 no router IPv6 ospf ospf [<tag>] Disable OSPFv3 Routing Protocol. 39.3 OSPFv3 Examples Examples 1: OSPF autonomous system. This scenario t

39-9 SwitchA(config-if-vlan2)# IPv6 router ospf area 0 SwitchA (config-if-vlan2)#exit SwitchA(config)#exit SwitchA# Layer 3 SwitchB: Enable OSPFv3 p

39-10 Configure interface vlan3 IPv6 address and affiliated OSPFv3 area SwitchD#config SwitchD(config)# interface vlan 3 SwitchD(config-if-vlan3)# I

39-11 switch is a part of this Layer 3 switch interface belongs to area 0, and another part of interface belongs to not area 0; for multi-access net

40-1 Chapter 40 BGP 40.1 Introduction to BGP BGP stands for a Border Gateway Protocol.It’s a dynamic routing protocol inter-autonomous system. Its ba

40-2 connection to exchange routing information. The operation of BGP protocol is driven by messages and the messages can be divided into four kinds:

40-3 switches are in the same AS, they can be neighbors each other. Because BGP can’t detect route, the route tables of other inner route protocols (

40-4 40.2 BGP Configuration Task List The BGP configuration tasks include basic and advanced tasks. Basic BGP configuration tasks include the followi

40-5 no router bgp <as-id> <as-id>”command disenable BGP process. Router configuration mode bgp asnotation asdot no bgp asnotation asdot

2-5 2.1.3 Switch Rear Panel The rear panel of the Managed Switch indicates an AC inlet power socket, which accept input power from 100 to 240V AC, 50

40-6 BGP configuration mode neighbor { <ip-address> | <TAG> } soft-reconfiguration inbound no neighbor { <ip-address> | <TAG>

40-7 Command Explanation Route mapped configuration command set ip next-hop <ip-address> no set ip next-hop Set the Next-Hop attribute of out

40-8 BGP configuration mode neighbor { <ip-address> | <TAG> } route-map <map-name > {in | out} no neighbor { <ip-address> |

40-9 [<as-id>..]command deletes the AS from the AS confederation. 5．Configure a Route Reflector （1） The following commands can be used to con

40-10 （2） Add neighbors to peers groups Command Explanation BGP configuration mode neighbor <ip-address> peer-group <TAG> no neighbor

40-11 advertisement-interval <TAG>} advertisement-interval command recovers the default value. neighbor {<ip-address> | <TAG>} e

40-12 route reflector. neighbor { <ip-address> | <TAG> } soft-reconfiguration inbound no neighbor { <ip-address> | <TAG> } so

40-13 10． Configure the Local Preference Value Command Explanation BGP configuration mode bgp default local-preference <value> no bgp defaul

40-14 14． Configure Route Dampening Command Explanation BGP configuration mode bgp dampening [<1-45>] [<1-20000> <1-20000> <1

40-15 route-server-client no neighbor {<ip-address>|<TAG>} route-server-client under EBGP environment to reduce the number of peers that

2-6 2.2 Install the Switch This section describes how to install your Managed Switch and make connections to the Managed Switch. Please read the foll

40-16 no debug bgp redistribute message send debug bgp redistribute route receive no debug bgp redistribute route receive sent by BGP for redistribut

40-17 The configurations of SwitchC are as following: SwitchC(config)#router bgp 200 SwitchC(config-router-bgp)#network 12.0.0.0 SwitchC(config-route

40-18 40.3.3 Examples 3: configure BGP community attributes In the following sample, “route map set-community” is used for the outgoing update to nei

40-19 Switch(config)#ip community-list com2 permit 90 Switch(config)#exit Switch#clear ip bgp 16.1.1.6 soft out 40.3.4 Examples 4: configure BGP con

40-20 SwitchB(config)#router bgp 10 SwitchB(config-router-bgp)#bgp confederation identifier 200 SwitchB(config-router-bgp)#bgp confederation peers 20

40-21 Figure 40-3 the Topological Map of Route Reflector The configurations are as following: The configurations of SwitchC: SwitchC(config)#router

40-22 SwitchD(config-router-bgp)#neighbor 6.6.6.6 remote-as 100 SwitchD(config-router-bgp)#neighbor 6.6.6.6 route-reflector-client SwitchD(config-rou

40-23 SwitchA(config)#router bgp 100 SwitchA(config-router-bgp)#neighbor 2.2.2.1 remote-as 300 SwitchA(config-router-bgp)#neighbor 3.3.3.2 remote-as

40-24 40.3.7 Examples 7: example of BGP VPN For the configuration of MPLS VPN, BGP is part of the core routing system and it is also an important uti

40-25 CE-A1(config)#interface vlan 2 CE-A1(config-if-Vlan2)#ip address 192.168.101.2 255.255.255.0 CE-A1(config-if-Vlan2)#exit CE-A1(config)#in

2-7 Connection to the Managed Switch requires UTP Category 5 network cabling with RJ-45 tips. For more information, please see the Cabling Specifi

40-26 CE-B2(config-router)#neighbor 192.168.202.1 remote-as 100 CE-B2(config-router)#exit Configurations on PE1： PE1#config PE1(config)#ip vrf

40-27 PE2(config)#ip vrf VRF-A PE2(config-vrf)#rd 100:10 PE2(config-vrf)#route-target both 100:10 PE2(config-vrf)#exit PE2(config)#ip vrf VRF

40-28 40.4 BGP Troubleshooting In the process of configuring and implementing BGP protocol, physical connection, configuration false probably leads t

41-1 Chapter 41 MBGP4+ 41.1 Introduction to MBGP4+ MBGP4+ is multi-protocol BGP (Multi-protocol Border Gateway Protocol) extension to IPv6, referring

41-2 3. Configure redistribution of OSPFv3 routing to MBGP4+ (1) Enable redistribution of OSPFv3 routing to MBGP4+ Command Explanation Router IPv6

41-3 Accordingly SwitchA configuration as follows: SwitchA(config)#router bgp 100 SwitchA(config-router)#bgp router-id 1.1.1.1 SwitchA(config-router)

41-4 SwitchD(config-router-af)#exit-address-family SwitchD(config-router)#exit Here the connection between SwitchB and SwitchA is EBGP, and the conn

42-1 Chapter 42 Black Hole Routing Manual 42.1 Introduction to Black Hole Routing Black Hole Routing is a special kind of static routing which drops

42-2 42.4 Black Hole Routing Configuration Exmaples Example 1: IPv4 Black Hole Routing function. Figure 42-1 IPv4 Black Hole Routing Configuratio

42-3 Example 2: IPv6 Black Hole Routing function. Figure 41-2 IPv6 Black Hole Routing Configuration Example As it is shown in the figure, in Switch

2-8 Figure 2-2-3 Mounting XGS3-24042 in a Rack Step6: Proceeds with the steps 4 and steps 5 of session 2.2.1 Desktop Installation to connect the ne

42-4 For problems that cannot be fixed through above methods, please issue the command show ip route distance and show ip route fib, and show l3. And

43-5 Chapter 43 GRE Tunnel Configuration 43.1 Introduction to GRE Tunnel GRE (General Routing-protocol Encapsulation) was referred to IETF by Cisco a

43-6 Command Explanation Tunnel interface configuration mode tunnel mode gre ip no tunnel mode Configure the tunnel mode as GREv4 tunnel. After the

43-7 ip route <ipv4-address/mask> tunnel <ID> no ip route <ipv4-address/mask> tunnel <ID> Configure the egress interface of t

43-8 Configuration steps Instruction: the topology environment of this chapter may be different to the actual environment. To ensure the effect of th

43-9 SwitchA(config)#interface vlan 10 SwitchA(config-if-vlan10)# ip address 10.1.1.2 255.255.255.0 SwitchA(config-if-vlan10)#exit  Configure OS

43-10 Tunnel1 gre ipv6 2005:1000:3000::1 2000:1000:3000::1 The configuration of GRE tunnel is successful.  Configure the IPv4 a

43-11  Create the interface VLAN 12 and its address SwitchA(config)#vlan 12 SwitchA(config-vlan12)#switchport interface ethernet 1/0/12 SwitchA(c

43-12 Figure 43-2 GRE tunnel quotes loopback group topology Introduction to loopback group topology IPv6 network between SwitchA and SwitchB, PC1 a

43-13 (1) The configuration of device A 1. The configuration step  Enable IPv6 function. SwitchA(config)#ipv6 enable  Create the interface VLAN

2-9  Approved PLANET SFP Transceivers PLANET Managed Switch supports both Single mode and Multi-mode SFP transceiver. The following list of approve

43-14 SwitchA (config-if-tunnel1)# loopback-group 1  Configure OSPF routing protocol. SwitchA(config)#router ospf SwitchA(config-router)#router-id

43-15  Configure the IPv4 address of the tunnel interface. To run OSPF routing protocol, the interface address must be configured. SwitchA (config-

43-16 SwitchA(config-vlan12)#exit SwitchA(config)#interface vlan 12 SwitchA(config-if-vlan12)#ipv6 address 2005:3000:1000::2/64 SwitchA(config-if-vla

44-1 Chapter 44 ECMP Configuration 44.1 Introduction to ECMP ECMP (Equal-cost Multi-path Routing) works in the network environment where there are ma

44-2 Command Explanation Global mode load-balance {dst-src-mac | dst-src-ip | dst-src-mac-ip } Set load-balance for switch, it takes effect for

44-3 S 5.5.5.5/32 [1/0] via 100.1.1.2, Vlan100 tag:0 [1/0] via 100.1.2.2, Vlan200 tag:0 C 100.1.1.0/24 is directly

44-4 R3(config-router)# network 100.1.2.0/24 area 0 R3(config-router)# network 100.2.2.0/24 area 0 R4 configuration: R4(config)#interface Vlan100 R4

45-5 Chapter 45 BFD 45.1 Introduction to BFD BFD (Bidirectional Forwarding Detection) provides a detection mechanism to quickly detect and monitor th

45-6 bfd interval <value1> min_rx <value2> multiplier <value3> no bfd interval Configure the minimum transmission interval and the

45-7 ipv6 route {vrf <name> <ipv6-address> | <ipv6-address>} prefix <nexthop> bfd no ipv6 route {vrf <name> <ipv6-ad

2-10 management interface of the switch/converter (if available) to disable the port in advance. 2. Remove the Fiber Optic Cable gently. 3. Turn th

45-8 Switch(config)#interface vlan 14 Switch(config-if-vlan15)#ip address 14.1.1.1 255.255.255.0 Switch(config)#ip route 15.1.1.0 255.255.255.0 12.1.

45-9 Switch (config-router)#network vlan 300 Switch(config)#interface vlan 100 Switch(config-if-vlan100) #rip bfd enable When the link between Switch

45-10 Switch(config-router)#enable Switch(config-router)#bfd enable # Configure Switch B Switch#config Switch(config)#bfd mode passive Switch(config

46-11 Chapter 46 BGP GR 46.1 Introduction to GR Along with network development, it requires the higher availability, so HA (High Availability) is set

46-12 information and enable selection deferral timer. 5. R1 delays the count process of the local BGP route until it receives all End-of-RIB from

46-13 BGP protocol unicast address family mode and VRF address family mode neighbor (A.B.C.D | X:X::X:X | WORD) capability graceful-restart no neigh

46-14 bgp graceful-restart stale-path-time <1-3600> no bgp graceful-restart stale-path-time <1-3600> Stalepath-time uses the default va

46-15 R2 configuresint vlan 12，ip address 12.1.1.2 R1 configuration: R1#config R1(config)#vlan 12 R1(config-vlan12)#int vlan 12 R1(config-if-vlan12)#

47-16 Chapter 47 OSPF GR 47.1 Introduction to OSPF GR OSPF Graceful-Restart（short for OSPF GR）， is used to maintain data forwarding correctly and flo

47-17 protocol while GR helper is layer 3 switch to help GR restarter. In the above example, S1 is GR restarter and S2 is GR helper The advantages of

2 4.4.4 SNMP Configuration ... 4-8 4.4.5 T

3-11 Chapter 3 Switch Management 3.1 Management Options After purchasing the switch, the user needs to configure the switch for network management. S

47-18 47.3 OSPF GR Example Example: There are for switches from S1 to S4 (They are two master control board and supports OSPF GR), they enable OSPF

47-19 specific GR is not disabled.  Whether network topology is changed during OSPF GR process. When it is changed, switch may quit GR and restart

48-1 Chapter 48 IPv4 Multicast Protocol 48.1 IPv4 Multicast Protocol Overview This chapter will give an introduction to the configuration of IPv4 Mul

48-2 Multicast group are dynamic, the hosts can join and leave the Multicast group at any time. Multicast group can be permanent or tem

48-3 48.1.3 IP Multicast Packet Transmission In Multicast mode, the source host sends packets to the host group indicated by the Multicast group addr

48-4 The working process of PIM-DM can be summarized as: Neighbor Discovery, Flooding & Prune, and Graft. 1. Neigh hour Discovery After PIM-DM ro

48-5 48.2.2 PIM-DM Configuration Task List 1. Enable PIM-DM (Required) 2. Configure static multicast routing entries(Optional) 3. Configure additi

48-6 ip pim hello-interval < interval> no ip pim hello-interval To configure the interval for PIM-DM hello messages. The no form of this comman

48-7 48.2.3 PIM-DM Configuration Examples As shown in the following figure, add the Ethernet interfaces of Switch A and Switch B to corresponding vla

48-8 48.2.4 PIM-DM Troubleshooting In configuring and using PIM-DM Protocol, PIM-DM Protocol might not operate normally caused by physical connection

3-12 Figure 3-2 Opening Hyper Terminal 2) Type a name for opening HyperTerminal, such as “Switch”. Figure 3-3 Opening HyperTerminal 3) In the “

48-9 and reach the host. In this way the RPT with RP as root is generated. (2) Multicast Source Registration When a Multicast Source S sends a M

48-10 1. Enable PIM-SM Protocol The PIM-SM protocol can be enabled on XGS3 series Layer 3 switches by enabling PIM in global configuration mode and

48-11 ip pim hello-holdtime <value> no ip pim hello-holdtime To configure the value of the holdtime field in the PIM-SM hello messages. The no

48-12 Command Explanation Global Configuration Mode ip pim bsr-candidate {vlan <vlan-id>| <ifname>}[ <mask-length>][ <priority&

48-13 Command Explanation Interface Configuration Mode no ip pim sparse-mode | no ip pim multicast-routing(Global configuration mode) To disable the

48-14 Switch(config)#interface vlan 2 Switch(Config-if-Vlan2)# ip address 24.1.1.2 255.255.255.0 Switch(Config-if-Vlan2)# ip pim sparse-mode Switch(C

48-15 In configuring and using PIM-SM Protocol, PIM-SM Protocol might not operate normally caused by physical connection or incorrect configuration.

48-16 48.4.2 Brief Introduction to MSDP Configuration Tasks 1. Configuration of MSDP Basic Function 1) Enabling MSDP (Required) 2) Configuring MSD

48-17 48.4.3.2 Enabling MSDP MSDP should be enabled before various MSDP functions can be configured. 1. Enable the MSDP function 2. Configure MSDP

48-18 48.4.4.2 Configuration of MSDP parameters Commands Explanation MSDP Peer Configuration Mode connect-source <interface-type> <interfac

3-13 Figure 3-4 Opening HyperTerminal 4) COM1 property appears, select “9600” for “Baud rate”, “8” for “Data bits”, “none” for “Parity checksum”,

48-19 no sa-request-filter [list <access-list-number | access-list-name>] command will remove the configured filter rules for SA request packet

48-20 Figure 48-3 Network Topology for MSDP Entry Configuration tasks are listed as below: Prerequisites: Enable the single cast routing protocol a

48-21 Switch(router-msdp)#peer 20.1.1.1 Router B in Domain B: Switch#config Switch(config)#interface vlan 2 Switch(Config-if-Vlan2)#ip address 20.1.

48-22 Figure 48-4 Flooding of SA messages Figure 48-5 Flooding of SA messages with mesh group configuration Configuration steps are listed as bel

48-23 Switch(Config-if-Vlan3)#ip address 30.1.1.1 255.255.255.0 Switch(Config-if-Vlan3)#exit Switch(config)#router msdp Switch(router-msdp)#peer 10.

48-24 Switch(Config-if-Vlan6)#ip address 60.1.1.4 255.255.255.0 Switch(Config-if-Vlan6)#exit Switch(config)#router msdp Switch(router-msdp)#peer 20.

48-25 If the MSDP problems cannot be solved through all the methods provided above, please issue the command debug msdp to get the debugging messages

48-26 2. Configure ANYCAST RP v4 (1) Configure the RP candidate Command Explanation Global Configuration Mode ip pim rp-candidate {vlan<vlan-i

48-27 done with the absence of the interface. The self-rp-address should be unique. No operation will cancel the self-rp-address which is used to com

48-28 from a DR is received, it should be forwarded to all of these other RP one by one. No operation will cancel an other-rp-address communicating

3-14 Testing RAM... 0x077C0000 RAM OK Loading MiniBootROM... Attaching to file system ... Loading nos.img ... done. Booting... Starting at 0

48-29 Switch(config)#ip pim rp-candidate loopback1 Switch(config)#ip pim bsr-candidate vlan 1 Switch(config)#ip pim multicast-routing Switch(config)#

48-30 Source Specific Multicast (PIM-SSM) is a new kind of multicast service protocol. With PIM-SSM, a multicast session is distinguished by the mult

48-31 Switch(config)#ip pim multicast-routing Switch(config)#interface vlan 1 Switch(Config-If-Vlan1)# ip pim sparse-mode Switch(Config-If-Vlan

48-32 Switch(Config-If-Vlan2)# ip pim sparse-mode Switch(Config-If-Vlan2)#exit Switch(config)#interface vlan 3 Switch(Config-If-Vlan3)# ip pim

48-33 The check which determines if the packet gets to the correct interface is called RPF check. When some Multicast data packets get to some inter

48-34 48.7.2 DVMRP Configuration Task List 1． Globally enable and disable DVMRP (Required) 2． Configure Enable and Disable DVMRP Protocol at the inte

48-35 ip dvmrp output-report-delay <delay_val> [<burst_size>] no ip dvmrp output-report-delay Configure the delay of transmitting DVMRP

48-36 Switch (config)#interface vlan 1 Switch(Config-if-Vlan1)# ip address 10.1.1.1 255.255.255.0 Switch(Config-if-Vlan1)# ip dvmrp enable (2) Confi

48-37 The Multicast Packet Source Controllable technology of Security Controllable Multicast technology is mainly processed in the following manners:

48-38 The next is to configure the rule of source control. It is configured in the same manner as for ACL, and uses ACL number of 5000-5099, every ru

3-15 The following describes the steps for a Telnet client to connect to the switch’s VLAN1 interface by Telnet(IPV4 address example): Figure 3-6 Ma

48-39 [no] multicast destination-control （required） Globally enable IPv4 and IPv6 destination control. The no operation of this command w

48-40 to set priority for the specified multicast. The commands are as follows: Command Explanation Global Configuration Mode [no] ip multicast p

48-41 Server 210.1.1.1 is distributing important multicast data on group 239.1.2.3, we can configure on its join-in switch as follows: Switch(config

48-42 Under this kind of situation, since all switches which runs IGMP under this network segment can get membership report message from the host, th

48-43 membership trace. 11. In querying messages, the new router side restraint process (S sign) modified the existing strength of IGMPv2. 48.9.2

48-44 Command Explanation Interface Configuration Mode ip igmp access-group {<acl_num | acl_name>} no ip igmp access-group Configure the filte

48-45 no ip dvmrp | no ip pim dense-mode | no ip pim sparse-mode | no ip dvmrp multicast-routing | no ip pim multicast-routing Disable IGMP Protoco

48-46  Firstly to assure that physical connection is correct;  Next, to assure the Protocol of Interface and Link protocol is UP (use show interf

48-47 ip igmp snooping vlan <vlan-id> no ip igmp snooping vlan <vlan-id> Enables IGMP Snooping for specified VLAN. The no operation disab

48-48 query-mrsp <value> no ip igmp snooping vlan <vlan-id> query-mrsp period. The “no ip igmp snooping vlan <vlan-id> query-mr

3-16 Figure 3-7 Run telnet client program included in Windows Step 3: Login to the switch. Login to the Telnet configuration interface. Valid login

48-49 Figure 48-10 Enabling IGMP Snooping function Example: As shown in the above figure, a VLAN 100 is configured in the switch and includes ports

48-50 Figure 48-11 The switches as IGMP Queries The configuration of Switch2 is the same as the switch in scenario 1, SwitchA takes the place of Mul

48-51 router) Configurations are listed as below: switch#config switch(config)#ip pim multicast-routing switch(config)#interface vlan 100 swit

48-52 the join and leave messages received from downstream ports and forward them to the multicast router through upstream ports. The IGMP proxy conf

48-53 no ip igmp proxy unsolicited-report robustness this command will restore the default value. ip igmp proxy aggregate no ip igmp proxy aggregat

48-54 The configuration steps are listed below: Switch#config Switch(config)#ip igmp proxy Switch(Config)#interface vlan 1 Switch(Config-if-Vlan1)#ip

48-55 Switch#config Switch(config)#ip igmp proxy Switch(Config)#interface vlan 1 Switch(Config-if-Vlan1)#ip igmp proxy upstream Switch(Config)#interf

49-1 Chapter 49 IPv6 Multicast Protocol 49.1 PIM-DM6 49.1.1 Introduction to PIM-DM6 PIM-DM6（Protocol Independent Multicast, Dense Mode）is the IPv6 ve

49-2 the multicast packet will be discarded as redundant message. The unicast routing message used as path judgment can root in any Unicast Routing P

49-3 ipv6 pim dense-mode To enable PIM-DM for the specified interface (required). 2．Configure static multicast routing entries Command Explanation

3-17 3.1.2.2 Management via HTTP To manage the switch via HTTP, the following conditions should be met: 1) Switch has an IPv4/IPv6 address configu

49-4 Command Explanation Interface Configuration Mode ipv6 pim scope-border <500-599>|<acl_name> no ipv6 pim scope-border To configure

49-5 Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ipv6 address 2000:10:1:1::1/64 Switch(Config-if-Vlan1)#ipv6 pim dense-mode Switch(Config

49-6 PIM-SM routers and establish, using Join/Prune message of routers, RPT (RP-rooted shared tree) based on RP. Consequently the network bandwidth o

49-7 Notice: Multicast Routing Protocol is not supported by 5950-28T-L and 5950-52T-L in this chapter. 49.2.2 PIM-SM6 Configuration Task List 1． Ena

49-8 ipv6 mroute <X:X::X:X> <X:X::X:X> <ifname> <.ifname> no ipv6 mroute <X:X::X:X> <X:X::X:X> [<ifnam

49-9 5) Configure the interface as the management boundary of the PIM-SM6 protocol Command Explanation Interface Configuration Mode ipv6 pim scope

49-10 Global Configuration Mode ipv6 pim rp-address <rp-address> [<group-range>] no ipv6 pim rp-address <rp-address> {all|<g

49-11 The configuration procedure for SwitchA, SwitchB, SwitchC and SwitchD is as below: (1) Configure SwitchA: Switch(config)#ipv6 pim multicast-r

49-12 Switch(Config-if-Vlan1)#ipv6 address 2000:34:1:1::4/64 Switch(Config-if-Vlan1)#ipv6 pim sparse-mode Switch(Config-if-Vlan1)#exit Switch(config)

49-13 Anycast RP defines that the nearest RP to the multicast source should forward the source register messages to all the other RP to guarantee tha

3-18 Telnet is enabled for configuring and managing the switch, username and password for authorized Telnet users must be configured with the followi

49-14 no ipv6 pim anycast-rp self-rp-address identify this router when communicating with other RP.(necessary) the effect of self-rp-address refers t

49-15 absence of the interface in accordance with the anycast-rp-addr. Configure on this router (as a RP) the other-rp-addresses of other RP comm

49-16 RP1 Configuration: Switch#config Switch(config)#interface loopback 1 Switch(Config-if-Loopback1)#ipv6 address 2006::1/128 Switch(Config-if-Loop

49-17 49.4 PIM-SSM6 49.4.1 Introduction to PIM-SSM6 Source Specific Multicast (PIM-SSM6) is a new kind of multicast service protocol. With PIM-SSM6,

49-18 Figure 49-4 PIM-SSM typical environment Configurations of switchA , switchB, switchC and switchD are listed as below: (1) Configuration of s

49-19 Switch(config)# ipv6 pim rp-candidate vlan2 Switch(config)#ipv6 access-list 500 permit ff1e::1/64 Switch(config)#ip pim ssm range 500 (3

49-20  Make sure the physical links are connected correctly.  Make sure the state of the data link layer has become UP. (Use show interface comma

49-21 the command of globally enabling the source control: Command Explanation Global Configuration Mode ipv6 multicast source-control(necessary) n

49-22 First, globally enable the destination control, since destination control needs to avoid the unauthorized users from receiving multicast data,

49-23 3． The configuration of multicast policy The multicast policy adopts the method of specifying a priority for the specified multicast data to

3-19 Figure 3-11 Main Web Configuration Interface When configure the switch, the name of the switch is composed with English letters. 3.1.2.3 Man

49-24 Switch(config)#ipv6 multicast destination-control fe80::203:fff:fe01:228a/64 access-group 9000 Thus, the users of this segment can only join g

49-25 MLD protocol version2 use FF02::16 as destination address of membership report, and 143 as data type. The other logic of MLD Protocol version2

49-26 1）Configure interval time for MLD to send query messages 2）Configure the maximum response time of MLD query 3）Configure the overtime of MLD que

49-27 (1) Configure SwitchA: Switch (config) #ipv6 pim multicast-routing Switch (config) #ipv6 pim rp-address 3FFE::1 Switch (config) #interface vlan

49-28 (namely ff02::1). Once there is a listener who wishes to join the multicast address, it will send a MLD Multicast listener Report back through

49-29 mrouter-port interface <interface –name> ipv6 mld snooping vlan <vlan-id> mrouter-port learnpim6 no ipv6 mld snooping vlan <

49-30 Scenario 1: MLD Snooping Function Figure 49-6 Open the switch MLD Snooping Function figure As shown above, the vlan 100 configured on the swi

49-31 Figure 49-7 Switch as MLD Querier Function figure Configuration of switch B is the same as the switches in case 1, and

49-32 Scenario 3: To run in cooperation with layer 3 multicast protocols SWITCH which is used in Scenario 1 is replaced with ROUTER with specific con

50-1 Chapter 50 Multicast VLAN 50.1 Introductions to Multicast VLAN Based on current multicast order method, when orders from users in different VLA

3-20 3.2 CLI Interface The switch provides thress management interface for users: CLI (Command Line Interface) interface, Web interface, Snmp netword

50-2 3. Configure the MLD Snooping Command Explanation Global Mode ipv6 mld snooping vlan <vlan-id> no ipv6 mld snooping vlan <vlan

50-3 SwitchA(config)#interface vlan 10 Switch(Config-if-Vlan10)#ip pim dense-mode Switch(Config-if-Vlan10)#exit SwitchA(config)#vlan 20 SwitchA(c

51-1 Chapter 51 ACL Configuration 51.1 Introduction to ACL ACL (Access Control List) is an IP packet filtering mechanism employed in switches, provi

51-2 51.2 ACL Configuration Task List ACL Configuration Task Sequence: 1. Configuring access-list (1) Configuring a numbered standard IP access-list

51-3 5. Clear the filtering information of the specified port 1. Configuring access-list (1) Configuring a numbered standard IP access-list (2)

51-4 5. Clear the filtering information of the specified port 1. Configuring access-list (1) Configuring a numbered standard IP access-list Comm

51-5 access-list <num> {deny | permit} udp {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} [s-port {<sPort&g

51-6 Command Explanation Standard IP ACL Mode exit Exits name-based standard IP ACL configuration mode. (4) Configuring an name-based extended IP

51-7 <tos>][time-range<time-range-name>] [no] {deny | permit} udp {{<sIpAddr> <sMask>} | any-source | {host-source <sIpAd

51-8 {host-source-mac<host_smac>}|{<smac><smac-mask>}}{any-destination-mac|{host-destination-mac<host_dmac>}|{<dmac>&l

3 10.3 ULDP FUNCTION TYPICAL EXAMPLES ... 10-4 10.4 ULDP TR

3-21 3.2.1.1 User Mode On entering the CLI interface, entering user entry system first. If as common user, it is defaulted to User Mode. The prompt s

51-9 [no]{deny|permit} {any-source-mac|{host-source-mac<host_smac>}|{<smac><smac-mask>}} {any-destination-mac |{host-destination-m

51-10 (8) Configuring a numbered extended MAC-IP access-list Command Explanation Global mode access-list<num>{deny|permit} {any-source-mac|

51-11 access-list<num>{deny|permit}{any-source-mac| {host-source-mac<host_smac>}|{<smac><smac-mask>}}{any-destination-mac|{h

51-12 Command Explanation Extended name-based MAC-IP access Mode [no]{deny|permit} {any-source-mac|{host-source-mac <host_smac>}|{<smac&g

51-13 c<host_smac>}|{<smac><smac-mask>}} {any-destination-mac|{host-destination-mac <host_dmac>}|{<dmac><dmac-mask&

51-14 deletes a numbered standard IPv6 access-list. （11） Configuring a numbered extensive IPV6 access-list Command Explanation Global Mode ipv

51-15 a. Create a standard IPV6 access-list based on nomenclature Command Explanation Global Mode ipv6 access-list standard <name> no ipv6 a

51-16 Command Explanation Extended IPV6 ACL Mode [no] {deny | permit} icmp {{<sIPv6Prefix/sPrefixlen>} | any-source | {host-source <sIPv6

51-17 Command Explanation Extended IPV6 ACL Mode exit Exits extended name-based IPV6 ACL configuration mode. 2. Configuring packet filtering fun

51-18 [no] periodic {{Monday+Tuesday+Wednesday+Thursday+ Friday+Saturday+Sunday} | daily | weekdays | weekend} <start_time> to <end_time>

3-22 3.2.1.3 Global Mode Type the config command under Admin Mode will enter the Global Mode prompt “Switch(config)#”. Use the exit command under oth

51-19 3． Bind the ACL to the port The configuration steps are listed below: Switch(config)#access-list 110 deny tcp 10.0.0.0 0.0.0.255 any-dest

51-20 Configuration result: Switch#show firewall Firewall Status: Enable. Switch #show access-lists access-list 1100(used 1 time(s)) acce

51-21 access-list 3110(used 1 time(s)) access-list 3110 deny 00-12-11-23-00-00 00-00-00-00-ff-ff any-destination-mac tcp 10.0.0.0 0.0.0.255 an

51-22 IPv6 Ingress access-list used is 600, traffic-statistics Disable. Scenario 5: The configuration requirement is stated as below: The interfa

51-23  If an access-list contains same filtering information but conflicting action rules, binding to the port will fail with an error message. Fo

52-1 Chapter 52 802.1x Configuration 52.1 Introduction to 802.1x The 802.1x protocol originates from 802.11 protocol, the wireless LAN protocol of I

52-2 system should support EAPOL (Extensible Authentication Protocol over LAN).  The authenticator system is another entity on one end of the LAN

52-3 52.1.2 The Work Mechanism of 802.1x IEEE 802.1x authentication system uses EAP (Extensible Authentication Protocol) to implement exchange of au

52-4 PAE Ethernet Type: Represents the type of the protocol whose value is 0x888E. Protocol Version: Represents the version of the protocol supporte

52-5 Identifier: to assist matching the Request and Response messages. Length: the length of the EAP packet, covering the domains of Code, Identifie

3-23  ACL Mode ACL type Entry Operates Exit Standard IP ACL Mode Type ip access-list standard command under Global Mode. Configure parameters fo

52-6 the remote RADIUS server. The following is the description of the process of these two authentication methods, both started by the supplicant

52-7 the same. 1. EAP-MD5 Authentication Method EAP-MD5 is an IETF open standard which providing the least security, since MD5 Hash function is vul

52-8 The following figure illustrates the basic operation flow of the EAP-TLS authentication method. Figure 52-10 the Authentication Flow of 802.1x

52-9 authentication. The following figure illustrates the basic operation flow of PEAP authentication method. Figure 52-11 the Authentication Flow

52-10 Figure 52-12 the Authentication Flow of 802.1x EAP Termination Mode 52.1.6 The Extension and Optimization of 802.1x Besides supporting the p

52-11 resources, which means all users of this port can access limited resources before being authenticated. The user-based advanced control will r

52-12 the port into Guest VLAN if there is no supplicant getting authenticated successfully in a certain stretch of time because of lacking exclusiv

52-13 Command Explanation Port Mode dot1x port-control {auto|force-authorized|force-unauthorized } no dot1x port-control Sets the 802.1x authentic

52-14 dot1x eapor enable no dot1x eapor enable Enables the EAP relay authentication function in the switch; the no command sets EAP local end authen

52-15 Figure 52-13 The Network Topology of Guest VLAN Notes: in the figures in this session, E2 means Ethernet 1/0/2, E3 means Ethernet 1/0/3 and

3-24 Ctrl +n The same as Down key “↓”. Ctrl +b The same as Left key “←”. Ctrl +f The same as Right key “→”. Ctrl +z Return to the Admin Mode di

52-16 is set as the port’s Guest VLAN. Before the user gets authenticated or when the user fails to do so, port Ethernet1/0/2 is added into VLAN10,

52-17 # Set the access control mode on the port as portbased. Switch(Config-If-Ethernet1/0/2)#dot1x port-method portbased # Set the access control

52-18 Switch(config)#interface vlan 1 Switch(Config-if-vlan1)#ip address 10.1.1.2 255.255.255.0 Switch(Config-if-vlan1)#exit Switch(config)#radius-s

52-19 Switch(config)#radius-server authentication host 2004:1:2:3::3 Switch(config)#radius-server accounting host 2004:1:2:3::3 Switch(config)#r

53-1 Chapter 53 The Number Limitation Function of Port, MAC in VLAN and IP Configuration 53.1 Introduction to the Number Limitation Function o

53-2 through configuration commands. Limiting the number of dynamic MAC and IP of ports: 1. Limiting the number of dynamic MAC. If the number

53-3 2． Enable the number limitation function of MAC、IP in VLAN Command Explanation VLAN configuration mode vlan mac-address dynamic maximu

53-4 show nd-dynamic count {vlan <vlan-id> | interface ethernet <portName> } Display the number of dynamic NEIGHBOUR in corre

53-5 SWTICH B can get the MAC, ARP, ND list entries of all the PC, so limiting the MAC, ARP list entry can avoid DOS attack to a certain exten

54-1 Chapter 54 Operational Configuration of AM Function 54.1 Introduction to AM Function AM (Access Management) means that when a switch receiv

3-25 Please configure precursor command "*" at first! The command is recognized, but the prerequisite command has not been configured. sy

54-2 am port no am port Enable/disable AM function on the port. When the AM function is enabled on the port, no IP or ARP message will be forwar

54-3 54.3 AM Function Example Figure 54-1 a typical configuration example of AM function In the topology above, 30 PCs, after converged by HUB

55-1 Chapter 55 TACACS+ Configuration 55.1 Introduction to TACACS+ TACACS+ terminal access controller access control protocol is a pro

55-2 3. Configure the TACACS+ authentication timeout time Command Explanation Global Mode tacacs-server timeout <seconds> no t

55-3 Switch(config)#authentication line vty login tacacs 55.4 TACACS+ Troubleshooting In configuring and using TACACS+, the TACACS+ ma

56-1 Chapter 56 RADIUS Configuration 56.1 Introduction to RADIUS 56.1.1 AAA and RADIUS Introduction AAA is short for Authentication, Authorization a

56-2 Identifier field (1 octet): Identifier for the request and answer packets. Length field (2 octets): The length of the overall RADIUS packet, inc

56-3 56.2 RADIUS Configuration Task List 1． Enable the authentication and accounting function. 2． Configure the RADIUS authentication key. 3． Configu

56-4 radius-server accounting host {<ipv4-address> | <ipv6-address>} [port <port-number>] [key <string>] [primary] no radiu

56-5 Figure 56-2 The Topology of IEEE802.1x configuration A computer connects to a switch, of which the IP address is 10.1.1.2 and connected with a

4-1 Chapter 4 Basic Switch Configuration 4.1 Basic Configuration Basic switch configuration includes commands for entering and exiting the admin m

56-6 Figure 56-3 The Topology of IPv6 Radius configuration A computer connects to a switch, of which the IP address is 2004:1:2:3::2 and connected w

57-7 Chapter 57 SSL Configuration 57.1 Introduction to SSL As the computer networking technology spreads, the security of the network has been taking

57-8 Firstly, SSL should be enabled on the switch. When the client tries to access the switch through https method, a SSL session will be set up betw

57-9 2. Configure/delete port number by SSL used Command Explanation Global Mode ip http secure-port <port-number> no ip http secure-port Con

57-10 Configuration on the switch: Switch(config)# ip http secure-server Switch(config)# ip http secure-port 1025 Switch(config)# ip http secure-ci

58-1 Chapter 58 IPv6 Security RA Configuration 58.1 Introduction to IPv6 Security RA In IPv6 networks, the network topology is generally compromised

58-2 debug ipv6 security-ra no debug ipv6 security-ra Enable the debug information of IPv6 security RA module, the no operation of this command will

59-1 Chapter 59 VLAN-ACL Configuration 59.1 Introduction to VLAN-ACL The user can configure ACL policy to VLAN to implement the accessing control of

59-2 2. Configure VLAN-ACL of MAC type Command Explanation Global mode vacl mac access-group {<700-1199> | WORD} {in | out} [traffic-statisti

59-3 59.3 VLAN-ACL Configuration Example A company’s network configuration is as follows, all departments are divided by different VLANs, technique d

4-2 4.2 Telnet Management 4.2.1 Telnet 4.2.1.1 Introduction to Telnet Telnet is a simple remote terminal protocol for remote login. Using Telnet,

59-4 Switch(config-ip-ext-nacl-vacl_a)# deny ip any-source any-destination time-range t1 3) Configure the extended acl_b of IP, at any time it only

60-5 Chapter 60 MAB Configuration 60.1 Introduction to MAB In actual network existing the device which can not install the authentication client, suc

60-6 mac-authentication-bypass enable no mac-authentication-bypass enable Enable the port MAB authentication function. 2. Configure MAB authenticati

60-7 mac-authentication-bypass timeout linkup-period <0-30> no mac-authentication-bypass timeout linkup-period To obtain IP again, set the inte

60-8 Figure 60-1 MAB application Switch1 is a layer 2 accessing switch, Switch2 is a layer 3 aggregation switch. Ethernet 1/0/1 is an access port of

60-9 Switch(config)#interface ethernet 1/0/2 Switch(config-if-ethernet1/0/2)# switchport mode hybrid Switch(config-if-ethernet1/0/2)# switchport hybr

61-10 Chapter 61 PPPoE Intermediate Agent Configuration 61.1 Introduction to PPPoE Intermediate Agent 61.1.1 Brief Introduction to PPPoE PPPoE (Point

61-11 PADO packet match with the servce information needed by client). MAC address of the other end used for session will be known after server is se

61-12 PPPoE data Version Type Code Session ID Length Field TLV1 …… TLV N TLV frame Type Length Data Each field meanings in the following: Type fie

61-13 61.1.2.3 PPPoE Intermediate Agent vendor tag Frame The following is the format of tag added by PPPoE IA, adding tag is the Uppermost function o

4-3 {<num-std>|<name>} no authentication ip access-class Telnet/SSH/Web; the no form command will cancel the binding ACL. authentica

61-14 client as untrust port, trust port can receive all packets, untrust port can receive only PADI, PADR and PADT packets which are sent to server.

61-15 61.3 PPPoE Intermediate Agent Typical Application PPPoE Intermediate Agent typical application is as follows: Figure 61-4 PPPoE IA typical ap

61-16 Typical configuration (2) in the following: Step1: Switch enables global PPPoE IA function, MAC as 0a0b0c0d0e0f. Switch(config)#pppoe intermed

62-17 Chapter 62 SAVI Configuration 62.1 Introduction to SAVI SAVI (Source Address Validation Improvement) is a security authentication method that p

62-18 Command Explanation Global Mode savi enable no savi enable Enable the global SAVI function, no command disables the function. 2. Enable or di

62-19 6. Configure the global max-slaac-life for SAVI Command Explanation Global Mode savi max-slaac-life <max-slaac-life> no savi max-slaac-

62-20 11. Configure the check mode for SAVI conflict binding Command Explanation Global Mode savi check binding <simple | probe> mode no savi

62-21 savi ipv6 binding num <limit-num> no savi ipv6 binding num Configure the binding number of a port, no command restores the default valu

62-22 Ethernet1/0/12 of Switch1 and port Ethernet1/0/13 of Switch2, and enable the source address check function of SAVI. Ethernet1/0/1 and Ethernet1

63-23 Chapter 63 Web Portal Configuration 63.1 Introduction to Web Portal Authentication 802.1x authentication uses the special client to authenticat

4-4 Global Mode ssh-server enable no ssh-server enable Enable SSH function on the switch; the “no ssh-server enable” command disables SSH functio

63-24 2. Enable/disable web portal authentication of the port Command Explanation Port Mode webportal enable no webportal enable Enable/disable web

63-25 clear webportal binding {mac WORD | interface <ethernet IFNAME | IFNAME> |} Delete the binding information of web portal authentication.

63-26 The configuration of the common web portal authentication is as follows: Switch(config)#interface vlan 1 Switch(config-if-vlan1)#ip address 192

64-27 Chapter 64 VRRP Configuration 64.1 Introduction to VRRP VRRP (Virtual Router Redundancy Protocol) is a fault tolerant protocol designed to enha

64-28 （1） Configure the preemptive mode for VRRP （2） Configure VRRP priority （3） Configure VRRP Timer intervals （4） Configure VRRP interface moni

64-29 Command Explanation VRRP protocol configuration mode advertisement-interval <time> Configures VRRP timer value (in seconds). (4) Config

64-30 SwitchB (Config-Router-Vrrp)# virtual-ip 10.1.1.5 SwitchB(Config-Router-Vrrp)# interface vlan 1 SwitchB(Config-Router-Vrrp)# enable 64.4 VRRP

65-1 Chapter 65 IPv6 VRRPv3 Configuration 65.1 Introduction to VRRPv3 VRRPv3 is a virtual router redundancy protocol for IPv6. It is designed based o

65-2 protocols. Compared with NDP, VRRP provides a fast default gateway switch. In VRRP, backup routers can take up the unavailable master router in

65-3 65.1.2 VRRPv3 Working Mechanism The working mechanism of VRRPv3 is the same with that of VRRPv2, which is mainly implemented via the interaction

4-5 4.3 Configurate Switch IP Addresses All Ethernet ports of switch are default to Data Link layer ports and perform layer 2 forwarding. VLAN int

65-4 65.2 VRRPv3 Configuration 65.2.1 Configuration Task Sequence 1. Create/delete the virtual router (necessary) 2. Configure the virtual IPv6 add

65-5 ( 2 ) Configure VRRPv3 priority Command Explanation VRRPv3 Protocol Mode priority < priority > Configure VRRPv3 priority. ( 3 ) Con

65-6 IPv6_A and IPv6_B are in the same segment), the virtual IPv6 address of backup group 1 and backup group are “V_IPv6_C” and “V_IPV6_D” respec

66-1 Chapter 66 MRPP Configuration 66.1 Introduction to MRPP MRPP (Multi-layer Ring Protection Protocol), is a link layer protocol applied on Etherne

66-2 Each switch is named after a node on Ethernet. The node has some types: Primary node: each ring has a primary node, it is main node to detect an

66-3 66.1.3 MRPP Protocol Operation System 1. Link Down Alarm System When transfer node finds themselves belonging to MRPP ring port Down, it sends l

66-4 2) Configure MRPP ring Command Explanation Global Mode mrpp ring <ring-id> no mrpp ring <ring-id> Create MRPP ring. The “no” co

66-5 clear mrpp statistics {<ring-id>} Clear receiving data packet statistic information of MRPP ring. 66.3 MRPP Typical Scenario Figure 66-2

66-6 Switch(Config)# SWITCH B configuration Task Sequence: Switch(Config)#mrpp enable Switch(Config)#mrpp ring 4000 Switch(mrpp-ring-4000)#control

66-7 66.4 MRPP Troubleshooting The normal operation of MRPP protocol depends on normal configuration of each switch on MRPP ring, otherwise it is ve

4 15.3.1 Introduction to Dot1q-tunnel ... 15-11 15.3.2 Dot1

4-6 3. BOOTP configuration Command Explanation VLAN Port Mode ip bootp-client enable no ip bootp-client enable Enable the switch to be a Boo

67-1 Chapter 67 ULPP Configuration 67.1 Introduction to ULPP Each ULPP group has two uplink ports, they are master port and slave port. The port may

67-2 method of MSTP instances, and ULPP does not provide the protection to other VLANs. When the uplink switch is happennig, the primary forwarding

67-3 1. Create ULPP group globally Command Expalnation Global mode ulpp group <integer> no ulpp group <integer> Configure and delete UL

67-4 ulpp group <integer> master no ulpp group <integer> master Configure or delete the master port of ULPP group. ulpp group <integer

67-5 Figure 67-3 ULPP typical example1 The above topology is the typical application environment of ULPP protocol. SwitchA has two uplinks, they are

67-6 Switch(config-If-Ethernet1/0/2)#exit SwitchB configuration task list: Switch(Config)#vlan 10 Switch(Config-vlan10)#switchport interface etherne

67-7 mutually backup, respectively forward the packets of different VLAN ranges. When port E1/0/1 has the problem, the traffic of VLAN 1-200 are fo

67-8 67.4 ULPP Troubleshooting  At present, configuration of more than 2 multi-uplinks is allowed, but it may cause loopback, so is not recommended

68-1 Chapter 68 ULSM Configuration 68.1 Introduction to ULSM ULSM (Uplink State Monitor) is used to process the port state synchronization. Each ULSM

68-2 68.2 ULSM Configuration Task List 1. Create ULSM group globally 2. Configure ULSM group 3. Show and debug the relating information of ULSM 1

4-7  Get-Bulk-Request  Set-Request  Trap  Inform-Request NMS sends queries to the Agent with Get-Request, Get-Next-Request, Get-Bulk-Requ

68-3 68.3 ULSM Typical Example Figure 68-2 ULSM typical example The above topology is the typical application environment which is used by ULSM and

68-4 Switch(config-If-Ethernet1/0/1)#ulsm group 1 downlink Switch(config-If-Ethernet1/0/1)#exit Switch(Config)#interface ethernet 1/0/3 Switch(config

69-5 Chapter 69 Mirror Configuration 69.1 Introduction to Mirror Mirror functions include port mirror function, CPU mirror function, flow mirror func

69-6 3. Specify flow mirror source Command Explanation Global mode monitor session <session> source {interface <interface-list>} acces

69-7 Switch(config)#monitor session 4 source interface ethernet 1/0/15 access-list 120 rx 69.4 Device Mirror Troubleshooting If problems occur on con

70-1 Chapter 70 RSPAN Configuration 70.1 Introduction to RSPAN Port mirroring refers to the duplication of data frames sent/received on a port to ano

70-2 For chassis switches, at most 4 mirror destination ports are supported, and source or destination port of one mirror session can be configured o

70-3 1. Configure RSPAN VLAN Command Explanation VLAN Configuration Mode remote-span no remote-span To configure the specified VLAN as RSPAN VL

70-4 70.3 Typical Examples of RSPAN Before RSPAN is invented, network administrators had to connect their PCs directly to the switches, in order to c

70-5 Intermediate switch: Interface ethernet1/0/6 is the source port which is connected to the source switch. Interface ethernet1/0/7 is the destinat

4-8 In this figure, the OID of the object A is 1.2.1.1. NMS can locate this object through this unique OID and gets the standard variables of the

70-6 Switch(config)#interface ethernet 1/0/2 Switch(Config-If-Ethernet1/0/2)#switchport mode trunk Switch(Config-If-Ethernet1/0/2)#exit Switch(config

70-7 70.4 RSPAN Troubleshooting Due to the following reasons, RSPAN may not function:  Whether the destination mirror port is a member of the Por

Chapter 62 ULSM Configuration 71-1 Chapter 71 sFlow Configuration 71.1 Introduction to sFlow The sFlow (RFC 3176) is a protocol based on standard netw

Chapter 62 ULSM Configuration 71-2 2. Configure the sFlow proxy address Command Explanation Global Mode sflow agent-address <collector-address&

Chapter 62 ULSM Configuration 71-3 Port Mode sflow counter-interval <interval-vlaue> no sflow counter-interval Configure the max interval whe

Chapter 62 ULSM Configuration 71-4 71.4 sFlow Troubleshooting In configuring and using sFlow, the sFlow server may fail to run properly due to physica

72-1 Chapter 72 SNTP Configuration 72.1 Introduction to SNTP The Network Time Protocol (NTP) is widely used for clock synchronization for global comp

72-2 72.2 Typical Examples of SNTP Configuration Figure 72-2 Typical SNTP Configuration All switches in the autonomous zone are required to perform

73-1 Chapter 73 NTP Function Configuration 73.1 Introduction to NTP Function The NTP (Network Time Protocol) synchronizes timekeeping spans WAN and L

73-2 ntp server {<ip-address> | <ipv6-address>} [version <version_no>] [key <key-id>] no ntp server {<ip-address> | <

4-9 3. Configure IP address of SNMP management base 4. Configure engine ID 5. Configure user 6. Configure group 7. Configure view 8. Configu

73-3 7. To specified some interface as NTP broadcast/multicast client interface Command Explication Interface Configuration Mode ntp broadcast cli

73-4 debug ntp sync no debug ntp sync To enable debug switch of time synchronize information. debug ntp events no debug ntp events To enable debug sw

74-1 Chapter 74 DNSv4/v6 Configuration 74.1 Introduction to DNS DNS (Domain Name System) is a distributed database used by TCP/IP applications to tr

74-2 74.2 DNSv4/v6 Configuration Task List 1. To enable/disable DNS function 2. To configure/delete DNS server 3. To configure/delete domain nam

74-3 5. To enable DNS dynamic domain name resolution Command Explanation Global Mode dns lookup {ipv4 | ipv6} <hostname> To enable DNS dynami

74-4 debug dns {all | packet [send | recv] | events | relay} no debug dns {all | packet [send | recv] | events | relay} To enable/disable DEBUG of DN

74-5 request; otherwise, the switch will relay the request to the real DNS server, pass the reply from the DNS Server to the client and record the d

75-6 Chapter 75 Summer Time Configuration 75.1 Introduction to Summer Time Summer time is also called daylight saving time, it is a time system for s

75-7 Configuration procedure is as follows: Switch(config)# clock summer-time 2012 absolute 23:00 2012.4.1 00:00 2012.10.1 Example2: The configurati

76-1 Chapter 76 Monitor and Debug When the users configures the switch, they will need to verify whether the configurations are correct and the switc

4-10 Command Explanation Global Mode snmp-server engineid <engine-string> no snmp-server engineid Configure the local engine ID on the sw

76-2 and packet sent time) whose HOPLIMIT is set to 1. When first route on the path receives this datagram, it minus the HOPLIMIT by 1 and the HOPLIM

76-3 show tech-support Display the operation information and the state of each task running on the switch. It is used by the technicians to diagnose

76-4 SDRAM (Synchronous Dynamic Random Access Memory) and NVRAM (Non Vulnerable Random Access Memory) is provided inside the switch as two part of th

76-5  Outputted information from the CLI command is classified informational  Information from the debugging of CLI command is classified debuggi

76-6 Command Description Global Mode logging executed-commands {enable | disable} Enable or disable the logging executed-commands 4. Display the

77-1 Chapter 77 Reload Switch after Specified Time 77.1 Introduce to Reload Switch after Specifid Time Reload switch after specified time is to reboo

78-1 Chapter 78 Debugging and Diagnosis for Packets Received and Sent by CPU 78.1 Introduction to Debugging and Diagnosis for Packets Received and Se

79-1 Chapter 79 MPLS Overview 79.1 MPLS Overview MPLS (Multiprotocol Label Switching), originating from IPv4, was first designed for improving the

79-2 Figure 79-1 The Encapsulation Structure of a Label There are 4 fields in a label:  Label：The label value, whose length is 20 bits, a pointer

79-3 LSP are separately called the upstream and downstream LSR, along the direction of data transmission. In the next figure, R2 is the downstream LS

4-11 Command Explanation Global Mode snmp-server enable traps no snmp-server enable traps Enable the switch to send Trap message. This command is

79-4 With the LSR mapping multiple incoming labels to the same FEC, all these incoming labels will correspond with the same outgoing label and egress

79-5 Figure 79-3 The MPLS Network Structure The basic working process of MPLS based on the above figure : First, LDP, together with traditional rou

79-6 However, combining the powerful L3 switching function of IP networks and efficient forwarding mechanism of traditional L2 networks, MPLS uses co

79-7 pre-configured service policy to different services, ensuring the service quality. The service quality class mechanism and the label mechanism o

80-8 Chapter 80 LDP 80.1 LDP Introduction LDP protocol is used for label distribution in the MPLS label switching environment, and only applies to

80-9 80.1.1 Basic Concept of LDP LDP Peer When distributing labels to FEC, LDP needs to advertise this label and its meaning in the MPLS network to c

80-10 TLV Encoding LDP encapsulates parameters in LDP messages via TLV (Type-Length-Value). The LDP TLV format is as follows: Figure 80-2 The TVL F

80-11 Common Session Parameters 0x0500 ATM Session Parameters 0x0501 Frame Relay Session Parameters 0x0502 Label Request Message ID 0x0600 Vendor-Pri

80-12 Figure 80-3 The Process of Label Advertisement For example, as for LSP1 in the above figure, LSR B is the upstream LSR of LSR C, while LSR C

80-13  Ordered Mode: For a FEC label mapping of a LSR, the LSR only advertise the mapping to its upstream when it already has the label mapping o

4-12 Scenario 3: NMS uses SNMP v3 to obtain information from the switch. The configuration on the switch is listed below: Switch(config)#snmp-s

80-14 incoming labels.  LSR will map the labels of received packets to NHLFE;  LSR will find the corresponding NHLFE in the LIB based on the labe

80-15 downstream LSR, and specifies for which FEC this label request is. （2） The downstream receiving the label request message will save this messa

80-16  The hop count of the path exceeds the configured maximum value. If no record of its LSR ID is found, a new one will be added. The maximum va

80-17 2. Enable LDP It is easy to implement basic configurations of LDP in DCNOS. Usually users only have to enable the LDP switch, and enable it on

80-18 advertisement-mode {downstream-on-demand|downstream-unsolicited} Optional Configure the global label advertisement mode: downstream-on-demand

80-19 [no] loop-detection-count <count> optional Configure the maximum hop count of LDP loop detection, whose default value is 255, the no oper

80-20 [no] hold-time <hold-time > Optional Configure the LDP multicast peer hold time, whose default value is 15 seconds; the no operation

80-21 [no] ldp targeted-peer-hold-time <hold-time> optional Configure the LDP targeted peer hold time on a specified interface; the no operati

80-22 [no] request-retry optional Configure the LDP to retry 5 times when the label request is rejected, the no operation will disable the retry. [no

80-23 Figure 80-4 MPLS VPN Typical Instance The above figure demonstrates a typical MPLS VPN instance, in which, PE1, P and PE2 form the public ne

4-13  The switch enabled SNMP Agent server function (use “snmp-server” command)  Secure IP for NMS (use “snmp-server securityip” command) and

80-24 The LDP configuration of P is as follows: P#config P(config)#mpls enable P(config)# router ldp P(config-router)#exit P(config)#interface vlan 1

80-25  Second, use the “show ldp interface” command to check whether the LDP has been enabled correctly on the interface after the connection suc

81-26 Chapter 81 MPLS VPN 81.1 BGP/MPLS VPN Introduction 81.1.1 BGP/MPLS VPN Network Structure BGP/MPLS VPN is a PE-based L3VPN technology in the V

81-27 the local VPN route to PE, and learn the remote VPN route from PE. CE and PE use BGP/IGP to exchange route information or static routes. PE w

81-28 route table and IFIL (Label Forwarding Information Base). To be specific, the information in VPN instances include: LFIB, IP route table, inte

81-29  Import Target Attribute: when receiving the VPN-IPv4 route advertised by other PE routers, PE will check their Export Target Attribute, and

81-30 Figure 81-3 Forwarding VPN Packets 1. Site1 sends an IP packet with a destination address of 1.1.1.2, which is sent by CE1 to PE1. 2. PE1

81-31 Figure 81-4 Basic VPN Networking Resolution In the above figure, the VPN Target distributed by PE for VPN1 is 100:1; and that for VPN2 is 200

81-32 Figure 81-5 Hub&Spoke Networking Resolution In the above figure, Spoke sites communicate with each other via Hub sites (the arrow in the

81-33 If a VPN user wants to provide some site resource of this VPN to outside users, the Extranet Networking resolution can solve the problem. In t

4-14 Figure 4-2 Typical topology for switch upgrade in BootROM mode The upgrade procedures are listed below: Step 1: As shown in the figure,

81-34 In real networking applications, multiple sites of a user VPN may connect to SP with different ASN, or to different AS of the same SP. Such app

81-35 1. Enable globally MPLS (necessary) 2. Configure VPN instances (necessary) (1) Create VPN instances, and enter the VPN instance view. (2) R

81-36 mpls enable no mpls enable Necessary Enable MPLS; the no operation will disable MPLS. 2. Configure VPN instances (necessary) (1) Create VPN in

81-37 Command Explanation BGP Protocol Configuration Mode neighbor <ip-address> remote-as <as-num> necessary Configure the remote PE

81-38 3) Enable OSPF in the segment between PE-CE 4) Configure to re-advertise BGP routes 5) Enter the BGP-VPN instance view 6) Configure to re-adver

81-39 BGP-VPN instance view [no] redistribute {connected | ospf | rip | static} optional Configure to re-advertise the directly connected routes a

81-40 [no] redistribute { kernel | connected | static | ospf | isis | bgp} [metric <value>] [route-map<word>] optional Configure to re-ad

81-41 Global Configuration Mode [no] ip route vrf <vrf-name> {<ip- prefix> <mask>|<ip-prefix/<prefix- length>} {<gatew

81-42 Figure 81-8 Create BGP MPLS VPN between PE-CE via EBGP The configuration of CE1 is as follows : (the configurations of CE2~CE4 are similar) CE

81-43 PE1(config-if-Vlan1)# ip vrf forwarding vpna PE1(config-if-Vlan1)#ip address 10.1.1.2 255.255.255.0 PE1(config-if-Vlan1)#exit PE1(config)# inte

4-15 file. [Boot]: load nos.img Loading... Loading file ok! Step 5: Execute write nos.img in BootROM mode. The following saves the syst

81-44 PE1(config-router-af)#neighbor 10.2.1.1 remote-as 65002 PE1(config-router-af)#redistribute connected PE1(config-router-af)#exit PE1(config-rout

81-45 (2) Configure to bind the interface with the VPN instances PE2(config)# interface vlan 3 PE2(config-if-Vlan3)# ip vrf forwarding vpna PE2(conf

81-46 PE2(config-router-af)#exit PE2(config-router)# address-family ipv4 vrf vpnb PE2(config-router-af)#neighbor 10.4.1.1 remote-as 65004 PE2(config-

81-47 PE1#config PE1(config)#ip vrf vpna PE1(config-vrf)#rd 100:1 PE1(config-vrf)#route-target both 100:1 PE1(config)#ip vrf vpnb PE1(config-vrf)#rd

81-48 PE1(config)#router ospf 1 vpna PE1(config-router)# network 0.0.0.0/0 area 0 PE1(config-router)#redistribute connected PE1(config-router)#redist

81-49 P(config-if-Vlan100)#exit P(config)#interface vlan200 P(config-if-Vlan200)#ip address 200.1.1.2 255.255.255.0 P(config-if-Vlan200)#label-switch

81-50 CE1(config-router)#redistribute connect CE1(config-router)#exit The confiugraiton of MPLS BGP on switch PE1 is as follows : (the configuration

81-51 PE1(config-router)# ospf router-id 172.1.1.1 PE1(config-router)# network 0.0.0.0/0 area 0 PE1(config-router)# redistribute connected PE1(config

81-52 P(config)# interface loopback 1 P(config-if-Loopback1)# ip address 172.3.3.3 255.255.255.255 P(config-if-Loopback1)# exit P(config)#interface v

81-53 The configuration of CE1 is as follows: (the configurations of CE2~CE4 are similar) CE1#config CE1(config)# interface vlan 1 CE1(config-if-Vla

5 18.1.2 QoS Implementation ... 18-2 18.1.3 Ba

4-16 Step 9: Execute write flash:/config.rom in BootROM mode. The following saves the update file. [Boot]: write flash:/config.rom [Boot]: write

81-54 PE1(config-if-Vlan100)#ip address 100.1.1.1 255.255.255.0 PE1(config-if-Vlan100) #ldp enable PE1(config-if-Vlan100)#exit (5) Enable OSPF to a

81-55 P(config-router)#exit P(config)# interface loopback 1 P(config-if-Loopback1)# ip address 172.3.3.3 255.255.255.255 P(config-if-Loopback1)# exit

81-56  Besides, if no remote CE device can be checked on CE after saving the correction configuration and rebooting the device, please be patience,

82-57 Chapter 82 Public Network Access of MPLS VPN 82.1 Public Network Access Introduction Public network access of VPN means the ability of VPN si

82-58 82.1.2 VRF Internet Access Mode 3 In VRF Internet Access Mode 3, as demonstrated in the next figure, VPN site access the Internet via private n

82-59 (4) Configure proper filter policy on the public network interface, to filter the packets whose source and destination addresses are private n

82-60 Figure 82-3 Non-VRF Internet Access Mode The configuration of CE1 is as follows: CE1#config CE1(config)#access-list 1 deny 100.100.1.0 0.0.0.

82-61 CE1(config-router)#network 10.1.2.0/24 CE1(config-router)#redistribute connected CE1(config-router)#neighbor 100.100.1.1 remote-as 100 CE1(co

82-62 PE1(config)#router bgp 100 PE1(config-router)#neighbor 100.200.1.2 remote-as 60102 PE1(config-router)#neighbor 200.200.1.1 remote-as 100 PE1(co

82-63 PE2(config-vrf)#exit PE2(config)#interface Vlan1 PE2(config-if-Vlan1)#ip vrf forwarding VRF-A PE2(config-if-Vlan1)#ip address 192.168.101.1 2

4-17 There are two types of data connections: active connection and passive connection. In active connection, the client transmits its address a

82-64 IGW(config-if-Vlan1)#ip address 202.200.3.2 255.255.255.0 IGW(config-if-Vlan1)#exit IGW(config)#interface Vlan2 IGW(config-if-Vlan2#ip address

83-65 Chapter 83 SWITCH OPERATION 83.1 Address Table The Switch is implemented with an address table. This address table composed of many entries.

83-66 The Switch performs "Store and forward" therefore, no error packets occur. More reliably, it reduces the re-transmission rate. No

84-1 Chapter 84 TROUBLE SHOOTING This chapter contains information to help you solve problems. If the Ethernet Switch is not functioning properly,

85-1 Chapter 85 APPENDEX A 85.1 A.1 Switch's RJ-45 Pin Assignments 1000Mbps, 1000Base T Contact MDI MDI-X 1 BI_DA+ BI_DB+ 2 BI_DA- BI_DB- 3 BI_D

85-2 The standard RJ-45 receptacle/connector There are 8 wires on a standard UTP/STP cable and each wire is color-coded. The following shows the pi

86-1 Chapter 86 GLOSSARY Bandwidth Utilization The percentage of packets received over time as compared to overall bandwidth. BOOTP Boot protocol us

86-2 Specifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol. IEEE 802.1Q VLAN Tagging—Defines Ethernet fr

86-3 Multicast Switching A process whereby the switch filters incoming multicast frames for services no attached host has registered for, or forwards

86-4 Telnet Defines a remote communication facility for interfacing to a terminal device over TCP/IP. Trivial File Transfer Protocol (TFTP) A TCP/IP

4-18 To prevent illicit file upload and easier configuration, switch mandates the name of start up configuration file to be startup-config.  R

EC Declaration of Conformity For the following equipment: *Type of Product: 24-Port 100/1000X SFP with 4 Optional 10G slots Layer 3 Managed Stac

EC Declaration of Conformity For the following equipment: *Type of Product: 24-Port Gigabit with 4 Optional 10G slots Layer 3 Managed Stackable

4-19 copy <source-url> <destination-url> [ascii | binary] FTP/TFTP client upload/download file. （2）For FTP client, server file list c

4-20 tftp-server enable no tftp-server enable Start TFTP server, the no command shuts down TFTP server and prevents TFTP user from logging in.

4-21 Place the “12_30_nos.img” file to the appropriate FTP server directory on the computer. The configuration procedures of the switch are list

4-22 The configuration procedures of the switch are listed below: Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip address 10.1.1.2 2

4-23 4.5.3.4 FTP/TFTP Troubleshooting 4.5.3.4.1 FTP Troubleshooting When upload/download system file with FTP protocol, the connectivity of the li

4-24 When upload/download system file with TFTP protocol, the connectivity of the link must be ensured, i.e., use the “Ping” command to verify the

5-1 Chapter 5 File System Operations 5.1 Introduction to File Storage Devices File storage devices used in switches mainly include FLASH card

6 22.4 URPF ...

5-2 directory on a certain device. 4. Changing the current working directory of the storage device Command Explanation Admin Configuration

5-3 5.3 Typical Applications Copy an IMG file flash:/nos.img stored in the FLASH on the boardcard, to cf:/nos-6.1.11.0.img. The configuration

6-1 Chapter 6 Cluster Configuration 6.1 Introduction to cluster network management Cluster network manag

6-2 5) Clear the list of candidate switches maintained by the switch 4． Configure attributes of the c

6-3 cluster keepalive loss-count <int> no cluster keepalive loss-count Set the max number of lost

6-4 ip http server Enable http function in commander switch and member switch. Notice: must insure the h

6-5 Configuration of SW1: Switch(config)#cluster run Switch(config)#cluster ip-pool 10.2.3.4 Switch(conf

7-1 Chapter 7 Port Configuration 7.1 Introduction to Port XGS3-24042 switches contain Cable ports and Combo ports. The Comb

7-2 Command Explanation Port Mode combo-forced-mode {copper-forced | copper-preferred-auto | sfp-forced | sfp-preferred-a

7-3 rate-violation <200-2000000> [recovery <0-86400>|] no rate-violation Set the max packet reception rate of a

7 27.3 GRATUITOUS ARP CONFIGURATION EXAMPLE ... 27-62 27.4 GRATUITOUS ARP

7-4 The configurations are listed below: Switch1: Switch1(config)#interface ethernet 1/0/7 Switch1(Config-If-Ethernet1/0/

8-1 Chapter 8 Port Isolation Function Configuration 8.1 Introduction to Port Isolation Function Port isolation is an independent port-based function

8-2 3. Specify the flow to be isolated Command Explanation Global Mode isolate-port apply [<l2|l3|all>] Apply the port isolation configura

8-3 between any downlink port and a specified uplink port is normal. The uplink port can communicate with any port normally. The configuration of S1:

9-4 Chapter 9 Port Loopback Detection Function Configuration 9.1 Introduction to Port Loopback Detection Function With the development of switches, m

9-5 1．Configure the time interval of loopback detection Command Explanation Global Mode loopback-detection interval-time <loopback> <no-

9-6 5. Configure the loopback-detection control mode (automatic recovery enabled or not) Command Explanation Global Mode loopback-detection contr

9-7 If adopting the control method of block, MSTP should be globally enabled. And the corresponding relation between the spanning tree instance and

10-1 Chapter 10 ULDP Function Configuration 10.1 Introduction to ULDP Function Unidirectional link is a common error state of link in networks, espec

10-2 mentioned above. In a switch connected via fibers or copper Ethernet line (like ultra five-kind twisted pair), ULDP can monitor the link state o