Download Print this page

H3C S7500E Series Operation Manual

S7500e series

Hide thumbs Also See for H3C S7500E Series:

Command manual (1565 pages)

,

Command reference manual (368 pages)

,

Installation manual (182 pages)

Table of Contents

Advertisement

Quick Links

See also: Configuration Manual , Command Manual

H3C S7500E Series Ethernet Switches

Operation Manual

Hangzhou H3C Technologies Co., Ltd.

http://www.h3c.com

Manual Version: 20071025-C-1.01

Product Version: Release 6000

Table of Contents

Advertisement

Chapters

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the H3C S7500E Series and is the answer not in the manual?

Questions and answers

Summary of Contents for H3C H3C S7500E Series

Page 1 H3C S7500E Series Ethernet Switches Operation Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: 20071025-C-1.01 Product Version: Release 6000...
Page 2 Copyright © 2007, Hangzhou H3C Technologies Co., Ltd. and its licensors All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.
Page 3: About This Manual
About This Manual Related Documentation In addition to this manual, each H3C S7500E Series Ethernet Switches documentation set includes the following: Manual Description It is used for assisting the users in using H3C S7500E Series Ethernet Switches various commands. (See the electronic...
Page 4: Table Of Contents
Part Contents Introduces the basic routing information and the 10 IP Routing Overview classification of routing protocols. Introduces IPv4 routing related configurations, such as 11 IPv4 Routing static routing, RIP, OSPF, IS-IS, BGP, and route policy. Introduces IPv6 routing related configurations, such as 12 IPv6 Routing static routing, RIPng, OSPFv3, IS-ISv6, and BGP4+.
Page 5 Conventions The manual uses the following conventions: I. Command conventions Convention Description The keywords of a command line are in Boldface. Boldface Command arguments are in italic. italic Items (keywords or arguments) in square brackets [ ] are optional. Alternative items are grouped in braces and separated by { x | y | ...
Page 6 III. Symbols Convention Description Means reader be extremely careful. Improper operation Warning may cause bodily injury. Means reader be careful. Improper operation may cause data loss or damage to equipment. Caution Note Means a complementary description.
Page 7 1.3 Software Release Notes ....................1-2 Chapter 2 Documentation and Product Version ................ 2-1 2.1 Documentation and Software Version ................2-1 2.2 H3C S7500E Series Ethernet Switch Documentation Set ..........2-1 Chapter 3 Product Overview ......................3-1 3.1 Preface..........................3-1 3.2 Switch Models........................
Page 8: Chapter 1 Obtaining The Documentation
Chapter 1 Obtaining the Documentation Chapter 1 Obtaining the Documentation H3C Technologies Co., Ltd. provides various ways for you to obtain documentation, through which you can obtain the product documentations and those concerning newly added new features. The documentations are available in one of the following ways:...
Page 9: Software Release Notes
Operation Manual – Product Overview H3C S7500E Series Ethernet Switches Chapter 1 Obtaining the Documentation 1.3 Software Release Notes With software upgrade, new software features may be added. You can acquire the information about the newly added software features through software release notes.
Page 10: Chapter 2 Documentation And Product Version
Chapter 2 Documentation and Product Version Chapter 2 Documentation and Product Version 2.1 Documentation and Software Version H3C S7500E Series Ethernet Switches Operation Manual and H3C S7500E Series Ethernet Switches Command Manual apply to S7500E series Ethernet switches with their software version being Release 6000.
Page 11: Switch Models
Chapter 3 Product Overview 3.1 Preface H3C S7500E Series Ethernet Switches (hereinafter referred to as the S7500E series) are cost-effective Layer 3 switch with high capacity. It is designed to operate at the core layer of small and medium-sized networks, convergence layer of large enterprise networks, and convergence layer and access layer of the metropolitan area networks (MANs).The S7500E switch has been optimized to meet users’...
Page 12: Software Features
VI-Turbo) S7510E S7506E-V Note: H3C S7500E series Ethernet switch is dual-SRPU system. The SRPUs in a chassis must be of the same type. 3.3 Software Features H3C S7500E series Ethernet switch provides abundant software features and can meet the requirements of different applications.
Page 13: Ip Routing Overview
Operation Manual – Product Overview H3C S7500E Series Ethernet Switches Chapter 3 Product Overview Module Software feature Static Link Aggregation Control Protocol (LACP) link 06-Link aggregation Aggregation Manual link aggregation Configuring dynamic, static, and blackhole MAC addresses Configuring aging time for MAC address entries...
Page 14 Operation Manual – Product Overview H3C S7500E Series Ethernet Switches Chapter 3 Product Overview Module Software feature Authentication, Authorization, and Accounting (AAA) 16-AAA RADIUS Remote Authentication Dial-In User Service (RADIUS) HWTACACS Huawei Terminal Access Controller Access Control System (HWTACACS) 17-Portal...
Page 15 Operation Manual – Product Overview H3C S7500E Series Ethernet Switches Chapter 3 Product Overview Module Software feature Configuring command levels 28-System Configuring online help for command lines Maintenance and Configuring system time Debugging Displaying and configuring system device state IPv4-based Virtual Router Redundancy Protocol (VRRP)
Page 16: Chapter 4 Networking Applications
Operation Manual – Product Overview H3C S7500E Series Ethernet Switches Chapter 4 Networking Applications Chapter 4 Networking Applications S7500E series switches can: Be used as core layer devices of small-sized network. Be used for high-speed links for data centers. Be used as distribution layer devices of MAN Ethernet.
Page 17: Providing High-Speed Links For Data Centers
Operation Manual – Product Overview H3C S7500E Series Ethernet Switches Chapter 4 Networking Applications 4.2 Providing High-speed Links for Data Centers Core Network 10GE/GEtrunk 10GE/GEtrunk S7500E S7500E S7500E GEtrunk Figure 4-2 Application of S7500E series switches in data center...
Page 18 Operation Manual – Login H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Logging into an Ethernet Switch ................1-1 1.1 Logging into an Ethernet Switch ..................1-1 1.2 Introduction to User Interface .................... 1-1 1.2.1 Supported User Interfaces ..................1-1 1.2.2 User Interface Number....................
Page 19 Operation Manual – Login H3C S7500E Series Ethernet Switches Table of Contents Chapter 4 Logging In Using Modem.................... 4-1 4.1 Introduction ........................4-1 4.2 Configuration on the Administrator Side................4-1 4.3 Configuration on the Switch Side..................4-2 4.3.1 Modem Configuration....................4-2 4.3.2 Switch Configuration ....................
Page 20: Logging Into An Ethernet Switch
SSH users to five VTY users. Note: As the AUX port and the Console port of a H3C series switch are the same one, you will be in the AUX user interface if you log in through this port.
Page 21: User Interface Number
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 1 Logging into an Ethernet Switch 1.2.2 User Interface Number Two kinds of user interface index exist: absolute user interface index and relative user interface index. The absolute user interface indexes are as follows:...
Page 22 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 1 Logging into an Ethernet Switch To do… Use the command… Remarks Optional default history command buffer size is Set the history command history-command 10. That is, a history buffer size...
Page 23 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 1 Logging into an Ethernet Switch To do… Use the command… Remarks Display physical attributes display user-interface You can execute this configuration [ type number | number ] command in any view.
Page 24: Chapter 2 Logging In Through The Console Port
Console Port Login Configuration with Authentication Mode Being Scheme Note: The default system name of an H3C S7500E series Ethernet switch is H3C, that is, the command line prompt is H3C. All the following examples take H3C as the command line prompt.
Page 25: Setting Up The Connection To The Console Port
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port After logging into a switch, you can perform configuration for AUX users. Refer to Console Port Login Configuration for more. 2.2 Setting Up the Connection to the Console Port...
Page 26 Figure 2-4 Set port parameters terminal window Turn on the switch. The user will be prompted to press the Enter key if the switch successfully completes POST (power-on self test). The prompt (such as <H3C>) appears after the user presses the Enter key.
Page 27: Console Port Login Configuration
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port 2.3 Console Port Login Configuration 2.3.1 Common Configuration Table 2-2 lists the common configuration of Console port login. Table 2-2 Common configuration of Console port login...
Page 28: Console Port Login Configurations For Different Authentication Modes
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port Configuration Description Optional Define a shortcut key The default shortcut key combination for for aborting tasks aborting tasks is < Ctrl + C >.
Page 29 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port Authentication Console port login Description mode configuration Configure the Configure password for Required the password local authentication Password Perform Optional Perform common common...
Page 30: Console Port Login Configuration With Authentication Mode Being None
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port 2.4 Console Port Login Configuration with Authentication Mode Being None 2.4.1 Configuration Procedure Follow these steps to perform Console port login configuration (with authentication mode being none): To do…...
Page 31 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port To do… Use the command… Remarks Optional Make terminal services By default, terminal services shell available are available in all user interfaces. Optional...
Page 32: Configuration Example
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port 2.4.2 Configuration Example I. Network requirements Assume the switch is configured to allow you to login through Telnet, and your user level is set to the administrator level (level 3). After you telnet to the switch, you need to limit the console user at the following aspects.
Page 33: Console Port Login Configuration With Authentication Mode Being Password
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port # Set the maximum number of lines the screen can contain to 30. [H3C-ui-aux0] screen-length 30 # Set the maximum number of commands the history command buffer can store to 20.
Page 34 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port To do… Use the command… Remarks Optional Set the The default baud rate of an AUX speed speed-value baud rate port (also the Console port) is 9,600 bps.
Page 35 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port To do… Use the command… Remarks Optional The default timeout time of a user interface is 10 minutes. With the timeout time being 10...
Page 36 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port The history command buffer can store up to 20 commands. The timeout time of the AUX user interface is 6 minutes. II. Network diagram...
Page 37: Console Port Login Configuration With Authentication Mode Being Scheme
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port [H3C-ui-aux0] idle-timeout 6 After the above configuration, to ensure a successful login, the console user needs to change the corresponding configuration of the terminal emulation program running on the PC, to make the configuration consistent with that on the switch.
Page 38 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port To do… Use the command… Remarks Enter user user-interface aux 0 — interface view Required specified scheme Configure authentication-mode determines whether to authenticate...
Page 39 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port To do… Use the command… Remarks Optional default history command history history-command buffer size is 10. That is, a history command buffer size...
Page 40 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port Table 2-6 Determine the command level Scenario Command Authentication level User type Command mode Level 0 The user privilege level level command is not executed, and...
Page 41 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port The history command buffer can store up to 20 commands. The timeout time of the AUX user interface is 6 minutes. II. Network diagram...
Page 42 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 2 Logging in Through the Console Port [H3C-ui-aux0] history-command max-size 20 # Set the timeout time of the AUX user interface to 6 minutes. [H3C-ui-aux0] idle-timeout 6 After the above configuration, to ensure a successful login, the console user needs to change the corresponding configuration of the terminal emulation program running on the PC, to make the configuration consistent with that on the switch.
Page 43: Chapter 3 Logging In Through Telnet
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet Chapter 3 Logging in Through Telnet When logging in through Telnet, go to these sections for information you are interested Introduction Telnet Configuration with Authentication Mode Being None...
Page 44: Common Configuration
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet Note: After you log into the switch through Telnet, you can issue commands to the switch by way of pasting session text, which cannot exceed 2000 bytes, and the pasted commands must be in the same view;...
Page 45: Telnet Configurations For Different Authentication Modes
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet Configuration Remarks Optional Define a shortcut key for The default shortcut key combination aborting tasks for aborting tasks is < Ctrl + C >. Optional...
Page 46: Telnet Configuration With Authentication Mode Being None
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet Authentication Telnet configuration Remarks mode Configure the Configure the password for Required password local authentication Password Perform Perform Optional common common Telnet Refer to Table 3-2.
Page 47 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet To do… Use the command… Remarks Enter system view — system-view user-interface Enter one or more VTY — first-number user interface views [ last-number ]...
Page 48 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet To do… Use the command… Remarks Optional The default timeout time of a user interface is 10 minutes. With the timeout time being 10 minutes, the...
Page 49: Telnet Configuration With Authentication Mode Being Password
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet II. Network diagram Figure 3-1 Network diagram for Telnet configuration (with the authentication mode being none) III. Configuration procedure # Enter system view, and enable the Telnet service.
Page 50 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet To do… Use the command… Remarks Enter system view — system-view user-interface Enter one or more VTY — first-number user interface views [ last-number ]...
Page 51 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet To do… Use the command… Remarks Optional default history command buffer size is Set the history command history-command 10. That is, a history buffer size...
Page 52 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet 3.3.2 Configuration Example I. Network requirements Assume that you are a level 3 AUX user and want to perform the following configuration for Telnet users logging into VTY 0: Authenticate users logging into VTY 0 using the local password.
Page 53: Telnet Configuration With Authentication Mode Being Scheme
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet [H3C-ui-vty0] history-command max-size 20 # Set the timeout time to 6 minutes. [H3C-ui-vty0] idle-timeout 6 3.4 Telnet Configuration with Authentication Mode Being Scheme 3.4.1 Configuration Procedure...
Page 54 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet To do… Use the command… Remarks user-interface Enter one or more VTY — first-number user interface views [ last-number ] Required The specified AAA scheme...
Page 55 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet To do… Use the command… Remarks Optional The default timeout time of a user interface is 10 minutes. With the timeout time being 10 minutes, the connection to a...
Page 56 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet Table 3-6 Determine the command level when users logging into switches are authenticated in the scheme mode Scenario Command Authenticat level User type Command ion mode...
Page 57 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet Scenario Command Authenticat level User type Command ion mode The user privilege level level command executed, service-type Level 0 command does not specify the available command level.
Page 58: Telnet Connection Establishment
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet III. Configuration procedure # Enter system view, and enable the Telnet service. <H3C> system-view [H3C] telnet server enable # Create a local user named guest and enter local user view.
Page 59 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 3 Logging in Through Telnet Execute the following commands in the terminal window to enable the Telnet server function and assign an IP address to the management VLAN interface of the switch.
Page 60: Telnetting To Another Switch From The Current Switch
Step 5: Enter the password when the Telnet window displays “Login authentication” and prompts for login password. The CLI prompt (such as <H3C>) appears if the password is correct. If all VTY user interfaces of the switch are in use, you will fail to establish the connection and receive the message that says “All user interfaces are used, please try...
Page 61 You can use the ip host to assign a host name to a switch. Step 4: Enter the password. If the password is correct, the CLI prompt (such as <H3C>) appears. If all VTY user interfaces of the switch are in use, you will fail to establish the connection and receive the message that says “All user interfaces are used, please try...
Page 62: Configuration On The Administrator Side
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 4 Logging In Using Modem Chapter 4 Logging In Using Modem When logging in using modem, go to these sections for information you are interested Introduction Configuration on the Administrator Side...
Page 63: Configuration On The Switch Side
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 4 Logging In Using Modem 4.3 Configuration on the Switch Side 4.3.1 Modem Configuration Perform the following configuration on the modem directly connected to the switch: AT&F ----------------------- Restore the factory settings...
Page 64: Modem Connection Establishment
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 4 Logging In Using Modem I. Configuration on switch when the authentication mode is none Refer to Console Port Login Configuration with Authentication Mode Being None. II. Configuration on switch when the authentication mode is password...
Page 65 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 4 Logging In Using Modem Modem serial cable Telephone line Modem PSTN Modem Telephone number of the romote end: 82882285 Console port Figure 4-1 Establish the connection by using modems...
Page 66: Modem Attribute Configuration
Step 5: Provide the password when prompted. If the password is correct, the prompt (such as <H3C>) appears. You can then configure or manage the switch. You can also enter the character ? at anytime for help. Refer to the following chapters for information about the configuration commands.
Page 67 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 4 Logging In Using Modem To do … Use the command … Remarks Enter system view — system-view Enter AUX user interface view user-interface aux 0 — Enable the modem to accept...
Page 68: Chapter 5 Logging In Through Nms
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 5 Logging in Through NMS Chapter 5 Logging in Through NMS When logging in through NMS, go to these sections for information you are interested Introduction Connection Establishment Using NMS 5.1 Introduction...
Page 69: Connection Establishment Using Nms
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 5 Logging in Through NMS 5.2 Connection Establishment Using NMS Switch Network Figure 5-1 Network diagram for logging in through an NMS...
Page 70: Chapter 6 Specifying Source For Telnet Packets
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 6 Specifying Source for Telnet Packets Chapter 6 Specifying Source for Telnet Packets When specifying source IP address/interface for Telnet packets, go to these sections for information you are interested in:...
Page 71: Displaying The Source Ip Address/Interface Specified For Telnet Packets
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 6 Specifying Source for Telnet Packets II. Specifying source IP address/interface for Telnet packets in system view Follow these steps to specify source IP address/interface for Telnet packets in system view: To do…...
Page 72: Controlling Telnet Users
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 7 Controlling Login Users Chapter 7 Controlling Login Users When controlling login users, go to these sections for information you are interested in: Introduction Controlling Telnet Users Controlling Network Management Users by Source IP Addresses 7.1 Introduction...
Page 73: Controlling Telnet Users By Source And Destination Ip Addresses
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 7 Controlling Login Users To do… Use the command… Remarks Enter system view — system-view As for the acl number acl [ ipv6 ] number Create a basic ACL or...
Page 74: Controlling Telnet Users By Source Mac Addresses
Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 7 Controlling Login Users To do… Use the command… Remarks Required keyword inbound specifies to filter the users Apply the ACL to control trying to Telnet to the Telnet users by specified acl [ ipv6 ] acl-number current switch.
Page 75: Controlling Network Management Users By Source Ip Addresses
7.3 Controlling Network Management Users by Source IP Addresses You can manage a H3C S7500E series Ethernet switch through network management software. Network management users can access switches through SNMP. You need to perform the following two operations to control network management users by source IP addresses.
Page 76 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 7 Controlling Login Users 7.3.2 Controlling Network Management Users by Source IP Addresses Follow these steps to control network management users by source IP addresses: To do… Use the command…...
Page 77 III. Configuration procedure # Define a basic ACL. <H3C> system-view [H3C] acl number 2000 match-order config [H3C-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [H3C-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [H3C-acl-basic-2000] rule 3 deny source any [H3C-acl-basic-2000] quit # Apply the ACL to only permit SNMP users sourced from the IP addresses of 10.110.100.52 and 10.110.100.46 to access the switch.
Page 78 Operation Manual – Login H3C S7500E Series Ethernet Switches Chapter 7 Controlling Login Users [H3C] snmp-agent usm-user v2c h3cuser h3cgroup acl 2000...
Page 79 Operation Manual – VLAN H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 VLAN Configuration ....................1-1 1.1 Introduction to VLAN......................1-1 1.1.1 VLAN Overview ....................... 1-1 1.1.2 VLAN Fundamental....................1-2 1.1.3 VLAN Classification....................1-3 1.2 Configuring Basic VLAN Attributes ..................1-3 1.3 Configuring Basic VLAN Interface Attributes..............
Page 80 Operation Manual – VLAN H3C S7500E Series Ethernet Switches Table of Contents Chapter 4 GVRP Configuration ....................4-1 4.1 Introduction to GVRP......................4-1 4.1.1 GARP ........................4-1 4.1.2 GVRP ........................4-4 4.1.3 Protocols and Standards..................4-4 4.2 Configuring GVRP ......................4-5 4.2.1 Enabling GVRP .......................
Page 81: Introduction To Vlan
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration Chapter 1 VLAN Configuration When configuring VLAN, go to these sections for information you are interested in: Introduction to VLAN Configuring Basic VLAN Attributes Configuring Basic VLAN Interface Attributes...
Page 82: Vlan Fundamental
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration A VLAN is not restricted by physical factors, that is to say, hosts that reside in different network segments may belong to the same VLAN, users in a VLAN can be connected to the same switch, or span across multiple switches or routers.
Page 83: Vlan Classification
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration The TPID field, 16 bits in length and with a value of 0x8100, indicates that a packet carries a VLAN tag with it. The Priority field, three bits in length, indicates the 802.1p priority of a packet. For information about packet priority, refer to QoS Configuration.
Page 84: Configuring Basic Vlan Interface Attributes
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration To do… Use the command… Remarks Enter system view — system-view Optional vlan { vlan-id1 [ to Create VLANs Using this command can create vlan-id2 ] | all } multiple VLANs.
Page 85 Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration Follow these steps to configure basic VLAN interface attributes: To do… Use the command… Remarks Enter system view — system-view Required Create a VLAN interface This command leads you...
Page 86: Configuring Port-Based Vlan
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration 1.4 Configuring Port-Based VLAN 1.4.1 Introduction to Port-Based VLAN This is the simplest and yet the most effective way of classifying VLANs. It groups VLAN members by port. After added to a VLAN, a port can forward the packets of the VLAN.
Page 87: Configuring An Access-Port-Based Vlan
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration Inbound packets handling Outbound packets Port type Untagged handling Tagged packets packets Receive packets with Tag each default VLAN tag. Remove the default packet with the Access...
Page 88: Configuring A Trunk-Port-Based Vlan
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration To do… Use the command… Remarks Required Add access ports to the By default, all the ports port interface-list current VLAN belong to VLAN 1 Follow these steps to configure an Access-port-based VLAN in Ethernet port view/port group view: To do…...
Page 89: Configuring A Hybrid-Port-Based Vlan
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration To do… Use the command… Remarks Enter system view — system-view Enter Use either command interface interface-type Ethernet Under Ethernet port view, Enter interface-number port view the subsequent...
Page 90: Configuring Protocol-Based Vlan
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration To do… Use the command… Remarks Enter system view — system-view Enter Use either command; interface interface-type Ethernet Under Ethernet port view, Enter interface-number port view the subsequent...
Page 91: Configuring A Protocol-Based Vlan
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration In this approach, inbound packets are assigned with different VLAN IDs based on their protocol type and encapsulation format. The protocols that can be used to categorize VLANs include: IP, IPX, and AppleTalk (AT).
Page 92 Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration To do… Use the command… Remarks Enter Use either command interface interface-type Ethernet port Enter Under Ethernet port view, interface-number view Ethernet the subsequent port configurations only apply view or to the current port;...
Page 93: Configuring Ip-Subnet-Based Vlan
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration 1.6 Configuring IP-Subnet-Based VLAN 1.6.1 Introduction In this approach, VLANs are categorized based on the source IP addresses and the subnet masks of packets. After receiving an untagged packet from a port, the device finds its association with the current VLAN based on the source address contained in the packet, and then forwards the packet in the corresponding VLAN.
Page 94: Displaying And Maintaining Vlan
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration To do… Use the command… Remarks Configure the association port hybrid between the Hybrid port Required ip-subnet-vlan vlan and the IP-subnet-based vlan-id VLAN 1.7 Displaying and Maintaining VLAN To do...
Page 95 Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration This port allows packets from VLAN 2, VLAN 6 to VLAN 50, and VLAN 100 to pass through. II. Network diagram Figure 1-4 Network diagram for port-based VLAN configuration III.
Page 96 Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 1 VLAN Configuration IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 0000-fc00-6504 Description: Ethernet2/0/1 Interface Loopback is not set Media type is twisted pair Port hardware type is 100_BASE_T Unknown-speed mode, unknown-duplex mode...
Page 97: Chapter 2 Isolate-User-Vlan Configuration
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 2 Isolate-User-VLAN Configuration Chapter 2 Isolate-User-VLAN Configuration When configuring Isolate-user VLAN, go to these sections for information you are interested in: Introduction to Isolate-User-VLAN Configuring Isolate-User-VLAN Displaying and Maintaining Isolate-User-VLAN Isolate-User-VLAN Configuration Example 2.1 Introduction to Isolate-User-VLAN...
Page 98: Configuring Isolate-User-Vlan
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 2 Isolate-User-VLAN Configuration 2.2 Configuring Isolate-User-VLAN Configure the isolate-user-vlan through the following steps: Configure the isolate-user-vlan; Configure the secondary VLAN Add ports to the isolate-user-vlan ( note that no port can be a Trunk port) and ensure that at least one port has the isolate-user-vlan as its default VLAN;...
Page 99: Displaying And Maintaining Isolate-User-Vlan
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 2 Isolate-User-VLAN Configuration Note: After a mapping is configured, the system disallows adding ports to and removing ports or VLANs from the mapped isolate-user-VLAN and secondary VLAN. 2.3 Displaying and Maintaining Isolate-User-VLAN To do...
Page 100 Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 2 Isolate-User-VLAN Configuration III. Configuration procedure The following are the configuration procedures for Device B and Device C. Configure Device B # Configure the isolate-user-VLAN. <DeviceB> system-view [DeviceB] vlan 5...
Page 101 Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 2 Isolate-User-VLAN Configuration Isolate-user-VLAN VLAN ID : 5 Secondary VLAN ID : 2-3 VLAN ID: 5 VLAN Type: static Isolate-user-VLAN type : isolate-user-VLAN Route Interface: not configured Description: VLAN 0005...
Page 102: Introduction To Voice Vlan
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration Chapter 3 Voice VLAN Configuration When configuring Voice VLAN, go to these sections for information you are interested Introduction to Voice VLAN Configuring Voice VLAN Displaying and Maintaining Voice VLAN Voice VLAN Configuration 3.1 Introduction to Voice VLAN...
Page 103: Working Modes Of Voice Vlan
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration Note: As the first 24 bits of a MAC address (in binary format), an OUI address is a globally unique identifier assigned to a vendor by IEEE (Institute of Electrical and Electronics Engineers).
Page 104 Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration Table 3-2 Voice VLAN operating mode and the corresponding voice traffic types Voice VLAN Voice traffic operating Port link type type mode Access: the traffic type is not supported...
Page 105: Configuring Voice Vlan
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration Note: The default VLANs for all ports are VLAN 1. Using commands, users can either configure the default VLAN of a port, or configure to allow a certain VLAN to pass through the port.
Page 106: Configuring A Voice Vlan Under Manual Mode
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration To do... Use the command... Remarks Optional Enable the security mode voice vlan security of the voice VLAN Enabled by default enable Optional By default, each voice...
Page 107 Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration To do... Use the command... Remarks Enter system view — system-view Optional Enable the security mode voice vlan security of a voice VLAN Enabled by default...
Page 108: Displaying And Maintaining Voice Vlan
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration Note: Only one VLAN of a device can have the voice VLAN function enabled at a time, and the VLAN must be an exsiting static VLAN.
Page 109 Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration II. Network diagram Figure 3-1 Voice VLAN under automatic mode III. Configuration procedure # Create VLAN 2 and VLAN 6. <DeviceA> system-view [DeviceA] vlan 2 [DeviceA-vlan2] quit...
Page 110: A Configuration Example Of Voice Vlan Under Manual Mode
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration [DeviceA-Ethernet2/0/1] voice vlan enable [DeviceA-Ethernet2/0/1] return IV. Verification # Display information about the OUI addresses, OUI address masks, and descriptive strings. <DeviceA> display voice vlan oui...
Page 111 Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration II. Network diagram Figure 3-2 Voice VLAN under manual mode III. Configuration procedure # Configure the voice VLAN to work in security mode and only allows legal voice packets to pass through the voice VLAN enabled port.
Page 112 Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 3 Voice VLAN Configuration IV. Verification # Display information about the OUI addresses, OUI address masks, and descriptive strings. <DeviceA> display voice vlan oui Oui Address Mask Description 0001-e300-0000 ffff-ff00-0000...
Page 113: Introduction To Gvrp
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration Chapter 4 GVRP Configuration GARP VLAN Registration Protocol (GVRP) is a GARP application. It functions based on the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for the GVRP devices on the network.
Page 114 Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration Join messages, Leave messages, and LeaveAll message make sure the reregistration and deregistration of GARP attributes are performed in an orderly way. Through message exchange, all attribute information that needs registration propagates to all GARP participants throughout a LAN.
Page 115 Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration attributes of other participants. When a port receives an attribute declaration, it registers the attribute; when a port receives an attribute withdrawal, it deregisters the attribute. GARP participants send protocol data units (PDU) with a particular multicast MAC address as destination.
Page 116: Protocols And Standards
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration Field Description Value 0: LeaveAll event 1: JoinEmpty event 2: JoinIn event Attribute Event Event described by the attribute 3: LeaveEmpty event 4: LeaveIn event 5: Empty event...
Page 117: Configuring Gvrp
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration 4.2 Configuring GVRP Note: GVRP can only be configured on trunk ports. Complete the following tasks to configure GVRP: Task Remarks Enabling GVRP Required Configuring GARP Timers Optional 4.2.1 Enabling GVRP...
Page 118: Configuring Garp Timers
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration 4.2.2 Configuring GARP Timers Follow these steps to configure GARP timers: To do… Use the command… Remarks Enter system view –– system-view Optional Configure the GARP garp timer leaveall...
Page 119: Displaying And Maintaining Gvrp
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration 4.3 Displaying and Maintaining GVRP To do… Use the command… Remarks Display statistics about display garp statistics Available in any view GARP [ interface interface-list ] Display GARP timers for...
Page 120 Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration # Enable GVRP globally. <DeviceA> system-view [DeviceA] gvrp # Configure port Ethernet 2/0/1 as a trunk port, allowing all VLANs to pass. [DeviceA] interface ethernet 2/0/1 [DeviceA-Ethernet2/0/1] port link-type trunk [DeviceA-Ethernet2/0/1] port trunk permit vlan all # Enable GVRP on the port.
Page 121: Gvrp Configuration Example Ii
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration 4.4.2 GVRP Configuration Example II I. Network requirements Configure GVRP for dynamic VLAN information registration and update among devices. Specify fixed GVRP registration on Device A and normal GVRP registration on Device II.
Page 122: Gvrp Configuration Example Iii
Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration [DeviceB-Ethernet2/0/1] gvrp [DeviceB-Ethernet2/0/1] quit # Create VLAN 3 (a static VLAN). [Sysname] vlan 3 Verify the configuration # Display dynamic VLAN information on Device A. [DeviceA] display vlan dynamic No dynamic vlans exist! # Display dynamic VLAN information on Device B.
Page 123 Operation Manual – VLAN H3C S7500E Series Ethernet Switches Chapter 4 GVRP Configuration [DeviceA-Ethernet2/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 Configure Device B # Enable GVRP globally. <DeviceB> system-view [DeviceB] gvrp # Configure port Ethernet 2/0/1 as a trunk port, allowing all VLANs to pass.
Page 124 Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IP Addressing Configuration ..................1-1 1.1 IP Addressing Overview ....................1-1 1.1.1 IP Address Classes....................1-1 1.1.2 Special Case IP Addresses..................1-2 1.1.3 Subnetting and Masking..................
Page 125: Ip Addressing Overview
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 1 IP Addressing Configuration Chapter 1 IP Addressing Configuration When assigning IP addresses to interfaces on your device, go to these sections for information you are interested in:...
Page 126: Special Case Ip Addresses
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 1 IP Addressing Configuration Table 1-1 describes the address ranges of these five classes. Currently, the first three classes of IP addresses are used in quantity. Table 1-1 IP address classes and ranges...
Page 127: Configuring Ip Addresses
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 1 IP Addressing Configuration net-id and subnet-id whereas the part containing consecutive zeros identifies the host-id. Figure 1-2 shows how a Class B network is subnetted. Figure 1-2 Subnet a Class B network While allowing you to create multiple logical networks within a single Class A, B, or C network, subnetting is transparent to the rest of the Internet.
Page 128: Assigning An Ip Address To An Interface
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 1 IP Addressing Configuration Note: This chapter only covers how to assign an IP address manually. For the other approach, refer to DHCP Configuration. This section includes:...
Page 129: Ip Addressing Configuration Example
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 1 IP Addressing Configuration 1.2.2 IP Addressing Configuration Example I. Network requirements As shown in Figure 1-3, the interface VLAN 1 on a switch is connected to a LAN comprising two segments: 172.16.1.0/24 and 172.16.2.0/24.
Page 130 Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 1 IP Addressing Configuration PING 172.16.1.2: 56 data bytes, press CTRL_C to break Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=255 time=25 ms Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=255 time=27 ms Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=255 time=26 ms...
Page 131: Displaying And Maintaining Ip Addressing
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 1 IP Addressing Configuration 1.3 Displaying and Maintaining IP Addressing To do… Use the command… Remarks Display information about display ip interface a specified or all Layer 3...
Page 132: Ip Performance Overview
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 2 IP Performance Configuration Chapter 2 IP Performance Configuration When configuring IP performance, go to these sections for information you are interested in: IP Performance Overview Enabling Reception and Forwarding of Directed Broadcasts to a Directly...
Page 133: Enabling Forwarding Of Directed Broadcasts To A Directly Connected Network
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 2 IP Performance Configuration To do… Use the command… Remarks Enter system view — system-view Required Enable the device to By default, the device is receive directed...
Page 134 Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 2 IP Performance Configuration II. Network diagram Figure 2-1 Network diagram for receiving and forwarding directed broadcasts (on a switch) III. Configuration procedure Configure Switch A # Enable Switch A to receive directed broadcasts.
Page 135: Configuring Tcp Attributes
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 2 IP Performance Configuration 2.3 Configuring TCP Attributes 2.3.1 Configuring TCP Optional Parameters TCP optional parameters that can be configured include: synwait timer: When sending a SYN packet, TCP starts the synwait timer. If no response packets are received within the synwait timer timeout, the TCP connection is not successfully created.
Page 136 Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 2 IP Performance Configuration I. Advantage of sending ICMP error packets There are three kinds of ICMP error packets: redirect packets, timeout packets and destination unreachable packets. Their sending conditions and functions are as follows.
Page 137 Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 2 IP Performance Configuration If the source uses “strict source routing" to send packets, but the intermediate device finds the next hop specified by the source is not directly connected, the device will send the source a “source routing failure”...
Page 138: Displaying And Maintaining Ip Performance
Operation Manual – IP Addressing and Performance H3C S7500E Series Ethernet Switches Chapter 2 IP Performance Configuration 2.5 Displaying and Maintaining IP Performance To do… Use the command… Remarks Display current TCP display tcp status connection state Display TCP connection...
Page 139 Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 QinQ Configuration ..................... 1-1 1.1 Introduction to QinQ......................1-1 1.1.1 Understanding QinQ ....................1-1 1.1.2 Implementations of QinQ ..................1-2 1.1.3 Modification of the TPID Value in VLAN Tags ............1-2 1.2 Configuring Basic QinQ .....................
Page 140: Chapter 1 Qinq Configuration
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 1 QinQ Configuration Chapter 1 QinQ Configuration When configuring QinQ, go to these sections for information you are interested in: Introduction to QinQ Configuring Basic QinQ Configuring Selective QinQ...
Page 141: Implementations Of Qinq
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 1 QinQ Configuration Advantages of QinQ: Addresses the shortage of public VLAN ID resource Enables customers to plan their own VLAN IDs, with running into conflicts with public network VLAN IDs.
Page 142 Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 1 QinQ Configuration Figure 1-2 VLAN Tag structure of an Ethernet frame An S7500E switch determines whether a received frame is VLAN tagged by comparing its own TPID with the TPID field in the received frame. If they match, the frame is considered as a VLAN tagged frame.
Page 143: Configuring Basic Qinq
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 1 QinQ Configuration Protocol type Value IS-IS 0x8000 LACP 0x8809 802.1x 0x888E Cluster 0x88A7 Reserved 0xFFFD/0xFFFE/0xFFFF 1.2 Configuring Basic QinQ Follow these steps to configure basic QinQ: To do...
Page 144 Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 1 QinQ Configuration To do... Use the command... Remarks Enter system view — system-view Required By default, the traffic classifier Create a class and enter classifier-name [ operator relationship between the...
Page 145: Qinq Configuration Example
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 1 QinQ Configuration Caution: Before enabling selective QinQ on a port, enable basic QinQ on the port first. Selective QinQ enjoys higher priority than basic QinQ. Therefore, a received frame will be tagged with an outer VLAN ID based on basic QinQ only after it fails to match the match criteria defined in the traffic class.
Page 146 Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 1 QinQ Configuration Third-party devices are deployed between Provider A and Provider B, with a TPID value of 0x8200. The expected result of the configuration is as follows: VLAN 10 of Customer A and Customer B can intercommunicate across VLAN 1000 on the public network.
Page 147 Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 1 QinQ Configuration # Configure the port as a hybrid port permitting frames of VLAN 1000, VLAN 2000, and VLAN 3000 to pass through with the outer VLAN tag removed.
Page 148 Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 1 QinQ Configuration # Configure VLAN 1000 as the default VLAN. [ProviderA] interface ethernet 2/0/2 [ProviderA-Ethernet2/0/2] port access vlan 1000 # Enable basic QinQ. Tag frames from VLAN 10 with the outer VLAN tag 1000.
Page 149 Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 1 QinQ Configuration [ProviderB] interface ethernet 2/0/3 [ProviderB-Ethernet2/0/3] port access vlan 3000 # Enable basic QinQ to tag frames of all customer VLANs with the outer VLAN tag 3000.
Page 150: Introduction To Bpdu Tunneling
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 2 BPDU Tunneling Configuration Chapter 2 BPDU Tunneling Configuration When configuring BPDU tunneling, go to these sections for information you are interested in: Introduction to BPDU Tunneling Configuring BPDU Isolation...
Page 151 Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 2 BPDU Tunneling Configuration II. BPDU transparent transmission As shown in Figure 2-1, the upper part is the service provider network, and the lower part represents the customer networks. The customer networks include network A and network B.
Page 152: Configuring Bpdu Isolation
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 2 BPDU Tunneling Configuration 2.2 Configuring BPDU Isolation Perform the following tasks to configure BPDU isolation: To do... Use the command... Remarks Enter system view — system-view Optional Enable BPDU tunneling...
Page 153: Configuring Destination Multicast Mac Address For Bpdu Tunnel Frames
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 2 BPDU Tunneling Configuration To do... Use the command... Remarks Enter Ethernet Required interface interface-type port view interface-number Use either command. Enter Configurations made in Ethernet Ethernet port view will...
Page 154: Bpdu Tunneling Configuration Example
Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 2 BPDU Tunneling Configuration 2.5 BPDU Tunneling Configuration Example I. Network requirements Customer A, Customer B, Customer C, and Customer D are customer network access devices. Provider A, Provider B, and Provider C are service provider network access devices, which are interconnected through configured trunk ports.
Page 155 Operation Manual – QinQ-BPDU Tunneling H3C S7500E Series Ethernet Switches Chapter 2 BPDU Tunneling Configuration Configuration on Provider B # Configure BPDU isolation on Ethernet 2/0/2. <ProviderB> system-view [ProviderB] interface ethernet 2/0/2 [ProviderB-Ethernet2/0/2] port access vlan 4 [ProviderB-Ethernet2/0/2] bpdu-tunnel dot1q enable Configuration on Provider C # Configure BPDU transparent transmission on Ethernet 2/0/3.
Page 156 Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Port Correlation Configuration................... 1-1 1.1 Ethernet Port Configuration ....................1-1 1.1.1 Performing Basic Ethernet Port Configuration ............1-1 1.1.2 Enabling Flow Control on an Ethernet Port............. 1-2 1.1.3 Configuring the Suppression Time of Physical-Link-State Change on an Ethernet...
Page 157: Ethernet Port Configuration
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 1 Port Correlation Configuration Chapter 1 Port Correlation Configuration When configuring Ethernet ports, go to these sections for information you are interested in: Ethernet Port Configuration Maintaining and Displaying an Ethernet Port 1.1 Ethernet Port Configuration...
Page 158: Enabling Flow Control On An Ethernet Port
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 1 Port Correlation Configuration Similarly, if you configure the transmission rate for an Ethernet port by using the speed command with the auto keyword specified, the transmission rate is determined through auto-negotiation too.
Page 159: Enabling Loopback Test On An Ethernet Port
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 1 Port Correlation Configuration To do... Use the command... Remarks Required Enable flow control flow-control Turned off by default 1.1.3 Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Port An Ethernet port operates in one of the two physical link states: up or down.
Page 160: Configuring A Port Group
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 1 Port Correlation Configuration To do... Use the command... Remarks Enter system view — system-view interface interface-type Enter Ethernet port view — interface-number Optional loopback { external |...
Page 161 Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 1 Port Correlation Configuration To do... Use the command... Remarks Enter system view — system-view Enter manual port port-group manual — Enter port group view port-group-name group Enter aggregation view —...
Page 162: Setting The Interval For Collecting Ethernet Port Statistics
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 1 Port Correlation Configuration To do... Use the command... Remarks Enter system view — system-view Enter Either is required. interface interface-type Ethernet If configured in Ethernet Enter interface-number...
Page 163: Enabling The Forwarding Of Jumbo Frames
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 1 Port Correlation Configuration To do… Use the command… Remarks Enter system view — system-view Optional interface interface-type Configure the interval for interface-number By default, the interval for...
Page 164: Enabling Loopback Detection On An Ethernet Port
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 1 Port Correlation Configuration 1.1.9 Enabling Loopback Detection on an Ethernet Port Loop occurs when a port receives the packets that it sent out. Loops may cause broadcast storm. The purpose of loopback detection is to detect loops on a port..
Page 165: Configuring The Cable Type For An Ethernet Port
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 1 Port Correlation Configuration Caution: Loopback detection on a given port is enabled only after the loopback-detection enable command has been issued in both system view and the port view of the port.
Page 166 Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 1 Port Correlation Configuration Caution: Although the storm suppression function and the storm constrain function can all be used to control specific type of traffic, they conflict with each other. So, do not configure the both for an Ethernet port at the same time.
Page 167: Maintaining And Displaying An Ethernet Port
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 1 Port Correlation Configuration To do… Use the command… Remarks Optional Specify to send trap By default, the system messages when the traffic sends trap messages detected exceeds the...
Page 168 Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 1 Port Correlation Configuration To do... Use the command... Remarks Display the information display port-group about a manual port group manual [ all | name Available in any view...
Page 169: Introduction To Port Isolation
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 2 Port Isolation Configuration Chapter 2 Port Isolation Configuration When configuring port isolation, go to these sections for information you are interested Introduction to Port Isolation Configuring an Isolation Group...
Page 170: Displaying Isolation Groups
Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 2 Port Isolation Configuration To do… Use the command… Remarks Required Add a port to an port-isolate enable isolation group as No ports are added to the group group-number an ordinary port isolation group by default.
Page 171 Operation Manual – Port Correlation Configuration H3C S7500E Series Ethernet Switches Chapter 2 Port Isolation Configuration <Device> system-view [Device] interface ethernet 2/0/1 [Device-Ethernet2/0/1] port-isolate enable [Device-Ethernet2/0/1] quit [Device] interface ethernet 2/0/2 [Device-Ethernet2/0/2] port-isolate enable [Device-Ethernet2/0/2] quit [Device] interface ethernet 2/0/3 [Device-Ethernet2/0/3] port-isolate enable # Display the information about the isolation group.
Page 172 Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Link Aggregation Overview ..................1-1 1.1 Link Aggregation ........................ 1-1 1.1.1 LACP ........................1-1 1.1.2 Consistency Considerations for Ports in an Aggregation ........1-1 1.2 Approaches to Link Aggregation..................
Page 173: Link Aggregation
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 1 Link Aggregation Overview Chapter 1 Link Aggregation Overview This chapter covers these topics: Link Aggregation Approaches to Link Aggregation Load Sharing in a Link Aggregation Group Service Loop Group Aggregation Port Group 1.1 Link Aggregation...
Page 174 Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 1 Link Aggregation Overview Table 1-1 Consistency considerations for ports in an aggregation Category Considerations State of port-level STP (enabled or disabled) Attribute of the link (point-to-point or otherwise) connected to...
Page 175: Approaches To Link Aggregation
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 1 Link Aggregation Overview 1.2 Approaches to Link Aggregation Two ways are available for implementing link aggregation, as described in Manual Link Aggregation Static LACP link aggregation. 1.2.1 Manual Link Aggregation I.
Page 176: Static Lacp Link Aggregation
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 1 Link Aggregation Overview III. Port Configuration Considerations in manual aggregation As mentioned above, in a manual aggregation group, only ports with configurations consistent with those of the reference port can become selected. These configurations...
Page 177: Load Sharing In A Link Aggregation Group
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 1 Link Aggregation Overview As there is a limit on the number of selected ports, not all selected-port candidates can become selected ports. Before the limit is reached, all the candidates are set to the selected state.
Page 178: Service Loop Group
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 1 Link Aggregation Overview forwarding port according to the source MAC address and destination MAC address. For a unicast IP packet with a known destination IP address, the switch selects the forwarding port according to the source IP address and the destination IP address of the packet.
Page 179: Aggregation Port Group
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 1 Link Aggregation Overview These ports can be configured only with the physical configuration such as speed and duplex mode, QoS, and ACL. Other conflicting configurations, such as STP cannot be configured.
Page 180: Chapter 2 Link Aggregation Configuration
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 2 Link Aggregation Configuration Chapter 2 Link Aggregation Configuration When configuring link aggregation, go to these sections for information you are interested in: Configuring Link Aggregation Displaying and Maintaining Link Aggregation Link Aggregation Configuration Example 2.1 Configuring Link Aggregation...
Page 181: Configuring A Static Lacp Link Aggregation Group
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 2 Link Aggregation Configuration For a manual aggregation group containing only one port, the only way to remove the port from it is to remove the aggregation group. To make an aggregation group to function properly, make sure the selected states of the ports on the both sides of the same link are the same.
Page 182: Configuring An Aggregation Group Name
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 2 Link Aggregation Configuration Note: When making configuration, be aware that after a load-balancing aggregation group changes to a non-load balancing group due to resources exhaustion, either of the...
Page 183: Displaying And Maintaining Link Aggregation
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 2 Link Aggregation Configuration Note: You can remove any service loop group except those that are currently referenced by modules. For a service loop group containing only one port, the only way to remove the port from it is to remove the service loop group.
Page 184: Link Aggregation Configuration Example
Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 2 Link Aggregation Configuration To do… Use the command… Remarks Display detailed information about display link-aggregation Available in any view specified or all link verbose [ agg-id ] aggregation groups...
Page 185 Operation Manual – Link Aggregation H3C S7500E Series Ethernet Switches Chapter 2 Link Aggregation Configuration # Add ports Ethernet 2/0/1 through Ethernet 2/0/3 to the group. [SwitchA] interface Ethernet 2/0/1 [SwitchA-Ethernet2/0/1] port link-aggregation group 1 [SwitchA-Ethernet2/0/1] interface Ethernet 2/0/2 [SwitchA-Ethernet2/0/2] port link-aggregation group 1...
Page 186 Operation Manual – MAC Address Table Management H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 MAC Address Table Management Configuration ............. 1-1 1.1 Introduction to MAC Address Table................... 1-1 1.2 Configuring MAC Address Table Management ..............1-2 1.2.1 Configuring MAC Address Entries ................
Page 187: Introduction To Mac Address Table
Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table Management H3C S7500E Series Ethernet Switches Configuration Chapter 1 MAC Address Table Management Configuration When configuring MAC address table management, go to these sections for information you are interested in:...
Page 188: Configuring Mac Address Table Management
Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table Management H3C S7500E Series Ethernet Switches Configuration Note: Dynamically learned MAC addresses cannot overwrite static MAC address entries, but the latter can overwrite the former. As shown in...
Page 189: Configuring Mac Address Entries
Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table Management H3C S7500E Series Ethernet Switches Configuration 1.2.1 Configuring MAC Address Entries Follow these steps to add, modify, or remove entries in the MAC address table: To do…...
Page 190: Disabling Mac Address Learning On An Ethernet Port Or Port Group
Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table Management H3C S7500E Series Ethernet Switches Configuration 1.2.3 Disabling MAC Address Learning on an Ethernet Port or Port Group After enabling global MAC address learning, you may disable the function on a per-port basis as needed.
Page 191 Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table Management H3C S7500E Series Ethernet Switches Configuration To do… Use the command… Remarks Enter system view — system-view Configure the aging timer mac-address timer Optional for dynamic MAC address { aging seconds | 300 seconds by default.
Page 192: Displaying And Maintaining Mac Address Table Management
Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table Management H3C S7500E Series Ethernet Switches Configuration Note: The maximum number of MAC addresses that can be learned on a port cannot be applied to the cross-board aggregation group to which the port belongs, that is, the maximum number of MAC addresses that can be learned on an aggregation group is not subject to that on a port in the group.
Page 193 Operation Manual – MAC Address Table Management Chapter 1 MAC Address Table Management H3C S7500E Series Ethernet Switches Configuration # Display the MAC address entry for port Ethernet 2/0/1. [Sysname] display mac-address interface ethernet 2/0/1 MAC ADDR VLAN ID STATE...
Page 194 Operation Manual – IP Source Guard H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IP Source Guard Configuration .................. 1-1 1.1 IP Source Guard Overview ....................1-1 1.2 Configuring a Static Binding Entry ..................1-1 1.3 Configuring Dynamic Binding Function ................
Page 195: Ip Source Guard Overview
Operation Manual – IP Source Guard H3C S7500E Series Ethernet Switches Chapter 1 IP Source Guard Configuration Chapter 1 IP Source Guard Configuration When configuring IP Source Guard, go to these sections for information you are interested in: IP Source Guard Overview...
Page 196: Configuring Dynamic Binding Function
Operation Manual – IP Source Guard H3C S7500E Series Ethernet Switches Chapter 1 IP Source Guard Configuration To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Required user-bind { ip-address ip-address |...
Page 197: Displaying Ip Source Guard
Operation Manual – IP Source Guard H3C S7500E Series Ethernet Switches Chapter 1 IP Source Guard Configuration 1.4 Displaying IP Source Guard To do… Use the command… Remarks display user-bind [ interface Display information about interface-type interface-number | Available in...
Page 198 Operation Manual – IP Source Guard H3C S7500E Series Ethernet Switches Chapter 1 IP Source Guard Configuration II. Network diagram Switch A Eth2/0/1 Eth2/0/2 Eth2/0/1 Eth2/0/2 Host C 192.168.0.3/24 MAC address: 00-01-02-03-04-05 Host A Host B 192.168.0.1/24 192.168.0.2/24 MAC address: 00-01-02-03-04-06...
Page 199: Dynamic Binding Configuration Example
Operation Manual – IP Source Guard H3C S7500E Series Ethernet Switches Chapter 1 IP Source Guard Configuration [SwitchB-Ethernet2/0/1] user-bind ip-address 192.168.0.1 mac-address 0001-0203-0406 [SwitchA-Ethernet2/0/1] quit # Configure port Ethernet 2/0/2 of Switch B to allow only IP packets with the source MAC address of 00-01-02-03-04-07 and the source IP address of 192.168.0.2 to pass.
Page 200 Operation Manual – IP Source Guard H3C S7500E Series Ethernet Switches Chapter 1 IP Source Guard Configuration Note: For detailed configuration of DHCP Server, refer to DHCP Configuration in this manual. II. Network diagram Figure 1-2 Network diagram for configuring dynamic binding III.
Page 201: Troubleshooting
Operation Manual – IP Source Guard H3C S7500E Series Ethernet Switches Chapter 1 IP Source Guard Configuration 0001-0203-0406 192.168.0.1 Ethernet2/0/1 DHCP-SNP -----------------1 binding entries queried, 1 listed------------------ # Display the dynamic entries of DHCP Snooping and check it is identical with the dynamic entries that port Ethernet 2/0/1 has obtained.
Page 202 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 MSTP Configuration ....................1-1 1.1 MSTP Overview ......................... 1-1 1.1.1 Introduction to STP ....................1-1 1.1.2 Introduction to MSTP .................... 1-11 1.1.3 Protocols and Standards..................1-18 1.2 Configuration Task List ....................
Page 203 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Table of Contents 1.6.1 Configuration Prerequisites................... 1-40 1.6.2 Configuration Procedure ..................1-40 1.6.3 Configuration Example..................1-41 1.7 Configuring No Agreement Check ................... 1-42 1.7.1 Prerequisites ......................1-43 1.7.2 Configuration Procedure ..................1-44 1.7.3 Configuration Example..................
Page 204: Mstp Overview
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Chapter 1 MSTP Configuration When configuring MSTP, go to these sections for information you are interested in: MSTP Overview Configuring the Root Bridge Configuring Leaf Nodes Performing mCheck...
Page 205 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration III. Basic concepts in STP Root bridge A tree network must have a root; hence the concept of “root bridge” has been introduced in STP. There is one and only one root bridge in the entire network, and the root bridge can change alone with changes of the network topology.
Page 206 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Figure 1-1 A schematic diagram of designated bridges and designated ports IV. Path cost Path cost is a reference value used for link selection in STP. By calculating the path cost, STP selects relatively “robust”...
Page 207 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Forward delay: forward delay of the port. Note: For the convenience of description, the description and examples below involve only four parts of a configuration BPDU: Root bridge ID (in the form of device priority)
Page 208 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Note: Principle for configuration BPDU comparison: The configuration BPDU that has the lowest root bridge ID has the highest priority. If all the configuration BPDUs have the same root bridge ID, they will be compared for their root path costs.
Page 209 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Step Description The device compares the calculated configuration BPDU with the configuration BPDU on the port of which the port role is to be defined, and does different things according to the comparison result:...
Page 210 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Table 1-4 Initial state of each device Device Port name BPDU of port {0, 0, 0, AP1} Device A {0, 0, 0, AP2} {1, 0, 1, BP1}...
Page 211 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration BPDU of port after Device Comparison process comparison Port BP1 receives the configuration BPDU of Device A {0, 0, 0, AP1}. Device B finds that the received configuration BPDU is superior to the...
Page 212 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration BPDU of port after Device Comparison process comparison Port CP1 receives the configuration BPDU of Device A {0, 0, 0, AP2}. Device C finds that the received configuration BPDU is superior to the...
Page 213 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Figure 1-3 The final calculated spanning tree Note: To facilitate description, the spanning tree calculation process in this example is simplified, while the actual process is more complicated.
Page 214: Introduction To Mstp
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration root port and designated port begin to forward data as soon as they are elected, a temporary loop may occur. STP timers STP calculations need three important timing parameters: forward delay, hello time, and max age.
Page 215 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Note: In RSTP, a newly elected root port can enter the forwarding state rapidly if this condition is met: The old root port on the device has stopped forwarding data and the upstream designated port has started forwarding data.
Page 216 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Figure 1-4 Basic concepts in MSTP MST region A multiple spanning tree region (MST region) is composed of multiple devices in a switched network and network segments among them. These devices have the...
Page 217 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration the same VLAN-to-instance mapping (VLAN 1 is mapped to MST instance 1, VLAN 2 to MST instance 2, and the rest to CIST). MSTP achieves load balancing by means of the VLAN-to-instance mapping table.
Page 218 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration A boundary port is a port that connects an MST region to another MST configuration, or to a single spanning-tree region running STP, or to a single spanning-tree region running RSTP.
Page 219 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Figure 1-5 Port roles Figure 1-5 helps understand these concepts. Where, Devices A, B, C, and D constitute an MST region. Port 1 and port 2 of device A connect to the common root bridge.
Page 220 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration A port state is not exclusively associated with a port role. Table 1-6 lists the port state(s) supported by each port role (“√” indicates that the port supports this state, while “—“...
Page 221: Configuration Task List
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration In addition to basic MSTP functions, many management-facilitating special functions are provided, as follows: Root bridge hold Root bridge backup Root guard BPDU guard Loop guard TC-BPDU guard 1.1.3 Protocols and Standards...
Page 222: Configuring The Root Bridge
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Task Remarks Configuring an MST Region Required Configuring the Work Mode of MSTP Device Optional Configuring the Timeout Factor Optional Configuring the Maximum Transmission Rate of Ports...
Page 223 (a 802.1s-defined protocol selector, which is 0 by default and cannot be configured), MST region name, VLAN-to-MSTI mapping table, and revision level. The H3C series support only the MST region name, VLAN-to-MSTI mapping table, and revision level. Switches with the settings of these parameters being the same are assigned to the same MST region.
Page 224: Specifying The Root Bridge Or A Secondary Root Bridge
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration II. Configuration example # Configure the MST region name to be “info”, the MSTP revision level to be 1, and VLAN 2 through VLAN 10 to be mapped to instance 1 and VLAN 20 through VLAN 30 to instance 2.
Page 225 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Note that: Upon specifying the current device as the root bridge or a secondary root bridge, you cannot change the priority of the device. You can configure the current device as the root bridge or a secondary root bridge of an MST instance, which is specified by instance instance-id in the command.
Page 226: Configuring The Work Mode Of Mstp Device
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration 1.3.3 Configuring the Work Mode of MSTP Device MSTP and RSTP can recognize each other’s protocol packets, so they are mutually compatible. However, STP is unable to recognize MSTP packets. For hybrid...
Page 227: Configuring The Maximum Hops Of An Mst Region
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration To do... Use the command... Remarks Enter system view system-view — Optional Configure the priority of stp [ instance instance-id ] the current device priority priority 32768 by default...
Page 228: Configuring The Network Diameter Of A Switched Network
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration To do... Use the command... Remarks — Enter system view system-view Optional Configure the maximum stp max-hops hops hops of the MST region 20 by default Note: A larger maximum hops setting means a larger size of the MST region.
Page 229: Configuring Timers Of Mstp
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Note: Network diameter is a parameter that indicates network size. A bigger network diameter represents a larger network size. Based on the network diameter you configured, MSTP automatically sets an optimal hello time, forward delay, and max age for the device.
Page 230 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Caution: The length of the forward delay time is related to the network diameter of the switched network. Typically, the larger the network diameter is, the longer the forward delay time should be.
Page 231: Configuring The Timeout Factor
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration 1.3.8 Configuring the Timeout Factor After the network topology is stabilized, each non-root-bridge device forwards configuration BPDUs to the surrounding devices at the interval of hello time to check whether any link is faulty.
Page 232: Configuring Ports As Edge Ports
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration I. Configuration procedure Follow these steps to configure the maximum transmission rate of a port or a group of ports: To do... Use the command... Remarks Enter system view system-view —...
Page 233 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration I. Configuration procedure Follow these steps to specify a port or a group of ports as edge port(s): To do... Use the command... Remarks Enter system view system-view —...
Page 234 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration I. Configuration procedure Follow these steps to configure whether a port or a group of ports connect to point-to-point links: To do... Use the command... Remarks Enter system view system-view —...
Page 235 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration 1.3.12 Configuring the Mode a Port Uses to Recognize/Send MSTP Packets A port can send/recognize MSTP packets of two formats: 802.1s-compliant standard format, and Compatible format By default, the packet format recognition mode of a port is auto, namely the port automatically distinguishes the two MSTP packet formats, and determines the format of packets it will send based on the recognized format.
Page 236: Enabling The Output Of Port State Transition Information
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration II. Configuration example # Configure GigabitEthernet 2/0/1 to receive and send standard-format MSTP packets. <Sysname> system-view [Sysname] interface GigabitEthernet 2/0/1 [Sysname-GigabitEthernet2/0/1] stp compliance dot1s 1.3.13 Enabling the Output of Port State Transition Information In a large-scale, MSTP-enabled network, there are a large number of MSTP instances, so ports may frequently transition from one state to another.
Page 237: Configuring Leaf Nodes
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration To do... Use the command... Remarks Optional MSTP is disabled on ports Enable the MSTP feature by default and stp enable on the port(s) automatically enabled on all ports after it is enabled globally on the device.
Page 238: Configuring Path Costs Of Ports
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration 1.4.5 Configuring Ports as Edge Ports Refer to Configuring Ports as Edge Ports in the section about root bridge configuration. 1.4.6 Configuring Path Costs of Ports Path cost is a parameter related to the rate of port-connected links. On an MSTP-compliant device, ports can have different priorities in different MST instances.
Page 239 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Private Link speed Duplex state 802.1d-1998 802.1t standard Single Port 200,000 Aggregated Link 2 Ports 100,000 100 Mbps Aggregated Link 3 Ports 66,666 Aggregated Link 4 Ports...
Page 240: Configuring Port Priority
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Caution: If you change the standard that the device uses in calculating the default path cost, the port path cost value set through the stp cost command will be out of effect.
Page 241: Performing Mcheck
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Note: When the priority of a port is changed, MSTP will re-calculate the role of the port and initiate a state transition. Generally, a lower configured value priority indicates a higher priority of the port. If you configure the same priority value for all the Ethernet ports on a device, the specific priority of a port depends on the index number of that port.
Page 242: Configuration Prerequisites
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration STP-compatible mode. In this case, you can perform an mCheck operation to force the port to migrate to the MSTP (or RSTP) mode. You can perform mCheck on a port through two approaches, which lead to the same result.
Page 243: Configuring Digest Snooping
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Method 2: Perform mCheck in Ethernet interface view. <Sysname> system-view [Sysname] interface GigabitEthernet 2/0/1 [Sysname-GigabitEthernet2/0/1] stp mcheck 1.6 Configuring Digest Snooping As defined in IEEE 802.1s, interconnected devices are in the same region only when the region-related configuration (domain name, revision level, VLAN-to-instance mappings) on them is identical.
Page 244 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration To do... Use the command... Remarks Required Enable global digest snooping config-digest-snooping Not enabled by default Caution: You can only enable the Digest Snooping feature on the device connected to another vendor’s device that uses a private key to calculate the configuration digest.
Page 245: Configuring No Agreement Check
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration II. Network diagram Third-party device Root port Designated port GE2/0/1 GE2/0/2 Blocked port GE2/0/1 GE2/0/2 GE2/0/2 GE2/0/1 Device A Device B Figure 1-6 Digest Snooping configuration III. Configuration procedure Enable Digest Snooping on Device A # Enable Digest Snooping on GigabitEthernet2/0/1.
Page 246 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Figure 1-7 Figure 1-8 show the rapid state transition mechanism on MSTP and RSTP designated ports. Upstream switch Downstream switch Proposal for rapid transition Root port blocks other...
Page 247 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Configure the same region name, revision level and VLAN-to-instance mappings on the two devices, making them in the same region. 1.7.2 Configuration Procedure Follow these steps to configure No Agreement Check: To do...
Page 248: Configuring Protection Functions
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration II. Network diagram Third-party device GE2/0/1 GE2/0/1 Root port Designated port Device A Figure 1-9 No Agreement Check configuration III. Configuration procedure # Enable No Agreement Check on GigabitEthernet2/0/1 of Device A.
Page 249: Enabling Bpdu Guard
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration 1.8.2 Enabling BPDU Guard For access layer devices, the access ports generally connect directly with user terminals (such as PCs) or file servers. In this case, the access ports are configured as edge ports to allow rapid transition of these ports.
Page 250: Enabling Loop Guard
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration playing the role of designated port on all MST instances. Once this port receives a configuration BPDU with a higher priority from an MST instance, it immediately sets that instance port to the listening state, without forwarding the packet (this is equivalent to disconnecting the link connected with this port).
Page 251: Enabling Tc-Bpdu Attack Guard
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration Note: It is recommended that you enable the loop guard feature on your device. Follow these steps to enable loop guard: To do... Use the command... Remarks...
Page 252: Displaying And Maintaining Mstp
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration To do... Use the command... Remarks Configure the maximum number of times the device Optional deletes forwarding address stp tc-protection entries within a certain period threshold number...
Page 253: Mstp Configuration Example
Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration 1.10 MSTP Configuration Example I. Network requirements Configure MSTP so that packets of different VLANs are forwarded along different spanning trees. The specific configuration requirements are as follows: All devices on the network are in the same MST region.
Page 254 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration [DeviceA-mst-region] region-name example [DeviceA-mst-region] instance 1 vlan 10 [DeviceA-mst-region] instance 3 vlan 30 [DeviceA-mst-region] instance 4 vlan 40 [DeviceA-mst-region] revision-level 0 # Activate MST region configuration manually.
Page 255 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration [DeviceB] display stp region-configuration Oper configuration Format selector Region name :example Revision level Instance Vlans Mapped 1 to 9, 11 to 29, 31 to 39, 41 to 4094 Configuration on Device C # Enter MST region view.
Page 256 Operation Manual – MSTP H3C S7500E Series Ethernet Switches Chapter 1 MSTP Configuration # Enter MST region view. <DeviceD> system-view [DeviceD] stp region-configuration [DeviceD-mst-region] region-name example # Configure the region name, VLAN-to-instance mappings and revision level of the MST region.
Page 257 Operation Manual – IP Routing Overview H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IP Routing Overview....................1-1 1.1 IP Routing and Routing Table.................... 1-1 1.1.1 Routing ........................1-1 1.1.2 Routing Through a Routing Table ................1-1 1.2 Routing Protocol Overview ....................
Page 258: Ip Routing And Routing Table
Operation Manual – IP Routing Overview H3C S7500E Series Ethernet Switches Chapter 1 IP Routing Overview Chapter 1 IP Routing Overview Go to these sections for information you are interested in: IP Routing and Routing Table Routing Protocol Overview Displaying and Maintaining a Routing Table Note: The term “router”...
Page 259 Operation Manual – IP Routing Overview H3C S7500E Series Ethernet Switches Chapter 1 IP Routing Overview Destination address: Destination IP address or destination network. Network mask: Specifies, in company with the destination address, the address of the destination network. A logical AND operation between the destination address and the network mask yields the address of the destination network.
Page 260: Routing Protocol Overview
Operation Manual – IP Routing Overview H3C S7500E Series Ethernet Switches Chapter 1 IP Routing Overview Router A Router F 17.0.0.0 17.0.0.1 17.0.0.3 16.0.0.2 11.0.0.2 17.0.0.2 Router D 16.0.0.0 11.0.0.0 14.0.0.3 11.0.0.1 16.0.0.1 14.0.0.2 14.0.0.4 Router B 14.0.0.0 Router G 15.0.0.2...
Page 261: Ipv6 Routing
Operation Manual – IP Routing Overview H3C S7500E Series Ethernet Switches Chapter 1 IP Routing Overview I. Operational scope Interior gateway protocols (IGPs): Work within an autonomous system, including RIP, OSPF, and IS-IS. Exterior gateway protocols (EGPs): Work between autonomous systems. The most popular one is BGP.
Page 262: Load Balancing And Route Backup
Operation Manual – IP Routing Overview H3C S7500E Series Ethernet Switches Chapter 1 IP Routing Overview Routing approach Priority DIRECT OSPF IS-IS STATIC OSPF ASE OSPF NSSA IBGP EBGP UNKNOWN Note: The smaller the priority value, the higher the priority.
Page 263: Displaying And Maintaining A Routing Table
Operation Manual – IP Routing Overview H3C S7500E Series Ethernet Switches Chapter 1 IP Routing Overview Under normal circumstances, packets are forwarded through the main route. When the main route goes down, the route with the highest priority among the backup routes is selected to forward packets.
Page 264 Operation Manual – IP Routing Overview H3C S7500E Series Ethernet Switches Chapter 1 IP Routing Overview To do… Use the command… Remarks Display routing display ip routing-table ip-prefix information permitted by ip-prefix-name [ verbose ] an IPv4 prefix list Available in...
Page 265 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Static Routing Configuration..................1-1 1.1 Introduction ........................1-1 1.1.1 Static Route......................1-1 1.1.2 Default Route ......................1-1 1.1.3 Application Environment of Static Routing.............. 1-2 1.2 Configuring a Static Route....................
Page 266 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Table of Contents 2.4.8 Configuring RIP-to-MIB Binding ................2-16 2.5 Displaying and Maintaining RIP..................2-17 2.6 RIP Configuration Examples.................... 2-17 2.6.1 Configuring RIP Version..................2-17 2.6.2 Configuring RIP Route Redistribution ..............2-19 2.7 Troubleshooting RIP ......................
Page 267 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Table of Contents 3.7.3 Specifying an LSA Transmission Delay ..............3-34 3.7.4 Specifying SPF Calculation Interval ..............3-34 3.7.5 Specifying the LSA Minimum Repeat Arrival Interval ........... 3-35 3.7.6 Specifying the LSA Generation Interval ..............3-35 3.7.7 Disabling Interfaces from Sending OSPF Packets ..........
Page 268 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Table of Contents 4.4.8 Configuring Route Redistribution ................4-24 4.4.9 Configuring IS-IS Route Leaking................4-24 4.5 Tuning and Optimizing IS-IS Network ................4-25 4.5.1 Configuration Prerequisites................... 4-25 4.5.2 Configuring a DIS Priority for an Interface ............4-25 4.5.3 Configuring IS-IS Timers..................
Page 269 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Table of Contents 5.5.1 Prerequisites ......................5-27 5.5.2 Configuration Procedure ..................5-27 5.6 Tuning and Optimizing BGP Networks ................5-30 5.6.1 Prerequisites ......................5-31 5.6.2 Configuration Procedure ..................5-31 5.7 Configuring a Large Scale BGP Network ................ 5-33 5.7.1 Configuration Prerequisites...................
Page 270 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Table of Contents 6.5 Displaying and Maintaining the Routing Policy..............6-10 6.6 Routing Policy Configuration Example ................6-10 6.6.1 Applying Routing Policy When Redistributing IPv4 Routes ........6-10 6.7 Troubleshooting Routing Policy Configuration ..............6-14...
Page 271 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 1 Static Routing Configuration Chapter 1 Static Routing Configuration When configuring a static route, go to these sections for information you are interested Introduction Configuring a Static Route Displaying and Maintaining Static Routes...
Page 272: Application Environment Of Static Routing
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 1 Static Routing Configuration You can create the default route with both destination and mask being 0.0.0.0, and some dynamic routing protocols, such as OSPF, RIP and IS-IS, can also generate the default route.
Page 273: Displaying And Maintaining Static Routes
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 1 Static Routing Configuration To do… Use the command… Remarks Enter system view — system-view Required ip route-static dest-address { mask | mask-length } By default, { gateway-address | interface-type...
Page 274 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 1 Static Routing Configuration 1.4 Configuration Example I. Network requirements The IP addresses and masks of the switches and hosts are shown in the following figure. Static routes are required for interconnection between any two hosts.
Page 275 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 1 Static Routing Configuration Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/0 Static 60 1.1.4.2 Vlan500 1.1.2.0/24 Direct 0 1.1.2.3 Vlan300 1.1.2.3/32 Direct 0 127.0.0.1...
Page 276: Rip Overview
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration Chapter 2 RIP Configuration Note: The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. When configuring RIP, go to these sections for information you are interested in:...
Page 277 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration II. RIP routing table A RIP router has a routing table containing routing entries of all reachable destinations, and each routing entry contains: Destination address: IP address of a host or a network.
Page 278: Multicast
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration 2.1.2 Operation of RIP The following procedure describes how RIP works. After RIP is enabled, the router sends Request messages to neighboring routers. Neighboring routers return Response messages including information about their routing tables.
Page 279 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration Figure 2-1 shows the format of RIPv1 message. Figure 2-1 RIPv1 Message Format Command: Type of message. 1 indicates request, and 2 indicates response. Version: Version of RIP, 0x01 for RIPv1.
Page 280: Supported Rip Features
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration III. RIPv2 authentication RIPv2 sets the AFI field of the first route entry to 0xFFFF to identify authentication information. See Figure 2-3. Figure 2-3 RIPv2 Authentication Message Authentication Type: 2 represents plain text authentication, while 3 represents MD5.
Page 281: Configuring Rip Basic Functions
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration 2.2 Configuring RIP Basic Functions 2.2.1 Configuration Prerequisites Before configuring RIP basic functions, configure IP addresses for interfaces, making all adjacent nodes reachable to each other at the network layer.
Page 282 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration To do… Use the command… Remarks interface interface-type Enter interface view — interface-number Optional Enable the interface to rip input receive RIP messages Enabled by default...
Page 283: Configuring Rip Route Control
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration To do… Use the command… Remarks interface interface-type Enter interface view –– interface-number Specify a RIP rip version { 1 | 2 version for the [ broadcast |...
Page 284: Configuring Ripv2 Route Summarization
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration To do… Use the command… Remarks Optional Define an outbound rip metricout value additional routing metric 1 by default 2.3.2 Configuring RIPv2 Route Summarization Route summarization means that subnets in a natural network are summarized with a natural network that is sent to other networks.
Page 285: Disabling Host Route Reception
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration Note: You need to disable RIPv2 route automatic summarization before advertising a summary route on an interface. 2.3.3 Disabling Host Route Reception Sometimes a router may receive many host routes from the same network, which are not helpful for routing and occupy a large amount of network resources.
Page 286: Configuring Inbound/Outbound Route Filtering
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration Note: The router enabled to advertise a default route does not receive default routes from RIP neighbors. 2.3.5 Configuring Inbound/Outbound Route Filtering The device supports route filtering. You can filter routes by configuring the inbound and outbound route filtering policies via referencing an ACL or IP prefix list.
Page 287: Configuring Rip Network Optimization
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration To do… Use the command… Remarks Enter system view –– system-view Enter RIP view rip [ process-id ] –– Optional Configure a priority for preference [ route-policy...
Page 288: Configuring Split Horizon And Poison Reverse
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration To do… Use the command… Remarks Optional timers { garbage-collect The default update timer, garbage-collect-value | Configure values for timeout timer, suppress timer, suppress suppress-value |...
Page 289: Configuring The Maximum Number Of Load Balanced Routes
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration II. Enabling poison reverse The poison reverse function allows an interface to advertise the routes received from it, but the metric of these routes is set to 16, making them unreachable.
Page 290: Enabling Source Ip Address Check On Incoming Rip Updates
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration 2.4.5 Enabling Source IP Address Check on Incoming RIP Updates You can enable source IP address check on incoming RIP updates. For a message received on an Ethernet interface, RIP compares the source IP address of the message with the IP address of the interface.
Page 291: Specifying A Rip Neighbor
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration 2.4.7 Specifying a RIP Neighbor Usually, RIP sends messages to broadcast or multicast addresses. On non broadcast or multicast links, you need to manually specify RIP neighbors. If a specified neighbor is not directly connected, you must disable source address check on incoming updates.
Page 292: Displaying And Maintaining Rip
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration 2.5 Displaying and Maintaining RIP To do… Use the command… Remarks Display RIP current status and configuration display rip [ process-id ] information Display all active routes in...
Page 293 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration [SwitchA-rip-1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] rip [SwitchB-rip-1] network 192.168.1.0 [SwitchB-rip-1] network 10.0.0.0 [SwitchB-rip-1] quit # Display the RIP routing table of Switch A.
Page 294 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration Note: Since RIPv1 routing information has a long aging time, it will still exist until aged out after RIPv2 is configured. 2.6.2 Configuring RIP Route Redistribution I.
Page 295 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration [SwitchB-rip-100] version 2 [SwitchB-rip-100] undo summary [SwitchB-rip-100] quit [SwitchB] rip 200 [SwitchB-rip-200] network 3.0.0.0 [SwitchB-rip-200] version 2 [SwitchB-rip-200] undo summary [SwitchB-rip-200] quit # Enable RIP 200 and specify RIP version 2 on Switch C.
Page 296 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Cost NextHop Interface 1.1.1.0/24 Direct 0 1.1.1.1 Vlan100 1.1.1.1/32 Direct 0 127.0.0.1 InLoop0 2.1.1.0/24 Direct 0 2.1.1.1...
Page 297: Troubleshooting Rip
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 2 RIP Configuration 2.7 Troubleshooting RIP 2.7.1 No RIP Updates Received Symptom: No RIP updates are received when the links work well. Analysis: After enabling RIP, you must use the network command to enable corresponding interfaces.
Page 298: Introduction To Ospf
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Chapter 3 OSPF Configuration Open Shortest Path First (OSPF) is a link state interior gateway protocol developed by the OSPF working group of the Internet Engineering Task Force (IETF). At present, OSPF version 2 (RFC2328) is used.
Page 299: Basic Concepts
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Area partition: Allows an AS to be split into different areas for ease of management and the routing information transmitted between areas is summarized to reduce network bandwidth consumption.
Page 300 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Hello packet: Periodically sent to find and maintain neighbors, containing the values of some timers, information about the DR, BDR and known neighbors. DD packet (database description packet): Describes the digest of each LSA in the LSDB, exchanged between two routers for data synchronization.
Page 301: Ospf Area Partition And Route Summarization
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration into the local subnet, the Type 10 is flooded into the local area, and the Type 11 is flooded throughout the whole AS. VI. Neighbor and Adjacency In OSPF, the “Neighbor”...
Page 302 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Area 4 Area 1 Area 0 Area 2 Area 3 Figure 3-1 OSPF area partition After area partition, area border routers perform route summarization to reduce the number of LSAs advertised to other areas and minimize the effect of topology changes.
Page 303 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Figure 3-2 OSPF router types III. Backbone area and virtual links Each AS has a backbone area, which is responsible for distributing routing information between none-backbone areas. Routing information between non-backbone areas must be forwarded by the backbone area.
Page 304 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Another application of virtual links is to provide redundant links. If the backbone area cannot maintain internal connectivity due to a physical link failure, configuring a virtual link can guarantee logical connectivity in the backbone area, as shown below.
Page 305 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration NSSA area. When traveling to the NSSA ABR, Type-7 LSAs are translated into Type-5 LSAs by the ABR for advertisement to other areas. In the following figure, the OSPF AS contains three areas: Area 1, Area 2 and Area 0.
Page 306: Classification Of Ospf Networks
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration segment. The ABR in the area distributes only the summary LSA to reduce the scale of LSDBs on routers in other areas. ASBR route summarization If summarization for redistributed routes is configured on an ASBR, it will summarize redistributed Type-5 LSAs that fall into the specified address range.
Page 307: Dr And Bdr
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration P2MP (point-to-multipoint): By default, OSPF considers no link layer protocol as P2MP, which is a conversion from other network types such as NBMA in general. On P2MP networks, packets are sent to multicast addresses (224.0.0.5).
Page 308 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration the new DR in a very short period by avoiding adjacency establishment and DR reelection. Meanwhile, other routers elect another BDR, which requires a relatively long period but has no influence on routing calculation.
Page 309: Ospf Packet Formats
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration 3.1.5 OSPF Packet Formats OSPF packets are directly encapsulated into IP packets. OSPF has the IP protocol number 89. The OSPF packet format is shown below (taking a LSU packet as an example).
Page 310 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Note: MD5 authentication data is added following an OSPF packet rather than contained in the Authentication field. II. Hello packet A router sends hello packets periodically to neighbors to find and maintain neighbor relationships and to elect the DR/BDR, including information about values of timers, DR, BDR and neighbors already known.
Page 311 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration III. DD packet Two routers exchange database description (DD) packets describing their LSDBs for database synchronization, contents in DD packets including the header of each LSA (uniquely representing a LSA).
Page 312 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration requesting the missing LSAs. The packets contain the digests of the missing LSAs. The following figure shows the LSR packet format. Figure 3-12 LSR packet format Major fields: LS type: Type number of the LSA to be requested.
Page 313 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration VI. LSAck packet LSAack (Link State Acknowledgment) packets are used to acknowledge received LSU packets, contents including LSA headers to describe the corresponding LSAs. Multiple LSAs can be acknowledged in a single Link State Acknowledgment packet. The following figure gives its format.
Page 314 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Figure 3-16 Router LSA format Major fields: Link State ID: ID of the router that originated the LSA. V (Virtual Link): Set to 1 if the router that originated the LSA is a virtual link endpoint.
Page 315 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Figure 3-17 Network LSA format Major fields: Link State ID: The interface address of the DR Network Mask: The mask of the network (a broadcast or NBMA network)
Page 316 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Note: A Type-3 LSA can be used to advertise a default route, having the Link State ID and Network Mask set to 0.0.0.0. AS external LSA An AS external LSA originates from an ASBR, describing routing information to a destination outside the AS.
Page 317: Supported Ospf Features
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration An NSSA external LSA originates from the ASBR in a NSSA and is flooded in the NSSA area only. It has the same format as the AS external LSA.
Page 318: Ospf Configuration Task List
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Distributed routers support OSPF Hot Standby (HSB). OSPF backups necessary information of the Active Main Board (AMB) into the Standby Main Board. Once the AMB fails, the SMB begins to work to ensure the normal operation of OSPF.
Page 319: Configuring Ospf Basic Functions
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Task Remarks Configuring OSPF Packet Optional Timers Specifying an LSA Transmission Optional Delay Specifying SPF Calculation Optional Interval Specifying the LSA Minimum Optional Repeat Arrival Interval...
Page 320 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration To ensure OSPF stability, you need to decide on router IDs and configure them manually. Any two routers in an AS must have different IDs. In practice, the ID of a router is the IP address of one of its interfaces.
Page 321: Configuring Ospf Area Parameters
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration 3.4 Configuring OSPF Area Parameters Splitting an OSPF AS into multiple areas reduces the number of LSAs in the networks and extends the OSPF application. For those non-backbone areas residing on the AS boundary, you can configure them as stub areas to further reduce the size of routing tables on routers in these areas and the number of LSAs.
Page 322: Configuring Ospf Network Types
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration To do… Use the command… Remarks vlink-peer router-id Optional [ hello seconds | retransmit seconds | Configured on both ends of a virtual link trans-delay seconds |...
Page 323: Configuring The Ospf Network Type For An Interface
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration 3.5.2 Configuring the OSPF Network Type for an Interface Follow these steps to configure the OSPF network type for an interface: To do… Use the command…...
Page 324: Configuring Ospf Route Control
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Optional Configure a router priority The default router priority...
Page 325: Configuring Ospf Inbound Route Filtering
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | Enter OSPF view — router-id router-id ] * Enter OSPF area view...
Page 326: Configuring Abr Type-3 Lsa Filtering
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Note: Since OSPF is a link state-based interior gateway protocol, routing information is contained in LSAs. However, OSPF cannot filter LSAs. Using the filter-policy import command is to filter routes computed by OSPF, and only routes not filtered out are installed into the routing table.
Page 327: Configuring The Maximum Number Of Ospf Routes
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | Enter OSPF view — router-id router-id ] * Optional Configure a bandwidth...
Page 328: Configuring A Priority For Ospf
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration To do… Use the command… Remarks Configure the maximum maximum Optional number of equivalent load-balancing The default number is 4. load-balanced routes maximum 3.6.8 Configuring a Priority for OSPF A router may run multiple routing protocols, and it sets a priority for each protocol.
Page 329: Configuring Ospf Network Optimization
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration To do… Use the command… Remarks default-route-advertise [ always | cost cost | type Optional type | route-policy Redistribute a default Not redistributed by route-policy-name ]*...
Page 330: Configuring Ospf Packet Timers
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Configure OSPF network management functions, such as binding OSPF MIB with a process, sending trap information and collecting log information. 3.7.1 Prerequisites Before configuring OSPF network optimization, you have configured: IP addresses for interfaces;...
Page 331: Specifying An Lsa Transmission Delay
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration To do… Use the command… Remarks Optional Specify the ospf timer retransmit retransmission The retransmission interval interval interval defaults to 5 seconds. Note: The hello and dead intervals restore to default values after you change the network type for an interface.
Page 332: Specifying The Lsa Minimum Repeat Arrival Interval
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | Enter OSPF view — router-id router-id ] * spf-schedule-interval Optional Specify SPF calculation...
Page 333: Disabling Interfaces From Sending Ospf Packets
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Follow these steps to configure the LSA generation interval: To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | Enter OSPF view...
Page 334: Configuring Ospf Authentication
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Note: Different OSPF processes can disable the same interface from sending OSPF packets. Use of the silent-interface command disables only the interfaces associated with the current process rather than interfaces associated with other processes.
Page 335: Adding The Interface Mtu Into Dd Packets
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | router-id Enter OSPF view — router-id ] * Enter area view —...
Page 336: Configuring The Maximum Number Of External Lsas In Lsdb
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration 3.7.11 Configuring the Maximum Number of External LSAs in LSDB Follow these steps to configure the maximum number of external LSAs in the Link State Database: To do…...
Page 337: Configuring Ospf Network Management
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration 3.7.14 Configuring OSPF Network Management Follow these steps to configure OSPF network management: To do… Use the command… Remarks Enter system view — system-view Optional The first OSPF...
Page 338: Displaying And Maintaining Ospf
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration 3.8 Displaying and Maintaining OSPF To do… Use the command… Remarks Display OSPF brief display ospf [ process-id ] brief information Display OSPF statistics display ospf [ process-id ] cumulative...
Page 339: Ospf Configuration Examples
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration To do… Use the command… Remarks reset ospf [ process-id ] counters Reset OSPF counters [ neighbor [ interface-type interface-number ] [ router-id ] ] Available...
Page 340 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Configure OSPF basic functions # Configure Switch A. <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.1] quit...
Page 341 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration [SwitchA] display ospf peer verbose OSPF Process 1 with Router ID 10.2.1.1 Neighbors Area 0.0.0.0 interface 10.1.1.1(Vlan-interface100)'s neighbors Router ID: 10.3.1.1 Address: 10.1.1.2 GR State: Normal...
Page 342 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration [SwitchA] display ospf lsdb OSPF Process 1 with Router ID 10.2.1.1 Link State Database Area: 0.0.0.0 Type LinkState ID AdvRouter Sequence Metric Router 10.2.1.1 10.2.1.1 1069...
Page 343: Configuring An Ospf Stub Area
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration PING 10.4.1.1: 56 data bytes, press CTRL_C to break Request time out Reply from 10.4.1.1: bytes=56 Sequence=2 ttl=253 time=15 ms Reply from 10.4.1.1: bytes=56 Sequence=3 ttl=253 time=1 ms Reply from 10.4.1.1: bytes=56 Sequence=4 ttl=253 time=16 ms...
Page 344 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration # Display ABR/ASBR information on Switch C. [SwitchC] display ospf abr-asbr OSPF Process 1 with Router ID 10.4.1.1 Routing Table to ABR and ASBR Type Destination...
Page 345 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration [SwitchA-ospf-1-area-0.0.0.1] stub [SwitchA-ospf-1-area-0.0.0.1] quit [SwitchA-ospf-1] quit # Configure Switch C. [SwitchC] ospf [SwitchC-ospf-1] area 1 [SwitchC-ospf-1-area-0.0.0.1] stub [SwitchC-ospf-1-area-0.0.0.1] quit [SwitchC-ospf-1] quit # Display OSPF routing information on Switch C [SwitchC] display ospf routing OSPF Process 1 with Router ID 10.4.1.1...
Page 346: Configuring An Ospf Nssa Area
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration [SwitchC] display ospf routing OSPF Process 1 with Router ID 10.4.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 0.0.0.0/0 Inter 10.2.1.1 10.2.1.1 0.0.0.1...
Page 347 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration III. Configuration procedure Configure IP addresses for interfaces. Configure OSPF basic functions (refer to Configuring OSPF Basic Functions). Configure Area 1 as an NSSA area. # Configure Switch A.
Page 348: Configuring Ospf Dr Election
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration [SwitchC] ospf [SwitchC-ospf-1] import-route static [SwitchC-ospf-1] quit # Display OSPF routing information on Switch D. [SwitchD-ospf-1] display ospf routing OSPF Process 1 with Router ID 10.5.1.1...
Page 349 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration II. Network diagram Figure 3-24 Network diagram for OSPF DR election configuration III. Configuration procedure Configure IP addresses for interfaces (omitted) Configure OSPF basic functions # Configure Switch A.
Page 350 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration # Configure Switch D. <SwitchD> system-view [SwitchD] router id 4.4.4.4 [SwitchD] ospf [SwitchD-ospf-1] area 0 [SwitchD-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit # Display OSPF neighbor information on Switch A.
Page 351 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration # Configure Switch B. [SwitchB] interface vlan-interface 1 [SwitchB-Vlan-interface1] ospf dr-priority 0 [SwitchB-Vlan-interface1] quit # Configure Switch C. [SwitchC] interface vlan-interface 1 [SwitchC-Vlan-interface1] ospf dr-priority 2 [SwitchC-Vlan-interface] quit # Display neighbor information on Switch D.
Page 352 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Note: In the above output, you can find the priority configuration does not take effect immediately. Restart OSPF process (omitted) # Display neighbor information on Switch D.
Page 353: Configuring Ospf Virtual Links
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Note: If the neighbor state is full, it means Switch D has established the adjacency with the neighbor. If the neighbor state is 2-way, it means the two switches are neither the DR nor the BDR, and they do not exchange LSAs.
Page 354 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration II. Network diagram Figure 3-25 Network diagram for OSPF virtual link configuration III. Configuration procedure Configure IP addresses for interfaces (omitted) Configure OSPF basic functions # Configure Switch A.
Page 355 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Total Nets: 2 Intra Area: 2 Inter Area: 0 ASE: 0 NSSA: 0 Note: Since Area 2 has no direct connection to Area 0, the OSPF routing table of Router A has no route to Area 2.
Page 356: Troubleshooting Ospf Configuration
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration 3.10 Troubleshooting OSPF Configuration 3.10.1 No OSPF Neighbor Relationship Established I. Symptom No OSPF neighbor relationship can be established. II. Analysis If the physical link and lower layer protocols work well, check OSPF parameters configured on interfaces.
Page 357 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 3 OSPF Configuration Display information about area configuration using display current-configuration configuration ospf command. If more than two areas are configured, at least one area is connected to the backbone.
Page 358 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Chapter 4 IS-IS Configuration When configuring IS-IS, go to these sections for information you are interested in: IS-IS Overview IS-IS Configuration Task List Configuring IS-IS Basic Functions...
Page 359 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Routing domain (RD). A group of ISs exchange routing information with the same routing protocol in a routing domain. Area. An area is a division unit in a routing domain. The IS-IS protocol allows a routing domain to be divided into multiple areas.
Page 360 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Generally, a router only needs one area address, and all nodes in the same routing domain must share the same area address. However, a router can have three area addresses at most to support smooth area merging, partitioning and switching.
Page 361: Is-Is Area
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration 4.1.2 IS-IS Area I. Two-level hierarchy IS-IS uses two-level hierarchy in the routing domain to support large scale routing networks. A large routing domain is divided into multiple Areas. The Level-1 router is in charge of forwarding routes within an area, and the Level-2 router is in charge of forwarding routes between areas.
Page 362 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Figure 4-2 IS-IS topology Figure 4-3 shows another network topology running the IS-IS protocol. The Level-1-2 routers connect the Level-1 and Level-2 routers, and also form the IS-IS backbone together with the Level-2 routers.
Page 363: Is-Is Network Type
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Note: The IS-IS backbone does not need to be a specific Area. Both the IS-IS Level-1 and Level-2 routers use the SPF algorithm to generate the Shortest Path Tree (SPT).
Page 364 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Point-to-point network, such as PPP, HDLC. Note: For the Non-Broadcast Multi-Access (NBMA) network, such as ATM, you need to configure point-to-point or broadcast network on its configured subinterfaces. IS-IS does not run on Point to Multipoint (P2MP) links.
Page 365: Is-Is Pdu Format
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Using pseudonodes can reduce the resources used by SPF and simplify the network topology. Note: On IS-IS broadcast networks, all routers are adjacent with each other. The DIS is responsible for the synchronization of their LSDBs.
Page 366 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration R(Reserved): Set to 0. PDU Type: For detail information, refer to Table 4-1. Version: Set to 1(0x01). Maximum Area Address: Maximum number of area addresses supported.
Page 367 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Figure 4-7 L1/L2 LAN IIH format Reserved/Circuit Type: The first 6 bits are reserved with value 0. The last 2 bits indicates router types: 00 means reserved, 01 indicates L1, 10 indicates L2, and 11 indicates L1/2.
Page 368 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Figure 4-8 P2P IIH format Instead of the priority and LAN ID fields in the LAN IIH, the P2P IIH has a Local Circuit ID field.
Page 369 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Figure 4-9 L1/L2 LSP format PDU Length: Total length of the PDU in bytes. Remaining Lifetime: LSP remaining lifetime in seconds. LSP ID: Consists of the system ID, the pseudonode ID (one byte) and the LSP fragment number (one byte).
Page 370 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Figure 4-10 LSDB overload IS Type: Type of the router generating the LSP. V. SNP format The Sequence Number PDU (SNP) confirms the latest received LSPs. It is similar to the Acknowledge packet, but more efficient.
Page 371 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration PSNP only contains the sequence numbers of one or multiple latest received LSPs. It can acknowledge multiple LSPs at one time. When LSDBs are not synchronized, a PSNP is used to request new LSPs from neighbors.
Page 372: Is-Is Features Supported
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration CLV Code Name PDU Type LSP Entries Authentication Information IIH, LSP, SNP IP Internal Reachability Information Protocols Supported IIH, LSP IP External Reachability Information L2 LSP...
Page 373 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration common LSP or non-zero for a Pseudonode LSP), and LSP Number (LSP fragment number) of the node or pseudo node that generated the LSP. The 1-byte LSP Number field, allowing a maximum of only 256 fragments to be generated by an IS-IS router, limits the amount of link information that the IS-IS router can advertise.
Page 374 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration originating system only. Therefore, the IS-IS routers not supporting LSP fragment extension can operate normally without modifying the extended LSP fragments received, but some limitation is imposed on the link state information in the extended LSP fragments advertised by the virtual systems.
Page 375: Is-Is Configuration Task List
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration RFC 3786 - Extending the Number of IS-IS LSP Fragments Beyond the 256 Limit RFC 3787 - Recommendations for Interoperable IP Networks using IS-IS RFC 3847 - Restart signaling for IS-IS 4.2 IS-IS Configuration Task List...
Page 376: Configuring Is-Is Basic Functions
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration 4.3 Configuring IS-IS Basic Functions 4.3.1 Configuration Prerequisites Before the task, configure an IP address for each interface, making all adjacent nodes reachable to each other at the network layer.
Page 377: Configuring Is-Is Routing Information Control
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration 4.4 Configuring IS-IS Routing Information Control 4.4.1 Configuration Prerequisites Before the configuration, accomplish the following tasks first: Configure an IP address on each interface, and make sure all nodes are reachable.
Page 378 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration To do… Use the command… Remarks cost-style { narrow | wide | wide-compatible | Optional Specify a cost style { compatible | narrow by default narrow-compatible }...
Page 379: Configuring The Maximum Number Of Equal Cost Routes
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration To do… Use the command… Remarks Required Enable automatic IS-IS auto-cost enable cost calculation Disabled by default. Note: In the case no interface cost is specified in interface view or system view and automatic...
Page 380: Configuring Inbound Route Filtering
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration the size of routing tables, as well as the LSP and LSDB generated by the router itself. Both IS-IS and redistributed routes can be summarized. Follow these steps to configure route summarization: To do…...
Page 381: Configuring Route Redistribution
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration To do… Use the command… Remarks Enter system view –– system-view Enter IS-IS view isis [ process-id ] –– filter-policy { acl-number | Required Configure inbound route...
Page 382: Tuning And Optimizing Is-Is Network
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration To do… Use the command… Remarks import-route isis level-2 into level-1 [ filter-policy Required Enable IS-IS route { acl-number | ip-prefix leaking Disabled by default ip-prefix-name | route-policy...
Page 383: Configuring Is-Is Timers
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Note: If multiple routers in the broadcast network have the same highest DIS priority, the router with the highest MAC address becomes the DIS. This rule applies even all routers’...
Page 384: Disabling An Interface From Sending/Receiving Is-Is Hello Packets
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Note: On the broadcast link, you can specify different intervals for Level-1 and Level-2 hello packets; if no level is specified, the interval applies to both Level-1 and Level-2 hello packets, but only takes effect on the level of the current process;...
Page 385 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration The router will discard a LSP with incorrect checksum. You can configure the router to ignore the incorrect checksum, which means a LSP will be processed even with an incorrect LSP checksum.
Page 386: Configuring Spf Parameters
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration To do… Use the command… Remarks Optional Not added by default If the mesh-blocked isis mesh-group Add the interface to a keyword is included, the [ mesh-group-number |...
Page 387: Configuring Dynamic Host Name Mapping
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration To do… Use the command... Remarks Enter system view –– system-view Enter IS-IS view isis [ process-id ] –– Optional timer spf Configure the SPF The default SPF...
Page 388: Configuring Is-Is Authentication
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Note: The local host name on the local IS overwrites the remote host name on the remote IS. 4.5.8 Configuring IS-IS Authentication For area authentication, the area authentication password is encapsulated into the Level-1 LSP, CSNP, and PSNP packets.
Page 389: Configuring Lsdb Overload Tag
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Note: The level-1 and level-2 keywords in the isis authentication-mode command are only supported on a VLAN interface of a switch, and the interface must be configured with the isis enable command first.
Page 390: Enabling An Interface To Send Small Hello Packets
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration 4.5.11 Enabling an Interface to Send Small Hello Packets Follow these steps to enable an interface to send small hello packets (without the padding field): To do…...
Page 391: Is-Is Configuration Example
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration To do… Use the command… Remarks Display the display isis name-table host-name-to-system-ID Available in any view [ process-id ] mapping table Display IS-IS neighbor display isis peer...
Page 392 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration II. Network diagram Figure 4-14 Network diagram for IS-IS basic configuration III. Configuration procedure Configure IP addresses for interfaces (omitted) Configure IS-IS # Configure Switch A.
Page 393 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] isis enable 1 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis enable 1 [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis enable 1 [SwitchC-Vlan-interface300] quit # Configure Switch D.
Page 394 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration [SwitchB] display isis lsdb Database information for ISIS(1) -------------------------------- Level-1 Link State Database LSPID Seq Num Checksum Holdtime Length ATT/P/OL -------------------------------------------------------------------------- 0000.0000.0001.00-00 0x00000006 0xdb60 0/0/0 0000.0000.0002.00-00* 0x00000008...
Page 395 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload [SwitchD] display isis lsdb Database information for ISIS(1) -------------------------------- Level-2 Link State Database LSPID Seq Num Checksum Holdtime Length...
Page 396 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration ISIS(1) IPv4 Level-1 Forwarding Table ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 192.168.0.0/24 NULL Vlan300 Direct R/L/- 10.1.1.0/24 NULL Vlan100 Direct R/L/- 10.1.2.0/24 NULL...
Page 397: Dis Selection Configuration
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration 4.7.2 DIS Selection Configuration I. Network requirements As shown in Figure 4-15, Switch A, B, C and Switch D reside in IS-IS area 10 on a broadcast network (Ethernet).
Page 398 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration [SwitchB-Vlan-interface100] quit # Configure Switch C. <SwitchC> system-view [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0003.00 [SwitchC-isis-1] is-level level-1 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] isis enable 1 [SwitchC-Vlan-interface100] quit # Configure Switch D.
Page 399 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration [SwitchA] display isis interface Interface information for ISIS(1) --------------------------------- Interface: Vlan-interface100 IPV4.State IPV6.State Type Down 1497 L1/L2 No/No # Display information about IS-IS interfaces of Switch C.
Page 400 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 21s Type: L1(L1L2) PRI: 64 System Id: 0000.0000.0003 Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 27s Type: L1 PRI: 64 System Id: 0000.0000.0002...
Page 401 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 4 IS-IS Configuration Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 7s Type: L1 PRI: 100 [SwitchC] display isis interface Interface information for ISIS(1) --------------------------------- Interface: Vlan-interface100 IPV4.State IPV6.State...
Page 402: Bgp Overview
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Chapter 5 BGP Configuration The Border Gateway Protocol (BGP) is a dynamic inter-AS route discovery protocol. When configuring BGP, go to these sections for information you are interested in:...
Page 403: Formats Of Bgp Messages
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Supporting CIDR Substantially reducing bandwidth occupation by advertising updating routes only and applicable to advertising a great amount of routing information on the Internet Eliminating route loops completely by adding AS path information to BGP routes...
Page 404 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Length: The 2-byte unsigned integer indicates the total length of the message. Type: This 1-byte unsigned integer indicates the type code of the message. The following type codes are defined: 1–Open, 2-Update, 3-Notification, 4–Keepalive, and 5–Route-refresh.
Page 405 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Figure 5-3 BGP Update message format Each Update message can advertise a group of feasible routes with similar attributes, which are contained in the network layer reachable information (NLRI) field. The Path Attributes field carries attributes of these routes that are used by BGP for routing.
Page 406: Bgp Path Attributes
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration V. Keepalive Keepalive messages are sent between peers to maintain connectivity. Its format contains only the message header. VI. Route-refresh A route-refresh message is sent to a peer to request the resending of the specified address family routing information.
Page 407 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Name Category AGGREGATOR Optional transitive COMMUNITY Optional transitive MULTI_EXIT_DISC (MED) Optional non-transitive ORIGINATOR_ID Optional non-transitive CLUSTER_LIST Optional non-transitive II. Usage of BGP path attributes ORIGIN ORIGIN is a well-known mandatory attribute and defines the origin of routing information and how a route becomes a BGP route.
Page 408 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Figure 5-6 AS_PATH attribute In general, a BGP router does not receive routes containing the local AS number to avoid routing loops. Note: The current implementation supports using the peer allow-as-loop command to receive routes containing the local AS number to meet special requirements.
Page 409 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration When sending a received route to an EBGP peer, a BGP speaker sets the NEXT_HOP for the route to the address of the sending interface. When sending a route received from an EBGP peer to an IBGP peer, a BGP speaker does not modify the NEXT_HOP attribute.
Page 410 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration In general, BGP compares MEDs of routes to the same AS only. Note: You can use the compare-different-as-med command to force BGP to compare MED values of routes to different ASs.
Page 411: Bgp Route Selection
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration No_Advertise: After received, routes with this attribute cannot be advertised to other BGP peers. No_Export_Subconfed: After received, routes with this attribute cannot be advertised out the local AS or other ASs in the local confederation.
Page 412 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration on route recursion is always enabled on the switch rather than configured using commands. BGP differs from IGP in the implementation of load balancing in the following:...
Page 413: Ibgp And Igp Synchronization
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration only once, with AS_PATH unchanged, NEXT_HOP changed to Router C’s address. Other BGP transitive attributes apply according to route selection rules. III. BGP route advertisement rules...
Page 414: Settlements For Problems Caused By Large Scale Bgp Networks
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration routing table can the IBGP router add the route into its BGP routing table and advertise the route to the EBGP peer. You can disable the synchronization feature in the following cases: The local AS is not a transitive AS (AS20 is a transitive AS in the above figure).
Page 415 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Figure 5-12 BGP route dampening III. Peer group A peer group is a collection of peers with the same attributes. When a peer joins the peer group, the peer obtains the same configuration as the peer group. If configuration of the peer group is changed, configuration of group members is also changed.
Page 416 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Besides using the well-known community attribute, you can define the extended community attribute using a community list to help define a routing policy. V. Route reflector IBGP peers should be fully meshed to maintain connectivity.
Page 417 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Figure 5-14 Network diagram for route reflectors When clients of a route reflector are fully meshed, route reflection is unnecessary because it consumes more bandwidth resources. The system supports using related commands to disable route reflection in this case.
Page 418 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Figure 5-15 Confederation network diagram From the perspective of a non-confederation speaker, it needs not know sub-ASs in the confederation. The ID of the confederation is the number of the AS. In the above figure, AS200 is the confederation ID.
Page 419: Bgp Configuration Task List
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration MP_UNREACH_NLRI: Multiprotocol Unreachable NLRI, withdrawing unfeasible routes The above two attributes are both optional non-transitive, so BGP speakers not supporting multi-protocol ignore the two attributes and do not forward them to peers.
Page 420: Configuring Bgp Basic Functions
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Task Remarks Configuring BGP Basic Functions Required Configuring BGP Route Optional Redistribution Configuring BGP Route Optional Summarization Advertising a Default Route to a Optional Peer or Peer Group...
Page 421 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration 5.3.1 Prerequisites The neighboring nodes are accessible to each other at the network layer. 5.3.2 Configuration Procedure Follow these steps to configure BGP basic functions: To do…...
Page 422 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration To do… Use the command… Remarks Optional peer { group-name | By default, BGP uses the Specify the source ip-address } outbound interface of the interface for establishing...
Page 423: Controlling Route Distribution And Reception
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Note: It is required to specify for a BGP router a router ID, a 32-bit unsigned integer and the unique identifier of the router in the AS.
Page 424: Configuring Bgp Route Redistribution
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration 5.4.2 Configuring BGP Route Redistribution BGP can advertise the routing information of the local AS to peering ASs, but it redistributes routing information from IGP into BGP rather than self-finding. During route redistribution, BGP can filter routing information from specific routing protocols.
Page 425: Advertising A Default Route To A Peer Or Peer Group
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Follow these steps to configure BGP route summarization: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Configure...
Page 426: Configuring Bgp Route Reception Filtering Policies
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number filter-policy { acl-number Required to choose any; | ip-prefix Not configured by default;...
Page 427: Enabling Bgp And Igp Route Synchronization
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration To do… Use the command… Remarks sequence: Reference an AS path peer { group-name | ACL to filter routing ip-address } as-path-acl filter-policy import information from a...
Page 428: Configuring Bgp Route Attributes
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration 5.4.8 Configuring BGP Route Dampening By configuring BGP route dampening, you can suppress unstable routes from neither adding them to the local routing table nor advertising them to BGP peers.
Page 429 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Use the To do… Remarks command… Optional Configure the default default med MED value 0 by default med-value Enable the Optional comparison of MED compare-differe of routes from...
Page 430 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Use the To do… Remarks command… Configure repeating peer Optional times of local AS { group-name | The local AS number can number in routes ip-address }...
Page 431: Tuning And Optimizing Bgp Networks
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Note: Using a routing policy can set preferences for routes matching it. Routes not matching it use the default preferences. If other conditions are identical, the route with the smallest MED value is selected as the best external route.
Page 432 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration bgp command to soft-reset BGP connections, to refresh the BGP routing table and apply the new policy without tearing down BGP connections. Configure BGP authentication BGP employs TCP as the transport protocol. To enhance security, you can configure BGP to perform MD5 authentication when establishing a TCP connection.
Page 433 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration To do… Use the command… Remarks Disable BGP route-refresh peer { group-name | Optional ip-address } multi-protocol Enabled by default capability-advertise extensions for conventional a peer/peer...
Page 434: Configuring A Large Scale Bgp Network
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Note: The maximum keepalive interval should be one third of the holdtime and no less than 1 second. The holdtime is no less than 3 seconds unless it is set to 0.
Page 435: Configuring Bgp Community
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Use the To do… Remarks command… Enter system view — system-view Enter BGP view — bgp as-number Create an IBGP Optional group group-name peer group [ internal ]...
Page 436: Configuring A Bgp Route Reflector
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Advertise the community peer { group-name | attribute to a...
Page 437: Configuring A Bgp Confederation
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration To do… Use the command… Remarks Optional Configure the cluster ID of By default, a route reflector cluster-id the route reflector reflector uses its router ID cluster-id as the cluster ID.
Page 438: Displaying And Maintaining Bgp
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Note: A confederation contains 32 sub-ASs at most. The as-number of a sub-AS takes effect in the confederation only. If routers not compliant with RFC 3065 exist in the confederation, you can use the confederation nonstandard command to make the local router compatible with these routers.
Page 439: Resetting Bgp Connections
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration To do… Use the command… Remarks Display BGP routing display bgp routing-table information originating different-origin-as from different ASs display bgp routing-table flap-info [ regular-expression Display BGP routing flap...
Page 440: Bgp Configuration Examples
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration 5.8.3 Clearing BGP Information To do… Use the command… Remarks Clear dampened MBGP reset bgp dampening [ ip-address routing information and [ mask | mask-length ] ]...
Page 441 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration [SwitchB] bgp 65009 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 9.1.1.2 as-number 65009 [SwitchB-bgp] peer 9.1.3.2 as-number 65009 [SwitchB-bgp] quit # Configure Switch C. <SwitchC> system-view [SwitchC] bgp 65009 [SwitchC-bgp] router-id 3.3.3.3...
Page 442 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Peer MsgRcvd MsgSent OutQ PrefRcv Up/Down State 9.1.1.2 4 65009 0 00:40:54 Established 9.1.3.2 4 65009 0 00:44:58 Established 200.1.1.2 4 65008 1 00:44:03 Established You can find Switch B has established BGP connections to other switches.
Page 443 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration 8.0.0.0 200.1.1.2 65008i Note: From the above outputs, you can find Switch A has learned no route to AS65009, and Switch C has learned network 8.0.0.0 but the next hop 200.1.1.2 is unreachable, so the route is invalid.
Page 444: Bgp And Igp Synchronization Configuration
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration 9.1.3.0/24 9.1.3.1 *>i 200.1.1.0 9.1.3.1 You can find the route 8.0.0.0 becomes valid with the next hop being Switch A. # Ping 8.1.1.1 on Switch C.
Page 445 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration <SwitchA> system-view [SwitchA] bgp 65008 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] peer 3.1.1.1 as-number 65009 # Inject network 8.1.1.0/24 to the BGP routing table. [SwitchA-bgp] network 8.1.1.0 24 [SwitchA-bgp] quit # Configure Switch B.
Page 446 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Destination/Mask Proto Cost NextHop Interface 8.1.1.0/24 O_ASE 9.1.1.1 Vlan300 9.1.1.0/24 Direct 0 9.1.1.2 Vlan300 9.1.1.2/32 Direct 0 127.0.0.1 InLoop0 9.1.2.0/24 Direct 0 9.1.2.1 Vlan400 9.1.2.1/32 Direct 0 127.0.0.1...
Page 447: Bgp Load Balancing And Med Attribute Configuration
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration 5.9.3 BGP Load Balancing and MED Attribute Configuration I. Network requirements Configure BGP on all switches; Switch A is in AS65008, and Switch B and C in AS65009.
Page 448 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration # Configure Switch C. <SwitchC> system-view [SwitchC] bgp 65009 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] peer 200.1.2.2 as-number 65008 [SwitchC-bgp] peer 9.1.1.1 as-number 65009 [SwitchC-bgp] network 9.1.1.0 255.255.255.0 [SwitchC-bgp] quit # Display the routing table on Switch A.
Page 449: Bgp Community Configuration
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration *> 8.0.0.0 0.0.0.0 *> 9.1.1.0/24 200.1.1.1 65009i *> 200.1.2.1 65009i The route 9.1.1.0/24 has two next hops 200.1.1.1 and 200.1.2.1, and both are the optimal. Configure MED # Configure the default MED of Switch B.
Page 450 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration II. Network diagram Figure 5-19 Network diagram for BGP community configuration III. Configuration procedure Configure IP addresses for interfaces (omitted) Configure EBGP # Configure Switch A.
Page 451 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration BGP local router ID : 2.2.2.2 Local AS number : 20 Paths: 1 available, 1 best BGP routing table entry information of 9.1.1.0/24: From : 200.1.2.1 (1.1.1.1) Original nexthop: 200.1.2.1...
Page 452: Bgp Route Reflector Configuration
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Paths: 1 available, 1 best BGP routing table entry information of 9.1.1.0/24: From : 200.1.2.1 (1.1.1.1) Original nexthop: 200.1.2.1 Community : No-Export AS-path : 10 Origin...
Page 453 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] peer 192.1.1.2 as-number 200 # Inject network 1.0.0.0/8 to the BGP routing table. [SwitchA-bgp] network 1.0.0.0 [SwitchA-bgp] quit # Configure Switch B.
Page 454: Bgp Confederation Configuration
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete...
Page 455 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration II. Network diagram Device Interface IP address Device Interface IP address Switch A Vlan-int100 200.1.1.1/24 Switch D Vlan-int400 10.1.3.2/24 Vlan-int200 10.1.1.1/24 Vlan-int200 10.1.5.1/24 Vlan-int300 10.1.2.1/24 Switch E Vlan-int500 10.1.4.2/24...
Page 456 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration [SwitchB-bgp] peer 10.1.1.1 as-number 65001 [SwitchB-bgp] quit # Configure Switch C. <SwitchC> system-view [SwitchC] bgp 65003 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] confederation id 200 [SwitchC-bgp] confederation peer-as 65001 65002 [SwitchC-bgp] peer 10.1.2.1 as-number 65001...
Page 457 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration <SwitchF> system-view [SwitchF] bgp 100 [SwitchF-bgp] router-id 6.6.6.6 [SwitchF-bgp] peer 200.1.1.1 as-number 200 [SwitchF-bgp] network 9.1.1.0 255.255.255.0 [SwitchF-bgp] quit Verify above configuration # Display the routing table on Switch B.
Page 458: Bgp Path Selection Configuration
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf PrefVal Path/Ogn *>i...
Page 459 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration II. Network diagram Device Interface IP address Device Interface IP address Switch A Vlan-int101 1.0.0.1/8 Switch D Vlan-int400 195.1.1.1/24 Vlan-int100 192.1.1.1/24 Vlan-int300 194.1.1.1/24 Vlan-int200 193.1.1.1/24 Switch C Vlan-int400 195.1.1.2/24...
Page 460 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration [SwitchD-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit Configure BGP connections # Configure Switch A. <SwitchA> system-view [SwitchA] bgp 100 [SwitchA-bgp] peer 192.1.1.2 as-number 200 [SwitchA-bgp] peer 193.1.1.2 as-number 200...
Page 461 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration [SwitchA-route-policy] if-match acl 2000 [SwitchA-route-policy] apply cost 50 [SwitchA-route-policy] quit [SwitchA] route-policy apply_med_100 permit node 10 [SwitchA-route-policy] if-match acl 2000 [SwitchA-route-policy] apply cost 100 [SwitchA-route-policy] quit # Apply routing policy apply_med_50 to the route advertised to peer 193.1.1.2 (Switch...
Page 462: Troubleshooting Bgp
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 5 BGP Configuration [SwitchC] bgp 200 [SwitchC-bgp] peer 193.1.1.1 route-policy localpref import [SwitchC-bgp] quit # Display the routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 2 BGP Local router ID is 194.1.1.1...
Page 463: Introduction To Routing Policy
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration Chapter 6 Routing Policy Configuration Note: The term “router” refers to a router in a generic sense or a Layer 3 switch running routing protocols.
Page 464 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration When distributing or receiving routing information, a router can use a routing policy to filter routing information. For example, a router receives or advertises only routing information that matches the criteria of a routing policy;...
Page 465: Routing Policy Application
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration V. Extended community list Extended community list (extcommunity-list) applies to BGP only. It involves two attributes: Route-Target extcommunity for VPN, Source of Origin extcommunity. An extcommunity-list specifies matching conditions according to the two attributes.
Page 466: Defining Filtering Lists
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration Task Creating a Routing Policy Configuring a Routing Defining if-match Clauses for the Routing Policy Policy Defining apply Clauses for the Routing Policy 6.3 Defining Filtering Lists 6.3.1 Prerequisites...
Page 467: Defining An As Path List
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration <Sysname> system-view [Sysname] ip ipv6-prefix abc index 10 deny 10.1.0.0 16 [Sysname] ip ipv6-prefix abc index 20 deny 10.2.0.0 16 [Sysname] ip ipv6-prefix abc index 30 deny 10.3.0.0 16 [Sysname] ip ipv6-prefix abc index 40 permit 0.0.0.0 0 less-equal 32...
Page 468: Configuring A Routing Policy
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration 6.3.5 Defining an Extended Community List You can define multiple items for an extended community list that is identified by number. During matching, the relation between items is logic OR, that is, if routing information matches one of these items, it passes the extended community list.
Page 469 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration To do… Use the command… Remarks Enter system view — system-view Create a routing policy route-policy route-policy-name Required and enter its view { permit | deny } node node-number Note: If a node has the permit keyword specified, routing information meeting the node’s...
Page 470 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration To do… Use the command… Remarks Optional Match routes having AS path if-match as-path attributes specified in the AS path list Not configured as-path-number&<1-16> by default...
Page 471 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration 6.4.4 Defining apply Clauses for the Routing Policy Follow these steps to define apply clauses for a route-policy: To do… Use the command… Remarks Enter system view —...
Page 472: Displaying And Maintaining The Routing Policy
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration To do… Use the command… Remarks Optional Set a preference for the apply preference matched routing protocol Not set by default preference Optional Set a preferred value for...
Page 473 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration On Switch B, configure route redistribution from IS-IS to OSPF and apply a routing policy to set attributes of redistributed routes, setting the cost of route 172.17.1.0/24 to 100, tag of route 172.17.2.0/24 to 20.
Page 474 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration [SwitchB] isis [SwitchB-isis-1] is-level level-2 [SwitchB-isis-1] network-entity 10.0000.0000.0002.00 [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] isis enable [SwitchB-Vlan-interface200] quit Configure OSPF and route redistribution # Configure Switch A: enable OSPF.
Page 475 Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration Configure filtering lists # Configure an ACL with the number of 2002, letting pass route 172.17.2.0/24. [SwitchB] acl number 2002 [SwitchB-acl-basic-2002] rule permit source 172.17.2.0 0.0.0.255 [SwitchB-acl-basic-2002] quit # Configure an IP prefix list named prefix-a, letting pass route 172.17.1.0/24.
Page 476: Troubleshooting Routing Policy Configuration
Operation Manual – IPv4 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration 192.168.2.0/24 Type2 192.168.1.2 192.168.2.2 Total Nets: 5 Intra Area: 1 Inter Area: 0 ASE: 4 NSSA: 0 6.7 Troubleshooting Routing Policy Configuration 6.7.1 IPv4 Routing Information Filtering Failure I.
Page 477 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IPv6 Static Routing Configuration ................1-1 1.1 Introduction to IPv6 Static Routing ..................1-1 1.1.1 Features of IPv6 Static Routes ................1-1 1.1.2 Default IPv6 Route ....................
Page 478 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Table of Contents 3.1.4 Timers of OSPFv3....................3-3 3.1.5 OSPFv3 Features Supported.................. 3-3 3.1.6 Related RFCs......................3-3 3.2 IPv6 OSPFv3 Configuration Task List ................3-4 3.3 Configuring OSPFv3 Basic Functions ................3-4 3.3.1 Prerequisites ......................
Page 479 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Table of Contents 4.5 IPv6 IS-IS Configuration Example ..................4-5 Chapter 5 IPv6 BGP Configuration ....................5-1 5.1 IPv6 BGP Overview ......................5-1 5.2 Configuration Task List ...................... 5-2 5.3 Configuring IPv6 BGP Basic Functions ................5-3 5.3.1 Prerequisites ......................
Page 480 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Table of Contents 5.9 IPv6 BGP Configuration Examples.................. 5-23 5.9.1 IPv6 BGP Basic Configuration ................5-23 5.9.2 IPv6 BGP Route Reflector Configuration.............. 5-25 5.10 Troubleshooting IPv6 BGP Configuration..............5-27 5.10.1 No IPv6 BGP Peer Relationship Established............5-27 Chapter 6 Routing Policy Configuration ..................
Page 481: Introduction To Ipv6 Static Routing
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Static Routing Configuration Chapter 1 IPv6 Static Routing Configuration Note: The term “router” in this document refers to a Layer 3 switch running routing protocols. At present, the LSQ1GP12EA boards in the S7500E series do not support IPv6.
Page 482: Displaying And Maintaining Ipv6 Static Routes
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Static Routing Configuration 1.2.1 Configuration prerequisites Enabling IPv6 packet forwarding Ensuring that the neighboring nodes are IPv6 reachable 1.2.2 Configuring an IPv6 Static Route Follow these steps to configure an IPv6 static route: To do...
Page 483 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Static Routing Configuration II. Network diagram Figure 1-1 Network diagram for static routes III. Configuration procedure Configure the IPv6 addresses of all VLAN interfaces (Omitted) Configure IPv6 static routes.
Page 484 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Static Routing Configuration Destination: ::/0 Protocol : Static NextHop : 4::2 Preference: 60 Interface : Vlan200 Cost Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0...
Page 485: Introduction To Ripng
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration Chapter 2 IPv6 RIPng Configuration Note: The term “router” in this document refers to a Layer 3 switch running routing protocols. At present, the LSQ1GP12EA boards in the S7500E series do not support IPv6.
Page 486: Ripng Packet Format
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration Destination address: IPv6 address of a host or a network. Next hop address: IPv6 address of a neighbor along the path to the destination. Egress interface: Outbound interface that forwards IPv6 packets.
Page 487: Ripng Packet Processing Procedure
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration Figure 2-3 shows the format of the IPv6 prefix RTE. IPv6 prefix (16 octets) Route tag Prefix length Metric Figure 2-3 IPv6 prefix RTE format IPv6 prefix: Destination IPv6 address prefix.
Page 488: Configuring Ripng Basic Functions
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration 2.2 Configuring RIPng Basic Functions In this section, you are presented with the information to configure the basic RIPng features. You need to enable RIPng first before configuring other tasks, but it is not necessary for RIPng related interface configurations, such as assigning an IPv6 address.
Page 489: Configuring Ripng Route Summarization
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration Define an IPv6 ACL before using it for route filtering. Refer to ACL configuration for related information. Define an IPv6 address prefix list before using it for route filtering. Refer to section 6.2.2 "Defining an IPv6 Prefix...
Page 490: Configuring A Ripng Route Filtering Policy
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration To do... Use the command... Remarks Enter system view –– system-view interface interface-type Enter interface view –– interface-number Required Advertise a default ripng default-route { only |...
Page 491: Tuning And Optimizing The Ripng Network
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration To do... Use the command... Remarks Enter system view — system-view Enter RIPng view ripng [ process-id ] — Optional Configure a RIPng preference [ route-policy...
Page 492 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration Follow these steps to configure RIPng timers: To do... Use the command... Remarks Enter system view — system-view Enter RIPng view ripng [ process-id ] —...
Page 493: Configuring Zero Field Check On Ripng Packets
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration To do... Use the command... Remarks Optional Enable the split horizon ripng split-horizon function Enabled by default Note: Generally, you are recommended to enable the split horizon to prevent routing loops.
Page 494: Displaying And Maintaining Ripng
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration 2.4.4 Configuring the Maximum Number of Equal Cost Routes for Load Balancing Follow these steps to configure the maximum number of equal cost RIPng routes for load balancing: To do...
Page 495 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration III. Configuration procedure Configure the IPv6 address for each interface (omitted) Configure basic RIPng functions # Configure Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ripng 1...
Page 496 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration [SwitchB] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100 Dest 1::/64, via FE80::20F:E2FF:FE23:82F5, cost...
Page 497 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 2 IPv6 RIPng Configuration [SwitchB] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100 Dest 1::/64, via FE80::20F:E2FF:FE23:82F5, cost...
Page 498 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration Chapter 3 IPv6 OSPFv3 Configuration Note: The term “router” in this document refers to a Layer 3 switch running routing protocols. At present, the LSQ1GP12EA boards in the S7500E series do not support IPv6.
Page 499: Ospfv3 Lsa Types
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration Figure 3-1 OSPFv3 packet header Major fields: Version #: Version of OSPF, which is 3 for OSPFv3. Type: Type of OSPF packet, from 1 to 5 are hello, DD, LSR, LSU, and LSAck respectively.
Page 500: Timers Of Ospfv
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration 3.1.4 Timers of OSPFv3 Timers in OSPFv3 include: OSPFv3 packet timer LSA delay timer SPF timer I. OSPFv3 packet timer Hello packets are sent periodically between neighboring routers for finding and maintaining neighbor relationships, or for DR/BDR election.
Page 501: Ipv6 Ospfv3 Configuration Task List
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration 3.2 IPv6 OSPFv3 Configuration Task List Complete the following tasks to configure OSPFv3: Task Remarks Configuring OSPFv3 Basic Functions Required Configuring an OSPFv3 Stub Area...
Page 502: Configuring Ospfv3 Area Parameters
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration To do... Use the command... Remarks Enter system view — system-view Enable OSPFv3 and enter ospfv3 [ process-id ] Required its view Specify a router ID...
Page 503: Configuring An Ospfv3 Stub Area
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration 3.4.2 Configuring an OSPFv3 Stub Area Follow these steps to configure an OSPFv3 stub area: To do... Use the command... Remarks Enter system view —...
Page 504: Configuring Ospfv3 Routing Information Management
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration To do... Use the command... Remarks vlink-peer router-id [ hello seconds Create and configure a | retransmit seconds | trans-delay Required virtual link seconds | dead seconds | instance...
Page 505: Configuring Ospfv3 Inbound Route Filtering
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration 3.5.3 Configuring OSPFv3 Inbound Route Filtering You can configure OSPFv3 to filter routes that are computed from received LSAs according to some rules. Follow these steps to configure inbound route filtering: To do...
Page 506: Configuring A Priority For Ospfv
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration To do... Use the command... Remarks Specify the maximum maximum Optional number of load-balanced load-balancing 4 by default routes maximum 3.5.6 Configuring a Priority for OSPFv3 A router may run multiple routing protocols.
Page 507: Tuning And Optimizing An Ospfv3 Network
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration Note: Using the import-route command on a router makes the router become an ASBR. Since OSPFv3 is a link state based routing protocol, it cannot directly filter LSAs to be advertised.
Page 508: Configuring The Dr Priority For An Interface
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration To do... Use the command... Remarks Optional Configure the dead ospfv3 timer dead seconds interval [ instance instance-id ] 40 seconds by default ospfv3 timer retransmit...
Page 509: Ignoring Mtu Check For Dd Packets
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration 3.6.4 Ignoring MTU Check for DD Packets When LSAs are few in DD packets, it is unnecessary to check MTU in DD packets in order to improve efficiency.
Page 510: Displaying And Maintaining Ospfv
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration To do... Use the command... Remarks Enter system view — system-view Enter OSPFv3 view ospfv3 [ process-id ] — Required Enable the logging on log-peer-change...
Page 511: Ospfv3 Configuration Examples
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration To do... Use the command... Remarks display ospfv3 [ process-id ] request-list [ { external | inter-prefix | inter-router | Display OSPFv3 link state intra-prefix | link | network | router }...
Page 512 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] quit [SwitchA] interface vlan-interface 300 [SwitchA-Vlan-interface300] ospfv3 1 area 1 [SwitchA-Vlan-interface300] quit [SwitchA] interface vlan-interface 200...
Page 513 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration [SwitchD] interface Vlan-interface 400 [SwitchD-Vlan-interface400] ospfv3 1 area 2 [SwitchD-Vlan-interface400] quit # Display OSPFv3 neighbor information on Switch B. [SwitchB] display ospfv3 peer OSPFv3 Area ID 0.0.0.0 (Process 1)
Page 514 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 *Destination: 2001:2::/64 Type Cost NextHop : directly-connected Interface: Vlan400 *Destination: 2001:3::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400...
Page 515: Configuring Ospfv3 Dr Election
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration Type Cost NextHop : directly-connected Interface: Vlan400 *Destination: 2001:3::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 Configure Area 2 as a totally stub area # Configure Switch C, the ABR, to make Area 2 as a totally stub area.
Page 516 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration II. Network diagram Figure 3-3 Network diagram for OSPFv3 DR election configuration III. Configuration procedure Configure IPv6 addresses for interfaces (omitted) Configure OSPFv3 basic functions # Configure Switch A <SwitchA>...
Page 517 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration [SwitchC-ospfv3-1] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] ospfv3 1 area 0 [SwitchC-Vlan-interface100] quit # Configure Switch D <SwitchD> system-view [SwitchD] ipv6 [SwitchD] ospfv3 [SwitchD-ospfv3-1] router-id 4.4.4.4...
Page 518 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration [SwitchB-Vlan-interface200] quit #Configure the DR priority of Switch C as 2. [SwitchC] interface Vlan-interface 100 [SwitchC-Vlan-interface100] ospfv3 dr-priority 2 [SwitchC-Vlan-interface100] quit # Display neighbor information on Switch A. You can find DR priorities have been updated, but DR and BDR are not changed.
Page 519: Troubleshooting Ospfv3 Configuration
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration 3.3.3.3 Full/Backup 00:00:32 Vlan100 3.9 Troubleshooting OSPFv3 Configuration 3.9.1 No OSPFv3 Neighbor Relationship Established I. Symptom No OSPF neighbor relationship can be established. II. Analysis If the physical link and lower protocol work well, check OSPF parameters configured on interfaces.
Page 520 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 3 IPv6 OSPFv3 Configuration Use the display ospfv3 lsdb command to display Link State Database information to check integrity. Display information about area configuration using display current-configuration configuration command. If more than two areas are configured, at least one area is connected to the backbone.
Page 521: Chapter 4 Ipv6 Is-Is Configuration
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 4 IPv6 IS-IS Configuration Chapter 4 IPv6 IS-IS Configuration Note: IPv6 IS-IS supports all the features of IPv4 IS-IS except that it advertises IPv6 routing information instead. This document describes only IPv6 IS-IS exclusive configuration tasks.
Page 522: Configuring Ipv6 Is-Is Basic Functions
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 4 IPv6 IS-IS Configuration 4.2 Configuring IPv6 IS-IS Basic Functions Note: You can implement IPv6 inter-networking through configuring IPv6 IS-IS in IPv6 network environment. 4.2.1 Configuration Prerequisites Before the configuration, accomplish the following tasks first:...
Page 523: Configuring Ipv6 Is-Is Routing Information Control
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 4 IPv6 IS-IS Configuration 4.3 Configuring IPv6 IS-IS Routing Information Control 4.3.1 Configuration Prerequisites You need to complete the IPv6 IS-IS basic function configuration before configuring this task. 4.3.2 Configuration Procedure Follow these steps to configure IPv6 IS-IS routing information control: To do...
Page 524: Displaying And Maintaining Ipv6 Is-Is
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 4 IPv6 IS-IS Configuration Note: The ipv6 filter-policy export command, usually used in combination with the ipv6 import-route command, filters redistributed routes when advertising them to other routers. If no protocol is specified, routes redistributed from all routing protocols are filtered before advertisement.
Page 525: Ipv6 Is-Is Configuration Example
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 4 IPv6 IS-IS Configuration To do... Use the command... Remarks Clear the IS-IS data Available in user reset isis peer system-id information of a neighbor [ process-id ] view 4.5 IPv6 IS-IS Configuration Example...
Page 526 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 4 IPv6 IS-IS Configuration [SwitchA-Vlan-interface100] quit # Configure Switch B. <SwitchB> system-view [SwitchB] isis 1 [SwitchB-isis-1] is-level level-1 [SwitchB-isis-1] network-entity 10.0000.0000.0002.00 [SwitchB-isis-1] ipv6 enable [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 200...
Page 527: Ipv6 Bgp Overview
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration Chapter 5 IPv6 BGP Configuration Note: This chapter describes only configuration for IPv6 BGP. For other related information, refer to the part discussing IPv4 routing.
Page 528 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration IPv6 BGP utilizes BGP multiprotocol extensions for application in IPv6 networks. The original messaging and routing mechanisms of BGP are not changed. 5.2 Configuration Task List...
Page 529: Configuring Ipv6 Bgp Basic Functions
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration Task Remarks Configuring IPv6 BGP Peer Group Optional Configuring a Large Configuring IPv6 BGP Community Optional Scale IPv6 BGP Network Configuring an IPv6 BGP Route...
Page 530: Advertising A Local Ipv6 Route
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration 5.3.3 Advertising a Local IPv6 Route Follow these steps to configure advertise a local route into the routing table: To do... Use the command... Remarks Enter system view —...
Page 531: Specifying The Source Interface For Establishing Tcp Connections
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration 5.3.5 Specifying the Source Interface for Establishing TCP Connections Follow these steps to specify the source interface for establishing TCP connections to a BGP peer or peer group: To do...
Page 532: Configuring A Description For A Peer/Peer Group
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration To do... Use the command... Remarks Allow the establishment of peer { ipv6-group-name | Required EBGP connection to a ipv6-address } non directly connected Not configured by default...
Page 533: Logging Peer State Changes
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration To do... Use the command... Remarks Enter IPv6 address family — ipv6-family view Disable session Optional peer { ipv6-group-name | establishment to a ipv6-address } ignore...
Page 534: Configuring Ipv6 Bgp Route Redistribution
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration 5.4.2 Configuring IPv6 BGP Route Redistribution Follow these steps to configure IPv6 BGP route redistribution and filtering: To do... Use the command... Remarks Enter system view —...
Page 535: Configuring Route Distribution Policy
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration Note: With the peer default-route-advertise command used, the local router advertises a default route with itself as the next hop to the specified peer/peer group, regardless of whether the default route is available in the routing table.
Page 536: Configuring Route Reception Policy
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration 5.4.5 Configuring Route Reception Policy Follow these steps to configure route reception policy: To do... Use the command... Remarks Enter system view — system-view Enter BGP view —...
Page 537: Configuring Route Dampening
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration By default, when a BGP router receives an IBGP route, it only checks the reachability of the route’s next hop before advertisement. If the synchronization feature is configured, only the IBGP route is advertised by IGP can the route be advertised to EBGP peers.
Page 538: Configuring The Med Attribute
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration Enabled IPv6 function Configured IPv6 BGP basic functions 5.5.2 Configuring IPv6 BGP Preference and Default LOCAL_PREF and NEXT_HOP Attributes Follow these steps to perform this configuration: To do...
Page 539: Configuring The As_Path Attribute
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration To do... Use the command... Remarks Enter system view — system-view Enter BGP view Required bgp as-number Enter IPv6 address family — ipv6-family view Optional...
Page 540: Tuning And Optimizing Ipv6 Bgp Networks
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration To do... Use the command... Remarks Substitute local AS number for the AS peer { ipv6-group-name | Optional number of a peer/peer ipv6-address } Not substituted by default...
Page 541: Configuring Ipv6 Bgp Soft Reset
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration To do... Use the command... Remarks Enter system view — system-view Enter BGP view Required bgp as-number Enter IPv6 address family — ipv6-family view Specify...
Page 542 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration To do... Use the command... Remarks Optional peer { ipv6-group-name | Enable route refresh ipv6-address } capability-advertise Enabled by default route-refresh II. Perform manual soft-reset Follow these steps to perform manual soft reset: To do...
Page 543: Configuring A Large Scale Ipv6 Bgp Network
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration To do... Use the command... Remarks Required Configure the maximum number of load balanced By default, no load balance number routes balancing is enabled. 5.7 Configuring a Large Scale IPv6 BGP Network In a large-scale IPv6 BGP network, configuration and maintenance become no convenient due to too many peers.
Page 544 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration To do... Use the command... Remarks Enter system view — system-view Required Enter BGP view bgp as-number Not enabled by default Enter IPv6 address —...
Page 545: Configuring Ipv6 Bgp Community
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration To do... Use the command... Remarks Enter system view — system-view Required Enter BGP view bgp as-number Not enabled by default Enter IPv6 address family —...
Page 546: Configuring An Ipv6 Bgp Route Reflector
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration II. Apply a routing policy to routes advertised to a peer/peer group Follow these steps to apply a routing policy to routes advertised to a peer/peer group: To do...
Page 547: Displaying And Maintaining Ipv6 Bgp Configuration
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration Note: In general, since the route reflector forwards routing information between clients, it is not required to make clients of a route reflector fully meshed. If clients are fully meshed, it is recommended to disable route reflection between clients to reduce routing costs.
Page 548: Resetting Ipv6 Bgp Connections
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration To do... Use the command... Remarks Display IPv6 BGP display bgp ipv6 routing-table dampening parameter dampening parameter information Display IPv6 BGP routing display bgp ipv6 routing-table...
Page 549: Ipv6 Bgp Configuration Examples
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration 5.9 IPv6 BGP Configuration Examples Note: Some examples for IPv6 BGP configuration are similar to those of BGP-4, so refer to the sections covering BGP in the IPv4 routing part for related information.
Page 550 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration # Configure Switch C. <SwitchC> system-view [SwitchC] ipv6 [SwitchC] bgp 65009 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] ipv6-family [SwitchC-bgp-af-ipv6] peer 9:3::1 as-number 65009 [SwitchC-bgp-af-ipv6] peer 9:2::2 as-number 65009...
Page 551: Ipv6 Bgp Route Reflector Configuration
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration Total number of peers : 3 Peers in established state : 3 Peer MsgRcvd MsgSent OutQ PrefRcv Up/Down State 10::2 4 65008 0 00:01:16 Established...
Page 552 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration III. Configuration procedure Configure IPv6 addresses for VLAN interfaces (omitted) Configure IPv6 BGP basic functions # Configure Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] bgp 100 [SwitchA-bgp] router-id 1.1.1.1...
Page 553: Troubleshooting Ipv6 Bgp Configuration
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 5 IPv6 BGP Configuration Use the display bgp ipv6 routing-table command on Switch B and Switch D respectively, you can find both of them have learned the network 1::/64.
Page 554: Routing Policy
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration Chapter 6 Routing Policy Configuration Note: At present, the LSQ1GP12EA boards in the S7500E series do not support IPv6. 6.1 Introduction to Routing Policy 6.1.1 Routing Policy A routing policy is used on the router for route inspection, filtering, attributes modifying when routes are received, advertised, or redistributed.
Page 555 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration An IP prefix list is identified by name. Each IP prefix list can comprise multiple items, and each item, which is identified by an index number, can specify a matching range in the network prefix format.
Page 556: Defining An Ipv6 Prefix List
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration When receiving or advertising routing information, a routing protocol uses the routing policy to filter routing information. 6.2 Defining Filtering Lists 6.2.1 Prerequisites Before configuring this task, you need to decide on:...
Page 557: Defining An Extended Community List
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration [Sysname] ip ip-prefix abc index 40 permit :: 0 less-equal 128 6.2.3 Defining an AS Path List You can define multiple items for an AS path ACL that is identified by number. During matching, the relation between items is logical OR, that is, if the route matches one of these items, it passes the AS path ACL.
Page 558 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration To do... Use the command... Remarks Enter system view — system-view ip extcommunity-list Required Define an extended ext-comm-list-number community list { deny | permit } { rt Not defined by default route-target }&<1-16>...
Page 559 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration Note: If a node has the permit keyword specified, routing information meeting the node’s conditions will be handled using the apply clauses of this node, without needing to match against the next node.
Page 560 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration To do... Use the command... Remarks Match BGP routes having if-match extcommunity Optional extended attributes ext-comm-list-number&<1 contained in the extended Not configured by default -16>...
Page 561 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration To do... Use the command... Remarks apply as-path Optional Set AS_Path attribute for as-number&<1-10> IPv6 BGP routes Not set by default [ replace ] Specify a community list...
Page 562: Applying Routing Policy When Redistributing Ipv6 Routes
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration Note: The apply ipv6 next-hop commands do not apply to redistributed IPv6 routes respectively. 6.4 Displaying and Maintaining the Routing Policy To do... Use the command...
Page 563 Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration II. Network diagram Figure 6-1 Network diagram for routing policy application to route redistribution III. Configuration procedure Configure Switch A # Configure IPv6 addresses for VLAN-interface 100 and VLAN-interface 200.
Page 564: Ipv6 Routing Information Filtering Failure
Operation Manual – IPv6 Routing H3C S7500E Series Ethernet Switches Chapter 6 Routing Policy Configuration # Configure the IPv6 address for VLAN-interface 100. [SwitchB] ipv6 [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ipv6 address 10::2 32 # Enable RIPng on VLAN-interface 100.
Page 565 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IPv6 Basics Configuration ..................1-1 1.1 IPv6 Overview........................1-1 1.1.1 IPv6 Features ......................1-2 1.1.2 Introduction to IPv6 Address ................... 1-3 1.1.3 Introduction to IPv6 Neighbor Discovery Protocol ..........1-7 1.1.4 IPv6 PMTU Discovery ...................
Page 566 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Table of Contents 3.3 Configuring IPv6 Manual Tunnel ..................3-4 3.3.1 Configuration Prerequisites..................3-4 3.3.2 Configuration Procedure ..................3-4 3.3.3 Configuration Example.................... 3-6 3.4 Configuring 6to4 Tunnel ....................3-10 3.4.1 Configuration Prerequisites................... 3-10 3.4.2 Configuration Procedure ..................
Page 567: Ipv6 Overview
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration Chapter 1 IPv6 Basics Configuration When configuring IPv6 basics, go to these sections for information you are interested IPv6 Overview IPv6 Basics Configuration Task List...
Page 568: Ipv6 Features
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration 1.1.1 IPv6 Features I. Header format simplification IPv6 cuts down some IPv4 header fields or move them to the IPv6 extension headers to reduce the length of the basic IPv6 header. IPv6 uses the basic header with a fixed length, thus making IPv6 packet handling simple and improving the forwarding efficiency.
Page 569: Introduction To Ipv6 Address
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration Stateless address configuration means that a host automatically configures an IPv6 address and related information on basis of its own link-layer address and the prefix information advertised by a router.
Page 570 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration Leading zeros in each group can be removed. For example, the above-mentioned address represented shorter format 2001:0:130F:0:0:9C0:876A:130B. If an IPv6 address contains two or more consecutive groups of zeros, they can be replaced by the double-colon :: option.
Page 571 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration Note: There are no broadcast addresses in IPv6. Their function is superseded by multicast addresses. The type of an IPv6 address is designated by the first several bits called format prefix.
Page 572 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration Unassigned address: The unicast address "::” is called the unassigned address and may not be assigned to any node. Before acquiring a valid IPv6 address, a node may fill this address in the source address field of an IPv6 packet, but may not use it as a destination IPv6 address.
Page 573: Introduction To Ipv6 Neighbor Discovery Protocol
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration Figure 1-2 Convert a MAC address into an EUI-64 interface identifier 1.1.3 Introduction to IPv6 Neighbor Discovery Protocol IPv6 Neighbor Discovery Protocol (NDP) uses five types of ICMPv6 messages to...
Page 574 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration ICMPv6 message Number Function Used to respond to an RS message With the RA message suppression disabled, Router advertisement the router regularly sends an RA message...
Page 575 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration Node A sends an NS message whose destination address is the IPv6 address of node B. If node A receives an NA message from node B, node A considers that node B is reachable.
Page 576: Ipv6 Pmtu Discovery
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration The router returns an RA message containing information such as prefix information option. (The router also regularly sends an RA message.) The node automatically configures an IPv6 address and other information for its interface according to the address prefix and other configuration parameters in the RA message.
Page 577: Introduction To Ipv6 Dns
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration Figure 1-5 Working procedure of the PMTU discovery The working procedure of the PMTU discovery is as follows: The source host uses its MTU to fragment packets and then sends them to the destination host.
Page 578: Ipv6 Basics Configuration Task List
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration RFC 2375: IPv6 Multicast Address Assignments RFC 2460: Internet Protocol, Version 6 (IPv6) Specification. RFC 2461: Neighbor Discovery for IP Version 6 (IPv6) RFC 2462: IPv6 Stateless Address Autoconfiguration...
Page 579: Configuring An Ipv6 Unicast Address
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration 1.3.2 Configuring an IPv6 Unicast Address IPv6 site-local addresses and aggregatable global unicast addresses can be configured in the following ways: EUI-64 format: When the EUI-64 format is adopted to form IPv6 addresses, the IPv6 address prefix of an interface is the configured prefix and the interface identifier is derived from the link-layer address of the interface.
Page 580: Configuring Ipv6 Ndp
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration Note: After an IPv6 site-local address or aggregatable global unicast address is configured for an interface, a link-local address will be generated automatically. The automatically generated link-local address is the same as the one generated by using the ipv6 address auto link-local command.
Page 581: Configuring The Maximum Number Of Neighbors Dynamically Learned
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration To do... Use the command... Remarks Enter system view — system-view ipv6 neighbor ipv6-address Configure a static mac-address { vlan-id port-type Required neighbor entry port-number | interface...
Page 582: Configuring Parameters Related To An Ra Message
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration 1.4.3 Configuring Parameters Related to an RA Message You can configure whether the interface sends an RA message, the interval for sending RA messages, and parameters in RA messages. After receiving an RA message, a host can use these parameters to perform corresponding operations.
Page 583 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration Note: The values of the Retrans Timer field and the Reachable Time field configured for an interface are sent to hosts via RA messages. Furthermore, this interface sends NS messages at intervals of Retrans Timer and considers a neighbor reachable within the time of Reachable Time.
Page 584: Configuring The Number Of Attempts To Send An Ns Message For Dad
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration To do… Use the command… Remarks Optional By default, the O flag bit is set to Set the O flag bit to ipv6 nd autoconfig...
Page 585: Configuring Pmtu Discovery
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration To do… Use the command… Remarks Optional Configure the number of 1 by default. When the ipv6 nd dad attempts attempts to send an NS...
Page 586: Configuring Ipv6 Tcp Properties
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration 1.6 Configuring IPv6 TCP Properties The IPv6 TCP properties you can configure include: synwait timer: When a SYN packet is sent, the synwait timer is triggered. If no response packet is received before the synwait timer expires, the IPv6 TCP connection establishment fails.
Page 587: Configuring Ipv6 Dns
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration Follow these steps to configure the capacity and update period of the token bucket: To do… Use the command… Remarks Enter system view — system-view...
Page 588: Configuring Dynamic Ipv6 Domain Name Resolution
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration 1.8.2 Configuring Dynamic IPv6 Domain Name Resolution If you want to use the dynamic domain name function, you can use the following command to enable the dynamic domain name resolution function. In addition, you should configure a DNS server so that a query request message can be sent to the correct server for resolution.
Page 589: Displaying And Maintaining Ipv6 Basics Configuration
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration 1.9 Displaying and Maintaining IPv6 Basics Configuration To do… Use the command… Remarks Display DNS suffix display dns domain [ dynamic ] information Display IPv6 dynamic...
Page 590: Ipv6 Configuration Example
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration To do… Use the command… Remarks Available Clear IPv6 dynamic domain in user reset dns ipv6 dynamic-host name cache information view reset ipv6 neighbors { all | dynamic...
Page 591 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration # Enable the IPv6 packet forwarding function. <SwitchA> system-view [SwitchA] ipv6 # Configure VLAN-interface 2 to automatically generate a link-local address. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address auto link-local # Configure an EUI-64 address for VLAN-interface 2.
Page 592 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses # Display the IPv6 information of the interface on Switch B.
Page 593: Operation Manual – Ipv6 Configuration
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration bytes=56 Sequence=3 hop limit=255 time = 60 ms Reply from FE80::20F:E2FF:FE00:1 bytes=56 Sequence=4 hop limit=255 time = 70 ms Reply from FE80::20F:E2FF:FE00:1 bytes=56 Sequence=5 hop limit=255...
Page 594: Troubleshooting Ipv6 Basics Configuration
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 1 IPv6 Basics Configuration bytes=56 Sequence=5 hop limit=255 time = 60 ms --- 3001::2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 50/60/70 ms 1.11 Troubleshooting IPv6 Basics Configuration...
Page 595: Dual Stack Overview
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 2 Dual Stack Configuration Chapter 2 Dual Stack Configuration When configuring dual stack, go to these sections for information you are interested in: Dual Stack Overview Configuring Dual Stack 2.1 Dual Stack Overview...
Page 596 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 2 Dual Stack Configuration To do… Use the command… Remarks Enter system view — system-view Required Enable the IPv6 packet forwarding Disabled by ipv6 function default. interface Enter interface view —...
Page 597: Introduction To Tunneling
Note: NTP-related commands are available in tunnel interface view on H3C S7500E series Ethernet Switches, but NTP features cannot be enabled after you execute the NTP commands. For related information about NTP, refer to NTP Configuration.
Page 598 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration Caution: The devices at both ends of an IPv6 over IPv4 tunnel must support IPv4/IPv6 dual stack. Figure 3-1 Principle of IPv6 over IPv4 tunnel The IPv6 over IPv4 tunnel processes packets in the following way: A host in the IPv6 network sends an IPv6 packet to the device at the source end of the tunnel.
Page 599 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration If the IPv4 address of the tunnel destination cannot be acquired from the destination address of the IPv6 packet, it needs to be configured manually. Such a tunnel is called a configured tunnel.
Page 600: Tunneling Configuration Task List
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration destination address of an IPv6 packet and the IPv6 address of a tunnel interface both adopt special addresses: ISATAP addresses. The ISATAP address format is prefix(64bit):0:5EFE:ip-address. The ip-address is in the form of a.b.c.d or abcd:efgh, where abcd:efgh represents a 32-bit source IPv4 address.
Page 601 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration To do… Use the command… Remarks Required Create a tunnel interface and By default, there is no interface tunnel enter tunnel interface view tunnel interface on the number device.
Page 602 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration Caution: When you create a tunnel interface on a device, the slot of the tunnel interface should be that of the source port, namely, the port sending packets. In this way, the forwarding efficiency can be improved.
Page 603: Link Aggregation Group
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration II. Network diagram Figure 3-3 Network diagram for an IPv6 manual tunnel III. Configuration procedure Configuration on Switch A # Enable IPv6. <SwitchA> system-view [SwitchA] ipv6 # Configure a link aggregation group.
Page 604 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration # Enable IPv6. <SwitchB> system-view [SwitchB] ipv6 # Configure a link aggregation group. Disable STP on the port before adding it into the link aggregation group.
Page 605 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration FF02::1 MTU is 1500 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses [SwitchB] display ipv6 interface Tunnel1/0/3...
Page 606: Configuring 6To4 Tunnel
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration 3.4 Configuring 6to4 Tunnel 3.4.1 Configuration Prerequisites IP addresses are configured for interfaces such as VLAN interface and loopback interface on the device. Such an interface can serve as the source interface of the tunnel to ensure that the tunnel destination address is reachable.
Page 607 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration To do… Use the command… Remarks Required source { ip-address | By default, no source Configure a source address address or interface is interface-type or interface for the tunnel...
Page 608 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration 3.4.3 Configuration Example I. Network requirements Isolated IPv6 networks are interconnected through a 6to4 tunnel over the IPv4 network. II. Network diagram Figure 3-4 Network diagram for a 6to4 tunnel III.
Page 609 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration # Configure a route to VLAN-interface 100 of Switch B. (Here the next-hop address of the static route is represented by [nexthop]. In practice, you should configure the real next-hop address according to the network.)
Page 610 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration [SwitchB-Vlan-interface100] ip address 5.1.1.1 24 [SwitchB-Vlan-interface100] quit # Configure a route to VLAN-interface 100 of Switch A. (Here the next-hop address of the static route is represented by [nexthop]. In practice, you should configure the real next-hop address according to the network.)
Page 611: Configuring Isatap Tunnel
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration Minimum = 0ms, Maximum = 13ms, Average = 3ms 3.5 Configuring ISATAP Tunnel 3.5.1 Configuration Prerequisites IP addresses are configured for interfaces such as VLAN interface and loopback interface on the device.
Page 612 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration To do… Use the command… Remarks Required By default, the tunnel mode is manual. The same tunnel type should tunnel-protocol Set an ISATAP tunnel be configured at...
Page 613 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration 3.5.3 Configuration Example I. Network requirements The destination address of a tunnel is an ISATAP address. It is required that IPv6 hosts in the IPv4 network can access the IPv6 network via an ISATAP tunnel.
Page 614 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration [Switch-Vlan-interface101] ip address 2.1.1.1 255.0.0.0 [Switch-Vlan-interface101] quit # Configure an ISATAP tunnel. [Switch] interface tunnel 1/0/3 [Switch-Tunnel1/0/3] ipv6 address 2001::1/64 eui-64 [Switch-Tunnel1/0/3] source vlan-interface 101 [Switch-Tunnel1/0/3] tunnel-protocol ipv6-ipv4 isatap # Configure the tunnel to reference link aggregation group 1 in tunnel interface view.
Page 615: Displaying And Maintaining Tunneling Configuration
Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration C:\>ipv6 if 2 Interface 2: Automatic Tunneling Pseudo-Interface Guid {48FCE3FC-EC30-E50E-F1A7-71172AEEE3AE} does not use Neighbor Discovery uses Router Discovery routing preference 1 EUI-64 embedded IPv4 address: 2.1.1.2 router link-layer address: 2.1.1.1...
Page 616 Operation Manual – IPv6 Configuration H3C S7500E Series Ethernet Switches Chapter 3 Tunneling Configuration The common cause is that the physical interface of the tunnel source is not up. Use the display interface tunnel or display ipv6 interface tunnel commands to view whether the physical interface of the tunnel source is up.
Page 617 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Multicast Overview ...................... 1-1 1.1 Introduction to Multicast..................... 1-1 1.1.1 Comparison of Information Transmission Techniques..........1-1 1.1.2 Roles in Multicast ....................1-4 1.1.3 Advantages and Applications of Multicast .............. 1-5 1.2 Multicast Models ........................
Page 618 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Table of Contents 2.6.4 Configuring the Function of Dropping Unknown Multicast Data ......2-19 2.6.5 Configuring IGMP Report Suppression..............2-20 2.6.6 Configuring Maximum Multicast Groups that Can Be Joined on a Port....2-21 2.6.7 Configuring Multicast Group Replacement ............
Page 619 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Table of Contents Chapter 5 PIM Configuration......................5-1 5.1 PIM Overview........................5-1 5.1.1 Introduction to PIM-DM ................... 5-2 5.1.2 How PIM-DM Works....................5-2 5.1.3 Introduction to PIM-SM ................... 5-5 5.1.4 How PIM-SM Works....................5-6 5.1.5 Introduction to BSR Admin-scope Regions in PIM-SM.........
Page 620 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Table of Contents 5.8.1 Failure of Building a Multicast Distribution Tree Correctly ........5-52 5.8.2 Multicast Data Abnormally Terminated on an Intermediate Router ...... 5-53 5.8.3 RPs Unable to Join SPT in PIM-SM..............5-54 5.8.4 No Unicast Route Between BSR and C-RPs in PIM-SM ........
Page 621 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Table of Contents 7.3 Configuring Multicast Routing and Forwarding..............7-6 7.3.1 Configuration Prerequisites..................7-6 7.3.2 Enabling IP Multicast Routing ................. 7-7 7.3.3 Configuring Multicast Static Routes ................ 7-7 7.3.4 Configuring a Multicast Route Match Rule.............. 7-8 7.3.5 Configuring Multicast Load Splitting................
Page 622: Introduction To Multicast
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview Chapter 1 Multicast Overview Note: This manual chiefly focuses on the IP multicast technology and device operations. Unless otherwise stated, the term “multicast” in this document refers to IP multicast.
Page 623 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview Figure 1-1 Unicast transmission Assume that Hosts B, D and E need this information. The information source establishes a separate transmission channel for each of these hosts.
Page 624 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview Figure 1-2 Broadcast transmission Assume that only Hosts B, D, and E need the information. If the information source broadcasts the information, Hosts A and C also receive it. In addition to information security issues, this also causes traffic flooding on the same network.
Page 625: Roles In Multicast
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview Figure 1-3 Multicast transmission Assume that Hosts B, D and E need the information. To receive the information correctly, these hosts need to join a receiver set, which is known as a multicast group.
Page 626: Advantages And Applications Of Multicast
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview For a better understanding of the multicast concept, you can assimilate multicast transmission to the transmission of TV programs, as shown in Table 1-1. Table 1-1 An analogy between TV transmission and multicast transmission...
Page 627: Multicast Models
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview Any other point-to-multiple-point data distribution application. 1.2 Multicast Models Based on how the receivers treat the multicast sources, there are two multicast models: I. ASM model In the ASM model, any sender can send information to a multicast group as a multicast source, and numbers of receivers can join a multicast group identified by a group address and obtain multicast information addressed to that multicast group.
Page 628: Multicast Addresses
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview hosts, and the TCP/IP stack must support reception and transmission of multicast data. 1.3.1 Multicast Addresses To allow communication between multicast sources and multicast group members, network-layer multicast addresses, namely, multicast IP addresses must be provided.
Page 629 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview Table 1-3 Some reserved multicast addresses Address Description 224.0.0.1 All systems on this subnet, including hosts and routers 224.0.0.2 All multicast routers on this subnet 224.0.0.3 Unassigned 224.0.0.4...
Page 630 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview assigned by IANA; when set to 1, the T flag indicates a transient, or dynamically assigned multicast address. Scope: 4 bits, indicating the scope of the IPv6 internetwork for which the multicast traffic is intended.
Page 631 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview Figure 1-5 IPv4-to-MAC address mapping The high-order four bits of a multicast IPv4 address are 1110, indicating that this address is a multicast address, and only 23 bits of the remaining 28 bits are mapped to a MAC address, so five bits of the multicast IPv4 address are lost.
Page 632: Multicast Protocols
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview 1.3.2 Multicast Protocols Note: Generally, we refer to IP multicast working at the network layer as Layer 3 multicast and the corresponding multicast protocols as Layer 3 multicast protocols, which include IGMP/MLD, PIM/IPv6 PIM, and MSDP;...
Page 633 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview connected with the hosts. These protocols define the mechanism of establishing and maintaining group memberships between hosts and Layer 3 multicast devices. Multicast routing protocols A multicast routing protocol runs on Layer 3 multicast devices to establish and maintain multicast routes and forward multicast packets correctly and efficiently.
Page 634: Multicast Packet Forwarding Mechanism
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 1 Multicast Overview IGMP Snooping/MLD Snooping Running on Layer 2 devices, Internet Group Management Protocol Snooping (IGMP Snooping) and Multicast Listener Discovery Snooping (MLD Snooping) are multicast constraining mechanisms that manage and control multicast groups by listening to and...
Page 635: Igmp Snooping Overview
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Chapter 2 IGMP Snooping Configuration When configuring IGMP Snooping, go to the following sections for information you are interested in: IGMP Snooping Overview Configuring Basic Functions of IGMP Snooping...
Page 636: Basic Concepts In Igmp Snooping
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Multicast packet transmission Multicast packet transmission without IGMP Snooping when IGMP Snooping runs Multicast router Multicast router Source Source Layer 2 switch Layer 2 switch Host A...
Page 637 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Router port: A router port is a port on the Ethernet switch that leads switch towards the Layer 3 multicast device (DR or IGMP querier). In the figure, Ethernet 1/0/1 of Switch A and Ethernet 1/0/1 of Switch B are router ports.
Page 638: Work Mechanism Of Igmp Snooping
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Note: The port aging mechanism of IGMP Snooping works only for dynamic ports; a static port will never age out. 2.1.3 Work Mechanism of IGMP Snooping...
Page 639: Portal
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration If a forwarding table entry exists for the reported group and the port is included in the outgoing port list, which means that this port is already a member port, the switch resets the member port aging timer for that port.
Page 640: Processing Of Multicast Protocol Messages
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration forwards it through all its router ports in the VLAN and all member ports for that multicast group, and performs the following: If any IGMP report in response to the group-specific query is heard on a member port before its aging timer expires, this means that some host attached to the port is receiving or expecting to receive multicast data for that multicast group.
Page 641: Igmp Snooping Configuration Task List
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration 2.2 IGMP Snooping Configuration Task List Complete these tasks to configure IGMP Snooping: Task Remarks Enabling IGMP Snooping Required Configuring Basic Functions of IGMP Configuring the Version of IGMP...
Page 642: Configuring Basic Functions Of Igmp Snooping
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Note: Configurations made in IGMP Snooping view are effective for all VLANs, while configurations made in VLAN view are effective only for ports belonging to the current VLAN.
Page 643: Configuring Igmp Snooping Port Functions
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Note: IGMP Snooping must be enabled globally before it can be enabled in a VLAN. After enabling IGMP Snooping in a VLAN, you cannot enable IGMP and/or PIM on the corresponding VLAN interface, and vice versa.
Page 644: Configuring Aging Timers For Dynamic Ports
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Enable IGMP Snooping in the VLAN or enable IGMP on the desired VLAN interface Configure the corresponding port groups. Before configuring IGMP Snooping port functions, prepare the following data:...
Page 645: Configuring Static Ports
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration To do... Use the command... Remarks Optional Configure member port igmp-snooping aging time 260 seconds by default host-aging-time interval 2.4.3 Configuring Static Ports If all the hosts attached to a port are interested in the multicast data addressed to a...
Page 646: Configuring Simulated Joining
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration 2.4.4 Configuring Simulated Joining Generally, a host running IGMP responds to IGMP queries from the IGMP querier. If a host fails to respond due to some reasons, the multicast router may deem that no member of this multicast group exists on the network segment, and therefore will remove the corresponding forwarding path.
Page 647: Configuring Fast Leave Processing
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration 2.4.5 Configuring Fast Leave Processing The fast leave processing feature allows the switch to process IGMP leave group messages in a fast way. With the fast leave processing feature enabled, when receiving an IGMP leave group message on a port, the switch immediately removes that port from the outgoing port list of the forwarding table entry for the indicated group.
Page 648: Configuring Igmp Snooping Querier
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Caution: If fast leave processing is enabled on a port to which more than one host is attached, when one host leaves a multicast group, the other hosts attached to the port and interested in the same multicast group will fail to receive multicast data for that group.
Page 649: Configuring Igmp Queries And Responses
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Caution: It is meaningless to configure an IGMP Snooping querier in a multicast network running IGMP. Although an IGMP Snooping querier does not take part in IGMP querier elections, it may affect IGMP querier elections because it sends IGMP general queries with a low source IP address.
Page 650: Configuring Source Ip Address Of Igmp Queries
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration II. Configuring IGMP queries and responses in a VLAN Follow these steps to configure IGMP queries and responses in a VLAN: To do... Use the command...
Page 651: Configuring An Igmp Snooping Policy
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration To do... Use the command... Remarks igmp-snooping Configure the source IP Optional special-query source-ip address of IGMP { current-interface | 0.0.0.0 by default group-specific queries ip-address }...
Page 652: Configuring Multicast Source Port Filtering
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration To do... Use the command... Remarks Enter system view — system-view Enter IGMP Snooping — igmp-snooping view Required group-policy Configure a multicast No group filter is configured by...
Page 653: Configuring The Function Of Dropping Unknown Multicast Data
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration To do... Use the command... Remarks Required Enable multicast source source-deny port port filtering Disabled by default interface-list II. Configuring multicast source port filtering on a port or a group of ports...
Page 654: Configuring Igmp Report Suppression
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration To do... Use the command... Remarks Enter system view — system-view Enter IGMP Snooping — igmp-snooping view Enable the function of Required dropping unknown drop-unknown Disabled by default multicast data II.
Page 655: Configuring Maximum Multicast Groups That Can Be Joined On A Port
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration To do... Use the command... Remarks Enter system view — system-view Enter IGMP Snooping — igmp-snooping view Optional Enable IGMP report report-aggregation suppression Enabled by default 2.6.6 Configuring Maximum Multicast Groups that Can Be Joined on a Port...
Page 656: Configuring Multicast Group Replacement
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration 2.6.7 Configuring Multicast Group Replacement For some special reasons, the number of multicast groups that can be joined on the current switch or port may exceed the number configured for the switch or the port. In addition, in some specific applications, a multicast group newly joined on the switch needs to replace an existing multicast group automatically.
Page 657: Displaying And Maintaining Igmp Snooping
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Caution: Be sure to configure the maximum number of multicast groups allowed on a port (refer Configuring Maximum Multicast Groups that Can Be Joined on a Port) before configuring multicast group replacement.
Page 658 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration IGMP is required on Router A, IGMP Snooping is required on Switch A, and Router A will act as the IGMP querier on the subnet. Perform the following configuration so that multicast data can be forwarded through Ethernet 2/0/3 and Ethernet 2/0/4 even if Host A and Host B temporarily stop receiving multicast data for some unexpected reasons.
Page 659 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration <SwitchA> system-view [SwitchA] igmp-snooping [SwitchA-igmp-snooping] quit # Create VLAN 100, assign Ethernet 2/0/1 through Ethernet 2/0/4 to this VLAN, and enable IGMP Snooping in the VLAN.
Page 660: Static Router Port Configuration
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Host port(s):total 2 port. Eth2/0/3 Eth2/0/4 As shown above, Ethernet 2/0/3 and Ethernet 2/0/4 of Switch A have joined multicast group 224.1.1.1. 2.8.2 Static Router Port Configuration I.
Page 661 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration II. Network diagram Source Switch A Eth1/0/2 Eth1/0/1 1.1.1.2/24 10.1.1.1/24 Eth2/0/1 Router A 1.1.1.1/24 IGMP querier Switch C Eth2/0/5 Eth2/0/2 Eth2/0/2 Host C Switch B Receiver...
Page 662 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration # Create VLAN 100, assign Ethernet 2/0/1 through Ethernet 2/0/3 to this VLAN, and enable IGMP Snooping in the VLAN. [SwitchA] vlan 100 [SwitchA-vlan100] port ethernet 2/0/1 to ethernet 2/0/3...
Page 663: Igmp Snooping Querier Configuration
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Total 1 MAC Group(s). Port flags: D-Dynamic port, S-Static port, A-Aggregation port, C-Copy port Subvlan flags: R-Real VLAN, C-Copy VLAN Vlan(id):100. Total 1 IP Group(s). Total 1 IP Source(s).
Page 664 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration II. Network diagram Querier Eth2/0/1 Eth2/0/2 Switch A Switch B Switch C Eth2/0/1 Eth2/0/1 Eth2/0/2 Eth2/0/3 Eth2/0/2 Eth2/0/3 Source Receiver Receiver Receiver Host A Host B Host C 1.1.1.1/24...
Page 665: Troubleshooting Igmp Snooping Configuration
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration # Create VLAN 100, add Ethernet 2/0/1 through Ethernet 2/0/3 to VLAN 100, and enable IGMP Snooping in this VLAN. [SwitchB] vlan 100 [SwitchB-vlan100] port ethernet 2/0/1 to ethernet 2/0/3...
Page 666: Configured Multicast Group Policy Fails To Take Effect
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration II. Analysis IGMP Snooping is not enabled. III. Solution Enter the display current-configuration command to view the running status of IGMP Snooping. If IGMP Snooping is not enabled, use the igmp-snooping command to enable IGMP Snooping globally, and then use igmp-snooping enable command to enable IGMP Snooping in VLAN view.
Page 667 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 2 IGMP Snooping Configuration whether this configuration conflicts with the configured multicast group policy. If any conflict exists, remove the port as a static member of the multicast group. 2-33...
Page 668: Introduction To Multicast Vlan
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 3 Multicast VLAN Configuration Chapter 3 Multicast VLAN Configuration 3.1 Introduction to Multicast VLAN As shown in Figure 3-1, in the traditional multicast programs-on-demand mode, when hosts that belong to different VLANs, Host A, Host B and Host C require multicast programs on demand service, Router A needs to forward a separate copy of the multicast data in each VLAN.
Page 669: Displaying And Maintaining Multicast Vlan
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 3 Multicast VLAN Configuration To do… Use the command… Remarks Enter system view — system-view Required Configure a specific VLAN multicast-vlan vlan-id as a multicast VLAN Disabled by default enable...
Page 670: Multicast Vlan Configuration Example
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 3 Multicast VLAN Configuration 3.4 Multicast VLAN Configuration Example I. Network requirements Router A connects to a multicast source through Ethernet 1/0/2 and to Switch A, through Ethernet 1/0/1. IGMP is required on Router A, and IGMP Snooping is required on Switch A.
Page 671 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 3 Multicast VLAN Configuration # Enable IP multicast routing, enable PIM-DM on each interface and enable IGMP on Ethernet 1/0/1. <RouterA> system-view [RouterA] multicast routing-enable [RouterA] interface ethernet 1/0/1 [RouterA-Ethernet1/0/1] pim dm...
Page 672: Igmp Overview
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration Chapter 4 IGMP Configuration When configuring IGMP, go to the following sections for the information you are interested in: IGMP Overview Configuring Basic Functions of IGMP Adjusting IGMP Performance...
Page 673 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration router is needed for sending IGMP query messages (often referred to as queries). So, a querier election mechanism is required to determine which router will act as the IGMP querier on the subnet.
Page 674: Enhancements Provided By Igmpv
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration Host C, which is on the same subnet, hears the report from Host B for joining G1. Upon hearing the report, Host C will suppress itself from sending a report...
Page 675: Enhancements In Igmpv
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration timer; otherwise, it assumes the querier to have timed out and initiates a new querier election process. II. “Leave group” mechanism In IGMPv1, when a host leaves a multicast group, it does not send any notification to the multicast router.
Page 676 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration As shown in Figure 4-2, the network comprises two multicast sources, Source 1 (S1) and Source 2 (S2), both of which can send multicast data to multicast group G. Host B is interested only in the multicast data that Source 1 sends to G but not in the data from Source 2.
Page 677: Igmp Configuration Task List
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration IS_IN: The source filtering mode is Include, namely, the report sender requests the multicast data from only the sources defined in the specified multicast source list. If the specified multicast source list is empty, this means that the report sender has left the reported multicast group.
Page 678: Configuring Basic Functions Of Igmp
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration Task Remarks Configuring IGMP Message Options Optional Configuring IGMP Query and Response Adjusting IGMP Optional Parameters Performance Configuring IGMP Fast Leave Optional Processing Note: Configurations performed in IGMP view are effective on all interfaces, while configurations performed in interface view are effective on the current interface only.
Page 679: Configuring Igmp Versions
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration To do... Use the command... Remarks Enter system view — system-view Required Enable IP multicast multicast routing Disabled by default routing-enable interface interface-type Enter interface view —...
Page 680: Adjusting Igmp Performance
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration Follow these steps to configure an interface as a statically connected member of a multicast group: To do... Use the command... Remarks Enter system view — system-view...
Page 681: Configuring Igmp Message Options
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration 4.4.1 Configuration Prerequisites Before adjusting IGMP performance, complete the following tasks: Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer.
Page 682: Configuring Igmp Query And Response Parameters
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration To do... Use the command... Remarks Optional Enable the insertion of the By default, IGMP Router-Alert option into send-router-alert messages carry the IGMP messages Router-Alert option. II. Configuring IGMP packet options on an interface Follow these steps to configure IGMP packet options on an interface: To do...
Page 683 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration An appropriate setting of the maximum response time for IGMP queries allows hosts to respond to queries quickly and avoids bursts of IGMP traffic on the network caused by reports simultaneously sent by a large number of hosts when the corresponding timers expires simultaneously.
Page 684 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration To do... Use the command... Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Optional Configure IGMP query igmp timer query interval interval...
Page 685: Displaying And Maintaining Igmp
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration 4.4.4 Configuring IGMP Fast Leave Processing IGMP fast leave processing is implemented by IGMP Snooping. For details, see Configuring Fast Leave Processing. 4.5 Displaying and Maintaining IGMP To do...
Page 686: Igmp Configuration Example
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration 4.6 IGMP Configuration Example I. Network requirements Receivers receive VOD information through the multicast mode. Receivers of different organizations form stub networks N1 and N2, and Host A and Host C are receivers in N1 and N2 respectively.
Page 687 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration Configure the OSPF protocol for interoperation among the switches. Ensure the network-layer interoperation among Switch A, Switch B and Switch C on the PIM network and dynamic update of routing information among the switches through a unicast routing protocol.
Page 688: Troubleshooting Igmp
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration Querier for IGMP: 10.110.2.1 (this router) Total 1 IGMP Group reported 4.7 Troubleshooting IGMP 4.7.1 No Member Information on the Receiver-Side Router I. Symptom When a host sends a report for joining multicast group G, there is no member information of the multicast group G on the router closest to that host.
Page 689: Inconsistent Memberships On Routers On The Same Subnet
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 4 IGMP Configuration 4.7.2 Inconsistent Memberships on Routers on the Same Subnet I. Symptom Different memberships are maintained on different IGMP routers on the same subnet. II. Analysis A router running IGMP maintains multiple parameters for each interface, and these parameters influence one another, forming very complicated relationships.
Page 690: Pim Overview
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Chapter 5 PIM Configuration When configuring PIM, go to these sections for information you are interested in: PIM Overview Configuring PIM-DM Configuring PIM-SM Configuring PIM-SSM Configuring PIM Common Information...
Page 691: Introduction To Pim-Dm
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Note: To facilitate description, a network comprising PIM-capable routers is referred to as a “PIM domain” in this document. 5.1.1 Introduction to PIM-DM PIM-DM is a type of dense mode multicast protocol. It uses the “push mode” for multicast forwarding, and is suitable for small-sized networks with densely distributed multicast members.
Page 692 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Note: Every activated interface on a router sends hello messages periodically, and thus learns the PIM neighboring information pertinent to the interface. II. SPT establishment The process of building an SPT is the process of “flood and prune”.
Page 693 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Figure 5-1 SPT establishment The “flood and prune” process takes place periodically. A pruned state timeout mechanism is provided. A pruned branch restarts multicast forwarding when the pruned state times out and then is pruned again when it no longer has any multicast receiver.
Page 694: Introduction To Pim-Sm
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration IV. Assert If multiple multicast routers exist on a multi-access subnet, duplicate packets may flow to the same subnet. To shut off duplicate flows, the assert mechanism is used for election of a single multicast forwarder on a multi-access network.
Page 695: How Pim-Sm Works
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration PIM-SM is a type of sparse mode multicast protocol. It uses the “pull mode” for multicast forwarding, and is suitable for large- and medium-sized networks with sparsely and widely distributed multicast group members.
Page 696 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration I. Neighbor discovery PIM-SM uses exactly the same neighbor discovery mechanism as PIM-DM does. Refer Neighbor discovery. II. DR election PIM-SM also uses hello messages to elect a designated router (DR) for a multi-access network.
Page 697 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Routers on the multi-access network send hello messages to one another. The hello messages contain the router priority for DR election. The router with the highest DR priority will become the DR.
Page 698 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Figure 5-4 BSR and C-RPs IV. RPT establishment Figure 5-5 RPT establishment in a PIM-SM domain As shown in Figure 5-5, the process of building an RPT is as follows: When a receiver joins a multicast group G, it uses an IGMP message to inform the directly connected DR.
Page 699 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration The multicast data addressed to the multicast group G flows through the RP, reaches the corresponding DR along the established RPT, and finally is delivered to the receiver.
Page 700: Introduction To Bsr Admin-Scope Regions In Pim-Sm
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration The subsequent multicast data from the multicast source travels along the established SPT to the RP, and then the RP forwards the data along the RPT to the receivers.
Page 701 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration II. Relationship between BSR admin-scope regions and the global scope zone A better understanding of the global scope zone and BSR admin-scope regions should be based on two aspects: geographical space and group address range.
Page 702: Ssm Model Implementation In Pim
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Figure 5-8 Relationship between BSR admin-scope regions and the global scope zone in group address ranges Figure 5-8, the group address ranges of admin-scope-scope regions BSR1 and BSR2 have no intersection, whereas the group address range of BSR3 is a subset of the address range of BSR1.
Page 703 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration The SSM model provides a solution for source-specific multicast. It maintains the relationships between hosts and routers through IGMPv3. In actual application, part of the PIM-SM technique is adopted to implement the SSM model.
Page 704 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration As shown in Figure 5-9, Host B and Host C are multicast information receivers. They send IGMPv3 report messages denoted as (Include S, G) to the respective DRs to express their interest in the information of the specific multicast source S.
Page 705: Configuring Pim-Dm
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration 5.2 Configuring PIM-DM 5.2.1 PIM-DM Configuration Task List Complete these tasks to configure PIM-DM: Task Remarks Enabling PIM-DM Required Enabling State Refresh Optional Configuring State Refresh Parameters...
Page 706: Enabling State Refresh
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration To do... Use the command... Remarks Required Enable PIM-DM pim dm Disabled by default Caution: All the interfaces of the same router must work in the same PIM mode.
Page 707: Configuring Pim-Dm Graft Retry Period
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration control the propagation scope of state refresh messages, you need to configure an appropriate TTL value based on the network size. Follow these steps to configure state refresh parameters: To do...
Page 708: Configuring Pim-Sm
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration 5.3 Configuring PIM-SM Note: A device can serve as a C-RP and a C-BSR at the same time. 5.3.1 PIM-SM Configuration Task List Complete these tasks to configure PIM-SM:...
Page 709 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Bootstrap timeout time An ACL rule defining a legal C-RP address range and the range of multicast groups to be served C-RP-Adv interval C-RP timeout time The IP address of a static RP...
Page 710: Configuring A Bsr
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration 5.3.4 Configuring a BSR Note: The BSR is dynamically elected from a number of C-BSRs. Because it is unpredictable which router will finally win a BSR election, the commands introduced in this section must be configured on all C-BSRs.
Page 711 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration perform neighbor check and RPF check on BSR messages and discard unwanted messages. When a router in the network is controlled by an attacker or when an illegal router...
Page 712 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration To do... Use the command... Remarks Required Configure a c-bsr global [ hash-length No global-scope C-BSRs global-scope C-BSR hash-length | priority priority ] * by default III. Configuring an admin-scope C-BSR By default, a PIM-SM domain has only one BSR.
Page 713 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration To do... Use the command... Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Required Configure a BSR admin-scope region No BSR admin-scope region...
Page 714: Configuring An Rp
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Note: About the bootstrap timeout time: By default, the bootstrap timeout time is determined by this formula: Bootstrap timeout = Bootstrap interval × 2 + 10. The default bootstrap interval is 60 seconds, so the default bootstrap timeout = 60 ×...
Page 715 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration II. Configuring a C-RP In a PIM-SM domain, you can configure routers that intend to become the RP as C-RPs. The BSR collects the C-RP information by receiving the C-RP-Adv messages from C-RPs or auto-RP announcements from other routers and organizes the information into an RP-set, which is flooded throughout the entire network.
Page 716 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration device, the device can receive these two types of messages and record the RP information carried in such messages. Follow these steps to enable auto-RP: To do...
Page 717: Configuring Pim-Sm Register Messages
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Note: The commands introduced in this section are to be configured on C-RPs. For the configuration of other timers in PIM-SM, refer to Configuring PIM Common Timers.
Page 718: Disabling Rpt-To-Spt Switchover
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration To do... Use the command... Remarks Optional Configure a filtering rule register-policy No register filtering rule by for register messages acl-number default Optional Configure the device to...
Page 719: Configuring Pim-Ssm
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Note: Typically, you need to configure the above-mentioned parameters on the receiver-side DR and the RP only. Since both the DR and RP are elected, however, you should carry out these configurations on the routers that may win the DR election and on the C-RPs that may win RP elections.
Page 720: Configuring The Ssm Group Range
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration When deploying a PIM-SM domain, you are recommended to enable PIM-SM on all interfaces of non-border routers (border routers are PIM-enabled routers located on the boundary of BSR admin-scope regions).
Page 721: Configuring Pim Common Information
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Note: The commands introduced in this section are to be configured on all routers in the PIM domain. Caution: Make sure that the same SSM group range is configured on all routers in the entire domain.
Page 722: Configuring A Pim Filter
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration 5.5.2 Configuration Prerequisites Before configuring PIM common information, complete the following tasks: Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer.
Page 723: Configuring Pim Hello Options
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Note: Generally, a smaller distance from the filter to the multicast source results in a more remarkable filtering effect. This filter works not only on independent multicast data but also on multicast data encapsulated in register messages.
Page 724 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration new generation ID. If a PIM router finds that the generation ID in a hello message from the upstream router has changed, it assumes that the status of the upstream neighbor is lost or the upstream neighbor has changed.
Page 725: Configuring Pim Common Timers
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration To do... Use the command... Remarks Optional Configure the prune delay pim hello-option 500 milliseconds by time (LAN-delay) lan-delay interval default Optional Configure the prune pim hello-option...
Page 726 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration To do... Use the command... Remarks Enter system view — system-view Enter PIM view — Optional Configure the hello timer hello interval interval 30 seconds by default...
Page 727: Displaying And Maintaining Pim
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Note: If there are no special networking requirements, we recommend that you use the default settings. 5.5.6 Configuring Join/Prune Message Limits A larger join/prune message size will result in loss of a larger amount of information when a message is lost;...
Page 728: Pim Configuration Examples
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration To do... Use the command... Remarks View the information Available in any about unacknowledged display pim grafts view graft messages View the PIM information display pim interface...
Page 729 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Switch A connects to stub network N1 through VLAN-interface 100, and to Switch D through VLAN-interface 103. Switch B and Switch C connect to stub network N2 through their respective VLAN-interface 200, and to Switch D through VLAN-interface 101 and VLAN-interface 102 respectively.
Page 730 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration among the switches through a unicast routing protocol. Detailed configuration steps are omitted here. Enable IP multicast routing, and enable PIM-DM on each interface # Enable IP multicast routing on Switch A, enable PIM-DM on each interface, and enable IGMPv2 on VLAN-interface 100, which connects Switch A to the stub network.
Page 731 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Carry out the display pim neighbor command to view the PIM neighboring relationships among the switches. For example: # View the PIM neighboring relationships on Switch D.
Page 732: Pim-Sm Configuration Example
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration The information on Switch B and Switch C is similar to that on Switch A. # View the PIM routing table information on Switch D. [SwitchD] display pim routing-table Total 0 (*, G) entry;...
Page 733 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration II. Network diagram Device Interface IP address Device Interface IP address Switch A Vlan-int100 10.110.1.1/24 Switch D Vlan-int300 10.110.5.1/24 Vlan-int101 192.168.1.1/24 Vlan-int101 192.168.1.2/24 Vlan-int102 192.168.9.1/24 Vlan-int105 192.168.4.2/24...
Page 734 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] igmp enable [SwitchA-Vlan-interface100] pim sm [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] pim sm [SwitchA-Vlan-interface101] quit [SwitchA] interface vlan-interface 102...
Page 735 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration [SwitchA] display pim bsr-info Elected BSR Address: 192.168.9.2 Priority: 0 Hash mask length: 30 State: Accept Preferred Scope: Not scoped Uptime: 01:40:40 Next BSR message scheduled at: 00:01:42 # View the BSR information and the locally configured C-RP information in effect on Switch E.
Page 736 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Assume that Host A needs to receive information addressed to the multicast group G (225.1.1.1/24). An RPT will be built between Switch A and Switch E. When the multicast source S (10.110.5.100/24) registers with the RP, an SPT will be built between Switch D...
Page 737: Pim-Ssm Configuration Example
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration RP: 192.168.9.2 Protocol: pim-sm, Flag: SPT ACT UpTime: 00:00:42 Upstream interface: Vlan-interface300 Upstream neighbor: NULL RPF prime neighbor: NULL Downstream interface(s) information: Total number of downstreams: 1...
Page 738 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration IGMPv3 is to run between Switch A and N1, and between Switch B/Switch C and II. Network diagram Device Interface IP address Device Interface IP address Switch A Vlan-int100 10.110.1.1/24...
Page 739 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration # Enable IP multicast routing on Switch A, enable PIM-SM on each interface, and enable IGMPv3 on VLAN-interface 100, which connects Switch A to the stub network.
Page 740 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration toward the multicast source. Switches on the SPT path (Switch A and Switch D) have generated an (S, G) entry, while Switch E, which is not on the SPT path, does not have multicast routing entries.
Page 741: Troubleshooting Pim Configuration
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration 5.8 Troubleshooting PIM Configuration 5.8.1 Failure of Building a Multicast Distribution Tree Correctly I. Symptom None of the routers in the network (including routers directly connected with multicast sources and receivers) has multicast forwarding entries.
Page 742: Multicast Data Abnormally Terminated On An Intermediate Router
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration Check that PIM is enabled on the interfaces, especially on the RPF interface. Use the display pim interface command to view the PIM information on each interface. If PIM is not enabled on the interface, use the pim dm or pim sm command to enable PIM-DM or PIM-SM.
Page 743: Rps Unable To Join Spt In Pim-Sm
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration 5.8.3 RPs Unable to Join SPT in PIM-SM I. Symptom An RPT cannot be established correctly, or the RPs cannot join the SPT to the multicast source.
Page 744 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 5 PIM Configuration The RP is the core of a PIM-SM domain. Make sure that the RP information on all routers is exactly the same, a specific group G is mapped to the same RP, and unicast routes are available to the RP.
Page 745: Msdp Overview
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration Chapter 6 MSDP Configuration When configuring MSDP, go to these sections for information you are interested in: MSDP Overview MSDP Configuration Task List Configuring Basic Functions of MSDP...
Page 746: How Msdp Works
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration Caution: MSDP is applicable only if the intra-domain multicast protocol is PIM-SM. MSDP is meaningful only for the any-source multicast (ASM) model. 6.1.2 How MSDP Works I. MSDP peers...
Page 747 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration data from the multicast source arrives, the receiver-side MSDP peer forwards the data to the receivers along the RPT. Intermediate MSDP peer: an MSDP peer with multicast remote MSDP peers, like RP 2.
Page 748 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration Receiver DR 2 MSDP peers Multicast packets SA message RP 2 Join message PIM-SM 2 Register message DR 1 Source PIM-SM 4 RP 1 RP 3 PIM-SM 1...
Page 749 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration hop towards DR 1 at the multicast source side, so that it can directly join the SPT rooted at the source over other PIM-SM domains. Then, the multicast data can flow along the SPT to RP 2 and is forwarded by RP 2 to the receivers along the RPT.
Page 750 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration Source RP 1 RP 5 RP 9 RP 8 AS 1 AS 5 Mesh group AS 3 RP 2 RP 3 AS 2 MSDP peers RP 4...
Page 751 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration An EBGP route exists between two MSDP peers in different ASs. Because the SA message is from an MSDP peer (RP 7) in a different AS, and the MSDP peer is the next hop on the EBGP route to the source-side RP, RP 8 accepts the message and forwards it to its other peer (RP 9).
Page 752 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration The multicast source registers with the nearest RP. In this example, Source registers with RP 1, with its multicast data encapsulated in the register message. When the register message arrives to RP 1, RP 1 decapsulates the message.
Page 753: Msdp Configuration Task List
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration 6.2 MSDP Configuration Task List Complete these tasks to configure MSDP: Task Remarks Enabling MSDP Required Configuring Basic Creating an MSDP Peer Required Functions of MSDP Connection...
Page 754: Enabling Msdp
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration 6.3.2 Enabling MSDP Follow these steps to enable MSDP: To do... Use the command... Remarks Enter system view — system-view Required Enable IP multicast multicast routing Disabled by default...
Page 755: Configuring An Msdp Peer Connection
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration To do... Use the command... Remarks Enter system view — system-view Enter MSDP view — msdp Required static-rpf-peer Configure a static RPF peer-address [ rp-policy No static RPF peer...
Page 756: Configuring An Msdp Mesh Group
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration 6.4.3 Configuring an MSDP Mesh Group An AS may contain multiple MSDP peers. You can use the MSDP mesh group mechanism to avoid SA message flooding among these MSDP peers and optimize the multicast traffic.
Page 757: Configuring Sa Messages Related Parameters
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration When a new MSDP peer is created, or when a previously deactivated MSDP peer connection is reactivated, or when a previously failed MSDP peer attempts to resume operation, a TCP connection is required.
Page 758: Configuring Sa Request Messages
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration message containing the multicast packet in an SA message and sends it out. After receiving the SA message, the remote RP decapsulates the SA message and delivers the multicast data contained in the register message to the receivers along the RPT.
Page 759: Configuring An Sa Message Filtering Rule
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration To do... Use the command... Remarks Optional peer peer-address Configure a filtering rule sa-request-policy [ acl SA request messages are for SA request messages acl-number ] not filtered by default...
Page 760: Configuring Sa Message Cache
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration To do... Use the command... Remarks Configure the minimum TTL value of multicast Optional peer peer-address packets to be 0 by default minimum-ttl ttl-value encapsulated in SA messages 6.5.5 Configuring SA Message Cache...
Page 761: Msdp Configuration Examples
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration To do... Use the command... Remarks View the detailed display msdp peer-status information about the Available in any view [ peer-address ] status of MSDP peers View the (S, G) entry...
Page 762 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration II. Network diagram Device Interface IP address Device Interface IP address Switch A Vlan-int103 10.110.1.2/24 Switch D Vlan-int104 10.110.4.2/24 Vlan-int100 10.110.2.1/24 Vlan-int300 10.110.5.1/24 Vlan-int200 10.110.3.1/24 Switch E Vlan-int105 10.110.6.1/24...
Page 763 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchA] interface vlan-interface 103 [SwitchA-Vlan-interface103] pim sm [SwitchA-Vlan-interface103] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] pim sm [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200...
Page 764 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration [SwitchC-bgp] quit # Configure IBGP on Switch E, and redistribute OSPF routes. [SwitchE] bgp 200 [SwitchE-bgp] router-id 3.3.3.3 [SwitchE-bgp] peer 192.168.3.1 as-number 200 [SwitchE-bgp] import-route ospf 1 [SwitchE-bgp] quit # Redistribute BGP routes into OSPF on Switch B.
Page 765 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration # View the information about BGP peering relationships on Switch C. [SwitchC] display bgp peer BGP local router ID : 2.2.2.2 Local AS number : 200 Total number of peers : 2...
Page 766 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration 192.168.1.1 100? *> 192.168.3.0 0.0.0.0 192.168.3.2 *> 192.168.3.1/32 0.0.0.0 *> 192.168.3.2/32 0.0.0.0 192.168.3.2 When the multicast source in PIM-SM 1 (Source 1) and the multicast source in PIM-SM 2 (Source 2) send multicast information, receivers in PIM-SM 1 and PIM-SM 3 can receive the multicast data.
Page 767: Inter-As Multicast Configuration Leveraging Static Rpf Peers
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration State: Up Up/down time: 00:15:47 Resets: 0 Connection interface: Vlan-interface101 (192.168.1.1) Number of sent/received messages: 16/16 Number of discarded output messages: 0 Elapsed time since last connection or counters clear: 00:17:51...
Page 768 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration II. Network diagram AS 100 AS 200 PIM-SM 3 Receiver Vlan-int105 Vlan-int105 Switch E Switch F Loop0 Source 1 Vlan-int100 Receiver Switch A PIM-SM 2 Vlan-int101 Vlan-int104...
Page 769 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchA] interface vlan-interface 103 [SwitchA-Vlan-interface103] pim sm [SwitchA-Vlan-interface103] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] pim sm [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200...
Page 770 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration # Configure Switch B as a static RPF peer of Switch C. [SwitchC] ip-prefix list-c permit 192.168.0.0 greater-equal less-equal 32 [SwitchC] msdp [SwitchC-msdp] peer 192.168.3.2 connect-interface vlan-interface 102 [SwitchC-msdp] static-rpf-peer 192.168.3.2 rp-policy list-c...
Page 771: Anycast Rp Configuration
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration [SwitchE] display msdp brief MSDP Peer Brief Information Configured Listen Connect Shutdown Down Peer's Address State Up/Down time SA Count Reset Count 192.168.3.1 00:16:40 6.7.3 Anycast RP Configuration I.
Page 772 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration II. Network diagram Source 1 Source 2 Switch A Switch C Switch E Vlan-int300 Vlan-int400 Receiver 1 Receiver 2 Switch B Switch D Vlan-int100 Vlan-int200 Loop10 Loop10...
Page 773 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] igmp enable [SwitchB-Vlan-interface100] pim sm [SwitchB-Vlan-interface100] quit [SwitchB] interface vlan-interface 103 [SwitchB-Vlan-interface103] pim sm [SwitchB-Vlan-interface103] quit [SwitchB] interface Vlan-interface 101 [SwitchB-Vlan-interface101] pim sm...
Page 774 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration You can use the display msdp brief command to view the brief information of MSDP peering relationships between the switches. # View the brief MSDP peer information on Switch B.
Page 775 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration Protocol: pim-sm, Flag: SPT 2MSDP ACT UpTime: 00:46:28 Upstream interface: Vlan-interface103 Upstream neighbor: 10.110.2.2 RPF prime neighbor: 10.110.2.2 Downstream interface(s) information: Total number of downstreams: 1 1: Vlan-interface100...
Page 776: Troubleshooting Msdp
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration Upstream interface: Vlan-interface104 Upstream neighbor: 10.110.4.2 RPF prime neighbor: 10.110.4.2 Downstream interface(s) information: Total number of downstreams: 1 1: Vlan-interface200 Protocol: pim-sm, UpTime: - , Expires: 6.8 Troubleshooting MSDP 6.8.1 MSDP Peers Stay in Down State...
Page 777: Inter-Rp Communication Faults In Anycast Rp Application
Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration argument, all the (S, G) entries will be filtered off, namely no (S, G) entries of the local domain will be advertised. If the import-source command is not executed, the system will advertise all the (S, G) entries of the local domain.
Page 778 Operation Manual – Multicast H3C S7500E Series Ethernet Switches Chapter 6 MSDP Configuration Verify that the C-BSR address is different from the anycast RP address. 6-34...
Page 779: Multicast Routing And Forwarding Overview
Operation Manual – Multicast Chapter 7 Multicast Routing and Forwarding H3C S7500E Series Ethernet Switches Configuration Chapter 7 Multicast Routing and Forwarding Configuration When configuring multicast routing and forwarding, go to these sections for information you are interested in: Multicast Routing and Forwarding Overview...
Page 780: Rpf Mechanism
Operation Manual – Multicast Chapter 7 Multicast Routing and Forwarding H3C S7500E Series Ethernet Switches Configuration 7.1.2 RPF Mechanism When creating multicast routing table entries, a multicast routing protocol uses the reverse path forwarding (RPF) mechanism to ensure multicast data delivery along the correct path.
Page 781 Operation Manual – Multicast Chapter 7 Multicast Routing and Forwarding H3C S7500E Series Ethernet Switches Configuration unicast route; instead, it relies on the existing unicast routing information or multicast static routes in creating multicast routing entries. When performing an RPF check, a router searches its unicast routing table and multicast static routing table at the same time.
Page 782: Multicast Static Routes
Operation Manual – Multicast Chapter 7 Multicast Routing and Forwarding H3C S7500E Series Ethernet Switches Configuration Receiver Router B POS5/1 POS5/0 Source Router A 192.168.0.1/24 Receiver Multicast packets POS5/0 POS5/1 IP Routing Table on Router C Destination/Mask Interface Router C 192.168.0.0/24...
Page 783: Multicast Traceroute
Operation Manual – Multicast Chapter 7 Multicast Routing and Forwarding H3C S7500E Series Ethernet Switches Configuration unicast RPF route and the optimal multicast static route respectively from the routing tables, and uses one of them as the RPF route after comparison.
Page 784: Configuring Multicast Routing And Forwarding
Operation Manual – Multicast Chapter 7 Multicast Routing and Forwarding H3C S7500E Series Ethernet Switches Configuration Request, with the IGMP Type field set to 0x1F, and Response, with the IGMP Type field set to 0x1E. III. Process of multicast traceroute The querier sends a query to the last-hop router.
Page 785: Enabling Ip Multicast Routing
Operation Manual – Multicast Chapter 7 Multicast Routing and Forwarding H3C S7500E Series Ethernet Switches Configuration The maximum number of routing entries in a multicast forwarding table 7.3.2 Enabling IP Multicast Routing Before configuring any Layer 3 multicast functionality, you must enable IP multicast routing.
Page 786: Configuring A Multicast Route Match Rule
Operation Manual – Multicast Chapter 7 Multicast Routing and Forwarding H3C S7500E Series Ethernet Switches Configuration To do... Use the command... Remarks Enter system view — system-view ip rpf-route-static source-address Required { mask | mask-length } [ protocol [ process-id ] ] [ route-policy...
Page 787: Configuring A Multicast Forwarding Range
Operation Manual – Multicast Chapter 7 Multicast Routing and Forwarding H3C S7500E Series Ethernet Switches Configuration To do... Use the command... Remarks Enter system view — system-view multicast load-splitting Required Configuring multicast load { source | splitting Disabled by default source-group } 7.3.6 Configuring a Multicast Forwarding Range...
Page 788: Displaying And Maintaining Multicast Routing And Forwarding
Operation Manual – Multicast Chapter 7 Multicast Routing and Forwarding H3C S7500E Series Ethernet Switches Configuration routing protocol. In addition, newly added downstream nodes cannot be installed to the routing entry into the forwarding table. If the configured maximum number of routing entries in the multicast forwarding table is smaller than the current number, the routes in excess of the configured limit will not be deleted immediately;...
Page 789 Operation Manual – Multicast Chapter 7 Multicast Routing and Forwarding H3C S7500E Series Ethernet Switches Configuration To do... Use the command... Remarks display multicast forwarding-table [ source-address [ mask { mask | mask-length } ] | group-address [ mask { mask | mask-length } ] |...
Page 790: Configuration Examples
Operation Manual – Multicast Chapter 7 Multicast Routing and Forwarding H3C S7500E Series Ethernet Switches Configuration Caution: The reset command clears the information in the multicast routing table or the multicast forwarding table, and thus may cause failure of multicast transmission.
Page 791 Operation Manual – Multicast Chapter 7 Multicast Routing and Forwarding H3C S7500E Series Ethernet Switches Configuration III. Configuration procedure Configure the interface IP addresses and enable unicast routing on each switch Configure the IP address and subnet mask for each interface as per Figure 7-3.
Page 792: Creating An Rpf Route
Operation Manual – Multicast Chapter 7 Multicast Routing and Forwarding H3C S7500E Series Ethernet Switches Configuration [SwitchB] display multicast rpf-info 50.1.1.100 RPF information about source 50.1.1.100: RPF interface: Vlan-interface102, RPF neighbor: 30.1.1.2 Referenced route/mask: 50.1.1.0/24 Referenced route type: igp Route selection rule: preference-preferred...
Page 793 Operation Manual – Multicast Chapter 7 Multicast Routing and Forwarding H3C S7500E Series Ethernet Switches Configuration II. Network diagram PIM-DM OSPF domain Switch A Switch B Switch C Vlan-int102 Vlan-int102 Vlan-int101 30.1.1.2/24 30.1.1.1/24 20.1.1.1/24 Vlan-int101 20.1.1.2/24 Vlan-int300 Vlan-int200 Vlan-int100 50.1.1.1/24 40.1.1.1/24...
Page 794 Operation Manual – Multicast Chapter 7 Multicast Routing and Forwarding H3C S7500E Series Ethernet Switches Configuration [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] pim dm [SwitchC-Vlan-interface300] quit [SwitchC] interface vlan-interface 102 [SwitchC-Vlan-interface102] pim dm [SwitchC-Vlan-interface102] quit The configuration on Switch B is similar to that on Switch A. The specific configuration steps are omitted here.
Page 795: Troubleshooting Multicast Routing And Forwarding
Operation Manual – Multicast Chapter 7 Multicast Routing and Forwarding H3C S7500E Series Ethernet Switches Configuration As shown above, the RPF routes to Source 2 exist on Switch B and Switch C. The source is the configured static route. 7.6 Troubleshooting Multicast Routing and Forwarding 7.6.1 Multicast Static Route Failure...
Page 796 Operation Manual – Multicast Chapter 7 Multicast Routing and Forwarding H3C S7500E Series Ethernet Switches Configuration II. Analysis If a multicast forwarding boundary has been configured through the multicast boundary command, any multicast packet will be kept from crossing the boundary.
Page 797 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 802.1x Configuration ....................1-1 1.1 802.1x Overview ........................ 1-1 1.1.1 Architecture of 802.1x ..................... 1-1 1.1.2 Operation of 802.1x....................1-3 1.1.3 EAP Encapsulation over LANs................
Page 798 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Table of Contents 3.2.3 VLAN Assigning ...................... 3-3 3.2.4 ACL Assigning......................3-3 3.3 Configuring MAC Authentication..................3-3 3.3.1 Configuration Prerequisites..................3-3 3.3.2 Configuration Procedure ..................3-4 3.4 Displaying and Maintaining MAC Authentication............... 3-5 3.5 MAC Authentication Configuration Examples..............
Page 799: Chapter 1 802.1X Configuration
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration Chapter 1 802.1x Configuration When configuring 802.1x, go to these sections for information you are interested in: 802.1x Overview Configuring 802.1x Configuring a Guest VLAN Displaying and Maintaining 802.1x...
Page 800 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration Figure 1-1 Architecture of 802.1x Supplicant system: A system at one end of the LAN segment, which is authenticated by the authenticator system at the other end. A supplicant system is usually a user-end device and initiates 802.1x authentication through 802.1x client...
Page 801: Operation Of 802.1X
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration II. Controlled port and uncontrolled port An authenticator provides ports for supplicants to access the LAN. Each of the ports can be regarded as two logical ports: a controlled port and an uncontrolled port.
Page 802: Eap Encapsulation Over Lans
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration After a user passes the authentication, the authentication server passes information about the user to the authenticator, which then controls the status of the controlled port according to the instruction of the authentication server.
Page 803: Eap Encapsulation Over Radius
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration II. EAP Packet Format An EAPOL frame of the type of EAP-Packet carries an EAP packet in its Packet body field. The format of the EAP packet is shown in Figure 1-4.
Page 804: Authentication Process Of 802.1X
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration bytes. If the EAP packet is longer than 253 bytes, it can be fragmented and encapsulated into multiple EAP-Message attributes. Type Length String EAP packets Figure 1-6 Encapsulation format of the EAP-Message attribute II.
Page 805 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration EAP-MD5: EAP-MD5 authenticates the identity of a supplicant. The RADIUS server sends an MD5 challenge (through an EAP-Request/MD5 Challenge packet) to the supplicant. Then the supplicant encrypts the password with the offered challenge.
Page 806 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration When a user launches the 802.1x client software and enters the registered username and password, the 802.1x client software generates an EAPOL-Start frame and sends it to the authenticator to initiate an authentication process.
Page 807 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration Note: In EAP relay mode, a supplicant must use the same authentication method as that of the RADIUS server, no matter whichever of the above mentioned authentication methods is used.
Page 808: X Timers
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration Different from the authentication process in EAP relay mode, it is the authenticator that generates the random challenge for encrypting the user password information in EAP termination authentication process.
Page 809: Features Working Together With 802.1X
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration user goes offline, all other users get offline at the same time. With the macbased method, each user of a port must be authenticated separately, and when an authenticated user goes offline, no other users are affected.
Page 810 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration Note: With a Hybrid port, the VLAN assigning will fail if you have configured the assigned VLAN to carry tags. With a Hybrid port, you cannot configure an assigned VLAN to carry tags after the VLAN has been assigned.
Page 811: Configuring 802.1X
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration 1.2 Configuring 802.1x 1.2.1 Configuration Prerequisites 802.1x provides a user identity authentication scheme. However, 802.1x cannot implement the authentication scheme solely by itself. RADIUS or local authentication must be configured to work with 802.1x.
Page 812 For the 802.1x proxy detection function to take effect on a port, you need to enable the function both globally in system view and for intended ports in system view or Ethernet interface view. Besides, this function needs the cooperation of H3C 802.1x client.
Page 813: Configuring 802.1X For A Port
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration 1.2.3 Configuring 802.1x for a Port I. Enabling 802.1x for a port Follow these steps to enable 802.1x for a port: To do… Use the command…...
Page 814: Configuring A Guest Vlan
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration The 802.1x proxy detection function depends on the online user handshake function. Be sure to enable handshake before enabling proxy detection and to disable proxy detection before disabling handshake.
Page 815: X Configuration Example
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration Note: You can specify a tagged VLAN as the guest VLAN for a Hybrid port, but the guest VLAN does not take effect. Similarly, if a guest VLAN for a Hybrid port is in operation, you cannot configure the guest VLAN to carry tags.
Page 816 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration authentication when no response from the RADIUS server is received. If the RADIUS accounting fails, the authenticator gets users offline. A server group with two RADIUS servers is connected to the switch. The IP addresses of the servers are 10.1.1.1 and 10.1.1.2 respectively.
Page 817 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration # Add local access user localuser, enable the idle cut function, and set the idle cut interval. <Sysname> system-view [Sysname] local-user localuser [Sysname-luser-localuser] service-type lan-access...
Page 818: Guest Vlan Configuration Example
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration # Set radius1 as the RADIUS scheme for users of the domain and specify to use local authentication as the secondary scheme. [Sysname-isp-aabbcc.net] authentication default radius-scheme radius1 local [Sysname-isp-aabbcc.net] authorization default radius-scheme radius1 local...
Page 819 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration II. Network diagrams Update server Authenticator server VLAN 10 VLAN 2 Eth2/0/4 Eth2/0/3 VLAN 1 VLAN 5 Eth2/0/1 Eth2/0/2 Switch Internet Supplicant Figure 1-11 Network diagram for guest VLAN configuration...
Page 820 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration Update server Authenticator server VLAN 10 VLAN 2 Eth2/0/4 Eth2/0/3 VLAN 5 VLAN 5 Eth2/0/1 Eth2/0/2 Switch Internet VLAN 5 Supplicant Figure 1-13 Network diagram when the supplicant passes authentication III.
Page 821 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration [Sysname-Ethernet2/0/1] dot1x port-method portbased # Set the port access control mode to auto. [Sysname-Ethernet2/0/1] dot1x port-control auto [Sysname-Ethernet2/0/1] quit # Create VLAN 10. [Sysname] vlan 10 [Sysname-vlan10] quit # Specify port Ethernet 2/0/1 to use VLAN 10 as its guest VLAN.
Page 822 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration II. Network diagram Figure 1-14 Network diagram for ACL assigning III. Configuration procedure # Configure the IP addresses of the interfaces. (Omitted) # Configure the RADIUS scheme.
Page 823 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration After completing the above configurations, you can use the ping command to verify whether the ACL 3000 assigned by the RADIUS server functions. [Sysname] ping 10.0.0.1 PING 10.0.0.1: 56...
Page 824: Chapter 2 Ead Fast Deployment Configuration
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 2 EAD Fast Deployment Configuration Chapter 2 EAD Fast Deployment Configuration When configuring EAD fast deployment, go to these sections for information you are interested in: EAD Fast Deployment Overview...
Page 825: Dhcp
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 2 EAD Fast Deployment Configuration 2.2.2 Configuration Procedure I. Configuring a freely accessible network segment A freely accessible network segment, also called a free IP, is a network segment that users can access before passing 802.1x authentication.
Page 826: Displaying And Maintaining Ead Fast Deployment
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 2 EAD Fast Deployment Configuration III. Setting the EAD rule timeout time With the EAD fast deployment function, a user is authorized by an EAD rule (generally an ACL rule) to access the freely accessible network segment before passing authentication.
Page 827 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 2 EAD Fast Deployment Configuration II. Network diagram Internet Free IP: WEB server 192.168.1.3/24 Eth2/0/1 192.168.1.0/24 192.168.1.1/24 Host Switch 192.168.1.10/24 Figure 2-1 Network diagram for EAD fast deployment III.
Page 828: Troubleshooting Ead Fast Deployment
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 2 EAD Fast Deployment Configuration Reply from 192.168.1.3: bytes=32 time<1ms TTL=128 Reply from 192.168.1.3: bytes=32 time<1ms TTL=128 Reply from 192.168.1.3: bytes=32 time<1ms TTL=128 Reply from 192.168.1.3: bytes=32 time<1ms TTL=128 Ping statistics for 192.168.1.3:...
Page 829: Mac Authentication Overview
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 3 MAC Authentication Configuration Chapter 3 MAC Authentication Configuration When configuring MAC authentication, go to these sections for information you are interested in: MAC Authentication Overview Related Concepts...
Page 830: Related Concepts
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 3 MAC Authentication Configuration If the authentication succeeds, the user will be granted permission to access the network resources. 3.1.2 Local MAC Authentication In local MAC authentication, the device performs authentication of users locally and...
Page 831: Configuring Mac Authentication
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 3 MAC Authentication Configuration Caution: If the quiet MAC is the same as the static MAC configured or an authentication-passed MAC, then the quiet function is not effective.
Page 832 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 3 MAC Authentication Configuration Caution: For local authentication: The type of username and password of a local user must be consistent with that used for MAC authentication.
Page 833: Displaying And Maintaining Mac Authentication
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 3 MAC Authentication Configuration To do… Use the command… Remarks mac-authentication Optional user-name-format By default, the user’s { fixed [ account name ] Configure the username source MAC address...
Page 834 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 3 MAC Authentication Configuration A local user uses aaa as the username and 123456 as the password for authentication. Set the offline detect timer to 180 seconds and the quiet timer to 3 minutes.
Page 835: Radius-Based Mac Authentication Configuration Example
Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 3 MAC Authentication Configuration User name format is fixed account Fixed username:aaa Fixed password:123456 Offline detect period is 180s Quiet period is 60s. Server response timeout value is 100s...
Page 836 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 3 MAC Authentication Configuration # Configure a RADIUS scheme. <Sysname> system-view [Sysname] radius scheme 2000 [Sysname-radius-2000] primary authentication 10.1.1.1 1812 [Sysname-radius-2000] primary accounting 10.1.1.2 1813 [Sysname-radius-2000] key authentication abc...
Page 837 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 3 MAC Authentication Configuration Silent Mac User info: MAC ADDR From Port Port Index GigabitEthernet2/0/1 is link-up MAC address authentication is Enabled Authenticate success: 1, failed: 0...
Page 838 Operation Manual – 802.1x - MAC Authentication H3C S7500E Series Ethernet Switches Chapter 3 MAC Authentication Configuration [Sysname-radius-2000] key accounting abc [Sysname-radius-2000] user-name-format without-domain [Sysname-radius-2000] quit # Create an ISP domain and specify the AAA schemes. [Sysname] domain 2000 [Sysname-isp-2000] authentication default radius-scheme 2000...
Page 839 Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 AAA/RADIUS/HWTACACS Configuration ..............1-1 1.1 AAA/RADIUS/HWTACACS Overview ................1-1 1.1.1 Introduction to AAA ....................1-1 1.1.2 Introduction to RADIUS................... 1-3 1.1.3 Introduction to HWTACACS..................1-9 1.1.4 Protocols and Standards..................
Page 840 Operation Manual – AAA RADIUS HWTACACS H3C S7500E Series Ethernet Switches Table of Contents 1.6.2 Displaying and Maintaining RADIUS..............1-38 1.6.3 Displaying and Maintaining HWTACACS ............. 1-38 1.7 AAA/RADIUS/HWTACACS Configuration Examples ............1-39 1.7.1 AAA for Telnet Users by a HWTACACS Server ........... 1-39 1.7.2 AAA for Telnet Users by Separate Servers ............
Page 841 Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration Chapter 1 AAA/RADIUS/HWTACACS Configuration When configuring AAA/RADIUS/HWTACACS, go to these sections for information you are interested in: AAA/RADIUS/HWTACACS Overview AAA/RADIUS/HWTACACS Configuration Task List Configuring AAA...
Page 842 Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration Internet User RADIUS server HWTACACS server Figure 1-1 AAA networking diagram When a user tries to establish a connection to the NAS and obtain the rights to access other networks or some network resources, the NAS authenticates the user or the corresponding connection.
Page 843: Introduction To Radius
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration AAA can be implemented through multiple protocols. Currently, the device supports using RADIUS and HWTACACS for AAA, and RADIUS is often used in practice. 1.1.2 Introduction to RADIUS Remote Authentication Dial-In User Service (RADIUS) is a distributed information interaction protocol in the client/server model.
Page 844 Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration II. Security authentication mechanism Information exchanged between the RADIUS client and the RADIUS server is authenticated with a shared key, which is never transmitted over the network, thus enhancing the security of information exchange.
Page 845 Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration The RADIUS server authenticates the username and password. If the authentication succeeds, it sends back an Access-Accept message containing the information of user’s right. If the authentication fails, it returns an Access-Reject message.
Page 846 Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration Table 1-1 Main values of the Code field Code Packet type Description From the client to the server. A packet of this type carries user information for the server to authenticate the user.
Page 847 Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration Value: Value of the attribute, up to 253 bytes. Its format and content depend on the Type and Length fields. Table 1-2 RADIUS attributes Attribute type...
Page 848 Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration Attribute type Attribute type Called-Station-Id Connect-Info Calling-Station-Id Configuration-Token NAS-Identifier EAP-Message Proxy-State Message-Authenticator Login-LAT-Service Tunnel-Private-Group-id Login-LAT-Node Tunnel-Assignment-id Login-LAT-Group Tunnel-Preference Framed-AppleTalk-Link ARAP-Challenge-Response Framed-AppleTalk-Network Acct-Interim-Interval Framed-AppleTalk-Zone Acct-Tunnel-Packets-Lost Acct-Status-Type...
Page 849: Introduction To Hwtacacs
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration Figure 1-5 Segment of a RADIUS packet containing an extended attribute 1.1.3 Introduction to HWTACACS Huawei Terminal Access Controller Access Control System (HWTACACS) is an enhanced security protocol based on TACACS (RFC 1492).
Page 850 Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration II. Basic message exchange process of HWTACACS The following takes Telnet user as an example to describe how HWTACACS performs user authentication, authorization, and accounting.
Page 851 Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration Upon receiving the request, the HWTACACS client asks the user for the username. The user enters the username. After receiving the username from the user, the HWTACACS client sends to the server a continue-authentication packet carrying the username.
Page 852: Aaa/Radius/Hwtacacs Configuration Task List
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration 1.2 AAA/RADIUS/HWTACACS Configuration Task List I. AAA configuration task list Task Remarks Creating an ISP Domain Required Configuring ISP Domain Attributes Optional Required For local authentication, refer to Configuring Local User Attributes.
Page 853: Configuring Aaa
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration Task Remarks Specifying Security Policy Servers Optional Enabling the Listening Port of the RADIUS Client Optional III. HWTACACS configuration task list Task Remarks Creating a HWTACAS scheme...
Page 854: Creating An Isp Domain
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration 1.3.2 Creating an ISP Domain For the NAS, each accessing user belongs to an ISP domain. Up to 16 ISP domains can be configured on a NAS. If a user does not provide the ISP domain name, the system considers that the user belongs to the default ISP domain.
Page 855: Configuring An Aaa Authentication Scheme For An Isp Domain
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration To do… Use the command… Remarks Specify the maximum access-limit { disable | Optional number of users in the enable No limit by default ISP domain...
Page 856 Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration To do… Use the command… Remarks Enter system view — system-view Create an ISP domain and enter ISP domain Required domain isp-name view authentication default...
Page 857: Configuring An Aaa Authorization Scheme For An Isp Domain
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration 1.3.5 Configuring an AAA Authorization Scheme for an ISP Domain In AAA, authorization is a separate process at the same level as authentication and accounting. Its responsibility is to send authorization requests to the specified authorization server and to send authorization information to users authorized.
Page 858: Configuring An Aaa Accounting Scheme For An Isp Domain
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration To do… Use the command… Remarks authorization Optional Specify the authorization lan-access { local | none The default authorization scheme for LAN access | radius-scheme...
Page 859 Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration specified accounting server. Accounting is not required, and therefore accounting scheme configuration is optional. If you do not perform any accounting configuration, the system-default domain uses the local accounting scheme.
Page 860: Configuring Local User Attributes
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration Note: With the accounting optional command configured, a user that will be disconnected otherwise can use the network resources even when there is no available accounting server or the communication with the current accounting server fails.
Page 861 Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration To do… Use the command… Remarks Optional When created, a local Place the local user to the user is in the state of state { active | block }...
Page 862: Tearing Down User Connections Forcibly
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration Note: With the local-user password-display-mode cipher-force command configured, a local user password is always displayed in cipher text, regardless of the configuration of the password command. In this case, if you use the save...
Page 863: Configuring Radius
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration To do… Use the command… Remarks Enter system view — system-view Required cut connection { access-type { dot1x | mac-authentication | portal } | all |...
Page 864: Specifying The Radius Authentication/Authorization Servers
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration 1.4.2 Specifying the RADIUS Authentication/Authorization Servers Follow these steps to specify the RADIUS authentication/authorization servers: To do… Use the command… Remarks Enter system view —...
Page 865 Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration To do… Use the command… Remarks Specify the primary Required primary accounting RADIUS accounting Use either approach ip-address [ port-number ] server By default, neither the...
Page 866: Setting The Shared Key For Radius Packets
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration 1.4.4 Setting the Shared Key for RADIUS Packets The RADIUS client and RADIUS server use the MD5 algorithm to encrypt packets exchanged between them and a shared key to verify the packets. Only when the same key is used can they properly receive the packets and make responses.
Page 867: Setting The Supported Radius Server Type
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration Note: The maximum number of retransmission attempts of RADIUS packets multiplied by the RADIUS server response timeout period cannot be greater than 75. Refer to the timer response-timeout command in the command manual for configuring RADIUS server response timeout period.
Page 868: Configuring Attributes Related To The Data Sent To The Radius Server
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration If the secondary server fails, the device restores the status of the primary server to active immediately. If the primary server has resumed, the device turns to use the primary server and stops communicating with the secondary server.
Page 869 Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration To do… Use the command… Remarks Enter system view — system-view radius trap { accounting-server-do Optional Enable the RADIUS trap wn | function Disabled by default...
Page 870: Setting Timers Regarding Radius Servers
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration Note: Some earlier RADIUS servers cannot recognize usernames that contain an ISP domain name, therefore before sending a username including a domain name to such a RADIUS server, the device must remove the domain name. This command is thus provided for you to decide whether to include a domain name in a username to be sent to a RADIUS server.
Page 871: Specifying Security Policy Servers
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration To do… Use the command… Remarks Enter system view — system-view Create a RADIUS scheme Required radius scheme and enter RADIUS Not defined by default...
Page 872: Configuring Hwtacacs
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration Note: If more than one interface of the device is enabled with Portal, the interfaces may use different security policy servers. You can specify up to eight security policy servers for a RADIUS scheme.
Page 873: Specifying The Hwtacacs Authentication Servers
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration 1.5.2 Specifying the HWTACACS Authentication Servers Follow these steps to specify the HWTACACS authentication servers: To do… Use the command… Remarks Enter system view —...
Page 874: Specifying The Hwtacacs Accounting Servers
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration Note: It is recommended to specify only the primary HWTACACS authorization server if backup is not required. The IP addresses of the primary and secondary authorization servers cannot be the same.
Page 875: Setting The Shared Key For Hwtacacs Packets
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration Note: It is recommended to specify only the primary HWTACACS accounting server if backup is not required. The IP addresses of the primary and secondary accounting servers cannot be the same.
Page 876: Setting Timers Regarding Hwtacacs Servers
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration To do… Use the command… Remarks Optional Specify the format of the user-name-format By default, the ISP username to be sent to a { with-domain |...
Page 877: Displaying And Maintaining Aaa/Radius/Hwtacacs
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration To do… Use the command… Remarks Optional Set the quiet timer for the timer quiet minutes primary server 5 minutes by default timer Optional Set the real-time...
Page 878: Displaying And Maintaining Radius
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration 1.6.2 Displaying and Maintaining RADIUS To do… Use the command… Remarks Display the configuration display radius scheme information of a specified Available in any [ radius-scheme-name ] [ slot...
Page 879: Aaa/Radius/Hwtacacs Configuration Examples
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration 1.7 AAA/RADIUS/HWTACACS Configuration Examples 1.7.1 AAA for Telnet Users by a HWTACACS Server I. Network requirements As shown in Figure 1-7, configure the switch to use the HWTACACS server to provide authentication, authorization, and accounting services to login users.
Page 880: Aaa For Telnet Users By Separate Servers
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration [Switch-hwtacacs-hwtac] primary authorization 10.1.1.1 49 [Switch-hwtacacs-hwtac] primary accounting 10.1.1.1 49 [Switch-hwtacacs-hwtac] key authentication expert [Switch-hwtacacs-hwtac] key authorization expert [Switch-hwtacacs-hwtac] key accounting expert [Switch-hwtacacs-hwtac] user-name-format without-domain [Switch-hwtacacs-hwtac] quit # Apply the AAA schemes to the domain.
Page 881 Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration Note: Configuration of separate AAA for other types of users is similar to that given in this example. The only difference lies in the access type.
Page 882: Troubleshooting Aaa/Radius/Hwtacacs
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration [Switch-radius-rd] quit # Create local user named telnet. [Switch] local-user hello [Switch-luser-hello] service-type telnet [Switch-luser-hello] password simple hello [Switch-luser-hello] quit # Configure the AAA schemes of the ISP domain.
Page 883: Troubleshooting Hwtacacs
Operation Manual – AAA RADIUS HWTACACS Chapter 1 AAA/RADIUS/HWTACACS H3C S7500E Series Ethernet Switches Configuration Symptom2: RADIUS packets cannot reach the RADIUS server. Analysis: The communication link between the NAS and the RADIUS server is down (at the physical layer and data link layer).
Page 884 Operation Manual – Portal H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Portal Configuration ....................1-1 1.1 Portal Overview........................1-1 1.1.1 Introduction to Portal ....................1-1 1.1.2 Introduction to EAD-Supported Portal..............1-1 1.1.3 Portal System Components ..................1-2 1.1.4 Portal Authentication Modes ...................
Page 885: Portal Overview
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration Chapter 1 Portal Configuration When configuring portal, go to these sections for information you are interested in: Portal Overview Portal Configuration Task List Displaying and Maintaining Portal...
Page 886: Portal System Components
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration Security authentication mechanism: The security authentication mechanism works after the identity authentication process to check that the required anti-virus software, virus definition updates and OS patches are installed, and no unauthorized software is installed on the terminal of a user.
Page 887 Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration During authentication, interacting with portal server, authentication/accounting server, and the security policy server for identity authentication, security authentication and accounting. After authentication, allowing users to access the authorized Internet resources.
Page 888: Portal Authentication Modes
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration Caution: Because a portal client uses an IP address as its ID, ensure that there is no Network Address Translation (NAT) device between the authentication client, access device, portal server, and authentication/accounting server when deploying portal authentication.
Page 889: Portal Authentication Process
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration From this point of view, the difference between these two authentication modes lies in whether or not a Layer 3 forwarding device can be present between the authentication client and the access device.
Page 890 Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration the portal server or predefined free websites to pass, but redirects those destined for other websites to the portal server. The portal server provides a web page for the user to enter the username and password.
Page 891: Basic Portal Configuration
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration For portal authentication, the re-DHCP authentication process is as follows: Step 1 through step 6 are the same as those in the direct authentication/Layer 3 portal authentication process.
Page 892 Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration The portal-enabled interfaces of the access device are configured with valid IP addresses or have obtained valid IP addresses through DHCP. The portal server and the RADIUS server have been installed and configured properly.
Page 893: Configuring A Portal-Free Rule
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration Caution: The destination port number that the device uses for sending packets to the portal server unsolicitedly must be the same as that the remote portal server actually uses.
Page 894: Logging Out Users
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration Note: If you specify both a VLAN and an interface in a portal-free rule, the interface must belong to the VLAN. You cannot configure two or more portal-free rules with the same filtering conditions.
Page 895: Displaying And Maintaining Portal
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration To do… Use the command… Remarks Enter system view — system-view portal delete-user { ip-address | all | Log out users Required interface interface-type interface-number } 1.7 Displaying and Maintaining Portal To do…...
Page 896: Portal Configuration Examples
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration 1.8 Portal Configuration Examples 1.8.1 Example for Configuring Direct Portal Authentication I. Network requirements The switch is configured for direct authentication. Before portal authentication, users can access only the portal server. After passing portal authentication, they can access external networks.
Page 897: Radius Server
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration [Switch-radius-rs1] primary accounting 192.168.0.112 [Switch-radius-rs1] key authentication radius [Switch-radius-rs1] key accounting radius # Specify that the ISP domain name should not be included in the username sent to the RADIUS server.
Page 898: Example For Configuring Re-Dhcp Portal Authentication
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration 1.8.2 Example for Configuring Re-DHCP Portal Authentication I. Network requirements The switch is configured for re-DHCP authentication. Users obtain IP addresses through the DHCP server. Before portal authentication, they get private IP addresses.
Page 899 Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration III. Configuration procedure Note: For re-DHCP authentication, you need to configure a public address pool (20.20.20.0/24, in this example) and a private address pool (10.0.0.0/24, in this example) on the DHCP server.
Page 900: Example For Configuring Layer 3 Portal Authentication
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration [Switch–Vlan-interface100] portal server newpt method redhcp [Switch–Vlan-interface100] quit # Configure the IP address of the interface connected with the portal server. [Switch] interface vlan-interface 2 [Switch–Vlan-interface2] ip address 192.168.0.100 255.255.255.0 [Switch–Vlan-interface2] quit...
Page 901: Example For Configuring Direct Ead-Supported Portal Authentication
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration # Configure the portal server as follows: Name: newpt IP address: 192.168.0.111 Key: portal Port number: 50100 URL: http://192.168.0.111/portal. <SwitchA> system-view [SwitchA] portal server newpt ip 192.168.0.111 key portal port 50100 url http://192.168.0.111/portal...
Page 902 Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration II. Network diagram Portal server 192.168.0.111/24 Vlan-int100 Vlan-int2 2.2.2.1/24 192.168.0.100/24 RADIUS server Host Switch 192.168.0.112/24 2.2.2.2/24 Gateway : 2.2.2.1/24 Security policy server 192.168.0.113/24 Figure 1-7 Configure direct EAD-supported portal authentication III.
Page 903 Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration Configure an authentication domain # Create an ISP domain named dm1 and enter its view. [Switch] domain dm1 # Configure the ISP domain to use RADIUS scheme rs1.
Page 904: Troubleshooting Portal
Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration [Switch] quit # Configure the IP address of the interface connected with the portal server. [Switch] interface vlan-interface 2 [Switch–Vlan-interface2] ip address 192.168.0.100 255.255.255.0 1.9 Troubleshooting Portal 1.9.1 Inconsistent Keys on the Access Device and the Portal Server...
Page 905 Operation Manual – Portal H3C S7500E Series Ethernet Switches Chapter 1 Portal Configuration When the user uses the disconnect attribute on the client to log out, the portal server actively sends a REQ_LOGOUT message to the access device. The source port is...
Page 906 Operation Manual – ARP H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ARP Configuration....................... 1-1 1.1 ARP Overview........................1-1 1.1.1 ARP Function ......................1-1 1.1.2 ARP Message Format..................... 1-2 1.1.3 ARP Address Resolution Process................1-2 1.1.4 ARP Mapping Table ....................
Page 907: Chapter 1 Arp Configuration
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 1 ARP Configuration Chapter 1 ARP Configuration When configuring ARP, go to these sections for information you are interested in: ARP Overview Configuring ARP Configuring Gratuitous ARP Configuring ARP Source Suppression...
Page 908: Arp Message Format
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 1 ARP Configuration 1.1.2 ARP Message Format Figure 1-1 ARP message format The following explains the fields in Figure 1-1. Hardware type: This field specifies the hardware address type. The value “1”...
Page 909: Arp Mapping Table
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 1 ARP Configuration If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request, in which the source IP address and source MAC address are...
Page 910: Configuring Arp
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 1 ARP Configuration A dynamic entry is automatically created and maintained by ARP. It can get aged, be updated by a new ARP packet, or be overwritten by a static ARP entry. When the aging timer expires or the port goes down, the corresponding dynamic ARP entry will be removed.
Page 911: Setting Aging Time For Dynamic Arp Entries
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 1 ARP Configuration To do… Use the command… Remarks Required Configure a No non-permanent static arp static ip-address non-permanent static ARP entry is configured mac-address ARP entry by default. Caution: The vlan-id argument must be the ID of an existing VLAN which corresponds to the ARP entries.
Page 912: Enabling The Support For Arp Requests From A Natural Network
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 1 ARP Configuration 1.2.4 Enabling the Support for ARP Requests from a Natural Network When learning MAC addresses, if the device finds that the source IP address of an ARP packet and the IP address of the inbound interface are not on the same subnet, the device will further judge whether these two IP addresses are on the same natural network.
Page 913: Configuring Gratuitous Arp
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 1 ARP Configuration [Sysname-vlan-interface10] quit [Sysname] arp static 192.168.1.1 000f-e201-0000 10 gigabitethernet2/0/10 1.3 Configuring Gratuitous ARP 1.3.1 Introduction to Gratuitous ARP A gratuitous ARP packet is a special ARP packet, in which the source IP address and...
Page 914: Configuring Arp Defense Against Ip Packet Attack
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 1 ARP Configuration The device sends large amounts of ARP request messages to the destination subnet, which increases the load of the destination subnet. The device continuously resolves destination IP addresses, which increase the load of the CPU.
Page 915: Displaying And Maintaining Arp
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 1 ARP Configuration above process. This protects the device against the IP packet attack efficiently, reducing the load of the CPU. 1.5.2 Enabling ARP Defense Against IP Packet Attack The ARP defense against IP packet attack function works for forwarded packets and those originated by the device.
Page 916: Chapter 2 Proxy Arp Configuration
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 2 Proxy ARP Configuration Chapter 2 Proxy ARP Configuration When configuring proxy ARP, go to these sections for information you are interested in: Proxy ARP Overview Enabling Proxy ARP Displaying and Maintaining Proxy ARP 2.1 Proxy ARP Overview...
Page 917: Displaying And Maintaining Proxy Arp
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 2 Proxy ARP Configuration 2.3 Displaying and Maintaining Proxy ARP To do… Use the command… Remarks Display whether proxy display proxy-arp [ interface Available in any view ARP is enabled...
Page 918: Local Proxy Arp Configuration Example In Case Of Port Isolation
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 2 Proxy ARP Configuration [Switch] vlan 2 [Switch-vlan2] quit [Switch] interface vlan-interface 1 [Switch-Vlan-interface1] ip address 192.168.10.99 255.255.255.0 [Switch-Vlan-interface1] proxy-arp enable [Switch-Vlan-interface1] quit [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0...
Page 919: Local Proxy Arp Configuration Example In Isolate-User-Vlan
Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 2 Proxy ARP Configuration [SwitchB-vlan2] port gigabitethernet 2/0/1 [SwitchB-vlan2] port gigabitethernet 2/0/2 [SwitchB-vlan2] port gigabitethernet 2/0/3 [SwitchB-vlan2] quit [SwitchB] interface gigabitethernet 2/0/2 [SwitchB-GigabitEthernet2/0/2] port-isolate enable [SwitchB-GigabitEthernet2/0/2] quit [SwitchB] interface gigabitethernet 2/0/3...
Page 920 Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 2 Proxy ARP Configuration II. Network diagram Figure 2-3 Network diagram for local proxy ARP configuration in isolate-user-vlan III. Configuration procedure Configure the Switch B # Create VLAN 2, VLAN 3, and VLAN 5 on Switch B. Add GigabitEthernet2/0/2 to VLAN 2, GigabitEthernet 2/0/3 to VLAN 3, and GigabitEthernet 2/0/1 to VLAN 5.
Page 921 Operation Manual – ARP H3C S7500E Series Ethernet Switches Chapter 2 Proxy ARP Configuration [SwitchA-Vlan-interface5] ip address 192.168.10.100 255.255.0.0 Ping Host B on Host A to verify that the two hosts are not reachable to each other, which indicates they are isolated at Layer 2.
Page 922 Operation Manual – DHCP H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 DHCP Overview......................1-1 1.1 Introduction to DHCP......................1-1 1.2 DHCP Address Allocation....................1-2 1.2.1 Allocation Mechanisms ................... 1-2 1.2.2 Dynamic IP Address Allocation Process..............1-2 1.2.3 IP Address Lease Extension ...................
Page 923 Operation Manual – DHCP H3C S7500E Series Ethernet Switches Table of Contents 2.8 Displaying and Maintaining the DHCP Server..............2-17 2.9 DHCP Server Configuration Examples................2-17 2.10 Troubleshooting DHCP Server Configuration..............2-19 Chapter 3 DHCP Relay Agent Configuration ................3-1 3.1 Introduction to DHCP Relay Agent ..................
Page 924: Introduction To Dhcp
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 1 DHCP Overview Chapter 1 DHCP Overview When configuring ARP, go to these sections for information you are interested in: Introduction to DHCP DHCP Address Allocation DHCP Message Format DHCP Options Protocols and Standards 1.1 Introduction to DHCP...
Page 925: Dhcp Address Allocation
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 1 DHCP Overview Note: When residing in a different subnet from the DHCP server, the DHCP client can get the IP address and other configuration parameters from the server via a DHCP relay agent.
Page 926: Ip Address Lease Extension
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 1 DHCP Overview If several DHCP servers send offers to the client, the client accepts the first received offer, and broadcasts it in a DHCP-REQUEST message to formally request the IP address.
Page 927 Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 1 DHCP Overview Figure 1-3 DHCP message format op: Message type defined in option field. 1 = REQUEST, 2 = REPLY htype,hlen: Hardware address type and length of a DHCP client.
Page 928: Dhcp Options
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 1 DHCP Overview 1.4 DHCP Options 1.4.1 DHCP Options Overview The DHCP message adopts the same format as the Bootstrap Protocol (BOOTP) message for compatibility, but differs from it in the option field, which identifies new features for DHCP.
Page 929 Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 1 DHCP Overview I. Relay agent option (Option 82) Option 82 is the relay agent option in the option field of the DHCP message. It records the location information of the DHCP client. When a DHCP relay agent receives a client’s request, it adds Option 82 to the request message and sends it to the server.
Page 930 Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 1 DHCP Overview Figure 1-7 Sub-option 1 in verbose padding format Note: In the above figure, except that the VLAN ID field has a fixed length of 2 bytes, all the other padding contents of sub-option 1 are length variable.
Page 931 Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 1 DHCP Overview 1.5 Protocols and Standards RFC2131: Dynamic Host Configuration Protocol RFC2132: DHCP Options and BOOTP Vendor Extensions RFC1542: Clarifications and Extensions for the Bootstrap Protocol RFC 3046: DHCP Relay Agent Information Option...
Page 932: Introduction To Dhcp Server
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration Chapter 2 DHCP Server Configuration When configuring the DHCP server, go to these sections for information you are interested in: Introduction to DHCP Server DHCP Server Configuration Task List...
Page 933: Dhcp Address Pool
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration 2.1.2 DHCP Address Pool I. Address pool structure In response to a client’s request, the DHCP server selects an idle IP address from an address pool and sends it together with other parameters such as lease and DNS server address to the client.
Page 934: Dhcp Server Configuration Task List
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration For example, two address pools are configured on the DHCP server. The ranges of IP addresses that can be dynamically assigned are 1.1.1.0/24 and 1.1.1.0/25 respectively.
Page 935: Enabling The Dhcp Server On An Interface
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration Follow these steps to enable DHCP: To do… Use the command… Remarks Enter system view — system-view Required Enable DHCP dhcp enable Disabled by default. 2.4 Enabling the DHCP Server on an Interface With the DHCP server enabled on an interface, upon receiving a client’s request, the...
Page 936: Configuring An Address Pool For The Dhcp Server
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration 2.5 Configuring an Address Pool for the DHCP Server 2.5.1 Configuration Task List Complete the following tasks to configure an address pool: Task Remarks Creating a DHCP Address Pool...
Page 937: Configuring An Address Allocation Mode
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration 2.5.3 Configuring an Address Allocation Mode Caution: You can configure either the static binding or dynamic address allocation for an address pool as needed. It is required to specify an address range for the dynamic address allocation. A static binding is a special address pool containing only one IP address.
Page 938 Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration Note: Use the static-bind ip-address command together with static-bind mac-address or static-bind client-identifier command to accomplish a static binding configuration. In a DHCP address pool, if you execute the static-bind mac-address command before the static-bind client-identifier command, the latter will overwrite the former and vice versa.
Page 939: Configuring A Domain Name Suffix For The Client
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration To do… Use the command… Remarks Optional Except IP addresses of the dhcp server Exclude IP addresses DHCP server interfaces, all forbidden-ip from automatic allocation addresses in the DHCP...
Page 940: Configuring Wins Servers And Netbios Node Type For The Client
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration To do… Use the command… Remarks Enter system view — system-view Enter DHCP address dhcp server ip-pool — pool view pool-name Required Specify DNS servers for dns-list ip-address&<1-8>...
Page 941: Configuring The Bims Server Information For The Client
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration To do… Use the command… Remarks netbios-type { b-node | Required Specify the NetBIOS node h-node | m-node | type Not specified by default. p-node } Note: If b-node is specified for the client, you need to specify no WINS server address.
Page 942: Configuring Option 184 Parameters For The Client With Voice Service
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration To do… Use the command… Remarks Required gateway-list Specify gateways No gateway is specified ip-address&<1-8> by default. 2.5.9 Configuring Option 184 Parameters for the Client with Voice Service To assign voice calling parameters along with an IP address to DHCP clients with voice service, you need to configure Option 184 on the DHCP server.
Page 943: Configuring The Tftp Server And Bootfile Name For The Client
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration 2.5.10 Configuring the TFTP Server and Bootfile Name for the Client This task is to specify the IP address and name of a TFTP server and the bootfile name in the DHCP address pool.
Page 944: Configuring Self-Defined Dhcp Options
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration To do… Use the command… Remarks Optional Specify the bootfile bootfile-name name Not specified by default. bootfile-name 2.5.11 Configuring Self-Defined DHCP Options By configuring self-defined DHCP options, you can Define new DHCP options.
Page 945: Configuring The Dhcp Server Security Functions
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration Corresponding Command Option Option name command parameter Renewal (T1) Time expired Value Rebinding (T2) Time expired Value TFTP server name tftp-server ascii Bootfile name bootfile-name ascii Vendor Specific —...
Page 946: Configuring Ip Address Conflict Detection
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration To do… Use the command… Remarks Enter system view — system-view Required Enable unauthorized dhcp server detect DHCP server detection Disabled by default. Note: With the unauthorized DHCP server detection enabled, the device puts a record once for each DHCP server.
Page 947 Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration If the server is configured to ignore Option 82, it will assign an IP address to the client without adding Option 82 in the response message.
Page 948: Displaying And Maintaining The Dhcp Server
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration 2.8 Displaying and Maintaining the DHCP Server To do… Use the command… Remarks Display information about IP display dhcp server conflict { all | address conflicts...
Page 949 Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration The DHCP server configuration for the two types is the same. I. Network requirements The DHCP server (Switch A) assigns IP address to clients in subnet 10.1.1.0/24, which is subnetted into 10.1.1.0/25 and 10.1.1.128/25.
Page 950: Troubleshooting Dhcp Server Configuration
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration Configure the DHCP server # Enable DHCP. <SwitchA> system-view [SwitchA] dhcp enable # Exclude IP addresses (addresses of the DNS server, WINS server and gateways). [SwitchA] dhcp server forbidden-ip 10.1.1.2 [SwitchA] dhcp server forbidden-ip 10.1.1.4...
Page 951 Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 2 DHCP Server Configuration III. Solution Disconnect the client’s network cable and ping the client’s IP address on another host with a long timeout time to check whether there is a host using the same IP address.
Page 952: Introduction To Dhcp Relay Agent
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration Chapter 3 DHCP Relay Agent Configuration When configuring the DHCP relay agent, go to these sections for information you are interested in: Introduction to DHCP Relay Agent...
Page 953: Dhcp Relay Agent Support For Option
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration DHCP client DHCP client IP network DHCP relay agent DHCP client DHCP client DHCP server Figure 3-1 DHCP relay agent application No matter whether a relay agent exists or not, the DHCP server and client interact with...
Page 954: Configuring The Dhcp Relay Agent
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration If the DHCP relay agent supports Option 82, it will handle a client’s request according to the contents defined in Option 82, if any. The handling strategies are described in the table below.
Page 955: Enabling The Dhcp Relay Agent On An Interface
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration Follow these steps to enable DHCP: To do… Use the command… Remarks Enter system view — system-view Required Enable DHCP dhcp enable Disabled by default.
Page 956: Configuring The Dhcp Relay Agent To Send A Dhcp-Release Request
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration To do… Use the command… Remarks Enter system view — system-view Create a DHCP server Required dhcp relay server-group group and add a server Not created by default.
Page 957: Configuring The Dhcp Relay Agent Security Functions
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration To do… Use the command… Remarks Enter system view — system-view Configure the DHCP relay agent to dhcp relay release ip Required send a DHCP-RELEASE request client-ip 3.3.5 Configuring the DHCP Relay Agent Security Functions...
Page 958 Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration Note: The dhcp relay address-check enable command is independent of other commands of the DHCP relay agent. That is, the invalid address check takes effect when this command is executed, regardless of whether other commands are used.
Page 959: Configuring The Dhcp Relay Agent To Support Option
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration III. Enabling unauthorized DHCP servers detection There are unauthorized DHCP servers on networks, which reply DHCP clients with wrong IP addresses. With this feature enabled, upon receiving a DHCP message with the siaddr field (IP...
Page 960: Displaying And Maintaining Dhcp Relay Agent Configuration
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration To do… Use the command… Remarks Required Enable the relay agent dhcp relay information enable to support Option 82 Disabled by default. Configure the Optional...
Page 961: Dhcp Relay Agent Configuration Example
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration To do… Use the command… Remarks Display information about display dhcp relay the configuration of a server-group { group-id | Available in any view specified or all DHCP server...
Page 962: Troubleshooting Dhcp Relay Agent Configuration
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 3 DHCP Relay Agent Configuration [SwitchA-Vlan-interface1] dhcp select relay [SwitchA-Vlan-interface1] quit # Configure DHCP server group 1 with the DHCP server 10.1.1.1, and correlate the DHCP server group 1 with VLAN-interface 1.
Page 963: Introduction To Dhcp Client
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 4 DHCP Client Configuration Chapter 4 DHCP Client Configuration When configuring the DHCP client, go to these sections for information you are interested in: Introduction to DHCP Client Enabling the DHCP Client on an Interface...
Page 964: Displaying And Maintaining The Dhcp Client
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 4 DHCP Client Configuration Note: An interface can be configured to acquire an IP address in multiple ways, but these ways are exclusive. The latest configuration will overwrite the previous configuration.
Page 965 Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 4 DHCP Client Configuration Note: To implement the DHCP client-server model, you need to perform related configuration on the DHCP server. For details, refer to DHCP Server Configuration Examples.
Page 966: Dhcp Snooping Overview
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 5 DHCP Snooping Configuration Chapter 5 DHCP Snooping Configuration When configuring DHCP snooping, go to these sections for information you are interested in: DHCP Snooping Overview Configuring DHCP Snooping Basic Functions...
Page 967: Application Environment Of Trusted Ports
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 5 DHCP Snooping Configuration II. Ensuring DHCP clients to obtain IP addresses from valid DHCP servers If there is an unauthorized DHCP server on a network, the DHCP clients may obtain invalid IP addresses.
Page 968: Dhcp Snooping Support For Option
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 5 DHCP Snooping Configuration ports, GE2/0/3 on Switch A, GE2/0/1 on Switch B, GE2/0/3 and GE2/0/4 on Switch C, which are not directly connected to DHCP clients, from recording client’s IP-to-MAC bindings.
Page 969: Configuring Dhcp Snooping Basic Functions
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 5 DHCP Snooping Configuration If a client’s Handling Padding requesting The DHCP snooping device will… strategy format message has… Drop Random Drop the message. Forward the message without Keep Random changing Option 82.
Page 970: Configuring Dhcp Snooping To Support Option
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 5 DHCP Snooping Configuration Note: You need to specify the ports connected to the valid DHCP servers as trusted to ensure that DHCP clients can obtain valid IP addresses. The trusted port and the port connected to the DHCP client must be in the same VLAN.
Page 971: Displaying And Maintaining Dhcp Snooping
Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 5 DHCP Snooping Configuration Note: To support Option 82, it is required to perform related configuration on both the DHCP server and the device enabled with DHCP Snooping. Refer to...
Page 972 Operation Manual – DHCP H3C S7500E Series Ethernet Switches Chapter 5 DHCP Snooping Configuration II. Network diagram Figure 5-3 Network diagram for DHCP snooping configuration III. Configuration procedure # Enable DHCP snooping. <SwitchB> system-view [SwitchB] dhcp-snooping # Specify GigabitEthernet 2/0/1 as trusted port.
Page 973 Operation Manual – ACL H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ACL Overview ......................1-1 1.1 Introduction to ACL ......................1-1 1.1.1 Introduction......................1-1 1.1.2 Application of ACLs on the Switch ................1-1 1.2 Introduction to IPv4 ACL....................1-2 1.2.1 IPv4 ACL Classification...................
Page 974 Operation Manual – ACL H3C S7500E Series Ethernet Switches Table of Contents 2.7 IPv4 ACL Configuration Example ..................2-9 2.7.1 Network Requirements.................... 2-9 2.7.2 Network Diagram....................2-10 2.7.3 Configuration Procedure ..................2-10 Chapter 3 IPv6 ACL Configuration ....................3-1 3.1 Creating a Time Range...................... 3-1 3.2 Configuring a Basic IPv6 ACL ...................
Page 975: Introduction To Acl
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 1 ACL Overview Chapter 1 ACL Overview In order to filter traffic, network devices use sets of rules, called access control lists (ACLs), to identify and handle packets. When configuring ACLs, go to these chapters for information you are interested in:...
Page 976: Introduction To Ipv4 Acl
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 1 ACL Overview Software-based application: An ACL is referenced by a piece of upper layer software. For example, an ACL can be referenced to configure login user control behavior, thus controlling Telnet, SNMP and Web users. Note that when an ACL is reference by the upper layer software, actions to be taken on packets matching the ACL depend on those defined by the ACL rules.
Page 977: Ipv4 Acl Naming
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 1 ACL Overview 1.2.2 IPv4 ACL Naming When creating an IPv4 ACL, you can specify a unique name for it. Afterwards, you can identify the ACL by its name. An IPv4 ACL can have only one name. Whether to specify a name for an ACL is up to you.
Page 978: Ipv4 Acl Step
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 1 ACL Overview If two rules are present with VPN instances, look at the protocol range in addition. Then compare packets against the rule with the protocol carried on IP specified prior to the other.
Page 979: Introduction To Ipv6 Acl
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 1 ACL Overview II. Benefits of using the step With the step and rule numbering/renumbering mechanism, you do not need to assign rules numbers when defining them. The system will assign a newly defined rule a number that is the smallest multiple of the step bigger than the currently biggest number.
Page 980: Ipv6 Acl Naming
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 1 ACL Overview Table 1-2 IPv6 ACL categories Category ACL number Matching criteria Basic IPv6 ACL 2000 to 2999 Source IPv6 address Source IPv6 address, destination IPv6 address, Advanced IPv6 ACL...
Page 981: Ipv6 Acl Step
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 1 ACL Overview II. Depth-first match for an advanced IPv6 ACL The following shows how your switch performs depth-first match in an advanced IPv6 ACL: Sort rules by protocol range first, and compare packets against the rule with the protocol carried on IPv6 specified prior to other rules.
Page 982: Chapter 2 Ipv4 Acl Configuration
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration Chapter 2 IPv4 ACL Configuration When configuring an IPv4 ACL, go to these sections for information you are interested Creating a Time Range Configuring a Basic IPv4 ACL...
Page 983: Configuring A Basic Ipv4 Acl
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration may use the time-range test from 00:00 01/01/2004 to 23:59 12/31/2004 command. Compound time range created using the time-range time-name start-time to end-time days { from time1 date1 [ to time2 date2 ] | to time2 date2 } command. A time range thus created recurs on the day or days of the week only within the specified period.
Page 984 Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration 2.2.1 Configuration Prerequisites If you want to reference a time range to a rule, define it with the time-range command first. 2.2.2 Configuration Procedure Follow these steps to configure a basic IPv4 ACL: To do…...
Page 985: Configuring An Advanced Ipv4 Acl
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration Caution: You can modify the match order of an ACL with the acl number acl-number [ name acl-name ] match-order { auto | config } command but only when it does not contain any rules.
Page 986 Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration To do… Use the command… Remarks Enter system view –– system-view Required The default match order is config. acl number acl-number Create and enter If you specify a name for an...
Page 987: Configuring An Ethernet Frame Header Acl
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration Caution: You can modify the match order of an ACL with the acl number acl-number [ name acl-name ] match-order { auto | config } command but only when it does not contain any rules.
Page 988 Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration To do… Use the command… Remarks Enter system view –– system-view Required The default match order is config. acl number acl-number Create and enter If you specify a name for an...
Page 989: Copying An Ipv4 Acl
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration Caution: You can modify the match order of an ACL with the acl number acl-number [ name acl-name ] match-order { auto | config } command but only when it does not contain any rules.
Page 990: Displaying And Maintaining Ipv4 Acls
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration Caution: The source IPv4 ACL and the destination IPv4 ACL must be of the same type. The generated ACL does not take the name of the source IPv4 ACL.
Page 991: Network Diagram
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration 2.7.2 Network Diagram President`s office Salary query server 192.168.1.0/24 192.168.4.1 Eth2/0/1 Eth2/0/4 Eth2/0/2 Eth2/0/3 Switch R&D department Marketing department 192.168.2.0/24 192.168.3.0/24 Figure 2-1 Network diagram for IPv4 ACL configuration 2.7.3 Configuration Procedure...
Page 992 Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 2 IPv4 ACL Configuration # Configure traffic behavior b_rd to deny matching packets. [Switch] traffic behavior b_rd [Switch-behavior-b_rd] filter deny [Switch-behavior-b_rd] quit # Configure class c_market for packets matching IPv4 ACL 3001.
Page 993: Configuring A Basic Ipv6 Acl
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 3 IPv6 ACL Configuration Chapter 3 IPv6 ACL Configuration When configuring IPv6 ACLs, go to these sections for information you are interested in: Creating a Time Range Configuring a Basic IPv6 ACL...
Page 994 Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 3 IPv6 ACL Configuration To do… Use the command… Remarks Required rule [ rule-id ] { deny | permit } [ fragment | To create multiple rules, logging | source repeat this step.
Page 995: Configuring An Advanced Ipv6 Acl
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 3 IPv6 ACL Configuration [Sysname] acl ipv6 number 2000 [Sysname-acl6-basic-2000] rule permit source 2030:5060::9050/64 [Sysname-acl6-basic-2000] rule deny source fe80:5060::8050/96 # Verify the configuration. [Sysname-acl6-basic-2000] display acl ipv6 2000 Basic IPv6 ACL...
Page 996 Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 3 IPv6 ACL Configuration To do… Use the command… Remarks Required rule [ rule-id ] { deny | permit } To create multiple rules, protocol [ destination { dest repeat this step.
Page 997: Copying An Ipv6 Acl
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 3 IPv6 ACL Configuration 3.3.3 Configuration Examples # Create IPv6 ACL 3000 to permit the TCP packets with the source address 2030:5060::9050/64 to pass. <Sysname> system-view [Sysname] acl ipv6 number 3000 [Sysname-acl6-adv-3000] rule permit tcp source 2030:5060::9050/64 # Verify the configuration.
Page 998: Displaying And Maintaining Ipv6 Acls
Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 3 IPv6 ACL Configuration 3.5 Displaying and Maintaining IPv6 ACLs To do… Use the command… Remarks Display information about display acl ipv6 { acl6-number | Available in any a specified or all IPv6...
Page 999 Operation Manual – ACL H3C S7500E Series Ethernet Switches Chapter 3 IPv6 ACL Configuration # Configure class c_rd for packets matching IPv6 ACL 2000. [Switch] traffic classifier c_rd [Switch-classifier-c_rd] if-match acl ipv6 2000 [Switch-classifier-c_rd] quit # Configure traffic behavior b_rd to deny matching packets.
Page 1000 Operation Manual – QoS H3C S7500E Series Ethernet Switches Table of Contents Table of Contents Chapter 1 QoS Overview ......................1-1 1.1 Introduction ........................1-1 1.2 Traditional Packet Forwarding Service ................1-1 1.3 New Requirements Brought forth by New Services ............1-1 1.4 Occurrence and Influence of Congestion and the Countermeasures .......

This manual is also suitable for:

S7502e S7503e S7506e S7510e S7506e-v