Page 1 HUAWEI Quidway S5600 Series Ethernet Switches Operation Manual Release 1510 Huawei Technologies Proprietary...
Page 2 3116A051 Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. If you purchase the products from the sales agent of Huawei Technologies Co., Ltd., please contact our sales agent. If you purchase the products from Huawei Technologies Co., Ltd. directly, Please feel free to contact our local office, customer care center or company headquarters.
Page 3 Copyright © 2006 Huawei Technologies Co., Ltd. All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks , HUAWEI, C&C08, EAST8000, HONET,...
Page 4: Chapter 3 Product Overview
It is used for assisting the users in using various Switches Command Manual commands. Organization Quidway S5600 Series Ethernet Switches Operation Manual consists of the following parts: 0 Product Overview Introduces the characteristics and implementations of the Ethernet switch. 1 CLI Introduces the command hierarchy, command view and CLI features of the Ethernet switch.
Page 5 18 Multicast Introduces the configuration of GMRP, IGMP Snooping, IGMP, PIM-DM, PIM-SM, and MSDP. 19 802.1x Introduces 802.1x and the related configuration. 20 AAA&RADIUS&HWTACACS&EAD Introduces AAA, RADIUS, HWTACACS, EAD, and the related configurations. 21 VRRP Huawei Technologies Proprietary...
Page 6 34 SSH Terminal Service Introduces SSH2.0 and the related configuration. 35 File System Management Introduces basic configuration for file system management. 36 FTP and TFTP Introduces basic configuration for FTP and TFTP, and the applications. 37 Information Center Huawei Technologies Proprietary...
Page 7 Normal paragraphs are in Arial. Boldface Headings are in Boldface. Terminal Display is in Courier New. Courier New II. Command conventions Convention Description Boldface The keywords of a command line are in Boldface. italic Command arguments are in italic. Huawei Technologies Proprietary...
Page 8 V. Mouse operation Action Description Press and hold the primary mouse button (left mouse Select button by default). Select and release the primary mouse button without Click moving the pointer. Huawei Technologies Proprietary...
Page 9 Eye-catching symbols are also used in the manual to highlight the points worthy of special attention during the operation. They are defined as follows: Caution, Warning, Danger: Means reader be extremely careful during the operation. Note, Comment, Tip, Knowhow, Thought: Means a complementary description. Huawei Technologies Proprietary...
Page 10: Table Of Contents
Operation Manual – Overview Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Obtaining the Documentation ..................1-1 1.1 CD-ROM ..........................1-1 1.2 Huawei-3Com Website ...................... 1-1 1.3 Software Release Notes ....................1-2 Chapter 2 Documentation and Software Version............... 2-1 2.1 Software Version for the Manual ..................
Page 11: Chapter 1 Obtaining The Documentation
Huawei-3Com website Software release notes 1.1 CD-ROM Huawei-3Com delivers a CD-ROM together with each device. The CD-ROM contains a complete product document set, including the operation manual, command manual, installation manual, and compatibility manual. After installing the reader program provided by the CD-ROM, you can search for the desired contents in a convenient way through the reader interface.
Page 12: Software Release Notes
Operation Manual – Overview Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Obtaining the Documentation 1.3 Software Release Notes With software upgrade, new software features may be added. You can acquire the information about the newly added software features through software release notes.
Page 13: Chapter 2 Documentation And Software Version
Operation Manual – Overview Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Documentation and Software Version Chapter 2 Documentation and Software Version 2.1 Software Version for the Manual Quidway S5600 Series Ethernet Switches Operation Manual Release1510 and Quidway S5600 Series Ethernet Switches...
Page 14: Document List
Operation Manual – Overview Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Documentation and Software Version New features unique to Release1510 Related part Opening/closing Telnet TCP port 02 Login Operation 23 and SSH TCP port 22 Opening/closing HTTP TCP port...
Page 15: Preface
Chapter 3 Product Overview Chapter 3 Product Overview 3.1 Preface Quidway S5600 Series Ethernet Switches (hereinafter referred to as the S5600 series) provide multi-layer switching capabilities, and support rich Layer 3 features and enhanced growth capability. They are intelligent network-manageable switches designed for network environments that require high performance, high port density and easy-to-install characteristics.
Page 16: Software Features
Operation Manual – Overview Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Product Overview An S5600 series switch provides one 2-port Fabric interface and one expansion module slot on its rear panel. The available expansion modules you can select include: 8-port 1000 Mbps SFP module, 1-port 10G XENPAK module and 2-port 10G XFP module.
Page 17 Operation Manual – Overview Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Product Overview Part Features Device link detection protocol (DLDP) 13 DLDP Manually configuring dynamic, static, and black hole MAC addresses 14 MAC Address Table Configuring the aging time for MAC addresses...
Page 18 Operation Manual – Overview Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Product Overview Part Features Basic ACLs Advanced ACLs 25 ACL Layer 2 ACLs User-defined ACLs Quality of Service (QoS) QoS&QoS Profile QoS profile Traffic mirroring Port mirroring 27 Mirroring...
Page 19 Operation Manual – Overview Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Product Overview Part Features HWPing 40 HWPing Domain Name System (DNS) 41 DNS Huawei Technologies Proprietary...
Page 20: Chapter 4 Networking Applications
Operation Manual – Overview Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 Networking Applications Chapter 4 Networking Applications The S5600 series support flexible networking. They can be used as broadband access devices, as well as networking devices in enterprise networks. The following describes several typical networking methods for the S5600 series.
Page 21 Operation Manual – Overview Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 Networking Applications Core Core Aggregation Aggregation Access Access 6500 6500 5600 5600 3900 3900 Figure 4-2 Application in large-scaled/campus networks...
Page 22 Operation Manual - CLI Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 CLI Overview ........................ 1-1 1.1 Introduction to the CLI ....................... 1-1 1.2 Command Level/Command View ..................1-1 1.2.1 Switching between User Levels ................1-2 1.2.2 Configuring the Level of a Specific Command in a Specific View ......
Page 23: Chapter 1 Cli Overview
Operation Manual - CLI Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview Chapter 1 CLI Overview 1.1 Introduction to the CLI A Quidway series Ethernet switch provides a command line interface (CLI) and commands for you to configure and manage the Ethernet switch. The CLI is featured by the following: Commands are grouped by levels.
Page 24: Switching Between User Levels
Operation Manual - CLI Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview 1.2.1 Switching between User Levels A user can switch the user level from one to another by executing a related command after logging into a switch. The administrator can also set user level switching passwords as required.
Page 25: Configuring The Level Of A Specific Command In A Specific View
Operation Manual - CLI Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview 1.2.2 Configuring the Level of a Specific Command in a Specific View You can configure the level of a specific command in a specific view. Commands fall into four command levels: visit, monitor, system, and manage, which are identified as 0, 1, 2, and 3 respectively.
Page 26 Operation Manual - CLI Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview RIP view OSPF view OSPF area view Routing policy view Basic ACL view Advanced ACL view Layer 2 ACL view User-defined ACL view QoS profile view...
Page 27 Operation Manual - CLI Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Configure IP Execute quit interface Execute command to return VLAN parameters [Quidway-Vl interface to system view. interface...
Page 28 Operation Manual - CLI Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Execute quit command to return Execute Configure to system view. Cluster [Quidway-clu cluster cluster view ster] command...
Page 29 Operation Manual - CLI Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Execute quit command to return Configure Execute to system view. [Quidway-bg BGP view protocol command Execute the return...
Page 30 Operation Manual - CLI Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Define Execute quit sub-rules of command to return user-defined Execute the acl User-defi to system view. ACLs, which...
Page 31: Cli Features
Operation Manual - CLI Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Execute quit command to return Execute Configure [Quidway-po to system view. poe-profile profile PoE profile e-profile-a12 a123 command...
Page 32: Terminal Display
Operation Manual - CLI Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview Enter a command, a space, and a "?" character (instead of a keyword available in this position of the command) on your terminal to display all the available keywords and their brief descriptions.
Page 33: Command History
Operation Manual - CLI Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview Display suspending. That is, the displaying of output information can be paused when the screen is full and you can then perform the three operations listed in Table 1-5 as needed.
Page 34: Error Messages
Operation Manual - CLI Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview 1.3.4 Error Messages If the command you enter passes the syntax check, it will be successfully executed; otherwise an error message will appear. Table 1-7 lists the common error messages.
Page 35 Operation Manual - CLI Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview Press… To… Utilize the partial online help. That is, when you enter an incomplete keyword and the Tab key, if the input keyword uniquely identifies an existing keyword, the system completes the keyword and displays the command on the next line;...
Page 36 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Logging into an Ethernet Switch ................1-1 1.1 Logging into an Ethernet Switch ..................1-1 1.2 Introduction to the User Interface ..................1-1 1.2.1 Supported User Interfaces ..................
Page 37 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Chapter 4 Logging in Using Modem.................... 4-1 4.1 Introduction ........................4-1 4.2 Configuration on the Administrator Side................4-1 4.3 Configuration on the Switch Side..................4-1 4.3.1 Modem Configuration....................4-1 4.3.2 Switch Configuration ....................
Page 38: Logging Into An Ethernet Switch
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Logging into an Ethernet Switch Chapter 1 Logging into an Ethernet Switch 1.1 Logging into an Ethernet Switch You can log into an S5600 series Ethernet switch in one of the following ways:...
Page 39: Common User Interface Configuration
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Logging into an Ethernet Switch A relative user interface index can be obtained by appending a number to the identifier of a user interface type. It is generated by user interface type. The...
Page 40 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Logging into an Ethernet Switch Caution: The auto-execute command command may cause you unable to perform common configuration in the user interface, so use it with caution. Before executing the auto-execute command command and save your configuration, make sure you can log into the switch in other modes and cancel the configuration.
Page 41: Chapter 2 Logging In Through The Console Port
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Chapter 2 Logging in through the Console Port 2.1 Introduction To log in through the Console port is the most common way to log into a switch. It is also the prerequisite to configure other login methods.
Page 42 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port the configuration shown in Figure 2-2 through Figure 2-4 for the connection to be created. Normally, the parameters of a terminal are configured as those listed in Table 2-1.
Page 43: Console Port Login Configuration
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Figure 2-4 Set port parameters Turn on the switch. You will be prompted to press the Enter key if the switch successfully completes POST (power-on self test). The prompt (such as ) appears after you press the Enter key.
Page 44: Console Port Login Configurations For Different Authentication Modes
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Table 2-2 Common configuration of Console port login Configuration Remarks Optional Baud rate The default baud rate is 9,600 bps. Optional By default, the check mode of the Console Check mode port is set to “none”, which means no check...
Page 45 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Table 2-3 Console port login configurations for different authentication modes Authentication Console port login Remarks mode configuration Optional Perform common Perform configuration for...
Page 46: Console Port Login Configuration With Authentication Mode Being None
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port 2.4 Console Port Login Configuration with Authentication Mode Being None 2.4.1 Configuration Procedure Table 2-4 Console port login configuration with the authentication mode being none...
Page 47 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Operation Command Description Optional The default history command history history-command buffer size is 10. That is, a command buffer size max-size value...
Page 48 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port The history command buffer can contain up to 20 commands. The timeout time of the AUX user interface is 6 minutes. II. Network diagram...
Page 49: Console Port Login Configuration With Authentication Mode Being Password
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port 2.5 Console Port Login Configuration with Authentication Mode Being Password 2.5.1 Configuration Procedure Table 2-6 Console port login configuration with the authentication mode being...
Page 50 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Operation Command Description Optional By default, the screen can contain up maximum screen-length to 24 lines. number of lines the screen-length You can use the screen-length 0...
Page 51 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port 2.5.2 Configuration Example I. Network requirements Assume that you are a level 3 VTY user and want to perform the following configuration for users logging in through the Console port: Authenticate users logging in through the Console port using the local password.
Page 52 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port [Quidway-ui-aux0] set authentication password simple 123456 # Specify commands of level 2 are available to users logging into the AUX user interface.
Page 53: Console Port Login Configuration With Authentication Mode Being Scheme
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port 2.6 Console Port Login Configuration with Authentication Mode Being Scheme 2.6.1 Configuration Procedure Table 2-8 Console port login configuration with the authentication mode being scheme...
Page 54 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Operation Command Description Required The specified AAA scheme Configure authentication-mode determines whether authenticate users scheme [ command- authenticate users locally or locally or remotely authorization ] remotely.
Page 55 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Operation Command Description Optional The default timeout time of a user interface is 10 minutes. With the timeout time being 10 minutes, the connection to a...
Page 56 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port The commands of level 2 are available to users logging into the AUX user interface. The baud rate of the Console port is 19,200 bps.
Page 57 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port # Specify commands of level 2 are available to users logging into the AUX user interface. [Quidway-ui-aux0] user privilege level 2 # Set the baud rate of the Console port to 19,200 bps.
Page 58: Chapter 3 Logging In Through Telnet
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Chapter 3 Logging in through Telnet 3.1 Introduction You can manage and maintain a switch remotely by Telneting to the switch. To achieve this, you need to configure both the switch and the Telnet terminal accordingly.
Page 59 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Configuration Description Optional history command By default, the history command buffer buffer size can contain up to 10 commands. Optional Set the timeout time of a...
Page 60: Telnet Configuration With Authentication Mode Being None
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Authentication Telnet configuration Description mode service Manage VTY type for VTY Required users users Perform Perform Optional common common Telnet Refer to Table 3-2.
Page 61 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Operation Command Description Optional Configure command level By default, commands of level available to users user privilege level level 0 are available to users...
Page 62 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Table 3-5 Determine the command level when users logging into switches are not authenticated Scenario Command Authentication level User type Command mode The user privilege level...
Page 63: Telnet Configuration With Authentication Mode Being Password
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet system-view # Enter VTY 0 user interface view. [Quidway] user-interface vty 0 # Configure not to authenticate Telnet users logging into VTY 0.
Page 64 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Operation Command Description Optional Configure command level By default, commands of level available to users user privilege level level 0 are available to users...
Page 65 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Table 3-7 Determine the command level when users logging into switches are authenticated in the password mode Scenario Command Authentication level User type Command...
Page 66 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet # Enter VTY 0 user interface view. [Quidway] user-interface vty 0 # Configure to authenticate users logging into VTY 0 using the local password.
Page 67: Telnet Configuration With Authentication Mode Being Scheme
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet 3.4 Telnet Configuration with Authentication Mode Being Scheme 3.4.1 Configuration Procedure Table 3-8 Telnet configuration with the authentication mode being scheme Operation Command Description...
Page 68 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Operation Command Description Required The specified AAA scheme Configure authentication-mode determines whether authenticate users scheme [ command- authenticate users locally or locally or remotely authorization ] remotely.
Page 69 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Note that if you configure to authenticate the users in the scheme mode, the command level available to users logging into a switch depends on the authentication-mode...
Page 70 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Scenario Command Authenticati level User type Command on mode The user privilege level level command is executed, and the service-type command specifies the available command level.
Page 71 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet The screen can contain up to 30 lines. The history command buffer can store up to 20 commands. The timeout time of VTY 0 is 6 minutes.
Page 72: Telneting To A Switch
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet [Quidway-ui-vty0] history-command max-size 20 # Set the timeout time to 6 minutes. [Quidway-ui-vty0] idle-timeout 6 3.5 Telneting to a Switch 3.5.1 Telneting to a Switch from a Terminal Assign an IP address to the interface of the management VLAN of a switch.
Page 73 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Figure 3-5 The terminal window Perform the following operations in the terminal window to assign an IP address to the management VLAN interface of the switch.
Page 74 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Workstation Workstation Ethernet port Ethernet port Ethernet Ethernet PC w ith Telnet PC w ith Telnet Server Server Workstation Workstation running on it running on it...
Page 75: Telneting To Another Switch From The Current Switch
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Note: A Telnet connection is terminated if you delete or modify the IP address of the VLAN interface in the Telnet session. By default, commands of level 0 are available to Telnet users authenticated by password.
Page 76 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Step 5: After successfully Telneting to the switch, you can configure the switch or display the information about the switch by executing corresponding commands.
Page 77: Configuration On The Administrator Side
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 Logging in Using Modem Chapter 4 Logging in Using Modem 4.1 Introduction The administrator can log into the Console port of a remote switch using a modem through PSTN (public switched telephone network) if the remote switch is connected to the PSTN through a modem to configure and maintain the switch remotely.
Page 78: Switch Configuration
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 Logging in Using Modem AT&K0 ----------------------- Disable flow control AT&R1 ----------------------- Ignore RTS signal AT&S0 ----------------------- Set DSR to high level by force ATEQ1&W ----------------------- Disable the modem from returning command response and the result, save the changes You can verify your configuration by executing the AT&V command.
Page 79: Modem Connection Establishment
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 Logging in Using Modem III. Configuration on switch when the authentication mode is scheme Refer to section 2.6 “Console Port Login Configuration with Authentication Mode Being Scheme”. 4.4 Modem Connection Establishment Before using Modem to log in the switch, perform corresponding configuration for different authentication modes on the switch.
Page 80 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 Logging in Using Modem Serial cable Serial cable Modem Modem Telephone line Telephone line PSTN PSTN Modem Modem Console port Console port Telephone number: 82882285 Telephone number: 82882285...
Page 81 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 Logging in Using Modem Figure 4-3 Call the modem Provide the password when prompted. If the password is correct, the prompt (such as ) appears. You can then configure or manage the switch. You can also enter the character ? at anytime for help.
Page 82: Http Connection Establishment
Operation Manual – Login Chapter 5 Logging in through Web-based Quidway S5600 Series Ethernet Switches-Release 1510 Network Management System Chapter 5 Logging in through Web-based Network Management System 5.1 Introduction An S5600 series switch has a Web server built in. You can log into an S5600 series switch through a Web browser and manage and maintain the switch intuitively by interacting with the built-in Web server.
Page 83 Operation Manual – Login Chapter 5 Logging in through Web-based Quidway S5600 Series Ethernet Switches-Release 1510 Network Management System （1）（1）（2）（2）（3）（3） (1) RS-232 port (2) Console port (3) Configuration cable Figure 5-1 Connect to the Console port Launch a terminal emulation utility (such as Terminal in Windows 3.X or...
Page 84 Operation Manual – Login Chapter 5 Logging in through Web-based Quidway S5600 Series Ethernet Switches-Release 1510 Network Management System [Quidway-Vlan-interface1] ip address 10.153.17.82 255.255.255.0 Configure the user name and the password for the Web-based network management system. Add a WEB user account for the switch, setting the user level to level 3 (the administration level).
Page 85 Operation Manual – Login Chapter 5 Logging in through Web-based Quidway S5600 Series Ethernet Switches-Release 1510 Network Management System When the login interface (as shown in Figure 5-4) appears, enter the user name and the password configured in step 2 and click to bring up the main page of the Web-based network management system.
Page 86 Operation Manual – Login Chapter 5 Logging in through Web-based Quidway S5600 Series Ethernet Switches-Release 1510 Network Management System Caution: After the Web file is upgraded, you need to reboot and then specify the new Web file in the Boot menu. Otherwise, you cannot use the Web Server normally.
Page 87: Connection Establishment Using Nms
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 Logging in through NMS Chapter 6 Logging in through NMS 6.1 Introduction You can also log into a switch through an NMS (network management station), and then configure and manage the switch through the agent module on the switch.
Page 88 Operation Manual – Login Chapter 7 Configuring Source IP Address Quidway S5600 Series Ethernet Switches-Release 1510 for Telnet Service Packets Chapter 7 Configuring Source IP Address for Telnet Service Packets You can configure source IP address or source interface for the Telnet server and Telnet client.
Page 89: Displaying Source Ip Address Configuration
Operation Manual – Login Chapter 7 Configuring Source IP Address Quidway S5600 Series Ethernet Switches-Release 1510 for Telnet Service Packets Note: To perform the configurations listed in Table 7-1 and Table 7-2, make sure that: The IP address specified is that of the local device.
Page 90: Chapter 8 User Control
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 User Control Chapter 8 User Control 8.1 Introduction A switch provides ways to control different types of login users, as listed in Table 8-1. Table 8-1 Ways to control different types of login users...
Page 91 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 User Control Table 8-2 Control Telnet users by source IP addresses Operation Command Description Enter system view system-view — number Create a basic ACL number acl-number command, config...
Page 92 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 User Control Operation Command Description rule [ rule-id ] { permit | deny } protocol [ source { source-addr wildcard | destination { dest-addr wildcard | any } ]...
Page 93 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 User Control Operation Command Description rule [ rule-id ] { permit | deny } [ [ type protocol-type type-mask | lsap lsap-type type-mask ] | format-type | Required...
Page 94 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 User Control system-view [Quidway] acl number 2000 match-order config [Quidway-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Quidway-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Quidway-acl-basic-2000] rule 3 deny source any [Quidway-acl-basic-2000] quit # Apply the ACL.
Page 95 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 User Control Operation Command Description Quit system — quit view snmp-agent community Optional Apply read write while configuring By default, SNMPv1 and community-name SNMP SNMPv2c community [ [ mib-view view-name ] | community name name to access.
Page 96: Controlling Web Users By Source Ip Address
Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 User Control group names (the snmp-agent group command and the snmp-agent group v3 command) and SNMP user names (the snmp-agent usm-user command and the snmp-agent usm-user v3 command) take effect in the network management systems that adopt SNMP v2c or higher SNMP versions.
Page 97 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 User Control You need to perform the following two operations to control Web users by source IP addresses. Defining an ACL Applying the ACL to control Web users 8.4.1 Prerequisites...
Page 98 Operation Manual – Login Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 User Control 8.4.4 Configuration Example I. Network requirements Only the users sourced from the IP address of 10.110.100.46 are permitted to access the switch. II. Network diagram Internet...
Page 99 Operation Manual – Configuration File Management Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Configuration File Management ................. 1-1 1.1 Introduction to Configuration File..................1-1 1.2 Configuration File-Related Operations ................1-1 Huawei Technologies Proprietary...
Page 100: Introduction To Configuration File
Operation Manual – Configuration File Management Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Configuration File Management Chapter 1 Configuration File Management 1.1 Introduction to Configuration File Configuration file records and stores user configurations performed to a switch. It also enables users to check switch configurations easily.
Page 101 Operation Manual – Configuration File Management Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Configuration File Management Table 1-1 Configure a configuration file Operation Command Description Save the current configuration to a specified Optional configuration file save [ cfgfile | [safely ]...
Page 102 Operation Manual – Configuration File Management Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Configuration File Management Caution: Currently, the extension of a configuration file is cfg. Configuration files are saved in the root directory of the Flash. In the following conditions, it may be necessary for you to remove the configuration files...
Page 103 Operation Manual – VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 VLAN Overview ......................1-1 1.1 VLAN Overview........................1-1 1.1.1 Introduction to VLAN ....................1-1 1.1.2 VLAN Principles ...................... 1-2 1.2 Port-Based VLAN....................... 1-3 1.3 Protocol-Based VLAN......................
Page 104: Vlan Overview
Operation Manual – VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VLAN Overview Chapter 1 VLAN Overview 1.1 VLAN Overview 1.1.1 Introduction to VLAN The traditional Ethernet is a flat network, where all hosts are in the same broadcast domain and connected with each other through hubs or switches.
Page 105: Vlan Principles
Operation Manual – VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VLAN Overview A VLAN can span across multiple switches, or even routers. This enables hosts in a VLAN to be dispersed in a looser way. That is, hosts in a VLAN can belong to different physical network segment.
Page 106 VLAN of the inbound port for transmission. For the details about setting the default VLAN of a port, refer to section “Port Basic Configuration” in Quidway S5600 Series Ethernet Switches – Operation Manual.
Page 107 Operation Manual – VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VLAN Overview I. Ethernet II and 802.3 encapsulation In the link layer, there are two main packet encapsulation types: Ethernet II and 802.3, whose encapsulation formats are described in the following figures.
Page 108 Operation Manual – VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VLAN Overview DA&SA(12) DA&SA(12) Length(2) Length(2) DSAP(1) SSAP(1) Control(1) DSAP(1) SSAP(1) Control(1) DATA DATA Figure 1-7 802.3 LLC encapsulation format The DSAP field and the SSAP field in the LLC part are used to identify the upper layer protocol.
Page 109: Procedure For The Switch To Judge Packet Protocol
Operation Manual – VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VLAN Overview 1.3.3 Procedure for the Switch to Judge Packet Protocol Receive packets Receive packets Receive packets Receive packets 0x05DC to 0x0600 0x05DC to 0x0600 0x05DC to 0x0600...
Page 110 Operation Manual – VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VLAN Overview The protocol template is the standard to determine the protocol to which a packet belongs. Protocol templates include standard templates and user-defined templates: The standard template adopts the RFC-defined packet encapsulation formats and values of some specific fields as the matching criteria.
Page 111: Vlan Configuration
Operation Manual – VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 VLAN Configuration Chapter 2 VLAN Configuration 2.1 VLAN Configuration 2.1.1 Basic VLAN Configuration Table 2-1 Basic VLAN configuration Operation Command Description Enter system view system-view — Create multiple...
Page 112: Displaying Vlan Configuration
Operation Manual – VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 VLAN Configuration II. Configuration procedure Table 2-2 Basic VLAN interface configuration Operation Command Description Enter system view system-view — Create VLAN Required interface and enter interface Vlan-interface The vlan-id argument ranges...
Page 113 VLAN, you can use the port trunk permit vlan command or the port hybrid vlan command only in Ethernet port view. For the configuration procedure, refer to the section "Port Basic Configuration – Operation" in Quidway S5600 Series Ethernet Switches – Operation Manual.
Page 114 Operation Manual – VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 VLAN Configuration II. Network diagram Switch Switch Switch Switch GE1/0/1 GE1/0/1 GE1/0/2 GE1/0/2 GE1/0/3 GE1/0/3 GE1/0/4 GE1/0/4 VLAN2 VLAN2 VLAN2 VLAN2 VLAN2 VLAN2 VLAN2 VLAN2 VLAN2 VLAN2 VLAN2...
Page 115 Operation Manual – VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 VLAN Configuration Operation Command Description protocol-vlan [ protocol-index ] { at | ip | ipx { ethernetii | llc | raw | Create protocol snap } | mode { ethernetii...
Page 116 Operation Manual – VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 VLAN Configuration II. Configuration procedure Table 2-6 Associate a port with the protocol-based VLAN Operation Command Description Enter system view system-view — interface interface-type Enter port view Required...
Page 117 Operation Manual – VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 VLAN Configuration 2.3.4 Protocol-Based VLAN Configuration Example I. Standard-template-protocol-based VLAN configuration example Network requirements Create VLAN 5 and configure it to be a protocol-based VLAN, with the protocol-index being 1 and the protocol being IP.
Page 118 Operation Manual – IP Address and Performance Confiugration Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 IP Address Configuration ................... 1-1 1.1 IP Address Overview ......................1-1 1.1.1 IP Address Classification and Representation............1-1 1.1.2 Subnet and Mask ....................
Page 119: Ip Address Overview
Operation Manual – IP Address and Performance Confiugration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 IP Address Configuration Chapter 1 IP Address Configuration 1.1 IP Address Overview 1.1.1 IP Address Classification and Representation An IP address is a 32-bit address allocated to a device connected to the Internet. It consists of two fields: net-id and host-id.
Page 120 Operation Manual – IP Address and Performance Confiugration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 IP Address Configuration Table 1-1 Classes and ranges of IP addresses Network IP network Address range Description type range An IP address with all 0s...
Page 121: Subnet And Mask
Operation Manual – IP Address and Performance Confiugration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 IP Address Configuration Network IP network Address range Description type range 240.0.0.0 These addresses 255.255.255.25 None reserved for future use. 255.255.255.25 255.255.255 255.255.255.255 is used as a Others .255...
Page 122: Configuring An Ip Address
Operation Manual – IP Address and Performance Confiugration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 IP Address Configuration ClassB ClassB 10001010, 00100110, 000 00000, 00000000 10001010, 00100110, 000 00000, 00000000 138.38.0.0 138.38.0.0 Standard Standard 11111111, 11111111, 000 00000, 00000000...
Page 123: Displaying Ip Address Configuration
Operation Manual – IP Address and Performance Confiugration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 IP Address Configuration Operation Command Description Enter VLAN interface interface Vlan-interface — view vlan-id Required By default, a VLAN interface has no IP address.
Page 124 Operation Manual – IP Address and Performance Confiugration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 IP Address Configuration III. Configuration procedure # Configure an IP address for VLAN interface 1. system-view [Quidway] interface Vlan-interface 1 [Quidway-Vlan-interface1] ip address 129.2.2.1 255.255.255.0 1.6 Troubleshooting...
Page 125: Ip Performance Configuration
Operation Manual – IP Address and Performance Confiugration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IP Performance Configuration Chapter 2 IP Performance Configuration 2.1 IP Performance Configuration 2.1.1 Introduction to IP Performance Configuration IP performance configuration mainly refers to TCP attribute configuration. The TCP attributes that can be configured include: synwait timer: This timer is started when TCP sends a syn packet.
Page 126 Operation Manual – IP Address and Performance Confiugration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IP Performance Configuration Operation Command Description Optional By default, the Configure timeout time for timer syn-timeout value the synwait timer in TCP time-value synwait timer seconds.
Page 127: Displaying Ip Performance
Operation Manual – IP Address and Performance Confiugration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IP Performance Configuration 2.2 Displaying IP Performance After the above configurations, you can execute the display command in any view to display the running status to verify your IP performance configuration.
Page 128 Operation Manual – IP Address and Performance Confiugration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IP Performance Configuration Table 2-4 Debug IP performance Configuration Command Description Clear IP traffic statistics reset ip statistics Execute this Clear traffic reset tcp statistics...
Page 129 Operation Manual – IP Address and Performance Confiugration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IP Performance Configuration Ack number: 0 Flag :SYN Packet length :60 Data offset: 10 Huawei Technologies Proprietary...
Page 130 Operation Manual - Management VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Management VLAN Configuration ................1-1 1.1 Introduction to Management VLAN..................1-1 1.1.1 Management VLAN....................1-1 1.1.2 Static Route......................1-1 1.2 Management VLAN Configuration ..................1-2 1.2.1 Prerequisites ......................
Page 131: Introduction To Management Vlan
Operation Manual - Management VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Management VLAN Configuration Chapter 1 Management VLAN Configuration 1.1 Introduction to Management VLAN 1.1.1 Management VLAN To manage an Ethernet switch remotely through Telnet or network management, the switch need to be assigned an IP address.
Page 132: Management Vlan Configuration
Operation Manual - Management VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Management VLAN Configuration 1.2 Management VLAN Configuration 1.2.1 Prerequisites Before configuring the management VLAN, make sure the VLAN operating as the management VLAN exists. If VLAN 1 (the default VLAN) is the management VLAN, just go ahead.
Page 133 Operation Manual - Management VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Management VLAN Configuration Operation Command Description Shut down Optional management VLAN Shutdown By default, a management VLAN interface interface is down if all the Ethernet ports management VLAN are down; a...
Page 134: Displaying Management Vlan Configuration
Operation Manual - Management VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Management VLAN Configuration # Configure the IP address of VLAN 10 interface to be 1.1.1.1. [QuidwayA-Vlan-interface10] ip address 1.1.1.1 255.255.255.0 [QuidwayA-Vlan-interface10] quit # Configure a default route.
Page 135: Introduction To Dhcp Client
Operation Manual - Management VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP/BOOTP Client Configuration Chapter 2 DHCP/BOOTP Client Configuration 2.1 Introduction to DHCP Client As the network scale expands and the network complexity increases, the network configurations become more and more complex accordingly. It is usually the case that the computer locations change (such as the portable computers or wireless networks) or the number of the computers exceeds that of the available IP addresses.
Page 136 Operation Manual - Management VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP/BOOTP Client Configuration DHCP Client DHCP Client DHCP Client DHCP Server DHCP Server DHCP Server DHCP Client DHCP Client DHCP Client DHCP Server DHCP Server DHCP Server...
Page 137: Introduction To Bootp Client
Operation Manual - Management VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP/BOOTP Client Configuration Acknowledgement. Upon receiving the DHCP_Request packet, the DHCP server that owns the IP address the DHCP_Request packet carries sends a DHCP_ACK packet to the DHCP client. In this way, the DHCP client binds TCP/IP protocol components to its MAC address.
Page 138 Operation Manual - Management VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP/BOOTP Client Configuration The BOOTP packets are based on user datagram protocol (UDP). To ensure reliable packet transmission, a timer is triggered when the BOOTP client sends a request packet to the server.
Page 139 Operation Manual - Management VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP/BOOTP Client Configuration Configuring the management VLAN interface to obtain an IP address through DHCP Configuring a default route II. Configuration procedures # Enter system view. system-view # Create VLAN 10 and configure VLAN 10 to be the management VLAN.
Page 140 Operation Manual – Voice VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Voice VLAN Configuration..................1-1 1.1 Voice VLAN Overview ....................... 1-1 1.1.1 Configuring Operation Modes of Voice VLAN according to Voice Stream ..... 1-2 1.1.2 Supporting Information of Voice VLAN on Various Ports ........
Page 141: Voice Vlan Overview
Operation Manual – Voice VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration Chapter 1 Voice VLAN Configuration 1.1 Voice VLAN Overview Voice VLANs are VLANs configured specially for voice data stream. By adding the ports with voice devices attached to voice VLANs, you can perform QoS (quality of service)-related configuration for voice data, ensuring the transmission priority of voice data stream and voice quality.
Page 142: Configuring Operation Modes Of Voice Vlan According To Voice Stream
Operation Manual – Voice VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration 1.1.1 Configuring Operation Modes of Voice VLAN according to Voice Stream A voice VLAN can operate in two modes: automatic mode and manual mode. You can configure the operation mode for a voice VLAN according to data stream passing through the ports of the voice VLAN.
Page 143 Operation Manual – Voice VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration Table 1-2 Matching relationship between port modes and voice stream types Port voice Voice stream Port VLAN Supported or not type type mode Access...
Page 144: Voice Vlan Configuration
Operation Manual – Voice VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration Caution: If the voice stream transmitted by an IP voice device is with VLAN tag and the port which the IP voice device is attached to is enabled with 802.1x authentication and 802.1x guest VLAN assign different VLAN IDs for the voice VLAN, the default VLAN...
Page 145 Operation Manual – Voice VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration Operation Command Description Optional Enable the voice VLAN security voice vlan security enable By default, the voice VLAN mode security mode is enabled. Optional...
Page 146 Operation Manual – Voice VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration Operation Command Description interface interface-type Enter port view Required interface-number Required default, Enable voice VLAN voice vlan enable voice VLAN function for the port function is disabled on a port.
Page 147 VLAN do not operate in the security mode. Note: To add a Trunk port or a Hybrid port to the voice VLAN, refer to the Port Basic Configurations part of the Quidway S5600 Series Ethernet Switches Command Manual for the related command. 1.3 Voice VLAN Configuration Displaying After the above configurations, you can execute the display command in any view to view the running status and verify the configuration effect.
Page 148: Voice Vlan Configuration Example
Operation Manual – Voice VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration Table 1-5 Display configurations of a Voice VLAN Operation Command Description Display information about ports which display voice vlan error-info Voice VLAN configuration fails...
Page 149 Operation Manual – Voice VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration [Quidway-GigabitEthernet1/0/1] voice vlan enable [Quidway-GigabitEthernet1/0/1] voice vlan mode auto # Enable the voice VLAN function globally. [Quidway-GigabitEthernet1/0/1] quit [Quidway] voice vlan 2 enable 1.4.2 Voice VLAN Configuration Example (Manual Mode) I.
Page 150 Operation Manual – Voice VLAN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration Voice Vlan aging time: 1440 minutes Current voice vlan enabled port mode: PORT MODE ---------------------------------------- GigabitEthernet1/0/3 MANUAL # Remove GigabitEthernet1/0/3 port from the voice VLAN.
Page 151 Operation Manual – GVRP Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 GVRP Configuration ....................1-1 1.1 Introduction to GVRP......................1-1 1.1.1 GVRP Mechanism....................1-1 1.1.2 GVRP Packet Format....................1-3 1.1.3 Protocol Specifications.................... 1-4 1.2 GVRP Configuration ......................
Page 152: Chapter 1 Gvrp Configuration
Operation Manual – GVRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration Chapter 1 GVRP Configuration 1.1 Introduction to GVRP GVRP (GARP VLAN registration protocol) is an implementation of GARP (generic attribute registration protocol). It maintains dynamic VLAN registration information and propagates the information to other switches by adopting the same mechanism as that of GARP.
Page 153 Operation Manual – GVRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration attribute information to be registered can be propagated to all the switches in the same switched network. GARP uses the following timers: Hold: When a GARP entity receives a piece of registration information, it does not send out a Join message immediately.
Page 154 Operation Manual – GVRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration them by their destination MAC addresses and delivers them to different GARP application (for example, GVRP) for further processing. 1.1.2 GVRP Packet Format The GVRP packets are in the following format: Figure 1-1 Format of GVRP packets The following table describes the fields of a GVRP packet.
Page 155: Protocol Specifications
Operation Manual – GVRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration Field Description Value 0: LeaveAll Event 1: JoinEmpty 2: JoinIn The event described by the Attribute Event attribute 3: LeaveEmpty 4: LeaveIn 5: Empty The attribute value of GVRP...
Page 156 Operation Manual – GVRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration Operation Command Description Exit and return to quit — system view Required Enable GVRP gvrp By default, GVRP is disabled globally globally. Enter Ethernet interface interface-type —...
Page 157: Displaying And Maintaining Gvrp
Operation Manual – GVRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration Timer Lower threshold Upper threshold This lower threshold This upper threshold is less than the greater than twice the timeout timeout time of the LeaveAll timer.
Page 158 Operation Manual – GVRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration 1.4.2 Network diagram GE1/0/1 GE1/0/1 1/0/2 1/0/2 Switch A Switch A Switch A Switch A Switch B Switch B Switch B Switch B Figure 1-2 Network diagram for GVRP configuratio 1.4.3 Configuration procedure...
Page 159 Operation Manual – Port Basic Configuration Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Port Basic Configuration .................... 1-1 1.1 Ethernet Port Overview...................... 1-1 1.1.1 Types and Numbers of Ethernet Ports..............1-1 1.1.2 Link Types of Ethernet Ports................... 1-2 1.1.3 Configuring the Default VLAN ID for an Ethernet Port..........
Page 160: Ethernet Port Overview
Operation Manual – Port Basic Configuration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Chapter 1 Port Basic Configuration 1.1 Ethernet Port Overview 1.1.1 Types and Numbers of Ethernet Ports Table 1-1 lists the types and numbers of the ports available on the Quidway S5600 series Ethernet switches.
Page 161: Link Types Of Ethernet Ports
Operation Manual – Port Basic Configuration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration 1.1.2 Link Types of Ethernet Ports An Ethernet port on an S5600 switch can operate in one of the three link types: Access: An access port can belong to only one VLAN, and is generally used to connect user PCs.
Page 162 Operation Manual – Port Basic Configuration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Table 1-3 Processing of incoming/outgoing packets Processing of an incoming packet If the Port Processing of an outgoing packet If the packet carries a...
Page 163: Ethernet Port Configuration
Operation Manual – Port Basic Configuration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration An access port can only be added to one VLAN, while hybrid and trunk ports can be added to multiple VLANs. Note: The access ports or hybrid ports must be added to an existing VLAN.
Page 164 Operation Manual – Port Basic Configuration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration 1.2.2 Limiting Traffic on individual Ports By performing the following configurations, you can limit different types of incoming traffic on individual ports. When a type of incoming traffic exceeds the threshold you set, the system drops the packets exceeding the traffic limit to reduce the traffic ratio of this type to the reasonable range, so as to keep normal network service.
Page 165 Operation Manual – Port Basic Configuration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Operation Command Remarks interface Enter Ethernet port view interface-type — interface-number Enable flow control on By default, flow control is not flow-control the Ethernet port enabled on the port.
Page 166: Configuring Trunk Port Attribute
Operation Manual – Port Basic Configuration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Operation Command Remarks Optional For a hybrid port, you can Add the current hybrid port hybrid vlan configure to tag the packets port to a specified...
Page 167: Configuring Loopback Detection For An Ethernet Port
Operation Manual – Port Basic Configuration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Link aggregation control protocol (LACP) configuration: includes LACP enable/disable status; QoS configuration: includes rate limit, port priority, and default 802.1p priority on the port;...
Page 168 Operation Manual – Port Basic Configuration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Table 1-11 Set loopback detection for an Ethernet port Operation Command Remarks Enter system view system-view — Optional Enable loopback loopback-detection By default, loopback detection...
Page 169: Enabling The System To Test Connected Cable
Operation Manual – Port Basic Configuration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Table 1-12 Configure the Ethernet port to run loopback test Operation Command Remarks Enter system view system-view — interface interface-type Enter Ethernet port view —...
Page 170: Configuring The Interval To Perform Statistical Analysis On Port Traffic
Operation Manual – Port Basic Configuration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Note: Optical port (including Combo optical port) does support (virtual-cable-test) function. Combo electrical port supports VCT function only when it is in UP condition (using undo shutdown command), normal Ethernet electrical port always supports this function.
Page 171: Displaying Basic Port Configuration
Operation Manual – Port Basic Configuration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Operation Command Description Optional Enable the giant-frame default, giant-frame statistics enable statistics function giant-frame statistics function is not enabled. 1.2.13 Displaying Basic Port Configuration After the above configurations, you can execute the display commands in any view to display information about Ethernet ports, so as to verify your configurations.
Page 172: Ethernet Port Configuration Example
Operation Manual – Port Basic Configuration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration 1.3 Ethernet Port Configuration Example I. Network requirements Switch A and Switch B are connected to each other through two trunk port (GigabitEthernet1/0/1).
Page 173: Troubleshooting Ethernet Port Configuration
Operation Manual – Port Basic Configuration Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration 1.4 Troubleshooting Ethernet Port Configuration Symptom: Fail to configure the default VLAN ID of a port. Solution: Take the following steps. Use the display interface or display port command to check if the port is a trunk port or a hybrid port.
Page 174 Operation Manual – Link Aggregation Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Link Aggregation Configuration ................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to Link Aggregation ................1-1 1.1.2 Introduction to LACP ....................1-1 1.1.3 Operation Key ......................
Page 175: Introduction To Link Aggregation
Operation Manual – Link Aggregation Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration Chapter 1 Link Aggregation Configuration 1.1 Overview 1.1.1 Introduction to Link Aggregation Link aggregation means aggregating several ports together to form an aggregation group, so as to implement outgoing/incoming load sharing among the member ports in the group and to enhance the connection reliability.
Page 176: Operation Key
Operation Manual – Link Aggregation Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration After LACP is enabled on a port, LACP notifies the following information of the port to its peer by sending LACPDUs: priority and MAC address of this system, priority, number and operation key of the port.
Page 177 Operation Manual – Link Aggregation Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration Port precedence descends in the following order: full duplex/high speed, full duplex/low speed, half duplex/high speed, half duplex/low speed. The system sets the ports unable to aggregate with the master port (due to some hardware limit, for example, cross-board aggregation unavailability) to unselected state.
Page 178: Dynamic Lacp Aggregation Group
Operation Manual – Link Aggregation Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration the system will remain the member ports of the group in LACP-enabled state and re-aggregate the ports to form one or more dynamic LACP aggregation groups.
Page 179 Operation Manual – Link Aggregation Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration aggregation only when it is LACP-enabled. Ports can be aggregated into a dynamic aggregation group only when they are connected to the same peer device and have the same basic configuration (such as rate and duplex mode).
Page 180 Operation Manual – Link Aggregation Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration When two device IDs are compared, the system priorities are compared first, and the system MAC addresses are compared when the system priorities are the same. The device with smaller device ID will be considered as the preferred one.
Page 181: Link Aggregation Configuration
Operation Manual – Link Aggregation Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration The priorities of aggregation groups for allocating load-sharing aggregation resources are as follows: An aggregation group containing special ports (such as 10GE port) which require hardware aggregation resources has higher priority than any aggregation group containing no special port.
Page 182 Operation Manual – Link Aggregation Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration Caution: The commands of link aggregation cannot be configured with the commands of port loopback detection feature at the same time. The ports where the mac-address max-mac-count command is configured cannot be added to an aggregation group.
Page 183 Operation Manual – Link Aggregation Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration When creating an aggregation group: If the aggregation group you are creating already exists but contains no port, its type will change to the type you set.
Page 184 Operation Manual – Link Aggregation Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration Operation Command Description Add the port to the port link-aggregation Required aggregation group group agg-id Note: For a static LACP aggregation group or a manual aggregation group, you are recommended not to cross cables between the two devices at the two ends of the aggregation group.
Page 185: Displaying And Maintaining Link Aggregation Configuration
Operation Manual – Link Aggregation Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration Operation Command Description interface Enter Ethernet — interface-type port view interface-number Required Enable LACP on lacp enable the port By default, LACP is disabled on a port.
Page 186: Link Aggregation Configuration Example
Operation Manual – Link Aggregation Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration 1.4 Link Aggregation Configuration Example I. Network requirements Switch A connects to Switch B with three ports GigabitEthernet1/0/1 to GigabitEthernet1/0/3. It is required that incoming/outgoing load between the two switch can be shared among the three ports.
Page 187 Operation Manual – Link Aggregation Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration [Quidway-GigabitEthernet1/0/1] port link-aggregation group 1 [Quidway-GigabitEthernet1/0/1] interface GigabitEthernet1/0/2 [Quidway-GigabitEthernet1/0/2] port link-aggregation group 1 [Quidway-GigabitEthernet1/0/2] interface GigabitEthernet1/0/3 [Quidway-GigabitEthernet1/0/3] port link-aggregation group 1 Adopting dynamic LACP aggregation mode # Enable LACP on GigabitEthernet1/0/1 through GigabitEthernet1/0/3.
Page 188 Operation Manual - Port Isolation Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Port Isolation Configuration ..................1-1 1.1 Port Isolation Overview...................... 1-1 1.2 Port Isolation Configuration ....................1-1 1.3 Displaying Port Isolation Configuration................1-2 1.4 Port Isolation Configuration Example ................
Page 189: Port Isolation Overview
Operation Manual - Port Isolation Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Isolation Configuration Chapter 1 Port Isolation Configuration 1.1 Port Isolation Overview Through the port isolation feature, you can add the ports to be controlled into an isolation group to isolate the Layer 2 and Layer 3 data between each port in the isolation group.
Page 190: Displaying Port Isolation Configuration
Operation Manual - Port Isolation Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Isolation Configuration 1.3 Displaying Port Isolation Configuration After the above configuration, you can execute the display command in any view to display the running state after port isolation configuration. You can verify the configuration effect through checking the displayed information.
Page 191 Operation Manual - Port Isolation Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Isolation Configuration III. Configuration procedure # Add GigabitEthernet1/0/2, GigabitEthernet1/0/3, and GigabitEthernet1/0/4 ports to the isolation group. system-view System View: return to User View with Ctrl+Z.
Page 192 Operation Manual – Port Security & Port Binding Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Port Security Configuration..................1-1 1.1 Introduction to Port Security ....................1-1 1.1.1 Port Security Overview.................... 1-1 1.1.2 Port Security Features .................... 1-1 1.1.3 Port Security Modes....................
Page 193: Introduction To Port Security
Operation Manual – Port Security & Port Binding Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration Chapter 1 Port Security Configuration 1.1 Introduction to Port Security 1.1.1 Port Security Overview Port security is a security mechanism that controls network access. It is an expansion to the current 802.1x and MAC address authentication.
Page 194 Operation Manual – Port Security & Port Binding Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration Table 1-1 Description of the port security modes Security Description Feature mode In this mode, the learned MAC addresses will change to Security MAC addresses.
Page 195 Operation Manual – Port Security & Port Binding Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration Security Description Feature mode The port is enabled only after the access user passes the 802.1x authentication. Even after the port is enabled, only the packets of the successfully authenticated user can pass through the port.
Page 196: Port Security Configuration
Operation Manual – Port Security & Port Binding Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration Note: When a port is working in autolearn or userlogin-without mode, its Voice VLAN cannot be enabled. When a port is working in mac-else-userlogin-secure-ext or mac-else-userlogin-secure mode, the Intrusion Protection will be triggered after both MAC authentication and 802.1x authentication for a packet are failed.
Page 197 Operation Manual – Port Security & Port Binding Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration Operation Command Description corresponding Required port-security intrusion-mode action that disableport specific intrusion device will take disableport-temporarily detection mode after the Intrusion blockmac } configured by default.
Page 198 Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration Note: Refer to the 802.1x module of Quidway S5600 Series Ethernet Switches Operation Manual for details on 802.1x authentication. You cannot add a port that configured port security feature to a link aggregation group.
Page 199: Displaying Port Security Configuration
Operation Manual – Port Security & Port Binding Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration Operation Command Description Required maximum port-security number of Security MAC By default, the maximum max-mac-count addresses allowed by number of Security MAC...
Page 200: Port Security Configuration Example
Operation Manual – Port Security & Port Binding Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration 1.4 Port Security Configuration Example I. Network requirements Enable port security on port GigabitEthernet1/0/1 of switch A Set the maximum number of the MAC addresses accommodated by the port to 80...
Page 201: Displaying Port Binding Configuration
Operation Manual – Port Security & Port Binding Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Port Binding Configuration Chapter 2 Port Binding Configuration 2.1 Introduction to Port Binding 2.1.1 Port Binding Overview The network manager may bind the MAC addresses and IP addresses of legal user to specific port through the port binding feature.
Page 202: Port Binding Configuration Example
Operation Manual – Port Security & Port Binding Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Port Binding Configuration Table 2-2 Display port binding configuration Operation Command Description display am user-bind [ interface Display The display command interface-type interface-number |...
Page 203 Operation Manual - DLDP Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 DLDP Configuration ....................1-1 1.1 DLDP Overview ......................... 1-1 1.1.1 DLDP Fundamentals....................1-2 1.1.2 Precautions During DLDP Configuration ..............1-6 1.2 DLDP Configuration......................1-7 1.2.1 DLDP Configuration Tasks..................
Page 204: Chapter 1 Dldp Configuration
Operation Manual - DLDP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Chapter 1 DLDP Configuration 1.1 DLDP Overview You may have encountered unidirectional links in networking. When a unidirectional link occurs, the local device can receive packets from the peer device through the link layer, but the peer device cannot receive packets from the local device.
Page 205: Dldp Fundamentals
Operation Manual - DLDP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration G E1 /0 /50 Sw itch A Sw itch A Sw itch A Sw itch A G E1 /0 /51 G E 1/0 /5 0 G E1 /0 /5 1...
Page 206 Operation Manual - DLDP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Status Description DHCP sends packets to check if it is a unidirectional link. It enables Probe the probe sending timer and an echo waiting timer for each target neighbor.
Page 207 Operation Manual - DLDP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Timer Description When a new neighbor joins, a neighbor entry is created, and the corresponding entry aging timer is enabled When an advertisement packet is received from a neighbor, the...
Page 208 Operation Manual - DLDP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Table 1-3 DLDP operating mode and neighbor entry aging Whether DLDP Whether entry aging Whether enhanced DLDP probes neighbor timer is enabled timer is enabled operating...
Page 209 Operation Manual - DLDP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Packet type Processing procedure Send echo Create the neighbor entry if this neighbor entry packets does not exist on the local device. containing both Probe packet...
Page 210: Dldp Configuration
Operation Manual - DLDP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration down unidirectional links. On the contrary, if too short an interval is set, network traffic increases, and port bandwidth is reduced. DLDP does not process any LACP event, and treats each link in the aggregation group as independent.
Page 211 Operation Manual - DLDP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Operation Command Description Optional default, DLDP works in dldp work-mode { enhance normal mode Set the DLDP operating mode | normal } and does not identify...
Page 212: Dldp Network Example
Operation Manual - DLDP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Note: After the ports are DLDP down due to the detection of unidirectional link., you can use the command here to reset the DLDP status of these ports to retrieve DLDP probes.
Page 213 Operation Manual - DLDP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration II. Network diagram GE1/0/50 GE1/0/51 SwitchA SwitchA SwitchA SwitchA GE1/0/50 GE1/0/51 SwitchB SwitchB SwitchB SwitchB Figure 1-3 Fiber cross-connection III. Configuration procedure Configure Switch A # Configure the ports to work in mandatory full duplex mode at the speed of 1000 Mbps.
Page 214 Operation Manual - DLDP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Note: When two switches are connected through fibers in a crossed way, two or three ports may be in the disable state, and the rest in the inactive state.
Page 215 Operation Manual – MAC Address Table Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 MAC Address Table Management................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to MAC Address Learning ..............1-1 1.1.2 Entries in a MAC Address Table ................1-3 1.2 Configuring MAC Address Table Management ..............
Page 216: Chapter 1 Mac Address Table Management
This chapter describes the management of static, dynamic, and blackhole MAC address entries. For information about the management of multicast MAC address entries, refer to the section related to multicast protocol in Quidway S5600 Series Ethernet Switches Operation Manual. 1.1 Overview 1.1.1 Introduction to MAC Address Learning...
Page 217 Operation Manual – MAC Address Table Chapter 1 MAC Address Table Quidway S5600 Series Ethernet Switches-Release 1510 Management MAC Address MAC Address Port Port MACA MACA MACB MACB MACC MACC MACD MACD MACD MACD MACA MACA .... Port 1...
Page 218 Operation Manual – MAC Address Table Chapter 1 MAC Address Table Quidway S5600 Series Ethernet Switches-Release 1510 Management You can manually configure (add or modify) a static or dynamic MAC address entry based on the actual network environment. Note: The switch learns only unicast addresses by using the MAC address learning mechanism but directly drops any packet with a broadcast source MAC address.
Page 219: Configuring Mac Address Table Management
Operation Manual – MAC Address Table Chapter 1 MAC Address Table Quidway S5600 Series Ethernet Switches-Release 1510 Management 1.2 Configuring MAC Address Table Management 1.2.1 Configuration Overview Table 1-2 Configure MAC address table management Configuration task Remarks Section Section 1.2.2 “Configuring...
Page 220 Operation Manual – MAC Address Table Chapter 1 MAC Address Table Quidway S5600 Series Ethernet Switches-Release 1510 Management II. Adding a MAC address entry in Ethernet port view Table 1-4 Add a MAC address entry in Ethernet port view Operation...
Page 221: Displaying And Maintaining Mac Address Table Configuration
Operation Manual – MAC Address Table Chapter 1 MAC Address Table Quidway S5600 Series Ethernet Switches-Release 1510 Management Normally, you are recommended to use the default aging time, namely, 300 seconds. The no-aging keyword specifies that MAC address entries do not age out.
Page 222 Operation Manual – MAC Address Table Chapter 1 MAC Address Table Quidway S5600 Series Ethernet Switches-Release 1510 Management 1.4 Configuration Example 1.4.1 Network requirements Log in to the switch through the Console port and enable address table configuration. Set the aging time of dynamic MAC address entries to 500 seconds.
Page 223 Operation Manual – MAC Address Table Chapter 1 MAC Address Table Quidway S5600 Series Ethernet Switches-Release 1510 Management 00-e0-fc-35-dc-71 1 Static GigabitEthernet1/0/2 NOAGED 00-e0-fc-17-a7-d6 1 Learned GigabitEthernet1/0/2 AGING 00-e0-fc-5e-b1-fb 1 Learned GigabitEthernet1/0/2 AGING 00-e0-fc-55-f1-16 1 Learned GigabitEthernet1/0/2 AGING 4 mac address(es) found on port GigabitEthernet1/0/2 ---...
Page 224 Operation Manual – Auto Detect Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Auto Detect Configuration ..................1-1 1.1 Introduction to the Auto Detect Function ................1-1 1.1.1 Configuring the Auto Detect Function ..............1-1 1.1.2 Displaying Auto Detect Configuration ..............
Page 225: Introduction To The Auto Detect Function
Operation Manual – Auto Detect Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Auto Detect Configuration Chapter 1 Auto Detect Configuration 1.1 Introduction to the Auto Detect Function The auto detect function uses ICMP request/reply packets to test the connectivity of a network regularly.
Page 226: Auto Detect Configuration Example
Operation Manual – Auto Detect Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Auto Detect Configuration Table 1-2 Display auto detect configuration Operation Command Description The display command Display the configuration of display detect-group can be executed in any a detecting group [ group-number ] view.
Page 227 Operation Manual – Auto Detect Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Auto Detect Configuration # Specify to detect the IP address of 192.168.2.2, setting the detecting number to 2. [Quidway-detect-group-10] detect-list 2 ip address 192.168.2.2 # Specify to return reachable as the detecting result if one of the two IP addresses is reachable.
Page 228: Auto Detect Implementation In Static Routing
Operation Manual – Auto Detect Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation Chapter 2 Auto Detect Implementation 2.1 Introduction The results of auto detect operations (reachable or unreachable) can be used to trigger other functions, such as:...
Page 229 Operation Manual – Auto Detect Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation Operation Command Description ip route-static ip-address { mask | mask-length } Bind a detecting next-hop preference group to a static Required preference-value ] [ reject |...
Page 230: Configuring The Auto Detect Function For Vrrp
Operation Manual – Auto Detect Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation [QuidwayA-detect-group-8] detec t-list address 10.1.1.4 nexthop 192.168.1.2 [QuidwayA-detect-group-8] quit # Enable the static route when the detecting group is reachable. Disable th e static route when the detecting group is unreachable.
Page 231 Operation Manual – Auto Detect Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation Packets sourced from Switch A and destined for Switch C is forwarded by Switch B under normal situations. When the connection between Sw itch B and Switch C fails, Switch D becomes...
Page 232: Configuring The Auto Detect Function For Vlan Interface Backup
Operation Manual – Auto Detect Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation Configure Switch D. # Assign an IP address to VLAN 1 interface. system-view [QuidwayD] interface vlan-interface 1 [Quidwa yD-Vlan-interface1] ip address 192.168.1.3 24...
Page 233 Operation Manual – Auto Detect Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation Table 2-3 Configure the auto det ect function f or VLAN interface backup Operation Command Description Enter system view system-v — Enter VLAN interface vlan-interface —...
Page 234 Operation Manual – Auto Detect Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation # Enter system view. system-view # Configure a static route to VLAN interface 1 on Switch A a s the primary route, with the IP address of 10.1.1.3/24 as the next hop.
Page 235 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 MSTP Configuration ....................1-1 1.1 MSTP Overview ......................... 1-1 1.1.1 MSTP Protocol Data Unit ..................1-1 1.1.2 Basic MSTP Terminologies..................1-2 1.1.3 Implementation of MSTP..................1-5 1.1.4 MSTP Implementation on Switches ................
Page 236 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents 1.5.2 Prerequisites ......................1-34 1.5.3 BPDU Protection Configuration................1-34 1.5.4 Root Protection Configuration ................1-34 1.5.5 Loop Prevention Configuration................1-35 1.5.6 TC-BPDU Attack Prevention Configuration ............1-36 1.5.7 BPDU Packets Drop Configuration ...............
Page 237: Mstp Overview
Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Chapter 1 MSTP Configuration 1.1 MSTP Overview Spanning tree protocol (STP) cannot enable Ethernet ports to transit their states rapidly. It costs two times of the forward delay for a port to transit to the forwarding state even if the port is on a point-to-point link or the port is an edge port.
Page 238: Basic Mstp Terminologies
Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.1.2 Basic MSTP Terminologies Figure 1-1 illustrates basic MSTP terms (assuming that MSTP is enabled on each switch in this figure). Region A0 CIST: Common and Internal...
Page 239 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration III. VLAN mapping table A VLAN mapping table is a property of an MST region. It contains information about how VLANs are mapped to MSTIs. For example, in Figure 1-1, the information contained in the VLAN mapping table of region A0 is: VLAN 1 is mapped to MSTI 1;...
Page 240 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration A master port connects a MST region to the common root. The path from the master port to the common root is the shortest path between the MST region and the common root.
Page 241: Implementation Of Mstp
Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Forwarding state: Ports in this state can forward user packets and receive/send BPDU packets. Learning state: Ports in this state do not forward user traffic but only receive and send DPDU packets.
Page 242 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration If the priority of the configuration BPDU is lower than that of the configuration BPDU of the port itself, the switch discards the BPDU and does not change the configuration BPDU of the port.
Page 243: Root Bridge Configuration
Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.1.4 MSTP Implementation on Switches MSTP is compatible with both STP and RSTP. That is, switches with MSTP employed can recognize the protocol packets of STP and RSTP and use them to generate spanning trees.
Page 244 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Operation Remarks Related section Maximum hops of Section 1.2.7 “MST region Optional Region Maximum Hops configuration Configuration” Optional Network diameter Section 1.2.8 “Network configuration Diameter Configuration”...
Page 245 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Operation Command Description Enter MST region — stp region-configuration view Required Configure a name The default MST region name region-name name for the MST region of a switch is its MAC address.
Page 246 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration II. Configuration example # Configure an MST region, with the name being “info”, the MSTP revision level being level 1, VLAN 2 through VLAN 10 being mapped to spanning tree instance 1, and VLAN 20 through VLAN 30 being mapped to spanning tree 2.
Page 247 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration II. Secondary root bridge configuration Table 1-5 Specify the current switch as the secondary root bridge of a specified spanning tree Operation Command Description Enter system view —...
Page 248: Bridge Priority Configuration
Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Note: You can configure a switch as the root bridges of multiple spanning tree instances. But you cannot configure two or more root bridges for one spanning tree instance.
Page 249: Mstp Packet Format Configuration
Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Caution: Once you specify a switch as the root bridge or a secondary root bridge by using the stp root primary or stp root secondary command, the bridge priority of the switch is not configurable.
Page 250 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Operation Command Description Required Configure MSTP stp compliance { auto | By default, an MSTP packet is packet format dot1s | legacy } in legacy format.
Page 251: Mst Region Maximum Hops Configuration
Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration II. Configuration example # Configure the current switch to operate in the STP-compatible mode. system-view [Quidway] stp mode stp 1.2.7 MST Region Maximum Hops Configuration The maximum hops values configured on the region roots in an MST region limit the size of the MST region.
Page 252: Network Diameter Configuration
Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.2.8 Network Diameter Configuration In a switched network, any two switches can communicate with each other through a path, on which there may be some other switches. The network diameter of a network is measured by the number of switches;...
Page 253 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Forward delay parameter) for them to turn to the forwarding state. The period ensures that the newly generated configuration BPDUs to propagate across the entire network.
Page 254 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Caution: The Forward delay parameter and the network diameter are correlated. Normally, a large network diameter corresponds to a large Forward delay. A too small Forward delay parameter may result in temporary redundant paths.
Page 255 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.2.10 Timeout Time Factor Configuration A switch regularly sends protocol packets to its neighboring devices at the interval specified by the Hello time parameter to test the links. Normally, a switch regards its...
Page 256 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration I. Configuration procedure (in system view) Table 1-13 Configure the maximum transmitting speed for specified ports in system view Operation Command Description Enter system view —...
Page 257 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration edge port, rapid transition is applicable to the port. That is, when the port changes from blocking state to forwarding state, it does not have to wait for a delay.
Page 258 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration [Quidway] stp interface GigabitEthernet1/0/1 edged-port enable Configure in Ethernet port view. system-view [Quidway] interface GigabitEthernet1/0/1 [Quidway-GigabitEthernet1/0/1] stp edged-port enable 1.2.13 Point-to-point Link-Related Configuration A point-to-point link directly connects two switches. If the roles of the two ports at the...
Page 259 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration II. Configuration procedure (in Ethernet port view) Table 1-18 Specify whether or not the link connected to a specific port is a point-to-point link (in Ethernet port view)
Page 260 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration system-view [Quidway] interface GigabitEthernet1/0/1 [Quidway-GigabitEthernet1/0/1] stp point-to-point force-true 1.2.14 MSTP Configuration I. Configuration procedure Table 1-19 Enable MSTP in system view Operation Command Description Enter system view —...
Page 261: Leaf Node Configuration
Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Other MSTP-related settings can take effect only after MSTP is enabled on the switch. II. Configuration example # Enable MSTP on the switch and disable MSTP on GigabitEthernet1/0/1 port.
Page 262 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Operation Remarks Related section Section 1.2.13 Point-to-point link Optional “Point-to-point Link-Related related configuration Configuration“ Note: In a network that contains switches with both GVRP and MSTP employed, GVRP packets are forwarded along the CIST.
Page 263 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Path cost can be determined by switch or through manual configuration. I. Standards for calculating path costs of ports Currently, a switch can calculate the path costs of ports based on one of the following standards: dot1d-1998: Adopts the IEEE 802.1D-1998 standard to calculate the default path...
Page 264 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Transm Operation mode Proprietary ission 802.1D-1998 IEEE 802.1t (half-/full-duplex) standard speed Full-duplex 200,000 Aggregated link 2 ports 1,000 Gbps Aggregated link 3 ports Aggregated link 4 ports Normally, the path cost of a port operating in full-duplex mode is slightly less than that of the port operating in half-duplex mode.
Page 265: Port Priority Configuration
Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Changing the path cost of a port may change the role of the port and put it in state transition. Executing the stp cost command with the instance-id argument being 0 sets the path cost on the CIST for the port.
Page 266 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration I. Configuring port priority in system view Table 1-26 Configure port priority for specified ports in system view Operation Command Description Enter system view — system-view...
Page 267: The Mcheck Configuration
Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.3.9 Point-to-point Link-Related Configuration Refer to section 1.2.13 “Point-to-point Link-Related Configuration”. 1.3.10 MSTP Configuration Refer to section 1.2.14 “MSTP Configuration”. 1.4 The mCheck Configuration As mentioned previously, ports on an MSTP-enabled switch can operate in three modes: STP-compatible, RSTP-compatible, and MSTP.
Page 268: Protection Function Configuration
Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration II. Performing the mCheck operation in Ethernet port view Table 1-29 Perform the mCheck operation in Ethernet port view Operation Command Description Enter system view —...
Page 269 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration II. Root protection A root bridge and its secondary root bridges must reside in the same region. A CIST and its secondary root bridges are usually located in the high-bandwidth core region.
Page 270: Bpdu Protection Configuration
Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Caution: Among loop prevention function, root protection function, and edge port setting, only one can be valid on a port at one time. 1.5.2 Prerequisites MSTP runs normally on the switch.
Page 271: Loop Prevention Configuration
Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Table 1-32 Enable the root protection function in Ethernet port view Operation Command Description Enter system view — system-view Enter Ethernet port Interface interface-type — view...
Page 272: Digest Snooping Configuration
Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.5.6 TC-BPDU Attack Prevention Configuration I. Configuration procedure Table 1-34 Enable the TC-BPDU attack prevention function Operation Command Description Enter system view — system-view Required Enable...
Page 273 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration between them. (A configuration ID contains information such as region ID and configuration digest.) As some partners' switches adopt proprietary spanning tree protocols, they cannot interwork with other switches in an MST region even if they are configured with the same MST region-related settings as other switches in the MST region.
Page 274 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Note: The digest snooping feature is needed only when your S5600 series switch is connected to partner's proprietary protocol-adopted switches. To enable the digest snooping feature successfully, you must first enable it on all the ports of your S5600 series switch that are connected to partner's proprietary protocol-adopted switches and then enable it globally.
Page 275 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Upstream sw itch Upstream sw itch Upstream sw itch Upstream sw itch Dow nstream switch Dow nstream switch Dow nstream switch Dow nstream switch Sends proposal packets to...
Page 276 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration upstream ports after they receive proposal packets from the upstream designated ports, instead of waiting for agreement packets from the upstream switch. This enables designated ports of the upstream switch to change their states rapidly.
Page 277 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Table 1-37 Configure the rapid transition feature in system view Operation Command Description Enter system view — system-view Required stp interface interface-type Enable the rapid interface-number...
Page 278 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Operator’ s Operator’ s Network Network Packet ingress/egress Packet ingress/egress Packet ingress/egress Packet ingress/egress device device device device Network Network Users Users Network Network Network A...
Page 279: Mstp Displaying And Debugging
Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Note: The BPDU Tunnel function can only be enabled on devices with STP enabled. The BPDU Tunnel function can only be enabled on access ports. To enable the BPDU Tunnel function, make sure the links between operator’s networks are trunk links.
Page 280 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration II. Network diagram Permit :all VLAN Permit :all VLAN Switch A Switch A Switch B Switch B Permit : Permit : Permit : Permit : VLAN 10, 20...
Page 281 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration # Configure the MST region. [Quidway-mst-region] region-name example [Quidway-mst-region] instance 1 vlan 10 [Quidway-mst-region] instance 3 vlan 30 [Quidway-mst-region] instance 4 vlan 40 [Quidway-mst-region] revision-level 0 # Activate the settings of the MST region.
Page 282 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.11 BPDU Tunnel Configuration Example I. Network requirements S5600 series switches operate as the access devices of the operator’s network, that is, Switch C and Switch D in the network diagram.
Page 283 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration # Add port GigabitEthernet0/1 to VLAN 10. [Quidway] vlan 10 [Quidway-Vlan10] port GigabitEthernet 0/1 Configure Switch C. # Enable MSTP. system-view [Quidway] stp enable # Enable the BPDU Tunnel function.
Page 284 Operation Manual – MSTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration [Quidway-GigabitEthernet1/0/2] port access vlan 10 [Quidway-GigabitEthernet1/0/2] stp disable [Quidway-GigabitEthernet1/0/2] vlan-vpn enable [Quidway-GigabitEthernet1/0/2] quit # Configure port GigabitEthernet1/0/1 as a trunk port. [Quidway] interface GigabitEthernet 1/0/1 [Quidway-GigabitEthernet1/0/1] port link-type trunk # Add the trunk port to all VLANs.
Page 285 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 IP Routing Protocol Overview ..................1-1 1.1 Introduction to IP Route and Routing Table ..............1-1 1.1.1 IP Route and Route Segment ................. 1-1 1.1.2 Route Selection through the Routing Table ............
Page 286 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents 4.1.1 Introduction to OSPF....................4-1 4.1.2 OSPF Route Calculation ..................4-1 4.1.3 Basic OSPF Concepts .................... 4-2 4.1.4 OSPF Network Type ....................4-4 4.1.5 OSPF Packets......................4-6 4.1.6 LSA Types.......................
Page 287 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Chapter 5 BGP Configuration ...................... 5-1 5.1 BGP Overview ........................5-1 5.1.1 BGP Message Type ....................5-2 5.1.2 BGP Route Attributes....................5-5 5.1.3 BGP Routing Policy....................5-9 5.1.4 Problems in Large-Scale BGP Networks ..............
Page 288 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents 5.9.3 Configuring BGP Routing..................5-41 5.10 BGP Error Configuration Example................. 5-45 5.10.1 BGP Peer Connection Establishment Error ............5-45 Chapter 6 IP Routing Policy Configuration ................6-1 6.1 IP Routing Policy Overview ....................
Page 289: Introduction To Ip Route And Routing Table
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 IP Routing Protocol Overview Chapter 1 IP Routing Protocol Overview Note: When running a routing protocol, the Ethernet switch also functions as a router. The word “router” and the router icons covered in the following text represent routers in common sense and Ethernet switches running a routing protocol.
Page 290: Route Selection Through The Routing Table
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 IP Routing Protocol Overview Route Segment Host A Host C Host B Figure 1-1 Route segment The number of route segments on the path between a source and destination can be used to measure the "length"...
Page 291 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 IP Routing Protocol Overview “logical AND” between destination address and network mask, you can get the address of the network segment where the destination host or router resides. For example, if the destination address is 129.102.8.10 and the mask is 255.255.0.0,...
Page 292: Routing Management Policy
12.0.0.0 Figure 1-2 Routing table The Quidway S5600 Series Ethernet Switches (hereinafter referred to as S5600 series) support the configuration of static routes as well as a series of dynamic routing protocols such as RIP, OSPF and BGP. Moreover, the switches in operation can automatically obtain some direct routes according to interface status and user configuration.
Page 293 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 IP Routing Protocol Overview In the table, “0” is used for directly connected routes, and “255” is used for routes from untrusted source. Table 1-1 Routing protocols and corresponding route preferences...
Page 294 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 IP Routing Protocol Overview main route to send data. This process is the automatic switchover from the backup route to the main route. 1.2.3 Routes Shared between Routing Protocols As the algorithms of various routing protocols are different, different routing protocols may discover different routes.
Page 295: Introduction To Static Route
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Static Route Configuration Chapter 2 Static Route Configuration 2.1 Introduction to Static Route 2.1.1 Static Route Static routes are special routes. They are manually configured by the administrator. By configuring static routes, you can build an interconnecting network.
Page 296: Static Route Configuration
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Static Route Configuration (ICMP) packet will be returned to inform the source host that the destination host or network is unreachable. 2.2 Static Route Configuration 2.2.1 Configuration Prerequisites...
Page 297: Displaying The Routing Table
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Static Route Configuration 2.3 Displaying the Routing Table After the above configuration, use the display command in any view to display and verify the static route configuration.
Page 298 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Static Route Configuration II. Network diagram Host A Host A 1.1.5.2/24 1.1.5.2/24 1.1.5.1/24 1.1.5.1/24 1.1.2.2/24 1.1.2.2/24 1.1.3.1/24 1.1.3.1/24 Sw itch C Sw itch C 1.1.2.1/24 1.1.2.1/24 1.1.3.2/24 1.1.3.2/24...
Page 299: Troubleshooting A Static Route
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Static Route Configuration [SwitchB] ip route-static 0.0.0.0 0.0.0.0 1.1.4.1 # Configure the default gateway of Host C to 1.1.1.1. [SwitchC] ip route-static 1.1.1.0 255.255.255.0 1.1.1.1 Now, all the hosts/switches in the figure can interconnect with each other.
Page 300: Rip Overview
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Chapter 3 RIP Configuration 3.1 RIP Overview Routing information protocol (RIP) is a simple interior gateway protocol (IGP) suitable for small-sized networks. 3.1.1 Basic Concepts I.
Page 301: Introduction To Rip Configuration Tasks
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Timeout timer: If a RIP route is not updated (that is, the switch does not receive any routing update packet from the neighbor) within the timeout time of this timer, the route is considered unreachable.
Page 302: Basic Rip Configuration
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Referenc Configuration Task Description e section Setting additional routing metrics Optional 3.4.2 I. interface Configuring route Optional 3.4.2 II. summary Disabling the receiving of Optional 3.4.2 III.
Page 303 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration 3.3.2 Configuring Basic RIP Functions I. Enabling RIP globally and on the interface of a specified network segment Table 3-2 Enable RIP globally and on the interface of a specified network segment...
Page 304: Rip Route Control
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration III. Specifying the RIP version on an interface Table 3-4 Specify the RIP version on an interface Operation Command Description Enter system view system-view —...
Page 305 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Configuring basic RIP functions 3.4.2 Configuring RIP Route Control I. Setting the additional routing metrics of an interface Additional routing metric is the routing metric (hop count) added to the original metrics of RIP routes on an interface.
Page 306 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Table 3-6 Configure RIP route summary Operation Command Description Enter system view system-view — Enter RIP view — Optional Enable RIP-2 default, RIP-2 automatic route...
Page 307 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Operation Command Description The gateway keyword is used to filter the filter-policy gateway incoming routes ip-prefix-name import advertised from specified address. filter-policy { acl-number |...
Page 308: Rip Network Adjustment And Optimization
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Operation Command Description Enable traffic sharing Optional traffic-share-across-interface VII. Configuring RIP to import routes from another protocol Table 3-11 Configure RIP to import routes from another protocol...
Page 309 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Configuring the network layer addresses of interfaces so that adjacent nodes are reachable to each other at the network layer Configuring basic RIP functions 3.5.2 Configuration Tasks I.
Page 310 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration III. Configuring RIP-1 packet zero field check Table 3-14 Configure RIP-1 packet zero field check Operation Command Description Enter system view system-view — Enter RIP view —...
Page 311: Displaying And Maintaining Rip Configuration
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Operation Command Description Required If you specify to use authentication, you must specify one of following authentication types: authentication-mode RIP-2 packet { simple password | md5...
Page 312: Rip Configuration Example
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Table 3-17 Display and debug RIP configuration Operation Command Description Display the current RIP running status configuration display rip information You can execute the display command in...
Page 313: Troubleshooting Rip Configuration
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Note: Only the configuration related to RIP is listed below. Before the following configuration, make sure the Ethernet link layer works normally and the IP addresses of VLAN interfaces are configured correctly.
Page 314: Ospf Overview
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Chapter 4 OSPF Configuration 4.1 OSPF Overview 4.1.1 Introduction to OSPF Open shortest path first (OSPF) is a link state-based interior gateway protocol developed by IETF. At present, OSPF version 2 (RFC 2328) is used, which has the...
Page 315: Basic Ospf Concepts
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration An LSA describes the network topology around a router, whereas an LSDB describes the network topology of the whole network. Routers can easily transform the LSDB to a weighted directed map, which actually reflects the topology of the whole network.
Page 316 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration one area. A router connecting the backbone area to a non-backbone area is called an area border router (ABR). An ABR can connect to the backbone area physically or logically.
Page 317: Ospf Network Type
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration 19.1.1.0/24 19.1.1.0/24 Area 12 Area 12 Area 19 Area 19 Virtual link Virtual link Area 0 Area 0 19.1.3.0/24 19.1.3.0/24 19.1.2.0/24 19.1.2.0/24 Area 8 Area 8 Figure 4-1 Area partition and route aggregation 4.1.4 OSPF Network Type...
Page 318 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration interface type to P2MP. If a router in the network has only one peer, you can change the corresponding interface type to P2P. The differences between NBMA and P2MP are as follows: An NBMA network is fully connected, non-broadcast, and multi-accessible, whereas a P2MP network is not necessarily fully connected.
Page 319: Ospf Packets
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration DR Other DR Other DR Other Figure 4-2 DR and BDR IV. DR/BDR election Instead of being manually configured, DR and BDR are elected by all the routers on the current network segment.
Page 320: Lsa Types
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration II. DD packet: When two routers synchronize their databases, they use database description (DD) packets to describe their own LSDBs, including the digest of each LSA. The digest refers to the HEAD of an LSA which uniquely identifies the LSA.
Page 321: Introduction To Ospf Configuration Tasks
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration II. Type-7 LSAs In RFC 1587 (OSPF NSSA Option), Type-7 LSA, a new LSA type, is added. As described in RFC 1587, Type-7 LSAs and Type-5 LSAs mainly differ in the following...
Page 322 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Referenc Configuration Task Description e section Configuring Network Optional 4.5.2 Type of an OSPF Interface OSPF Network Type Setting an NBMA Neighbor Optional 4.5.3 Configuration...
Page 323: Basic Ospf Configuration
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration 4.3 Basic OSPF Configuration Before you can configure other OSPF features, you must first enable OSPF and specify the interface and area ID. 4.3.1 Configuration Prerequisites...
Page 324: Ospf Area Attribute Configuration
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Table 4-2 Basic OSPF configuration Operation Command Description Enter system view system-view — Optional multiple OSPF processes run on a router, recommended to use Configure the router ID...
Page 325 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration non-backbone areas should keep connectivity with the backbone area and the backbone area must keep connectivity in itself. If the physical connectivity cannot be ensured due to various restrictions, you can configure OSPF virtual links to satisfy this requirement.
Page 326: Ospf Network Type Configuration
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Note: You must use the stub command on all the routers connected to a stub area to configure the area with the stub attribute. You must use the nssa command on all the routers connected to an NSSA area to configure the area with the NSSA attribute.
Page 327: Setting An Nbma Neighbor
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Operation Command Description Optional ospf network-type By default, the network Configure the network type of { broadcast | nbma | type of an interface the OSPF interface...
Page 328: Ospf Route Control
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Table 4-6 Set the DR priority on an OSPF interface Operation Command Description Enter system view system-view — interface interface-type Enter interface view Required interface-number...
Page 329 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Configuring ASBR route summary for imported routes. Table 4-7 Configure ABR route summary Operation Command Description Enter system view system-view — ospf process-id Enter OSPF view —...
Page 330: Configuring The Cost For Sending Packets On An Ospf Interface
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Note: OSPF is a dynamic routing protocol based on link state, with routing information hidden in LSAs. Therefore, OSPF cannot filter any advertised or received LSA. In fact, the filter-policy import command filters the routes calculated by OSPF;...
Page 331 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Operation Command Description Optional By default, the OSPF Set OSPF route priority preference [ ase ] value route priority is 10 and the priority of OSPF ASE is 150.
Page 332: Ospf Network Adjustment And Optimization
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Operation Command Description Optional Configure the default cost By default, the cost for for OSPF to import external default cost value OSPF to import external routes routes is 1.
Page 333 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration In addition, OSPF supports network management. You can configure the binding of the OSPF MIB with an OSPF process and configure the Trap message transmission and logging functions.
Page 334: Configuring The Lsa Transmission Delay
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Operation Command Description Optional By default, the dead time for the OSPF neighboring router on Set the dead time of the a p2p or broadcast...
Page 335: Configuring The Spf Calculation Interval
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Note: The transmission of OSPF packets on a link also takes time. Therefore, a transmission delay should be added to the aging time of LSAs before the LSAs are transmitted. For a low-speed link, pay close attention on this configuration.
Page 336 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Note: On the same interface, you can disable multiple OSPF processes from transmitting OSPF packets. The silent-interface command, however, only applies to the OSPF interface where the specified process has been enabled, without affecting the interface for any other process.
Page 337: Configuring To Fill The Mtu Field When An Interface Transmits Dd Packets
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Note: OSPF supports packet authentication and receives only those packets that are successfully authenticated. If packet authentication fails, no neighboring relationship will be established. The authentication modes for all routers in an area must be consistent. The authentication passwords for all routers on a network segment must also be consistent.
Page 338: Displaying Ospf Configuration
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration 4.7.9 Configuring OSPF Network Management System (NMS) Table 4-21 Configure OSPF MIB binding Operation Command Description Enter system view system-view — Optional By default, MIB is bound...
Page 339 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Operation Command Description display ospf [ process-id ] [ area-id ] lsdb [ brief | [ asbr | ase | network | nssa | router...
Page 340: Ospf Configuration Example
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration 4.9 OSPF Configuration Example 4.9.1 Configuring DR Election Based on OSPF Priority I. Network requirements Four S5600 switches, SwitchA, SwitchB, SwitchC, and SwitchD, which run OSPF, are on the same segment, as shown in Figure 4-3.
Page 341 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration [SwitchB] router id 2.2.2.2 [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255 # Configure SwitchC. system-view [SwitchC] interface Vlan-interface 1 [SwitchC-Vlan-interface1] ip address 196.1.1.3 255.255.255.0 [SwitchC-Vlan-interface1] ospf dr-priority 2 [SwitchC] router id 3.3.3.3...
Page 342: Configuring Ospf Virtual Link
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration will be the BDR (with a priority of 100). Shutting down and restarting all of the switches will bring about a new round of DR/BDR selection.
Page 343: Troubleshooting Ospf Configuration
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration [SwitchB] interface vlan-interface 7 [SwitchB-Vlan-interface7] ip address 196.1.1.2 255.255.255.0 [SwitchB-Vlan-interface7] quit [SwitchB] interface vlan-interface 8 [SwitchB-Vlan-interface8] ip address 197.1.1.2 255.255.255.0 [SwitchB] router id 2.2.2.2 [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255...
Page 344 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Local fault removal: Firstly, check whether the protocol works normally between two directly connected routers. The normal sign is that the peer state machine between the two routers reaches the FULL state.
Page 345 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Area 0 Area 0 Area 1 Area 1 Area 2 Area 2 Figure 4-5 OSPF area A virtual link cannot pass through a stub area. The backbone area (Area 0) cannot be configured as a stub area.
Page 346: Bgp Overview
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Chapter 5 BGP Configuration Note: Routers and router icons in this part refer to common routers or Ethernet switches with routing protocols employed. The BGP-related functions are unavailable to devices with the fabric function enabled.
Page 347: Bgp Message Type
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration In BGP, multiple routing policies are available for filtering and choosing routes in a flexible way. BGP is extendible to allow for new types of networks.
Page 348 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration II. Open Open massage is used to establish connections between BGP speakers. It is sent when a TCP connection is just established. Figure 5-2 shows the format of an Open message.
Page 349 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration An Update message can advertise a group of reachable routes with the same path attribute. These routes are set in the NLRI field. The Path Attributes field carries the attributes of these routes, according to which BGP chooses routes.
Page 350 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration 5.1.2 BGP Route Attributes I. Routes attributes classification BGP route attributes describe route, so that BGP can filter and choose the routes. In fact, all the BGP route attributes can be classified into the following four categories.
Page 351 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration EGP: BGP routes with their Origin attributes being EGP are obtained through EGP. Incomplete: BGP routes with their Origin attributes being Incomplete have the least priority. This value does not indicate that the BGP route is unreachable; it means the source of the BGP route cannot be determined.
Page 352 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration AS_Path attribute can also be used to choose and filter routes. BGP chooses the routes containing less AS numbers with shorter path under the same circumstances.
Page 353 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration The MED attribute is used to determine the optimal route for traffic flows to enter an AS. It acts the same as the metrics used in IGP. For multiple routes a BGP router receives...
Page 354: Bgp Routing Policy
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Local_Pref=100 RouterB D=8.0.0.0 2.1.1.1 Next_Hop=2.1.1.1 8.0.0.0 EBGP IBGP Local_Pref=100 IBGP RouterD RouterA > D=8.0.0.0 IBGP Next_Hop=3.1.1.1 EBGP Local_Pref=200 3.1.1.1 RouterC AS10 Local_Pref=200 AS20 Figure 5-8 Local_Pref attribute...
Page 355 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Chooses routes in the order of the route Origin type, that is, the order of IGP, EGP, and Incomplete. Prefers the route with the lowest MED value.
Page 356 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration When route flaps occur, a route sends route update to its neighbors. Routers receiving the update packets calculate the route over again and renew the routing table.
Page 357 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration A large-scale network can contain large amount of peers, lot of which adopt the same policies. Peer group simplifies your configuration when you configure peers adopting the same policy.
Page 358 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Route Non-Client Reflector IBGP IBGP Client IBGP IBGP Cluster IBGP IBGP Client Non-Client Client AS65000 Figure 5-10 Diagram for the route reflector An RR and all its clients form a cluster. To ensure network reliability and avoid single-point failure, you can configure more than one RR in a cluster.
Page 359 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration VI. Confederation Confederation is another way to limit the number of IBGP connections in an AS. It divides an AS into multiple sub-ASs. The IBGP peers in each sub-AS are fully connected.
Page 360: Bgp Configuration Tasks
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration II. Extended attribute of MP-BGP Of different types of BGP-4 packets, all the information concerning to IPv4 are carried by Update packets. The information is hold by NLRI, Next_Hop (in the AS_Path attribute), and Aggregator (in the AS_Path attribute).
Page 361: Basic Bgp Configuration
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Configuration tasks Description Related section Section 5.4.4 Sending default Optional “Enabling Default routes Route ” Configuring Section 5.4.5 related access Optional “Configuring Related lists ACLs”...
Page 362 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Note: The operations described in this section applyto both BGP and MP-BGP. As BGP is bsed on TCP connections, you need to assign IP addresses for BGP peers.BGP peers are not necessarily the neighbor routers.
Page 363 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration 5.3.3 Configuring Basic BGP Functions Table 5-4 Configure basic BGP functions Operation Command Description Enter system view system-view — Required Enable BGP and enter bgp as-number...
Page 364 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Caution: A router must be assigned a router ID in order to run BGP protocol. A router ID is a 32-bit unsigned integer. It uniquely identifies a router in an AS.
Page 365 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration 5.4.2 Importing Routes With BGP employed, an AS can send its interior routing information to its neighbor ASs. However, the interior routing information is not generated by BGP, it is obtained by importing IGP routing information to BGP routing table.
Page 366 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration 5.4.3 Configuring BGP Route Aggregation In a medium-/large-sized BGP network, you can reduce the number of the routes to be advertised to BGP peers through route aggregation to save the spaces of BGP peer routing tables.
Page 367 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Operation Command Description Required peer group-name By default, a BPG router Enable default route default-route-advertise does send default route-policy advertising routes specified route-policy-name ] peer/peer group.
Page 368 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Caution: You can define multiple filtering rules (permit or deny) for an ACL. A BGP route matches an ACL if it matches a rule of the ACL.
Page 369 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Caution: Only the routes that pass the specified filter are advertised. A peer group member uses the same outbound route filtering policy as that of the peer group it belongs to.
Page 370 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Operation Command Description Specify an prefix list-based peer group-name BGP route ip-address ip-prefix filtering ip-prefix-name import policy for a peer/peer group Caution: Routes received by a BGP router are filtered, and only those matching the specified ACLs are added to the routing table.
Page 371: Configuring Bgp Route Attributes
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration 5.4.9 Configuring BGP Route Dampening Route dampening is used to solve the problem of route instability. Route instability mainly refers to route flapping. A route flaps if it appears and disappears repeatedly in the routing table.
Page 372 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration MED value 5.5.2 Configuring BGP Route Attributes BGP possesses many route attributes for you to control BGP routing policies. Table 5-13 Configure BGP route attributes...
Page 373 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Operation Command Description Optional Assign peer group-name AS number By default, the local AS as-number for a peer number is not assigned to a as-number group peer group.
Page 374: Adjusting And Optimizing A Bgp Network
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration 5.6 Adjusting and Optimizing a BGP Network Adjusting and optimizing BGP network involves the following aspects: BGP clock BGP peers send Keepalive messages to each other periodically through the connections between them to make sure the connections operate properly.
Page 375 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Interval for sending the update packets MD5 authentication password 5.6.2 Adjusting and Optimizing a BGP Network Table 5-14 Adjust and optimize a BGP network Operation...
Page 376 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Operation Command Description — return refresh bgp { all | ip-address | group Perform soft refreshment of group-name Optional BGP connection manually multicast { import | export }...
Page 377 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Community can also be used to ease the routing policy management. And its management range is much wider than that of the peer group. It controls the routing policy of multiple BGP routers.
Page 378 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Operation Command Description Create an EBGP group group-name peer group external Optional Create Configure the AS peer group-name You can add multiple peers number of a peer as-number to the group.
Page 379 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Operation Command Description Required By default, no community Configure peers peer group-name attribute extended advertise community attribute advertise-commu community attribute to each other nity advertised to any peer group.
Page 380 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Caution: Normally, full connection is not required between an RR and a client. A route is reflected by an RR from a client to another client. If an RR and a client are fully connected, you can disable the reflection between clients to reduce the cost.
Page 381: Displaying And Maintaining Bgp
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Caution: A confederation can include up to 32 sub-ASs. The AS number used by a sub-AS which is configured to belong to a confederation is only valid inside the confederation.
Page 382 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Operation Command Display information about BGP route display bgp routing dampened dampening display bgp [ multicast ] routing Display routes with different source ASs different-origin-as...
Page 383: Configuring Bgp As Confederation Attribute
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Table 5-21 Clear BGP information Operation Command Clear the route dampening information reset dampening and release the suppressed routes [ network-address [ mask ] ]...
Page 384 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration III. Configuration procedure # Configure SwitchA. [SwitchA] bgp 1001 [SwitchA-bgp] confederation id 100 [SwitchA-bgp] confederation peer-as 1002 1003 [SwitchA-bgp] group confed1002 external [SwitchA-bgp] peer 172.68.10.2 group confed1002 as-number 1002 [SwitchA-bgp] group confed1003 external [SwitchA-bgp] peer 172.68.10.3 group confed1003 as-number 1003...
Page 385 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration II. Network diagram Route reflector VLAN 3 VLAN 4 193.1.1.1/24 194.1.1.1/24 Network Switch C 1.0.0.0 AS200 IBGP IBGP VLAN 100 VLAN 4 EBGP 1.1.1.1/8 VLAN 3 194.1.1.2/24...
Page 386: Configuring Bgp Routing
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Configure SwitchC. # Configure VLAN3. [SwitchC] interface Vlan-interface 3 [SwitchC-Vlan-interface3] ip address 193.1.1.1 255.255.255.0 # Configure VLAN4. [SwitchC] interface vlan-Interface 4 [SwitchC-Vlan-interface4] ip address 194.1.1.1 255.255.255.0 # Configure BGP peers and RR.
Page 387 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration II. Network diagram To network 2.2.2.2 2.0.0.0 AS200 VLAN 2 VLAN 4 192.1.1.2/24 194.1.1.2/24 Switch B VLAN 2 VLAN 4 192.1.1.1/24 194.1.1.1/24 IBGP EBGP Switch A Switch D 1.1.1.1...
Page 388 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration Define two routing policies, named apply_med_50 and apply_med_100 respectively. The first routing policy apply_med_50 configures the MED attribute as 50 for network 1.0.0.0, and the second one apply_med_100 configures the MED attribute for the network as 100.
Page 389 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration [SwitchC-ospf-1-area-0.0.0.0] network 193.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [SwitchC] bgp 200 [SwitchC-bgp] undo synchronization [SwitchC-bgp] group ex external [SwitchC-bgp] peer 193.1.1.1 group ex as-number 100 [SwitchC-bgp] group in internal [SwitchC-bgp] peer 195.1.1.1 group in...
Page 390: Bgp Error Configuration Example
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 BGP Configuration [SwitchC-route-policy] apply local-preference 200 [SwitchC-route-policy] quit [SwitchC] route-policy localpref permit node 20 [SwitchC-route-policy] apply local-preference 100 [SwitchC-route-policy] quit # Apply this routing policy to the inbound traffic flows coming from BGP neighbor 193.1.1.1 (SwitchA).
Page 391: Ip Routing Policy Overview
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IP Routing Policy Configuration Chapter 6 IP Routing Policy Configuration 6.1 IP Routing Policy Overview When a router distributes or receives routing information, it may need to implement some policies to filter the routing information, so as to receive or distribute only the routing information meeting given conditions.
Page 392 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IP Routing Policy Configuration Normally, a basic ACL is used to filter routing information. You can specify a range of IP addresses or subnets when defining a basic ACL so as to match the destination network segment addresses or next-hop addresses of routing information.
Page 393 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IP Routing Policy Configuration 6.2 Introduction to IP Routing Policy Configuration Tasks Table 6-1 IP routing policy configuration tasks Referenc Configuration Task Description e section Defining a Route-Policy Required 6.3.2...
Page 394 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IP Routing Policy Configuration 6.3.2 Defining a Route-Policy Table 6-2 Define a route-policy Operation Command Description Enter system view system-view — route-policy Required Define route-policy-name { permit...
Page 395 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IP Routing Policy Configuration Operation Command Description Define rule if-match community match community basic-community-number Optional attributes whole-match routing information adv-community-number } Optional default, Define rule if-match { acl acl-number | ip-prefix...
Page 396 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IP Routing Policy Configuration Operation Command Description next address for routing apply ip next-hop ip-address Optional information Set local preference apply local-preference routing Optional local-preference information Optional...
Page 397 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IP Routing Policy Configuration 6.4 ip-prefix Configuration ip-prefix plays a role similar to ACL and but is more flexible and easier to understand. When ip-prefix is applied to filtering routing information, its matching object is the destination address information field of routing information.
Page 398: As Path List Configuration
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IP Routing Policy Configuration Note: If more than one ip-prefix item are defined, the match mode of at least one item should be the permit mode. 6.5 AS Path List Configuration A BGP routing information packet contains an AS path field.
Page 399: Displaying Ip Routing Policy
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IP Routing Policy Configuration Operation Command Description community-list basic-comm-list-number Configure basic { permit | deny } [ aa:nn | internet | Optional community list no-export-subconfed no-advertise no-export ]*...
Page 400 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IP Routing Policy Configuration II. Network diagram static 20.0.0.0/8 static 20.0.0.0/8 static 20.0.0.0/8 static 20.0.0.0/8 area 0 Area 0 area 0 Area 0 30.0.0.0/8 30.0.0.0/8 30.0.0.0/8 30.0.0.0/8 Router ID: 1.1.1.1...
Page 401 Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IP Routing Policy Configuration [SwitchA] route-policy ospf permit node 10 [SwitchA -route-policy] if-match acl 2000 [SwitchA -route-policy] quit # Apply route policy when the static routes are imported.
Page 402: Troubleshooting Ip Routing Policy
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IP Routing Policy Configuration 6.9 Troubleshooting IP Routing Policy Symptom: Routing information cannot be filtered when the routing protocol runs normally. Solution: Check to see the following requirements are satisfied.
Page 403: Route Capacity Configuration Overview
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 Route Capacity Configuration Chapter 7 Route Capacity Configuration 7.1 Route Capacity Configuration Overview 7.1.1 Introduction In actual networking applications, there are a large number of routes, especially OSPF routes and BGP routes, in the routing table.
Page 404: Route Capacity Configuration
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 Route Capacity Configuration 7.2 Route Capacity Configuration Route capacity configuration includes: Setting the lower limit and the safety value of switch memory, Enabling/disabling the switch to recover the disconnected routing protocol automatically.
Page 405: Displaying Route Capacity Configuration
Operation Manual – Routing Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 Route Capacity Configuration Caution: If automatic protocol recovery is disabled, the broken OSPF or BGP connection will not recover even when the free memory exceeds the safety value. Therefore, do not disable this function if not necessary.
Page 406 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Multicast Overview ...................... 1-1 1.1 Multicast Overview......................1-1 1.1.1 Information Transmission in the Unicast Mode............1-1 1.1.2 Information Transmission in the Broadcast Mode........... 1-2 1.1.3 Information Transmission in the Multicast Mode.............
Page 407 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents 4.3 Displaying and Maintaining Multicast MAC Address ............4-2 Chapter 5 Unknown Multicast Packet Drop Configuration ............5-1 5.1 Overview ..........................5-1 5.2 Unknown Multicast Packet Drop Configuration ..............5-1 Chapter 6 IGMP Configuration .....................
Page 408 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents 7.7 Troubleshooting PIM......................7-23 Chapter 8 MSDP Configuration....................8-1 8.1 Overview ..........................8-1 8.1.1 MSDP Working Mechanism ..................8-4 8.2 Configuring MSDP Basic Functions................... 8-6 8.2.1 Configuration Prerequisites..................8-7 8.2.2 Configuring MSDP Basic Functions ................
Page 409: Multicast Overview
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview Chapter 1 Multicast Overview Note: When running IP multicast protocols, Ethernet switches also provide the functions of routers. In this manual, routers stand for not only the common routers but also the Layer 3 Ethernet switches running IP multicast protocols.
Page 410: Information Transmission In The Broadcast Mode
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview Assume that users B, D and E need this information. The source server establishes transmission channels for the devices of these users respectively. As the transmitted...
Page 411 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview Multicast solves this problem. When some users on a network require specified information, the multicast information sender (namely, the multicast source) sends the information only once. With tree-type routes established for multicast data packets...
Page 412: Advantages And Applications Of Multicast
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview A router providing multicast routing is a multicast router. The multicast router can be a member of one or multiple multicast groups, and it can also manage members of the multicast groups.
Page 413: Multicast Architecture
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview Applications of multimedia and flow media, such as Web TV, Web radio, and real-time video/audio conferencing. Communication for training and cooperative operations, such as remote education.
Page 414 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview Host registration: A receiving host dynamically registers or deregisters with a multicast group implement multicast membership registration deregistration. Multicast routing: A router or switch establishes a packet distribution tree and transports packets from a multicast source to receivers.
Page 415 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview The membership of a group is dynamic. A host can join and leave a multicast group at any time. A multicast group can be either permanent or temporary.
Page 416 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview Class D address range Description Distance vector multicast routing protocol 224.0.0.4 (DVMRP) routers 224.0.0.5 Open shortest path first (OSPF) routers Open shortest path first designated routers 224.0.0.6...
Page 417: Ip Multicast Protocols
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview As stipulated by IANA, the high-order 24 bits of a multicast MAC address are 0 x 01005e, while the low-order 23 bits of a MAC address are the low-order 23 bits of the multicast IP address.
Page 418: Forwarding Mechanism Of Multicast Packets
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview I. Multicast group management protocol Internet group membership protocol (IGMP) is adopted between hosts and multicast routers. This protocol defines the mechanism of establishing and maintaining group membership between hosts and routers.
Page 419: Chapter 2 Igmp Snooping Configuration
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Chapter 2 IGMP Snooping Configuration 2.1 Overview 2.1.1 IGMP Snooping Fundamentals Internet group management protocol snooping (IGMP Snooping) is a multicast control mechanism running on Layer 2 switch. It is used to manage and control multicast groups.
Page 420: Igmp Snooping Implementation
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Multicast packet transmission Multicast packet transmission Multicast packet transmission Multicast packet transmission Multicast packet transmission Multicast packet transmission Multicast packet transmission Multicast packet transmission...
Page 421 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Packet normally Timeout action Timer Setting received before on the switch timeout Remove the port Query response Query response IGMP report from the member...
Page 422 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Message Sender Receiver Purpose Switch action IGMP Multica Multicast Query if a Send an IGMP group-specific query message to group-sp member specific the IP multicast group being queried.
Page 423 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Message Sender Receiver Purpose Switch action If no response is received from the port before the timer times out, the switch will check whether the port...
Page 424: Igmp Snooping Configuration
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration 2.2 IGMP Snooping Configuration The following table lists all the IGMP Snooping configuration tasks: Table 2-4 IGMP Snooping configuration tasks Operation Description Related section Section 2.2.1...
Page 425: Configuring Timers
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Caution: Although both Layer 2 and Layer 3 multicast protocols can run on the same switch simultaneously, they cannot run simultaneously on a VLAN or its corresponding VLAN interface.
Page 426 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration group-specific query message. If no response is received in a given period, it then removes the port from the multicast group. If IGMP fast leave processing is enabled, when receiving an IGMP Leave message, IGMP Snooping immediately removes the port from the multicast group.
Page 427 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Operation Command Description Optional You can configure the ACL to filter the IP igmp-snooping addresses Enable IGMP Snooping group-policy acl-number corresponding filter in system view [ vlan vlan-list ] multicast group.
Page 428 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration However, the Layer 2 multicast switch does not support the IGMP feature. Therefore, the Layer 2 multicast switch cannot implement the querier feature and cannot send general group query packets.
Page 429 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration within the multicast VLAN, and also guarantees security because the multicast VLAN is isolated from user VLANs. Multicast VLAN is mainly used in Layer 2 switching, but you must make corresponding configuration on the Layer 3 switch.
Page 430 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Operation Command Description Required Enable IGMP Snooping By default, the IGMP igmp-snooping enable on the VLAN Snooping feature disabled Enable multicast VLAN service-type multicast...
Page 431: Displaying And Maintaining Igmp Snooping
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration 2.3 Displaying and Maintaining IGMP Snooping After the configuration above, you can execute the display command in any view to verify the configuration by checking the displayed information.
Page 432 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration II. Network diagram Internet Router Multicast Switch Figure 2-3 Network diagram for IGMP Snooping configuration III. Configuration procedure # Enable IGMP Snooping in system view.
Page 433 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Device Description VLAN 2 contains GigabitEthernet1/0/1 and VLAN 3 contains GigabitEthernet1/0/2. The two ports are Switch B Layer 2 switch connected to PC1 and PC2 respectively.
Page 434 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration [SwitchA-Vlan-interface20] ip address 168.10.1.1 255.255.255.0 [SwitchA-Vlan-interface20] pim dm [SwitchA-Vlan-interface20] quit # Configure multicast VLAN 10. [SwitchA] vlan 10 [SwitchA-vlan10] quit # Define GigabitEthernet 1/0/10 as a hybrid port, add the port to VLAN 2, VLAN 3 and VLAN 10, and configure the port to include VLAN tags in its outbound packets of VLAN 2, VLAN 3 and VLAN 10.
Page 435: Troubleshooting Igmp Snooping
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration [SwitchB-GigabitEthernet1/0/1] port hybrid vlan 2 10 untagged [SwitchB-GigabitEthernet1/0/1] port hybrid pvid vlan 2 [SwitchB-GigabitEthernet1/0/1] quit # Define GigabitEthernet 1/0/2 as a hybrid port, add the port to VLAN 3 and VLAN 10, and configure the port to exclude VLAN tags in its outbound packets of VLAN 3 and VLAN 10, and set VLAN 3 as the default VLAN of the port.
Page 436: Common Multicast Configuration
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Common Multicast Configuration Chapter 3 Common Multicast Configuration 3.1 Overview Common multicast configuration tasks are the common contents of multicast group management protocol and multicast routing protocol. You must enable the common multicast configuration on the switch before enabling the two protocols.
Page 437 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Common Multicast Configuration Operation Description Related section Configure Section 3.2.2 Configure suppression Optional Suppression on the Multicast Source multicast Port source port Clear the related Section 3.2.3...
Page 438 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Common Multicast Configuration Caution: The other multicast configurations do not take effect until multicast is enabled. 3.2.2 Configure Suppression on the Multicast Source Port I. Configure suppression on the multicast source port in system view...
Page 439: Displaying Common Multicast Configuration
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Common Multicast Configuration Table 3-5 Clear the related multicast entries Operation Command Description Clear multicast reset multicast forwarding-table forwarding case [ statistics ] { all | { group-address [ mask...
Page 440 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Common Multicast Configuration Table 3-6 Display common multicast configuration Operation Command Description execute display commanding any view. If neither the port type nor the port number is...
Page 441 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Common Multicast Configuration Three kinds of tables affect data transmission. The correlations of them are: Each multicast routing protocol has its own multicast routing table. The multicast routing information of all multicast routing protocols is integrated to form the core multicast routing table.
Page 442: Configuring A Multicast Mac Address Entry
Operation Manual – Multicast Protocol Chapter 4 Multicast MAC Address Quidway S5600 Series Ethernet Switches-Release 1510 Entry Configuration Chapter 4 Multicast MAC Address Entry Configuration 4.1 Overview In Layer 2 multicast, the system can add multicast forwarding entries dynamically through Layer 2 multicast protocol. However, you can also statically bind a port to a multicast address entry by configuring a multicast MAC address entry manually.
Page 443: Displaying And Maintaining Multicast Mac Address
Operation Manual – Multicast Protocol Chapter 4 Multicast MAC Address Quidway S5600 Series Ethernet Switches-Release 1510 Entry Configuration Operation Command Description Required mac-address argument must Create a multicast MAC mac-address multicast multicast MAC address address entry. mac-address vlan vlan-id The vlan-id argument is the ID of the VLAN to which the port belongs.
Page 444: Unknown Multicast Packet Drop Configuration
Operation Manual – Multicast Protocol Chapter 5 Unknown Multicast Packet Quidway S5600 Series Ethernet Switches-Release 1510 Drop Configuration Chapter 5 Unknown Multicast Packet Drop Configuration 5.1 Overview Generally, if the multicast address of the multicast packet received on the switch is not registered on the local switch, the packet will be broadcast in the VLAN.
Page 445: Chapter 6 Igmp Configuration
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Chapter 6 IGMP Configuration 6.1 Overview 6.1.1 Introduction to IGMP Internet group management protocol (IGMP) is responsible for the management of IP multicast members. It is used to establish and maintain membership between IP hosts and their directly connected neighboring routers.
Page 446 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration I. Multicast router election mechanism on a shared network segment A shared network segment is a network segment with multiple multicast routers. In this case, all routers running IGMP on this network segment can receive the membership report messages from hosts.
Page 447 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration The querier refreshes the presence information of the group members according to the received responses. All the receiver hosts participating in multicast transmission must support the IGMP protocol.
Page 448: Igmp Proxy
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration All the hosts and routers in the network receive the IGMP host report packets and get to know the address of the multicast group G1. In this case, if other hosts in the network want to join in the multicast group G1, they will not send IGMP host report packets about G1.
Page 449 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Switch A Switch A Switch A Switch A General group/ Group-Specific Query message General group/ Group-Specific Query message General group/ Group-Specific Query message General group/ Group-Specific Query message...
Page 450: Igmp Configuration
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration In Figure 6-2, VLAN interface 2 of Switch B is called the client and VLAN interface 1 of Switch B is called the proxy. 6.2 IGMP Configuration You cannot perform other IGMP configuration tasks until you enable the IGMP protocol after multicast is enabled.
Page 451 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Caution: Each IGMP version cannot be switched to each other automatically. So all the Layer 3 switches on a subnet must be configured to use the same IGMP version.
Page 452 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration If the host runs IGMP version 1, it does not send IGMP leave messages when leaving a group, so the conditions will be the same as described in the procedure above.
Page 453 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Operation Command Description Optional lifetime IGMP querier is 120 seconds by default. If the Layer 3 switch Configure the maximum igmp timer does not receive query...
Page 454 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration II. Limit the range of multicast groups that the interface serves The Layer 3 switch determines the membership of the network segment through translating the received IGMP join packets. You can configure a filter for each interface to limit the range of multicast groups that the interface serves.
Page 455 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Operation Command Description Optional By default, the filter is not configured, that is, any multicast group is Limit range permitted on the port. igmp group-policy...
Page 456 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Operation Command Description Enter VLAN interface interface Vlan-interface — view interface-number Required Enable IGMP igmp enable IGMP is disabled on the current interface interface by default.
Page 457: Displaying Igmp
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration The IGMP Proxy feature is disabled by default. Caution: Both the multicast routing protocol and the IGMP protocol must be enabled on the proxy interface.
Page 458 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Table 6-8 Display IGMP Operation Command Description display igmp group Display the membership group-address information of the IGMP interface interface-type multicast group execute interface-number ]...
Page 459: Pim Overview
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Chapter 7 PIM Configuration 7.1 PIM Overview Protocol independent multicast (PIM) means that the unicast routing protocols providing routes for the multicast could be static routes, RIP, OSPF, IS-IS, or BGP. The multicast routing protocol is independent of unicast routing protocols only if unicast routing protocols can generate route entries.
Page 460 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration 7.1.2 Work Mechanism of PIM-DM The working procedure of PIM-DM is summarized as follows: Neighbor discovery SPT establishing Graft RPF check Assert mechanism I. Neighbor discovery In PIM-DM network, the multicast router needs to use Hello messages to perform neighbor discovery and maintain the neighbor relation when it is started.
Page 461 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration User A Receiver User B Source Prune User C Multicast Receiver Prune Server User D packets Receiver User E Prune Figure 7-1 Diagram for SPT establishment in PIM-DM The process above is called "Flooding and Pruning".
Page 462 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration V. Assert mechanism In the shared network such as Ethernet, the same packets may be sent repeatedly. For example, the LAN network segments contains many multicast routers, A, B, C, and D.
Page 463 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration In order that the receiver can receive the multicast data streams of the specific IGMP group, PIM-SM adopts rendezvous points (RP) to forward multicast information to all PIM-SM routers with receivers.
Page 464 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration User A Hello Hello Hello Hello Source Hello Ethernet Join Register User B Hello Hello Hello Hello Hello Hello Register Message Hello Join Figure 7-3 Diagram for DR election Each router on the shared network sends Hello messages with the DR priority option to each other.
Page 465 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration BSR is the core management device in PIM-SM network, which is responsible for: Collecting the Advertisement messages sent by the Candidate-RP (C-RP) in the network.
Page 466 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration C-RP C-RP C-BSR C-RP BSR message C-RP advertisement Figure 7-4 Diagram for the communication between RPs and BSRs Only one BSR can be elected in a network or management domain, while multiple candidate BSRs (C-BSR) can be configured.
Page 467 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Each router on the path from the leaf router to RP will generate (*, G) entries in the forwarding table. The routers on the path forms a branch of RPT. A (*, G) entry represents the information from any source to the multicast group G.
Page 468: Common Pim Configuration
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration VI. Switching RPT to SPT When the multicast router nearest to the receiver detects that the rate of the multicast packet from RP to the multicast group G exceeds the threshold value, it will send (S, G) join messages to the upper-layer router of the multicast source S.
Page 469 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Operation Command Description Enter VLAN interface interface Vlan-interface — view interface-number Optional Enable PIM-DM/PIM-SM Configure pim dm / pim sm on the current interface protocol...
Page 470: Configuring Pim Neighbors
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration 7.2.3 Configuring PIM Neighbors In order to prevent plenty of PIM neighbors from using out the memory of the router, which may result in router failure, you can limit the number of PIM neighbors on the router interface.
Page 471 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration 7.2.4 Clearing the Related PIM Entries You can execute the reset command in user view to clear the related statistics about multicast PIM. Table 7-5 Clear the related PIM entries...
Page 472 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Caution: If you configure basic ACLs, the source address match is performed on all the received multicast packets. The packets failing to match are discarded.
Page 473 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Operation Command Description Optional c-bsr interface-type default, candidate Configure candidate interface-number BSRs are not set for the BSRs hash-mask-len [ priority ] switch and the value of priority is 0.
Page 474 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Caution: Only one candidate BSR can be configured on a Layer 3 switch. The BSR configuration on another interface will replace the former configuration. You are recommended to configure both the candidate BSR and candidate RP on the Layer 3 switch in the backbone.
Page 475: Filtering The Registration Packets From Rp To Dr
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Operation Command Description Required Configure PIM-SM default, domain pim bsr-boundary domain boundary boundary is not set for the switch. Caution: When the PIM-SM domain boundary is set, Bootstrap messages cannot pass the boundary in any direction.
Page 476: Displaying And Debugging Pim
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Operation Command Description Required You can configure to filter the IP addresses Configure to filter the some multicast register-policy registration packets from groups in ACL.
Page 477: Pim Configuration Examples
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Table 7-12 Display and maintain PIM Configuration Command Description display routing-table [ { { *g [ group-address [ mask { mask-length | mask } ] ] |...
Page 478 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration II. Network diagram VLAN20 VLAN20 VLAN10 VLAN10 VLAN11 VLAN11 RECEIVER 1 RECEIVER 1 Lanswitch2 Lanswitch2 VLAN30 VLAN30 Multicast Multicast VLAN12 VLAN12 Lanswitch1 Lanswitch1 Source Source...
Page 479 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration 7.6.2 PIM-SM Configuration Example I. Network requirements All Ethernet switches are reachable for each other in the practical network. LS_A is connected to LS_B through Vlan-interface 10, to Host A through Vlan-interface 11 and to LS_C through Vlan-interface 12.
Page 480 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration [Quidway] interface Vlan-interface 10 [Quidway-Vlan-interface10] pim sm [Quidway-Vlan-interface10] quit [Quidway] vlan 11 [Quidway-vlan11] port GigabitEthernet 1/0/4 to GigabitEthernet 1/0/5 [Quidway-vlan11] quit [Quidway] interface Vlan-interface 11...
Page 481: Troubleshooting Pim
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration [Quidway-pim] c-bsr Vlan-interface 10 30 2 # Configure candidate RPs. [Quidway] acl number 2000 [Quidway-acl-basic-2000] rule permit source 225.0.0.0 0.255.255.255 [Quidway] pim [Quidway-pim] c-rp Vlan-interface 10 group-policy 2000...
Page 482 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Because PIM-SM needs the support of RP and BSR, you must execute the display pim bsr-info command to see whether BSR information exists. If not, you must check whether there are unicast routes to the BSR.
Page 483: Chapter 8 Msdp Configuration
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Chapter 8 MSDP Configuration Note: The multicast source discovery protocol (MSDP) does not support the IRF feature, so MSDP cannot be configured in Fabric. Routers and router icons in this chapter represent routers in the common sense and Ethernet switches running routing protocols.
Page 484 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration user PIM-SM 2 user PIM-SM 4 Join Source PIM-SM 1 user PIM-SM 3 SA message Join MSDP peers Figure 8-1 MSDP peering relationship Note: MSDP peers are interconnected over TCP connections (via port 639). A TCP...
Page 485 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration (SPT) based on the multicast source S. However, a rendezvous point tree (RPT) exists between RP4 and receivers in the PIM-SM4 domain. Note: Through MSDP, a PIM-SM domain receiving information from the multicast source S does not rely on RPs in other PIM-SM domains, that is, receivers can directly join the SPT tree based on the multicast source without passing RPs in other PIM-SM domains.
Page 486: Msdp Working Mechanism
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration As described above, RPs exchange information among one another through MSDP, a multicast source registers with the nearest RP, and receivers join the nearest RPT, so RP load balancing can be achieved.
Page 487 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration source, the multicast group address, the address of the RP that has generate the SA message, and the first multicast data received by the RP in the PIM-SM1 domain.
Page 488: Configuring Msdp Basic Functions
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration RP2), the receiver accepts the SA message and forwards the message to other peers. If an RP has only one MSDP peer (for example, when RP2 sends an SA message to RP1), the receiver accepts the SA message from the peer.
Page 489 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Before configuring static RPF peers, you must create an MSDP peering connection. If you configure only one MSDP peer on a router, the MSDP peer will act as a static RPF peer.
Page 490: Configuring Connection Between Msdp Peers
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Operation Command Description Required To establish an MSDP peer connection, must peer peer-address configure the parameters on Create an MSDP peer connect-interface both peers. The peers are...
Page 491 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Table 8-2 Configuration tasks Operation Description Related section Configure description Section 8.3.2 Configuring Description information MSDP Required Information for MSDP Peers peers Configure Anycast Section 8.3.3 Configuring Anycast RP...
Page 492 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Table 8-4 Configure Anycast RP application Operation Command Description Enter system view system-view — Enter MSDP view msdp — peer peer-address Create an MSDP peer...
Page 493: Configuring Sa Message Transmission
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Note: Before you configure an MSDP mesh group, make sure the routers must be fully connected with one another. The same group name must be configured on all the peers.
Page 494 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Generally, a router accepts all SA messages sent by all MSDP peers and sends all SA messages to all MSDP peers. By configuring the rules for filtering SA messages to receive/send, you can effectively control the transmission of SA messages among MSDP peers.
Page 495 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration The SA message that the remote MSDP responds with is cached in advance; therefore, you must enable the SA message caching mechanism in advance. Typically, only the routers caching SA messages can respond to SA request messages.
Page 496 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Table 8-9 Configure a rule for filtering multicast sources using SA messages Operation Command Description Enter system view system-view — Enter MSDP view msdp —...
Page 497 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Operation Command Description Optional By default, no filtering is Configure filter peer peer-address imposed on SA messages to imported and exported sa-policy import be received or forwarded,...
Page 498: Displaying And Maintaining Msdp Configuration
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration 8.5 Displaying and Maintaining MSDP Configuration I. Displaying and debugging MSDP configuration After the above-mentioned configuration, you can use the display command in any view to view the MSDP running information, so as to verify configuration result.
Page 499: Msdp Configuration Example
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Table 8-13 Trace the transmission path of an SA message over the network Operation Command Description Trace msdp-tracert source-address transmission group-address rp-address path of an...
Page 500 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration II. Network diagram users users users users Vlan-interface 100 Vlan-interface 100 10.110.3.1/8 10.110.3.1/8 SwitchD SwitchD Loopback0 Loopback0 2.2.2.2/8 2.2.2.2/8 Loopback 10 Loopback 10 10.1.1.1/8 10.1.1.1/8...
Page 501: Troubleshooting Msdp Configuration
Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration # Configure the same Loopback10 interface address on SwitchC and SwitchD and configure the locations of C-BSR and C-RP. The configuration procedure on SwitchD is similar to that on SwitchC.
Page 502 Operation Manual – Multicast Protocol Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Further check that a unicast route exists between two routers that will become MSDP peers and that the route leads to the two peers. Check that the interface addresses of the MSDP peers are consistent. Use the...
Page 503 Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 802.1x Configuration ....................1-1 1.1 Introduction to 802.1x ......................1-1 1.1.1 Architecture of 802.1x Authentication ..............1-1 1.1.2 The Mechanism of an 802.1x Authentication System..........1-3 1.1.3 Encapsulation of EAPoL Messages ................
Page 504 Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Chapter 1 802.1x Configuration 1.1 Introduction to 802.1x The 802.1x protocol (802.1x for short) was developed by IEEE802 LAN/WAN committee to address security issues of wireless LANs. It was then used in Ethernet as a common access control mechanism for LAN ports to address mainly authentication and security problems.
Page 505 Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration The authenticator system authenticates the supplicant system. The authenticator system is usually an 802.1x-supported network device (such as a Quidway series switch). It provides the port (physical or logical) for the supplicant system to access the LAN.
Page 506: Encapsulation Of Eapol Messages
Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration IV. The way a port is controlled A port of a Quidway series switch can be controlled in the following two ways. Port-based authentication. When a port is controlled in this way, all the supplicant systems connected to the port can access the network without being authenticated after one supplicant system among them passes the authentication.
Page 507 Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration PAE Ethernet type PAE Ethernet type Protocol version Protocol version Type Type Length Length Packet body Packet body Figure 1-3 The format of an EAPoL packet In an EAPoL packet: The PAE Ethernet type field holds the protocol identifier.
Page 508 Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration The Code field specifies the EAP packet type, which can be Request, Response, Success, or Failure. The Identifier field is used to match a Response packets with the corresponding Request packet.
Page 509 Figure 1-7 The format of an Message-authenticator fiel 1.1.4 802.1x Authentication Procedure A Quidway S5600 series switch can authenticate supplicant systems in EAP terminating mode or EAP relay mode. I. EAP relay mode This mode is defined in 802.1x. In this mode, EAP-packets are encapsulated in higher level protocol (such as EAPoR) packets to allow them successfully reach the authentication server.
Page 510 Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration EAPoR EAPoR EAPoR EAPoL EAPoL EAPoL RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server...
Page 511 Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Upon receiving the key(encapsulated in an EAP-request/MD5 challenge packet) from the switch, the client program encrypts the password of the supplicant system with the key and sends the encrypted password (contained in an EAP-response/MD5 challenge packet) to the RADIUS server through the switch.
Page 512 Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration EAPOL EAPOL EAPOL RADIUS RADIUS RADIUS RADIUS ser ver RADIUS ser ver RADIUS ser ver Supplicant Supplicant Supplicant Switc h Switc h Switc h syst em...
Page 513 Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration another request/identity packet to the supplicant system if the supplicant system fails to send a reply packet to the switch when this timer times out. The second case is when the switch authenticates the 802.1x client who does not request for...
Page 514 Note: The client-checking function needs the support of Huawei’s 802.1x client program. The proxy detecting function should be enabled on both the 802.1x client program and CAMS. The client version detecting should be enabled on the switch (achieved via the dot1x version-check command).
Page 515 Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Note: The client-version-checking function needs the support of Huawei’s 802.1x client program. III. The Guest VLAN function The Guest VLAN function enables supplicant systems that do not pass the authentication to access a LAN in a restrained way.
Page 516 Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration If you specify to use the RADIUS scheme, that is to say the supplicant systems are authenticated by a remote RADIUS server, you need to configure the related user names and passwords on the RADIUS server and perform RADIUS client-related configuration on the switches.
Page 517 Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Operation Command Description Optional dot1x port-control port access authorized-force By default, an 802.1x-enabled control mode for unauthorized-force | auto } port operates in an auto specified ports [ interface interface-list ] mode.
Page 518: Timer And Maximum User Number Configuration
Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration 1.4 Timer and Maximum User Number Configuration Table 1-2 Configure 802.1x timers and the maximum number of users Operation Command Description — Enter system view system-view...
Page 519 Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Note: As for the dot1x max-user command, if you execute it in system view without specifying the interface-list argument, the command applies to all ports. You can also use this command in port view.
Page 520: Configuring Client Version Checking
{ logoff | trap } Note: The proxy checking function needs the support of Huawei's 802.1x client program. The configuration listed in Table 1-3 takes effect only when it is performed on CAMS as well as on the switch and the client version checking function is enabled on the switch (by the dot1x version-check command).
Page 521 Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration 1.5.4 Enabling DHCP-triggered Authentication After performing the following configuration, 802.1X allows running DHCP on access users, and triggers authentication when the user dynamically applies IP address.
Page 522 Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration You can clear 802.1x-related statistics information by executing the reset command in user view. Table 1-7 Display and debug 802.1x Operation Command Description Display the configuration,...
Page 523 Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration number of retries of 5. And the switch sends a real-time accounting packet to the RADIUS servers once in every 15 minutes. A user name is sent to the RADIUS servers with the domain name truncated.
Page 524 Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Note: Following configuration covers the major AAA/RADIUS configuration commands. You can refer to AAA&RADIUS&HWTACACS&EAD Operation Manual for the information about these commands. Configuration on the client and the RADIUS servers is omitted..
Page 525 Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration [Quidway-radius-radius1] timer realtime-accounting 15 # Configure to send the user name to the RADIUS server with the domain name removed beforehand. [Quidway-radius-radius1] user-name-format without-domain [Quidway-radius-radius1] quit # Create the domain named “aabbcc.net”...
Page 526: Introduction To Habp
802.1x, their received packets will be filtered. This means that users can no longer manage the attached switches. To address this problem, Huawei authentication bypass protocol (HABP) has been developed. An HABP packet carries the MAC addresses of the attached switches with it. It can bypass the 802.1x authentications when traveling between HABP-enabled switches,...
Page 527: Habp Client Configuration
Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 HABP Configuration Operation Command Description Required By default, a switch operates as an HABP client after you Configure enable HABP on the switch, current switch to habp server vlan vlan-id...
Page 528 Operation Manual – 802.1x Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 HABP Configuration Operation Command Description Display statistics on HABP display habp traffic traffic Huawei Technologies Proprietary...
Page 529 Operation Manual – AAA & RADIUS & HWTACACS & EAD Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 AAA & RADIUS & HWTACACS Configuration ............1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to AAA ....................1-1 1.1.2 Introduction to ISP Domain ..................
Page 530 Operation Manual – AAA & RADIUS & HWTACACS & EAD Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents 1.6 Displaying and Maintaining AAA & RADIUS & HWTACACS Information ....... 1-40 1.7 AAA & RADIUS & HWTACACS Configuration Example ..........1-42 1.7.1 Remote RADIUS Authentication of Telnet/SSH Users .........
Page 531: Introduction To Aaa
Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Chapter 1 AAA & RADIUS & HWTACACS Configuration 1.1 Overview 1.1.1 Introduction to AAA AAA is shortened from the three security functions: authentication, authorization and accounting.
Page 532: Introduction To Isp Domain
Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration bound together, and you cannot perform RADIUS authorization alone without RADIUS authentication. HWTACACS authorization: Users are authorized by TACACS server.
Page 533 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Server: The RADIUS server runs on a computer or workstation at the center. It stores and maintains the information on user authentication and network service access.
Page 534 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS Server server Server server Client client Client client...
Page 535 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration III. RADIUS packet structure RADIUS uses UDP to transmit messages. It ensures the correct message exchange between RADIUS server and client through the following mechanisms: timer management, retransmission, and backup server.
Page 536 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Code Packet type Packet description Direction: server->client. The server transmits this packet to the client to notify...
Page 537 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Value of Value of the Type the Type Attribute type Attribute type field field Framed-IP-Address Called-Station-Id...
Page 538 1.1.4 Introduction to HWTACACS I. What is HWTACACS HUAWEI Terminal Access Controller Access Control System (HWTACACS) is an enhanced security protocol based on TACACS (RFC1492). Similar to the RADIUS protocol, it implements AAA for different types of users (such as PPP/VPDN login users and terminal users) through communications with TACACS servers in the Client-Server mode.
Page 539 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Terminal user Terminal user Terminal user Terminal user TACACS server TACACS server TACACS server TACACS server 129 .7.66.66...
Page 540 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration The basic message exchange procedure is as follows: A user requests access to the switch; the TACACS client sends an authentication start request packet to TACACS server upon receipt of the request.
Page 541 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Operation Description Related section Required local authenticati adopted, refer section 1.3.6 Section 1.3.4 “Configuring “Configuring an AAA...
Page 542 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Operation Description Related section Section 1.4.1 RADIUS Create a RADIUS scheme Required “Creating a RADIUS configuration Scheme”...
Page 543: Aaa Configuration
Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Operation Description Related section Section 1.4.12 Configure user “Configuring the User re-authentication upon Optional Re-Authentication device restart function upon Device Restart Function”...
Page 544: Creating An Isp Domain
Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration 1.3.1 Configuration Prerequisites If you want to adopt remote AAA method, you must create a RADIUS or HWTACACS scheme.
Page 545 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Optional After Set the maximum number of domain is created, access-limit disable access users that can be...
Page 546 Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Note: Huawei's CAMS Server is a service management system used to manage networks and secure networks and user information. Cooperating with other network devices (such as switches) in a network, the CAMS Server implements the AAA (authentication, authorization and accounting) services and rights management.
Page 547 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Caution: You can execute the scheme command with the radius-scheme-name argument to adopt an already configured RADIUS scheme to implement all the three AAA functions.
Page 548 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Table 1-8 Configure separate AAA schemes Operation Command Description Enter system view system-view — Create an ISP domain or...
Page 549 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Currently, the switch supports the RADIUS authentication server to assign the following two types of VLAN IDs: integer and string.
Page 550 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Caution: In string mode, if the VLAN ID assigned by the RADIUS server is a character string...
Page 551 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Required service-type { ftp | Authorize user lan-access | { telnet | By default, the system does...
Page 552: Cutting Down User Connections Forcibly
Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration 1.3.7 Cutting Down User Connections Forcibly Table 1-11 Cut down user connection forcibly Operation Command Description...
Page 553 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Note: Actually, the RADIUS protocol configuration only defines the parameters used for information exchange between the switch and the RADIUS servers. To make these parameters take effect, you must reference the RADIUS scheme configured with these parameters in an ISP domain view.
Page 554: Configuring Radius Accounting Servers
Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Required Set the IP address and port primary number primary By default, the IP address and...
Page 555 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Optional Set the IP address and port number of secondary accounting By default, the IP address and...
Page 556 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Caution: In an actual network environment, you can either specify two RADIUS servers as the primary and secondary accounting servers respectively, or specify only one server as both the primary and secondary accounting servers.
Page 557 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Required Set a shared key By default, the shared key for the for the RADIUS...
Page 558 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration 1.4.6 Configuring the Supported RADIUS Server Type Table 1-17 Configure the supported RADIUS server type Operation...
Page 559 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Set the status of primary state primary authentication RADIUS { block | active }...
Page 560 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description used address is specified; and the IP switch to send System view address...
Page 561 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Caution: When you use the local RADIUS authentication server function, the UDP port number for the authentication/authorization service must be 1645, the UDP port number for the accounting service is 1646, and the IP addresses of the servers must be set to the addresses of the switch.
Page 562 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Required Create RADIUS radius scheme By default, a RADIUS scheme scheme radius-scheme-name named "system" has already enter its view been created in the system.
Page 563 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Note: The function applies to the environment where the RADIUS authentication/accounting server is CAMS. In an environment with a CAMS server, if the switch reboots after an exclusive user (a...
Page 564: Hwtacacs Configuration
Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Table 1-23 Enable the user re-authentication upon device restart function Operation Command Description Enter system view system-view —...
Page 565 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration 1.5.2 Configuring HWTACACS Authentication Servers Table 1-25 Configure HWTACACS authentication servers Operation Command Description Enter system view system-view —...
Page 566 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Required Set the IP address and default, port number primary authorization address of the primary...
Page 567 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Required Set the IP address and default, port number secondary accounting address secondary...
Page 568 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Set a shared key Required accounting HWTACACS authorization By default, the TACACS server...
Page 569 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Caution: Generally, the access users are named in the userid@isp-name format. Where, isp-name behind the @ character represents the ISP domain name. If the TACACS...
Page 570 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Caution: The setting of real-time accounting interval is indispensable to real-time accounting. After an interval value is set, the device transmits the accounting information of online users to the TACACS accounting server at intervals of this value.
Page 571 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description display local-user [ domain isp-name | idle-cut { disable | enable } | vlan vlan-id |...
Page 572 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Table 1-33 Display and maintain HWTACACS protocol information Operation Command Description Display the configuration display hwtacacs...
Page 573 RADIUS server to "expert". You can use a CAMS server as the RADIUS server. If you use a third-party RADIUS server, you can select standard or huawei as the server type in the RADIUS scheme. On the RADIUS server: Set the shared key it uses to exchange packets with the switch to "expert".
Page 574 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration [Quidway-isp-cams] quit # Configure a RADIUS scheme. [Quidway] radius scheme cams [Quidway-radius-cams] accounting optional [Quidway-radius-cams] primary authentication 10.110.91.164 1812...
Page 575 You only need to change the server IP address, the authentication password, and the UDP port number for authentication service in configuration step "Configure a RADIUS scheme" in section 1.7.1 to 127.0.0.1, huawei, and 1645 respectively, and configure local users (whether the name of local user carries domain name should be consistent with the configuration in RADIUS scheme).
Page 576: Troubleshooting The Radius Protocol
Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration II. Network diagram Authentication server Authentication server Authentication server ( IP address:10.110.91.164 ) ( IP address:10.110.91.164 ) ( IP address:10.110.91.164 )
Page 577: Troubleshooting The Hwtacacs Protocol
Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Possible reasons and solutions: The user name is not in the userid@isp-name format, or no default ISP domain is specified on the switch —...
Page 578: Introduction To Ead
Operation Manual – AAA & RADIUS & HWTACACS & EAD Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 EAD Configuration Chapter 2 EAD Configuration 2.1 Introduction to EAD Endpoint admission defense (EAD) is an attack defense solution that monitors endpoint admission.
Page 579: Ead Configuration
Operation Manual – AAA & RADIUS & HWTACACS & EAD Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 EAD Configuration After a client is authenticated by the authentication server, the security policy server sends to the switch an isolation ACL that limits client access rights. Meanwhile, the security software in the client checks the security conditions of the client and sends the conditions to the security policy server.
Page 580: Ead Configuration Example
Operation Manual – AAA & RADIUS & HWTACACS & EAD Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 EAD Configuration Operation Command Description Required By default, for a new RADIUS scheme, the Configure the RADIUS server type is standard; server-type huawei...
Page 581 Operation Manual – AAA & RADIUS & HWTACACS & EAD Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 EAD Configuration II. Network diagram Authentication Servers (IP Address 10.110.91.164 ) GE 1/0/1 Internet Internet user Security policy Servers Virus Patch Servers Virus Patch S (IP Address: 10.110.91.168 )
Page 582 Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 VRRP Configuration ....................1-1 1.1 VRRP Overview ......................... 1-1 1.1.2 Virtual Router Overview ..................1-2 1.1.3 Introduction to Backup Group ................. 1-4 1.2 VRRP Configuration ......................
Page 583: Vrrp Overview
Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Chapter 1 VRRP Configuration 1.1 VRRP Overview Virtual router redundancy protocol (VRRP) is a fault-tolerant protocol. As shown in Figure 1-1, in general, A default route (for example, the next hop address of the default route is 10.100.10.1, as shown in the following figure) is configured for every host on a...
Page 584: Virtual Router Overview
Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Network Network M ast e r M ast e r Backup Backup Act u al IP address10. 1 00.10.2 Act u al IP address10. 1 00.10.2 Actual IP addr ess10.100.10.
Page 585 Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration You can specify the virtual router IP address as the IP address used by a member switch in the backup group. In this case, the switch is called an IP address owner.
Page 586: Introduction To Backup Group
Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration 1.1.3 Introduction to Backup Group VRRP can group switches in a LAN into a virtual router, which is also known as a backup group. Table 1-1 Configuration available on switches in a backup group...
Page 587 Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration You can configure an S5600 series switch to operate in preemptive mode. You can also set the delay period. A backup switch waits for a period of time (the delay period) before becoming a master switch.
Page 588: Vrrp Configuration
Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration problems can be solved through prolonging the adver-interval and setting delay time. If you configure the preemption delay for a backup switch, the switch preempts the master after the period specified by the preemption delay if it does not receive a VRRP packet from the master for the period specified by the master-down-interval argument.
Page 589: Configuring A Virtual Router Ip Address
Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Configuration Description Related section Section 1.2.3 Configure backup "Configuring Backup Required group-related parameters Group-Related Parameters” Section 1.2.4 VRRP backup group interface Optional “Configuring the Port tracking configuration Tracking Function”...
Page 590 Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration 1.2.3 Configuring Backup Group-Related Parameters Table 1-4 lists the operations to configure a switch in a backup group. Table 1-4 Configure backup group-related parameters Operation Command...
Page 591 Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Table 1-5 Configure the VRRP backup group port tracking function Operation Command Description Enter system view system-view — Required Create a VLAN vlan vlan-id By default, vlan 1 is the default vlan.
Page 592: Displaying And Maintaining Vrrp
Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Operation Command Description Vrrp vrid virtual-router-id Enable the auto track detect-group detect function for Required group-number reduced VRRP value-reduced ] Note: A detecting group can be used to detect up to eight Layer 3 interfaces.
Page 593 Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Table 1-8 Network description Ethernet port IP address of Switch Preemptive Switch connecting to the VLAN priority in the mode Host A interface backup group LSW-A GE 1/0/6 202.38.160.1/24...
Page 594: Vrrp Tracking Interface Configuration
Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration # Create a backup group. [LSW-A] interface vlan 2 [LSW-A-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # Set Switch A’s priority in backup group 1. [LSW-A-Vlan-interface2] vrrp vrid 1 priority 110 # Configure the preemptive mode for the backup group.
Page 595 Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Internet does not function properly. This can be implemented by enabling the VLAN interface tracking function. The VRRP backup group ID is set to 1, with configurations of authorization key and timer.
Page 596 Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration [LSW-A-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # Set Switch A’s priority in backup group 1. [LSW-A-Vlan-interface2] vrrp vrid 1 priority 110 # Set the authentication type for the backup group to md5, and the password to abc123.
Page 597 Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration 1.4.3 Multiple-VRRP Backup Group Configuration I. Network requirements A switch can function as backup switches of multiple backup groups. Multiple-backup group configuration can implement load balancing. For example, Switch A operates as the master switch of backup group 1 and a backup switch in backup group 2.
Page 598: Port Tracking Configuration Example
Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration # Create backup group 1. [LSW-A-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # Set Switch A’s priority in backup group 1. [LSW-A-Vlan-interface2] vrrp vrid 1 priority 150 # Create backup group 2.
Page 599 Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Enable the port tracking function on GigabitEthernet1/0/1 port of the master switch and specify that the priority of the master decreases by 50 when GigabitEthernet1/0/1 port fails, which triggers new master switch being determined in the backup group 1.
Page 600: Vrrp Auto Detect Configuration Example
Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration 1.4.5 VRRP Auto Detect Configuration Example I. Network requirements Switch B and switch D form VRRP backup group 1, whose virtual IP address is 192.168.1.10.Packets sourced from Switch A and destined for Switch C is forwarded by Switch B under normal situations.
Page 601: Troubleshooting Vrrp
Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration # Set the backup group priority value of switch B to 110, and specify to decrease the priority value by 20 when the result of detecting group 9 is unreachable.
Page 602 Operation Manual – VRRP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration III. Symptom 3: VRRP state of a switch changes repeatedly Such problems occur when the backup group timer duration is too short. They can be solved through prolonging the duration or configuring the preemption delay period.
Page 603 Operation Manual -- Centralized MAC Address Authentication Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Centralized MAC Address Authentication Configuration........1-1 1.1 Centralized MAC Address Authentication Overview ............1-1 1.2 Centralized MAC Address Authentication Configuration ........... 1-2 1.2.1 Configuration Overview...................
Page 604: Authentication Configuration
Operation Manual -- Centralized MAC Address Authentication Chapter 1 Centralized MAC Address Quidway S5600 Series Ethernet Switches-Release 1510 Authentication Configuration Chapter 1 Centralized MAC Address Authentication Configuration 1.1 Centralized MAC Address Authentication Overview Centralized MAC address authentication is port-/MAC address-based authentication used to control user permissions to access a network.
Page 605: Centralized Mac Address Authentication Configuration
Operation Manual -- Centralized MAC Address Authentication Chapter 1 Centralized MAC Address Quidway S5600 Series Ethernet Switches-Release 1510 Authentication Configuration For fixed mode, configure the user names and passwords as that for fixed mode. The service type of a local user needs to be configured as lan-access.
Page 606 Operation Manual -- Centralized MAC Address Authentication Chapter 1 Centralized MAC Address Quidway S5600 Series Ethernet Switches-Release 1510 Authentication Configuration 1.2.3 Enabling Centralized MAC Address Authentication for a Port You can enable centralized MAC address authentication for a port in system view or in Ethernet port view.
Page 607: Configuring Centralized Mac Address Authentication Mode
Operation Manual -- Centralized MAC Address Authentication Chapter 1 Centralized MAC Address Quidway S5600 Series Ethernet Switches-Release 1510 Authentication Configuration 1.2.4 Configuring Centralized MAC Address Authentication Mode Table 1-5 Configure centralized MAC address authentication mode Operation Command Description Enter system view system-view —...
Page 608: Displaying And Debugging Centralized Mac Address Authentication
Operation Manual -- Centralized MAC Address Authentication Chapter 1 Centralized MAC Address Quidway S5600 Series Ethernet Switches-Release 1510 Authentication Configuration Offline detect timer, which sets the time interval for a switch to test whether a user goes offline. Upon detecting a user is offline, a switch notifies the RADIUS server of the user to trigger the RADIUS server to stop the accounting on the user.
Page 609: Centralized Mac Address Authentication Configuration Example
Operation Manual -- Centralized MAC Address Authentication Chapter 1 Centralized MAC Address Quidway S5600 Series Ethernet Switches-Release 1510 Authentication Configuration Operation Command Description Clear the statistics reset mac-authentication of global or port This command is executed in statistics [ interface...
Page 610 Operation Manual -- Centralized MAC Address Authentication Chapter 1 Centralized MAC Address Quidway S5600 Series Ethernet Switches-Release 1510 Authentication Configuration [Quidway] mac-authentication # Configure the domain name for centralized MAC address authentication users as aabbcc163.net. [Quidway] mac-authentication domain aabbcc163.net For domain-related configuration, refer to the “802.1x” Configuration Example part of this manual.
Page 611 Operation Manual – ARP Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 ARP Configuration....................... 1-1 1.1 Introduction to ARP......................1-1 1.1.1 Necessity of the Address Resolution ..............1-1 1.1.2 ARP Packet Structure ..................... 1-1 1.1.3 ARP Table .......................
Page 612: Chapter 1 Arp Configuration
Operation Manual – ARP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration Chapter 1 ARP Configuration 1.1 Introduction to ARP Address resolution protocol (ARP) is used to map IP addresses to the corresponding MAC addresses so that packets can be delivered to their destinations correctly.
Page 613: Arp Table
Operation Manual – ARP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration Field Description Identifies the type of the protocol used by the sending device. Normally, the field takes the Protocol type value of 1 in TCP/IP networks, which stands for EtherType.
Page 614: Arp Implementation Procedure
Operation Manual – ARP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration mapping table. S5600 series Ethernet switches provide the display arp command to display the information about ARP mapping entries.. Figure 1-2 shows the structure of an ARP mapping table.
Page 615 Operation Manual – ARP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration Suppose there are two hosts on the same network segment: Host A and Host B. The IP address of Host A is IP_A and that of Host B is IP_B. To send a packet to Host B, Host A checks its own ARP mapping table first to see if the ARP entry corresponding to IP_B exists.
Page 616: Introduction To Gratuitous Arp
Operation Manual – ARP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration Figure 1-3 ARP work flow Once ARP is deployed, the ARP work flow is automatically processed. 1.1.5 Introduction to Gratuitous ARP The following are the characteristics of gratuitous ARP packets:...
Page 617: Arp Configuration
Operation Manual – ARP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration When the gratuitous ARP packet learning function is enabled on a switch and the switch receives a gratuitous ARP packet, the switch updates the existing ARP entry (contained in the cache of the switch) that matches the received gratuitous ARP packet using the hardware address of the sender carried in the gratuitous ARP packet.
Page 618: Configuring The Arp Aging Timer For Dynamic Arp Entries
Operation Manual – ARP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration Caution: Static ARP mapping entries are valid as long as the Ethernet switch operates. But the following operations result in ARP entries being removed: changing/removing a VLAN interface, removing a VLAN, or removing a port from a VLAN.
Page 619: Displaying And Debugging Arp
Operation Manual – ARP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration 1.2.5 Configuring the Gratuitous ARP Packet Learning Function Table 1-8 lists the operations to configure the gratuitous ARP packet learning function. Table 1-8 Configure the gratuitous ARP packet learning function...
Page 620 Operation Manual – ARP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration Operation Command Description Display the setting of the ARP aging display arp timer aging timer reset arp [ dynamic | static Clear specific ARP Execute this command in user...
Page 621: Introduction To Resilient Arp
Operation Manual – ARP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Resilient ARP Configuration Chapter 2 Resilient ARP Configuration 2.1 Introduction to Resilient ARP In intelligent resilient framework (IRF) network application, normally you need to connect redundancy links between the fabric and other devices to support the resilient network.
Page 622: Resilient Arp Configuration Example
Operation Manual – ARP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Resilient ARP Configuration Operation Command Description Required Enable the Resilient ARP resilient-arp enable By default, the Resilient function ARP function is enabled. Optional Configure VLAN resilient-arp interface By default, Resilient ARP...
Page 623 Operation Manual – ARP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 Resilient ARP Configuration II. Network diagram Switch Switch Switch Switch Unit 1 Unit 1 Unit 1 Unit 1 Unit3 Unit3 Unit3 Unit3 Unit 4 Unit 4 Unit 4...
Page 624 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 DHCP Overview......................1-1 1.1 Introduction to DHCP......................1-1 1.2 DHCP IP Address Assignment ..................1-1 1.2.1 IP Address Assignment Policy ................1-1 1.2.2 Obtaining IP Addresses Dynamically..............
Page 625 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents 2.4.1 Prerequisites ......................2-22 2.4.2 Configuring Private DHCP Server Detecting ............2-23 2.4.3 Configuring IP Address Detecting ................. 2-23 2.5 Option 82 Supporting Configuration ................2-24 2.5.1 Introduction to DHCP-Server Option 82..............2-24 2.5.2 Configuration Prerequisites...................
Page 626: Introduction To Dhcp
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DHCP Overview Chapter 1 DHCP Overview 1.1 Introduction to DHCP With networks getting larger in size and more complicated in structure, lack of available IP addresses becomes the common situation the network administrators have to face, and network configuration becomes a tough task for the network administrators.
Page 627: Obtaining Ip Addresses Dynamically
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DHCP Overview Dynamic assignment. The DHCP server assigns IP addresses to DHCP clients for predetermined period of time. In this case, a DHCP client must apply for an IP address at the expiration of the period.
Page 628: Dhcp Packet Format
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DHCP Overview DHCP server responds with a DHCP-ACK packet to notify the DHCP client of a new IP lease if the server can assign the same IP address to the client. Otherwise, the DHCP server responds with a DHCP-NAK packet to notify the DHCP client that the IP address will be reclaimed when the lease time expires.
Page 629: Dhcp Packet Processing Modes
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DHCP Overview flags: The first bit is the broadcast response flag bit. It is used to identify that the DHCP response packet is sent in the unicast or broadcast mode. Other bits are reserved.
Page 630 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DHCP Overview RFC1542: Clarifications and Extensions for the Bootstrap Protocol Huawei Technologies Proprietary...
Page 631: Introduction To Dhcp Server
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Chapter 2 DHCP Server Configuration 2.1 Introduction to DHCP Server 2.1.1 Usage of DHCP Server Generally, DHCP servers are used in the following networks to assign IP addresses: Large-sized networks, where manual configuration method bears heavy load and is difficult to manage the whole network in centralized way.
Page 632: Dhcp Address Pool
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Caution: When you merge two or more IRF systems into one IRF system, a new master unit is elected, and the new IRF system adopts new configurations accordingly. This may result in the existing system configurations (including the address pools configured for the DHCP servers) being lost.
Page 633 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration II. The structure of an address pool The address pools of a DHCP server are hierarchically organized in a tree-like structure. The root holds the IP address of the network segment, the branches hold the subnet IP addresses, and the leaves holds the IP addresses that are manually bound to specific clients.
Page 634 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration 2.2 Global Address Pool-Based DHCP Server Configuration 2.2.1 Configuration Overview Table 2-1 Configure global address pool-based DHCP server Configuration task Remarks Section Enable DHCP Required 2.2.2 “Enabling DHCP”...
Page 635 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration 2.2.2 Enabling DHCP You need to enable DHCP before performing other DHCP-related configurations, which takes effect only after DHCP is enabled. Table 2-2 Enable DHCP...
Page 636 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Operation Command Description interface interface-type Optional interface-number Configure the Configure the By default, a DHCP current specified dhcp select global server assigns the interface interface(s) or...
Page 637 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration I. Configuring to assign IP addresses by static binding Some DHCP clients, such as WWW servers, need fixed IP addresses. This can be achieved by binding IP addresses to the MAC addresses of these DHCP clients. When...
Page 638 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Note: The static-bind ip-address command and the static-bind mac-address command or the static-bind client-identifier command must be coupled. In the same global DHCP address pool, if you configure the static-bind client-identifier command after configuring the static-bind mac-address command, the new configuration overwrites the previous one.
Page 639 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Operation Command Description Required Set the IP address segment whose IP By default, no IP address network ip-address [ mask address are to be segment is set. That is, no IP...
Page 640 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration You can configure domain names to be used by DHCP clients for address pools. After you do this, the DHCP server provides the domain names to the DHCP clients as well while the former assigns IP addresses to the DHCP clients.
Page 641 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration M-node. Nodes of this type are p-nodes mixed with broadcasting features (The character m stands for the word mixed), that is to say, this type of nodes obtain mappings by sending broadcast packets first.
Page 642: Configuring Gateway Addresses For Dhcp Clients
2.2.9 Configuring Connection Between a DHCP Global Address Pool and a BIMS Server Branch intelligent management system (BIMS) is a kind of network management software, provided by Huawei Technologies Co., Ltd. With BIMS you can manage and Huawei Technologies Proprietary 2-12...
Page 643 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration monitor network devices that dynamically obtain IP addresses universally and effectively. After configuring the connection between the DHCP global address pool and the BIMS server, you can enable the BIMS server to manage the devices that have obtained IP addresses from the global address pool.
Page 644 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration 2.3.1 Configuration Overview An interface address pool is created when the interface is assigned a valid unicast IP address and you execute the dhcp select interface command in interface view. The IP addresses contained in it belong to the network segment where the interface resides in and are available to the interface only.
Page 645 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Configuration task Remarks Section 2.3.8 ”Configure Configure connection Connection Between the between the DHCP interface Optional DHCP Interface Address address pool and the BIMS Pool...
Page 646 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Operation Command Description to DHCP clients to DHCP clients dhcp select interface Configure { interface interface-type multiple interface-number interfaces in interface-type system view interface-number ] | all }...
Page 647 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Table 2-14 Configure to assign IP addresses by static binding Operation Command Description Enter system view system-view — Enter interface interface interface-type — view interface-number...
Page 648 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Table 2-15 Configure to assign IP addresses dynamically Operation Command Description Enter system view system-view — interface interface-type interface-number Configure dhcp server expired { day...
Page 649 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration 2.3.5 Configuring DNS Services for the DHCP Server If a host accesses the Internet through domain names, DNS is needed to translate the domain names into the corresponding IP addresses. To enable DHCP clients to access the Internet through domain names, a DHCP server is required to provide DNS server addresses while assigning IP addresses to DHCP clients.
Page 650 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration 2.3.6 Configuring NetBIOS Services for DHCP Clients For Microsoft Windows-based DHCP clients that communicate through NetBIOS protocol, the host name-to-IP address translation is carried out by WINS servers. So you need to perform WINS-related configuration for most Windows-based hosts.
Page 651 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Operation Command Description Configure dhcp server nbns-list multiple ip-address&<1-8> interface interfaces interface-type interface-number [ to in system interface-type interface-number ] | view all } interface...
Page 652: Dhcp Security Configuration
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Operation Command Description configured dhcp server option code ascii Configure ascii-string | hex hex-string&<1-10> | multiple ip-address ip-address&<1-8> interfaces interface interface-type in system interface-number interface-type...
Page 653 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration 2.4.2 Configuring Private DHCP Server Detecting A private DHCP server on a network also answers IP address request packets and assigns IP addresses to DHCP clients. However, the IP addresses they assigned may conflict with those of other hosts.
Page 654: Option 82 Supporting Configuration
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Operation Command Description Optional Set the maximum number dhcp server ping By default, a DHCP server of ICMP packets a DHCP packets number performs the ping operation...
Page 655: Option 184 Supporting Configuration
2.6.1 Introduction to Option 184 Option 184 is an RFC reserved option, and the information it carries can be customized. Huawei-3Com defines four proprietary sub-options for this option, enabling the DHCP server to put the information required by a DHCP client in the response packet to the client.
Page 656 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration II. Meanings of the sub-options for option 184 Table 2-23 Meanings of the sub-options for option 184 Sub-option Feature Function Note The IP address of...
Page 657 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Sub-option Feature Function Note A flag value of 0 The sub-option 3 of indicates that option voice VLAN The voice VLAN comprises identification function configuration...
Page 658 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Note: For the configurations specifying to add sub-option 2, sub-option 3, and sub-option 4 in the response packets to take effect, you must configure the DHCP server to add sub-option 1.
Page 659 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration I. Configuring the option 184 supporting function in system view Table 2-24 Configure the option 184 supporting function in system view Operation Command Description Enter system view —...
Page 660 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Note: Perform the operations listed in Table 2-24 in system view if you specify to assign IP addresses of an interface-based address pool to DHCP clients.
Page 661 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Note: Perform the operations listed in Table 2-25 in interface view if you specify to assign IP addresses of an interface-based address pool to DHCP clients.
Page 662 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Note: Perform the operations listed in Table 2-26 in global address pool view if you specify to assign IP addresses of a global DHCP address pool to DHCP clients.
Page 663: Displaying And Debugging A Dhcp Server
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration # Add GigabitEthernet1/0/1 port to VLAN 2 and configure the IP address of VLAN 2 interface to be 10.1.1.1/24. [Quidway] vlan 2 [Quidway-vlan2] port GigabitEthernet 1/0/1...
Page 664: Dhcp Server Configuration Example
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Operation Command Description display dhcp server ip-in-use { ip ip-address | Display information about pool pool-name address binding interface interface-type interface-number ] all } Display the statistics on a...
Page 665 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration carried out through DHCP relay. Note that DHCP server configuration is the same in both scenarios. I. Network requirements The DHCP server assigns IP addresses dynamically to the DHCP clients on the same network segment.
Page 666 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration II. Network diagram NetBIOS Server NetBIOS Server NetBIOS Server NetBIOS Server NetBIOS Server NetBIOS Server Client Client Client Client Client Client Client Client Client Client...
Page 667: Troubleshooting A Dhcp Server
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration # Configure DHCP address pool 2, including address range, gateway, WINS server address, and lease time. [Quidway] dhcp server ip-pool 2 [Quidway-dhcp-pool-2] network 10.1.1.128 mask 255.255.255.128 [Quidway-dhcp-pool-2] domain-name aabbcc.com...
Page 668: Introduction To Dhcp Relay
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration Chapter 3 DHCP Relay Configuration 3.1 Introduction to DHCP Relay 3.1.1 Usage of DHCP Relay Since the packets are broadcasted in the process of obtaining IP addresses, DHCP is...
Page 669 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration After receiving the packets, the network device providing the DHCP relay function unicasts the packet to the designated DHCP server based on the configuration. The DHCP server assigns IP addresses, and then broadcasts the configuration information to the client through the DHCP relay.
Page 670 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration RFC3046 DHCP Relay Agent Information Option IV. Mechanism of option 82 supporting on DHCP relay The procedure for a DHCP client to obtain an IP address from a DHCP server through a DHCP relay is similar to that for the client to obtain an IP address from a DHCP server directly.
Page 671: Dhcp Relay Configuration
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration 3.2 DHCP Relay Configuration Note: If a switch belongs to a fabric, you need to enable the UDP-helper function on it before configure it to be a DHCP relay.
Page 672 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration 3.2.3 Configuring an Interface to Operate in DHCP Relay Mode When an interface operates in the relay mode, the interface forwards the DHCP packets received from DHCP clients to an external DHCP server, which assigns IP addresses to the DHCP clients.
Page 673 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration When DHCP is enabled, sockets UDP 67 and UDP 68 used by DHCP are enabled. When DHCP is disabled, sockets UDP 67 and UDP 68 are disabled at the same time.
Page 674 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration II. Configuring DHCP relay handshake When the DHCP client obtains an IP address from the DHCP server through the DHCP relay, the DHCP relay records the binding relationship of the IP address and the MAC address.
Page 675 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration The dynamic user address entry updating function works as follows: at regular intervals, the DHCP relay sends a DHCP-REQUEST packet that carries the IP address assigned to a DHCP client and its own bridge MAC address to the corresponding DHCP server.
Page 676 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration Operation Command Description Required Enable pseudo-DHCP By default, the pseudo dhcp-server detect server detection function DHCP server detection function is disabled 3.2.5 Configuring Option 82 Supporting I.
Page 677: Displaying And Debugging Dhcp Relay
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration Note: By default, after you enable the DHCP relay to support the option 82 function, the device will adpot the replace policy to process the request packets which include the option 82.however, if you have configure another handling policy, the operation...
Page 678 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration the DHCP clients and the DHCP server are forwarded by the DHCP relay, through which the DHCP clients can obtain IP addresses and related configuration information from the DHCP server.
Page 679: Troubleshooting Dhcp Relay
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration 3.5 Troubleshooting DHCP Relay I. Symptom A client fails to obtain configuration information through a DHCP relay. II. Analysis This problem may be caused by improper DHCP relay configuration. When a DHCP...
Page 680: Introduction To Dhcp Snooping
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 DHCP Snooping Configuration Chapter 4 DHCP Snooping Configuration 4.1 Introduction to DHCP Snooping For the sake of security, the IP addresses used by online DHCP clients need to be...
Page 681: Dhcp Snooping Configuration
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 DHCP Snooping Configuration DHCP client DHCP client DHCP client DHCP server DHCP server DHCP server DHCP client DHCP client DHCP client DHCP server DHCP server DHCP server DHCP client...
Page 682: Displaying Dhcp Snooping
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 DHCP Snooping Configuration Operation Command Description Enter Ethernet port interface interface-type — view interface-number port Optional connected dhcp-snooping trust By default, all ports of a DHCP server to a...
Page 683 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 DHCP Snooping Configuration Table 4-2 Display DHCP snooping Operation Command Description Display the user IP-MAC address display mapping entries recorded by the dhcp-snooping [ unit You can execute the...
Page 684: Introduction To Dhcp Accounting
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 DHCP Accounting Configuration Chapter 5 DHCP Accounting Configuration 5.1 Introduction to DHCP Accounting DHCP accounting allows a DHCP server to notify the RADIUS server of the start/end of accounting when it assigns/releases a lease. The cooperation of DHCP server and RADIUS server implements the network accounting function and ensures network security at the same time.
Page 685: Configuring Dhcp Accounting
Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 DHCP Accounting Configuration 5.2.2 Configuring DHCP Accounting Table 5-1 Configure DHCP accounting Operation Command Description Enter system view system-view — Enter address pool dhcp server ip-pool Required view...
Page 686 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 DHCP Accounting Configuration III. Configuration procedure # Enter system view. system-view # Create VLAN 2. [Quidway] vlan 2 [Quidway-vlan2] quit # Create VLAN 3. [Quidway] vlan 3 [Quidway-vlan3] quit # Enter GigabitEthernet1/0/2 port view and add the port to VLAN 2.
Page 687 Operation Manual - DHCP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 5 DHCP Accounting Configuration # Enable DHCP accounting. [Quidway-dhcp-pool-test] accounting domain 123 Huawei Technologies Proprietary...
Page 688 Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 ACL Configuration....................... 1-1 1.1 ACL Overview ........................1-1 1.1.1 Ways to Apply ACL on a Switch................1-1 1.1.2 ACL Match Order ....................1-2 1.1.3 ACLs Based on Time Ranges.................
Page 689: Acl Overview
Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Chapter 1 ACL Configuration 1.1 ACL Overview An access control list (ACL) is used primarily to identify traffic flows. In order to filter data packets, a series of match rules must be configured on the network device to identify the packets to be filtered.
Page 690: Acl Match Order
Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration II. ACL referenced by the upper-level modules The switch also uses ACLs to filter packets processed by software and implements traffic classification. In this case, there are two types of match orders for the rules in an ACL: config (user-defined match order) and auto (the system performs automatic ordering, namely according “depth-first”...
Page 691: Configuring Time Ranges
Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration If the number and type of ACEs are the same for multiple rules, then the sum of ACE values of a rule determines its priority. The smaller the sum, the higher the priority.
Page 692: Defining Basic Acls
Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Operation Command Description time-range time-name start-time end-time days-of-the-week from Create time start-time start-date ] [ to Required range end-time end-date ] | from start-time start-date [ to...
Page 693 Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration The value range for basic ACL numbers is 2,000 to 2,999. 1.3.1 Configuration Preparation Before configuring an ACL rule containing time range arguments, you need to configure define the corresponding time ranges.
Page 694: Defining Advanced Acls
Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration 1.3.3 Configuration Example # Configure ACL 2000 to deny packets whose source IP address is 1.1.1.1. system-view [Quidway] acl number 2000 [Quidway-acl-basic-2000] rule deny source 1.1.1.1 0...
Page 695 Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Operation Command Description Define comment string of Optional rule rule-id comment text the ACL rule Define description description text Optional information of the Optional Display display...
Page 696 Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Parameter Type Function Description sour-addr sour-wildcard is used to specify the source address packet, Specifies source expressed in dotted decimal Source sour-addr source address notation. sour-wildcard can...
Page 697 Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Table 1-5 Description of DSCP values Keyword DSCP value in decimal DSCP value in binary 101110 af11 001010 af12 001100 af13 001110 af21 010010 af22 010100...
Page 698 Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration IP Precedence value in IP Precedence value in Keyword decimal binary flash-override critical internet network To define ToS priority, you can directly input a value ranging from 0 to 15, or input a keyword listed in Table 1-7.
Page 699 Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Parameter Type Function Description Specifies that “TCP rule will connection match established TCP-specific argument established” connection flag packets with the ack or rst flag If the protocol type is ICMP, you can also define the following information:...
Page 700: Defining Layer 2 Acls
Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Name ICMP TYPE ICMP CODE reassembly-timeout Type=11 Code=1 source-quench Type=4 Code=0 source-route-failed Type=3 Code=5 timestamp-reply Type=14 Code=0 timestamp-request Type=13 Code=0 ttl-exceeded Type=11 Code=0 1.4.3 Configuration Example # Configure ACL 3000 to permit ICMP packets to pass.
Page 701 Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Operation Command Description Create enter acl number acl-number Required layer 2 ACL view rule [ rule-id ] { permit | Define an rule Required deny } rule-string...
Page 702 Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Parameter Type Function Description lsap-code: the encapsulation format of data frames, a 16-bit hexadecimal number Defines lsap lsap-code lsap field lsap field in lsap-wildcard: mask of the...
Page 703 Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration 1.6 Defining User-Defined ACLs Using a byte, which is specified through its offset from the packet header, in the packet as the starting point, user-defined ACLs perform logical AND operations on packets and compare the extracted string with the user-defined string to find the matching packets for processing.
Page 704: Applying Acls On Ports
Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration You can specify an existing rule ID to modify the corresponding rule. ACEs that are not modified remain unchanged. You can create a rule by specifying an ID that identifies no rule.
Page 705: Displaying Acl Configuration
Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Table 1-15 Apply combination of ACLs Combination mode Form of acl-rule Apply all the rules in an IP type ACL ip-group acl-number separately Apply one rule in an IP type ACL separately...
Page 706: Acl Configuration Example
Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Table 1-16 Display ACL configuration Operation Command Description Display display configured acl-number } rule(s) Display time display time-range { all | These commands can be range...
Page 707: Basic Acl Configuration Example
Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Note: Only the commands related to the ACL configuration are listed below. Define the time range # Define a time range that contain a periodic time section from 8:00 to 18:00.
Page 708: Layer 2 Acl Configuration Example
Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Note: Only the commands related to the ACL configuration are listed below. Define the time range # Define the time range from 8:00 to 18:00. system-view [Quidway] time-range test 8:00 to 18:00 daily Define an ACL for packets with the source IP address of 10.1.1.1.
Page 709 Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Note: Only the commands related to the ACL configuration are listed below. Define the time range # Define the time range ranging from 8:00 to 18:00.
Page 710 Operation Manual – ACL Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Note: Only the commands related to the ACL configuration are listed below. Define the time range. # Define the time range ranging from 8:00 to 18:00.
Page 711 Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 QoS Configuration....................... 1-1 1.1 Overview ..........................1-1 1.1.1 Traffic ........................1-1 1.1.2 Traffic Classification ....................1-1 1.1.3 Precedence ......................1-1 1.1.4 Priority of Protocol Packets ..................1-5 1.1.5 Priority Remark......................
Page 712 Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Table of Contents 1.10.1 Configuration Prerequisites................. 1-20 1.10.2 Configuration Procedure ..................1-20 1.10.3 Configuration Example..................1-22 1.11 Configuring Traffic Statistics ..................1-23 1.11.1 Configuration Prerequisites................. 1-23 1.11.2 Configuration Procedure of Traffic Statistics............1-23 1.11.3 Clearing Traffic Statistics Information ..............
Page 713: Traffic Classification
Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration Chapter 1 QoS Configuration 1.1 Overview QoS (Quality of Service) is a concept generally existing in occasions with service supply and demand. It evaluates the ability to meet the need of the customers in service.
Page 714 Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration Figure 1-1 DS fields and TOS bytes The TOS field in an IP header contains 8 bits: The first three bits indicate IP precedence in the range of 0 to 7.
Page 715 Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration service level can be segmented. The QoS rank of the AF class is lower than that of the EF class; Class selector (CS) class: This class comes from the IP TOS field and includes 8 classes;...
Page 716 Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration Figure 1-2 An Ethernet frame with a 802.1Q tag header As shown in the figure above, each host supporting 802.1Q protocol adds a 4-bit 802.1Q tag header after the source address of the former Ethernet frame header when sending packets.
Page 717 Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration 1.1.4 Priority of Protocol Packets Protocol packets carry their own priority. You can perform QoS actions on protocol packets by setting their priorities. 1.1.5 Priority Remark The priority remark function is to use ACL rules in traffic identification and remark the priority for the packets matching with the ACL rules.
Page 718 Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration I. Traffic evaluation and the token bucket The token bucket can be considered as a container with a certain capacity to hold tokens. The system puts tokens into the bucket at the set rate. When the token bucket is full, the extra tokens will overflow and the number of tokens in the bucket stops increasing.
Page 719: Queue Scheduling Configuration Synchronization On Aggregation Ports
Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration Peak information rate (PIR) Excess burst size (EBS) Two token buckets are used in this evaluation. Their rates of putting tokens into the buckets are CIR and PIR respectively, and their sizes are CBS and EBS respectively (the two buckets are called C bucket and E bucket respectively for short), representing different permitted burst levels.
Page 720: Queue Scheduling
Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration Dynamic aggregation supported by queue scheduling modes on ports If the queue scheduling configuration information of some LACP-enabled up ports is the same, these ports can be aggregated into the same aggregation group.
Page 721 Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration high priority high priority high priority queue 7 queue 7 queue 7 Packets sent via this Packets sent via this Packets sent via this queue 6...
Page 722: Qos Supported By S
Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration queue1 weight1 queue1 weight1 queue1 weight1 queue1 weight1 Packets sent via this interface Packets sent via this interface Packets sent via this interface Packets sent via this interface...
Page 723 Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration Specification Related command — traffic-limit Priority — traffic-priority remark Redirect — traffic-redirect Support SP, WRR, and WRR + Queue queue-scheduler Support queue scheduling scheduling configuration synchronization...
Page 724: Setting To Use The Port Priority Or Packet Priority
Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration Operation Command Description Optional display You can execute the Display the mapping table cos-local-precedence-map display command in any view III. Configuration example Configure the following 802.1p priority-to-local precedence mappings: 0 to 2, 1 to 3, 2 to 4, 3 to 1, 4 to 7, 5 to 0, 6 to 5, and 7 to 6.
Page 725: Configuring Priority Remark
Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration Operation Command Description Optional Set the port priority priority priority-level By default, the port priority is 0 Table 1-7 Set to use the packet priority Operation...
Page 726 Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration Through the traffic-priority command. Then you can remark the IP precedence, 802.1p priority, DSCP priority and local precedence. 1.5.1 Configuration Prerequisites ACL rules used for traffic identifying are defined. Refer to the ACL module in the...
Page 727: Setting The Precedence Of Protocol Packet
Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration ACL combination Form of the acl-rule argument Apply a rule in a Link ACL separately link-group acl-number rule rule Apply a rule in an IP ACL and a rule in...
Page 728: Configuring Rate Limit On Ports
Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration Operation Command Description Required protocol-priority You can modify the IP precedence protocol-type or DSCP precedence of protocol-type protocol packet precedence of the ip-precedence Only the precedence of BGP,...
Page 729: Configuration Procedure Of Tp
Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration Operation Command Description Configure line-rate outbound port-based rate Required target-rate limit Optional Display display precedence of the You can execute the display protocol-priority protocol packet command in any view 1.7.3 Configuration Example...
Page 730 Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration Operation Command Description Required exceed exceed-action: Sets the actions on the packets exceeding the specified traffic when the packet traffic exceeds traffic-limit inbound Configure specified traffic. The actions...
Page 731: Configuring Redirect
Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration system-view System View: return to User View with Ctrl+Z. [Quidway] acl number 2000 [Quidway-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255 [Quidway-acl-basic-2000] quit [Quidway] interface GigabitEthernet1/0/1 [Quidway-GigabitEthernet1/0/1] traffic-limit inbound ip-group 2000 100 exceed remark-dscp 56 1.9 Configuring Redirect...
Page 732 Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration Note: The redirect configuration is effective only for the ACL rules whose actions are permit. When packets are redirected to CPU, they cannot be forwarded normally.
Page 733 Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration Operation Command Description Required queue-scheduler In WRR mode, if the weight strict-priority value of one or more queue0-weight queues is set to 0, SP queue1-weight algorithm is used for this or...
Page 734 Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration Note: The queue scheduling algorithm defined by executing the queue-scheduler command in system view takes effect on all the ports of the switch. The queue scheduling algorithm defined by executing the queue-scheduler command in Ethernet port view takes effect on the current port only.
Page 735: Configuring Traffic Statistics
Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration weight of queue 2: 3 weight of queue 3: 4 weight of queue 4: 5 weight of queue 5: 9 weight of queue 6: 13 weight of queue 7: 15 1.11 Configuring Traffic Statistics...
Page 736: Clearing Traffic Statistics Information
Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration 1.11.3 Clearing Traffic Statistics Information Table 1-17 Clear traffic statistics information Operation Command Description Enter system view system-view — interface Enter Ethernet port interface-type — view...
Page 737 Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration II. Network diagram To router Salary query server 129.110.1.2 GE1/0/1 Switch R&D dept Figure 1-7 QoS configuration example III. Configuration procedure Note: Only the commands related with QoS/ACL configurations are listed in the following configurations.
Page 738: Configuration Example Of Priority Remark
Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 1 QoS Configuration 1.12.2 Configuration Example of Priority Remark I. Network requirements Mark ef on the packets that PC1 whose IP address is 1.0.0.2 sends from 8:00 to 18:00 every day to provide the basis of precedence for the upper-layer devices.
Page 739: Chapter 2 Qos Profile Configuration
Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 2 QoS Profile Configuration Chapter 2 QoS Profile Configuration 2.1 Introduction to QoS Profile The switch can dynamically provide pre-defined QoS function for one or one group of authenticated user(s) through the combination of QoS profile function and 802.1x authentication function.
Page 740: Configuring Qos Profile
Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 2 QoS Profile Configuration The following table describes the QoS profile configurations: Table 2-1 Configure QoS profile Device Configuration Configuration link Configure user authentication — information Configure matching server...
Page 741 Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 2 QoS Profile Configuration Operation Command Description traffic-priority inbound acl-rule dscp dscp-value Add priority remark ip-precedence { pre-value Optional actions | from-cos } } | cos { pre-value | from-ipprec }...
Page 742 Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 2 QoS Profile Configuration The user name is someone and its authentication password is hello. It is accessed on GigabitEthernet1/0/1 of the switch and belongs to the test163.net domain. Its corresponding QoS profile is “example”...
Page 743: Applying The Qos Profile To The Port Manually
Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 2 QoS Profile Configuration [Quidway-radius-radius1] user-name-format without-domain [Quidway-radius-radius1] quit # Create the user domain test163.net and specify radius1 as your RADIUS server group. [Quidway] domain test163.net [Quidway-isp-test163.net] radius-scheme radius1 [Quidway-isp-test163.net] quit...
Page 744: Displaying Qos Profile
Operation Manual - QoS&QoS Profile Quidway S5600 Series Ethernet Switches Chapter 2 QoS Profile Configuration Operation Command Description Apply the QoS profile to apply qos-profile profile-name Required the current port manually 2.5 Displaying QoS Profile After finishing the configurations mentioned above, you can execute the display command in any view to check the running state of the QoS profile after the configuration.
Page 745 Operation Manual – Mirroring Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Mirroring Configuration ....................1-1 1.1 Overview ..........................1-1 1.1.1 Traffic Mirroring ....................... 1-1 1.1.2 Port Mirroring......................1-1 1.1.3 Remote Port Mirroring — RSPAN................1-1 1.2 Mirroring Supported by S5600...................
Page 746: Traffic Mirroring
Operation Manual – Mirroring Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Chapter 1 Mirroring Configuration 1.1 Overview Mirroring refers to the process of copying packets that meet the specified rules to a destination port. Generally, a destination port is connected to a data detect device, which users can use to analyze the mirrored packets for monitoring and troubleshooting the network.
Page 747 Operation Manual – Mirroring Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Remote-probe VLAN Remote-probe VLAN Source Source Intermediate Switch Intermediate Switch Switch Switch Destination Destination Switch Switch Trunk port Trunk port Reflector port Reflector port Source Port...
Page 748: Mirroring Supported By S
Operation Manual – Mirroring Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Switch Ports involved Function Trunk port Receive remote mirrored packets. Destination switch Destination port Monitor remote mirrored packets To implement remote port mirroring, you need to define a special VLAN, called remote-probe VLAN, on all the three types of switches.
Page 749: Mirroring Configuration
Operation Manual – Mirroring Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Function Specifications Related command Link mirroring-group mirroring-group mirroring-port Section 1.3.2 Supports port “Configuring mirroring-group monitor-port mirroring Port Mirroring” monitor-port mirroring-port mirroring-group mirroring-group mirroring-port Section 1.3.3 Supports remote mirroring-group monitor-port “Configuring...
Page 750 Operation Manual – Mirroring Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Operation Command Description Reference ACLs for identifying mirrored-to inbound traffic flows and perform traffic Required acl-rule mirroring packets that { monitor-interface | cpu } match. display...
Page 751: Configuring Port Mirroring
Operation Manual – Mirroring Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration [Quidway-acl-basic-2000] rule deny source any [Quidway-acl-basic-2000] quit [Quidway] interface gigabitEthernet 1/0/4 [Quidway-GigabitEthernet1/0/4] monitor-port [Quidway-GigabitEthernet1/0/4] quit [Quidway] interface gigabitEthernet 1/0/1 [Quidway-GigabitEthernet1/0/1] mirrored-to inbound ip-group 2000 monitor-interface 1.3.2 Configuring Port Mirroring I.
Page 752 Operation Manual – Mirroring Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Note: If you specify the destination port and source port in Ethernet port view without creating a port mirroring group, the mirroring group 1 will be created automatically.
Page 753 Operation Manual – Mirroring Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Operation Command Description Configure the source mirroring-group group-id port and specify the mirroring-port Required direction mirroring-port-list both packets to be mirrored inbound | outbound } Optional...
Page 754: Configuring Rspan
Operation Manual – Mirroring Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration [Quidway] mirroring-group 1 local [Quidway] mirroring-group 1 monitor-port GigabitEthernet 1/0/4 [Quidway] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 both 1.3.3 Configuring RSPAN I. Configuration prerequisites The source switch, intermediate switch, and the destination switch have been determined.
Page 755 Operation Manual – Mirroring Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Operation Command Description mirroring-group Configure remote group-id Required source mirroring group remote-source mirroring-group group-id Configure source mirroring-port port remote Required mirroring-port-list mirroring { both | inbound |...
Page 756 Operation Manual – Mirroring Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration III. Configuring RSPAN on the intermediate switch Table 1-9 Configure RSPAN on the intermediate switch Operation Command Description Enter system view system-view — Create a remote-probe...
Page 757 Operation Manual – Mirroring Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Operation Command Description Enter the view of the port through which the destination switch is interface interface-type — connected interface-number source switch or an intermediate switch...
Page 758 Operation Manual – Mirroring Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Note: It is recommended that you do not configure a VLAN as a remote-probe VLAN if the mac-address max-mac-count 0 command is configured on a port in this VLAN.
Page 759 Operation Manual – Mirroring Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration Data monitoring device GE1/0/2 Switch A GE1/0/1 GE1/0/1 Switch B GE1/0/2 GE1/0/1 Switch C GE1/0/2 Figure 1-3 Network diagram for RSPAN Configuration procedure # Configure Switch C.
Page 760 Operation Manual – Mirroring Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Configuration [Quidway] interface GigabitEthernet 1/0/1 [Quidway-GigabitEthernet1/0/1] port trunk permit vlan 10 [Quidway-GigabitEthernet1/0/1] quit [Quidway] interface GigabitEthernet 1/0/2 [Quidway-GigabitEthernet1/0/2] port trunk permit vlan 10 # Configure Switch A.
Page 761 Operation Manual – IRF Fabric Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 IRF Fabric Configuration..................... 1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to IRF....................1-1 1.1.2 Introduction to RMON on IRF.................. 1-2 1.2 Peer Fabric Port Detection ....................1-2 1.2.1 Introduction to the Peer Fabric Port Detection Function .........
Page 762: Chapter 1 Irf Fabric Configuration
Operation Manual – IRF Fabric Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration Chapter 1 IRF Fabric Configuration 1.1 Overview 1.1.1 Introduction to IRF Several IRF (intelligent resilient framework) supported switches of the same model can be interconnected to form a fabric, in which each switch is a unit. The ports used to interconnect all the units are called fabric ports, while the other ports that are used to connect the fabric to users are called user ports.
Page 763: Peer Fabric Port Detection
After the device configurations converge, you can collect RMON history and statistics data of any unit from any switch in the fabric. For detailed information about RMON, refer to the SNMP&RMON Operation part in Quidway S5600 Series Ethernet Switches Operation Manual.
Page 764 Operation Manual – IRF Fabric Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration If a fabric port of a switch is connected to a non-fabric port, the switch will not receive DISC packets from the peer. In this case, the switch cannot join the fabric.
Page 765: Irf Fabric Configuration
Operation Manual – IRF Fabric Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration Prompt Analysis Solution Check the types of A fabric port of the interconnected ports local switch on two sides. Make connected sure a fabric port is...
Page 766: Setting A Unit Id For A Switch
Operation Manual – IRF Fabric Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration Table 1-2 Configure an IRF Fabric Task Description Related section Set and save the unit ID for a Section 1.3.2 “Setting a Unit Optional switch ID for a Switch”...
Page 767 Operation Manual – IRF Fabric Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration Table 1-4 Set an unit ID to a new value Operation Command Description Enter system view system-view — Set a unit ID to a new...
Page 768: Specifying The Fabric Port Of A Switch
Operation Manual – IRF Fabric Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration 1.3.3 Specifying the Fabric Port of a Switch An S5600 series switch has two Cascade ports, which are used to connect the devices within a Fabric. It is necessary to enable the Fabric function for the Cascade ports and use local UP port to connect peer DOWN port or use local DOWN port to connect peer UP port.
Page 769: Displaying And Debugging Irf Fabric
Operation Manual – IRF Fabric Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration Operation Command Description Optional Assign a fabric name to sysname sysname By default, the IRF fabric the switch name is Quidway. 1.4 Displaying and Debugging IRF Fabric Following completion of the above configuration, you can execute the display command in any view to view device management and verify the settings.
Page 770: Networking Diagram
Operation Manual – IRF Fabric Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration 1.5.2 Networking diagram Fabric Fabric Fabric Fabric Switch A Switch A Switch B Switch B user port user port user port user port Fabric port...
Page 771 Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Cluster........................... 1-1 1.1 Cluster Overview........................ 1-1 1.1.1 Introduction to HGMP V2 ..................1-1 1.1.2 Introduction to NDP....................1-2 1.1.3 Introduction to NTDP....................1-3 1.1.4 Introduction to Cluster .....................
Page 772: Cluster Overview
1.1 Cluster Overview 1.1.1 Introduction to HGMP V2 A cluster is implemented through HGMP V2. By employing huawei group management protocol (HGMP V2), a network administrator can manage multiple switches using the public IP address of a switch known as a management device. The switches under the management of the management device are member devices.
Page 773: Introduction To Ndp
Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Software upgrading and parameter configuring can be performed simultaneously on multiple switches. Free of topology and distance limitations Saving IP address resource HGMP V2 is comprised of the following three protocols:...
Page 774 Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster the received NDP packets rather than forward them. The corresponding data entry in the NDP table is updated when the received information is different from the existing one.
Page 775: Switch Roles In The Cluster
Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster The management device of a cluster recognizes and controls all the member devices in the cluster, no matter where they are located on the network or how they are connected.
Page 776 Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster The following three switch roles exist in a cluster: management device, member device, and candidate device. Table 1-1 Switch roles in the cluster Role Configuration Description Provide...
Page 777 Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Candidate device Candidate device Management device Management device Member device Member device Figure 1-2 Role switching roles Each cluster has one (and only one) management device. A management device collects NDP/NTDP information to discover and determine candidate devices, which can be then added into the cluster through manual configurations.
Page 778: Management Device Configuration
Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster 1.2 Management Device Configuration 1.2.1 Management Device Configuration Tasks Table 1-2 Management device configuration tasks Operation Description Related section Enable Section 1.2.2 Enabling NDP globally Required Globally and for Specific Ports...
Page 779 Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Operation Command Description By default, NDP is enabled Ente specified on the port Ethernet Ethe interface interface-type ports rnet interface-number port Ether view port view ndp enable port 1.2.3 Configuring NDP-related Parameters...
Page 780 Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster 1.2.5 Configuring NTDP-related Parameters Table 1-6 Configure NTDP parameters Operation Command Description Enter system view system-view — Configure Optional range topology information within ntdp hop hop-value By default, the hop range for...
Page 781 Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster 1.2.7 Configuring Cluster Parameters I. Configuring cluster parameters manually Table 1-8 Configure cluster parameters manually Operation Command Description Enter system view system-view — Specify This specify management...
Page 782: Configuring Interaction For The Cluster
Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Operation Command Description Configure the rang ip-pool administrator-ip-address Required addresses of the { ip-mask | ip-mask-length } cluster Optional Build cluster build clusters auto-build [ recover ]...
Page 783: Member Device Configuration
Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Operation Command Description Enter cluster view cluster Required Configure network nm-interface management (NM) Optional Vlan-interface vlan-id interface for the cluster 1.3 Member Device Configuration 1.3.1 Member Device Configuration Tasks...
Page 784 Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster 1.3.3 Enabling NTDP Globally and for Specific Ports Table 1-14 Enable NTDP globally and for specific ports Operation Command Description Enter system view system-view — Enable system...
Page 785: Displaying And Maintaining A Cluster
Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Operation Command Description Remove a member delete-member device from Optional member-num cluster reboot member Reboot a specified member-num Optional member device mac-address H-H-H [ eraseflash ] Return to system quit —...
Page 786: Cluster Configuration Example
Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Operation Command Description Display state and statistics display cluster information about a cluster Display display cluster candidates information about [ mac-address H-H-H | candidate verbose ] devices of a cluster...
Page 787 Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster II. Network diagram SNMP host/log host SNMP host/log host SNMP host/log host SNMP host/log host 69.172.55.4 69.172.55.4 69.172.55.4 69.172.55.4 69.172.55.4 69.172.55.4 69.172.55.4 69.172.55.4 FTP server/TFTP server FTP server/TFTP server...
Page 788 Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster [Quidway] ndp enable [Quidway] interface GigabitEthernet 1/0/2 [Quidway-GigabitEthernet1/0/2] ndp enable [Quidway-GigabitEthernet1/0/2] interface GigabitEthernet 1/0/3 [Quidway-GigabitEthernet1/0/3] ndp enable [Quidway-GigabitEthernet1/0/3] quit # Configure the holdtime of NDP information to be 200 seconds.
Page 789 Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster [Quidway-cluster] build aaa [aaa_0.Quidway-cluster] # Add the attached two switches to the cluster. [aaa_0.Quidway-cluster] add-member 1 mac-address 00e0-fc01-0011 [aaa_0.Quidway-cluster] add-member 17 mac-address 00e0-fc01-0012 # Configure the holdtime of the member device information to be 100 seconds.
Page 790 Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Note: Upon the completion of the above configurations, you can execute the cluster switch-to { member-num | mac-address H-H-H } command on the management device to switch to member device view to maintain and manage a member device.
Page 791 Operation Manual – Cluster Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Cluster II. Network diagram S5600 S5600 (IP Address192.168.4.22 (IP Address192.168.4.22 Port GE1/0/2 Port GE1/0/2 VLAN 3 VLAN 3 FTP Sever FTP Sever FTP Sever FTP Sever (IP Address 192.168.4.3 ) (IP Address 192.168.4.3 )
Page 792 Operation Manual – PoE & PoE Profile Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 PoE Configuration ....................... 1-1 1.1 PoE Overview ........................1-1 1.1.1 Introduction to PoE....................1-1 1.1.2 PoE Features supported by S5600 ................. 1-1 1.2 PoE Configuration Tasks ....................
Page 793: Poe Overview
Operation Manual – PoE & PoE Profile Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration Chapter 1 PoE Configuration 1.1 PoE Overview 1.1.1 Introduction to PoE Power over Ethernet (PoE) uses 10BaseT, 100Base-TX, and 1000Base-T twisted pairs to supply power to the remote powered devices (PD) in the network and implement power supply and data transmission simultaneously.
Page 794: Poe Configuration Tasks
Operation Manual – PoE & PoE Profile Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration It can deliver data and current simultaneously through data wires (1, 3, 2, and 6) of category-3/5 twisted pairs. Through the fixed 24/48 Ethernet electrical ports, it can supply power to up to 24/48 remote Ethernet switches with a maximum distance of 100 m (328 feet).
Page 795: Enabling The Poe Feature On A Port
Operation Manual – PoE & PoE Profile Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration Operation Description Related section Section 1.4 Setting the Set the maximum output power on Optional Maximum Output Power a port on a Port Section 1.5 Setting PoE...
Page 796: Setting Poe Management Mode And Poe Priority Of A Port
Operation Manual – PoE & PoE Profile Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration Operation Command Description interface interface-type Enter Ethernet port view — interface-number Required By default, the Set the maximum output poe max-power max-power maximum output...
Page 797: Setting The Poe Mode On A Port
Operation Manual – PoE & PoE Profile Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration Operation Command Description interface interface-type Enter Ethernet port view — interface-number Required Se the PoE priority of a poe priority { critical |...
Page 798: Upgrading The Pse Processing Software Online
Operation Manual – PoE & PoE Profile Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration 1.8 Configuring PoE Over-Temperature Protection on the Switch If this function is enabled, the switch disables the PoE feature on all ports when its...
Page 799: Displaying Poe Configuration
Operation Manual – PoE & PoE Profile Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration Note: The refresh update mode is to upgrade the valid software in the PSE through refreshing the software, while the full update mode is to delete the invalid software in PSE completely and then reload the software.
Page 800: Poe Configuration Example
Operation Manual – PoE & PoE Profile Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration 1.11 PoE Configuration Example I. Networking requirements The GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 ports of the S5624P-PWR switch are connected to an S2016C switch and an AP respectively; the GigabitEthernet 1/0/24 port is intended to be connected with an important AP.
Page 801 Operation Manual – PoE & PoE Profile Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration # Set the maximum output power of GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to 12000 mW and 2500 mW respectively. [Quidway] interface GigabitEthernet 1/0/1...
Page 802: Introduction To Poe Profile
Operation Manual – PoE & PoE Profile Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 PoE Profile Configuration Chapter 2 PoE Profile Configuration 2.1 Introduction to PoE Profile On a large-sized network or a network with mobile users, to help network administrators to monitor the PoE features of the switch, S5600 series ethernet switches provide the PoE profile features.
Page 803 Operation Manual – PoE & PoE Profile Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 PoE Profile Configuration Operation Command Description Required The PoE feature Enable poe enable port feature on a port disabled default Optional Configure By default, PoE...
Page 804: Displaying Poe Profile Configuration
Operation Manual – PoE & PoE Profile Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 PoE Profile Configuration When the apply poe-profile command is used to apply a PoE profile to a port, the PoE profile is applied successfully only if one PoE feature in the PoE profile is applied properly.
Page 805: Poe Profile Configuration Example
Operation Manual – PoE & PoE Profile Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 PoE Profile Configuration 2.4 PoE profile Configuration Example I. Network requirements GigabitEthernent1/0/1 through GigabitEthernet1/0/10 of the S5648P-PWR switch are used by users of group A who have the following requirements: All ports in use can enable PoE function;...
Page 806 Operation Manual – PoE & PoE Profile Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 PoE Profile Configuration II. Configuration procedure # Create profile 1, and enter PoE profile view. system-view [Quidway] poe-profile Profile1 # In profile 1, add the PoE policy configuration applicable to GigabitEthernet1/0/1 through GigabitEthernet1/0/5 ports for users of group A.
Page 807 Operation Manual – UDP-Helper Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 UDP-Helper Configuration ..................1-1 1.1 Introduction to UDP-Helper....................1-1 1.2 Configuring UDP-Helper ....................1-2 1.3 Displaying and Debugging UDP-Helper ................1-3 1.4 UDP-Helper Configuration Example .................. 1-3 1.4.1 Network requirements .....................
Page 808 Operation Manual – UDP-Helper Chapter 1 Quidway S5600 Series Ethernet Switches-Release 1510 UDP-Helper Configuration Chapter 1 UDP-Helper Configuration 1.1 Introduction to UDP-Helper UDP-Helper is designed to relay specified broadcast UDP packets. It enables a device to operate as a UDP packet relay. That is, it can convert broadcast UDP packets into unicast packets and forward them to a specified server.
Page 809 Operation Manual – UDP-Helper Chapter 1 Quidway S5600 Series Ethernet Switches-Release 1510 UDP-Helper Configuration 1.2 Configuring UDP-Helper Table 1-2 Configure UDP-Helper Operation Command Description Enter system view — system-view Required Enable UDP-Helper udp-helper enable UDP-Helper is disabled by default If the port is a default...
Page 810 Operation Manual – UDP-Helper Chapter 1 Quidway S5600 Series Ethernet Switches-Release 1510 UDP-Helper Configuration You can configure up to 20 destination servers on a VLAN interface. If the destination server is configured on a VLAN interface, the broadcast UDP packets received from the ports in the VLAN with specific UDP-Helper destination ports are forwarded to the destination server configured on the VLAN interface.
Page 811 Operation Manual – UDP-Helper Chapter 1 Quidway S5600 Series Ethernet Switches-Release 1510 UDP-Helper Configuration 1.4.2 Network diagram PC1 192.168.1.1 PC1 192.168.1.1 10.2.72.1 10.2.72.1 192.168.1.2 192.168.1.2 10.2.72.39 10.2.72.39 Switch 1 Switch 1 UDP-Helper Server UDP-Helper Server Switch 2 Switch 2 Figure 1-1 Network diagram for UDP-Helper configuration 1.4.3 Configuration procedure...
Page 812 Operation Manual – SNMP and RMON Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 SNMP Configuration....................1-1 1.1 SNMP Overview......................... 1-1 1.1.1 SNMP Operation Mechanism.................. 1-1 1.1.2 SNMP Versions ....................... 1-1 1.1.3 MIBs Supported by the Device................1-2 1.2 Configuring SNMP Basic Functions...................
Page 813: Snmp Overview
Operation Manual – SNMP and RMON Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Chapter 1 SNMP Configuration 1.1 SNMP Overview By far, the simple network management protocol (SNMP) has gained the most extensive application in the computer networks. SNMP has been put into use and widely accepted as an industry standard in practice.
Page 814: Mibs Supported By The Device
Operation Manual – SNMP and RMON Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration name can limit access to SNMP Agent from SNMP NMS, functioning as a password. You can define the following features related to the community name.
Page 815: Configuring Snmp Basic Functions
Operation Manual – SNMP and RMON Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Table 1-1 Common MIBs MIB attribute MIB content References MIB II based on TCP/IP network device RFC1213 RFC1493 BRIDGE MIB RFC2675 RIP MIB RFC1724...
Page 816 Operation Manual – SNMP and RMON Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Table 1-2 Configure SNMP basic functions for SNMP V1 and SNMP V2C Operation Command Description Enter system view system-view — Optional default, SNMP Agent is disabled...
Page 817 Operation Manual – SNMP and RMON Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Operation Command Description Optional Set the maximum size of snmp-agent packet SNMP packets that the Agent By default, it is 1,500 max-size byte-count can send/receive bytes.
Page 818: Configuring Trap
Operation Manual – SNMP and RMON Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Operation Command Description snmp-agent usm-user user-name group-name [ authentication-mode Add a new user for an SNMP Required group auth-password [ privacy-mode des56 priv-password ] ] [ acl...
Page 819 Operation Manual – SNMP and RMON Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Operation Command Description Trap Enable packets port interface enable snmp trap updown send Trap packets Quit quit system view snmp-agent target-host trap address udp-domain { ip-address }...
Page 820: Displaying Snmp
Operation Manual – SNMP and RMON Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Note: In the environment of a single device, use the display logbuffer command to view the logging information for the get and set operations sent from NMS.
Page 821 Operation Manual – SNMP and RMON Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration 1.6 SNMP Configuration Example 1.6.1 SNMP Configuration Example I. Network requirements An NMS and Switch A are connected through the Ethernet. The IP address of the NMS is 10.10.10.1 and that of the VLAN interface on Switch A is 10.10.10.2.
Page 822 5000 params securityname public IV. Configuring NMS The S5600 series switch supports Huawei’s QuidView NMS. SNMP V3 adopts user name and password authentication. In [Quidview Authentication Parameter], you need to set a user name, choose security level, and set authorization mode, authorization password, encryption mode, and encryption password respectively according to different security levels.
Page 823: Introduction To Rmon
Operation Manual – SNMP and RMON Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 RMON Configuration Chapter 2 RMON Configuration 2.1 Introduction to RMON Remote monitoring (RMON) is a kind of management information base (MIB) defined by Internet Engineering Task Force (IETF) and is a most important enhancement made to MIB II standards.
Page 824: Commonly Used Rmon Groups
Operation Manual – SNMP and RMON Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 RMON Configuration switch, an NMS can obtain the information about the total traffic, error statistics and performance statistics of the network segments to which the ports of the managed network devices are connected.
Page 825: Rmon Configuration
Operation Manual – SNMP and RMON Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 RMON Configuration Comparing the calculated result with the set threshold and triggering corresponding events if the calculated value is larger than the upper threshold or smaller than the lower threshold.
Page 826: Displaying Rmon
Operation Manual – SNMP and RMON Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 RMON Configuration Operation Command Description rmon event event-entry [ description string ] { log | trap Add an event entry trap-community log-trap Optional log-trapcommunity | none }...
Page 827: Rmon Configuration Example
Operation Manual – SNMP and RMON Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 RMON Configuration Table 2-2 Display RMON Descript Operation Command display rmon statistics interface-type Display RMON statistics interface-number unit unit-number ] display rmon history interface-type Display RMON history information...
Page 828 Operation Manual – SNMP and RMON Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 RMON Configuration II. Network diagram Internet Internet Netw ork Port Netw ork Port Console Port Console Port Sw itch Sw itch Figure 2-1 Network diagram for RMON configuration III.
Page 829 Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 NTP Configuration ....................... 1-1 1.1 Introduction to NTP ......................1-1 1.1.1 Applications of NTP....................1-1 1.1.2 Working Principle of NTP ..................1-2 1.1.3 NTP Implementation Mode ..................
Page 830: Introduction To Ntp
Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Chapter 1 NTP Configuration 1.1 Introduction to NTP Network time protocol (NTP) is a time synchronization protocol defined by RFC1305. It is used for time synchronization among a set of distributed time servers and clients.
Page 831: Working Principle Of Ntp
Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Note: The accuracy of a clock is determined by its stratum, which ranges from 1 to 16. The stratum of the reference clock ranges from 1 to 15. The accuracy descends with the increasing of stratum number.
Page 832 Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration NTP Packet NTP Packet NTP Packet NTP Packet NTP Packet NTP Packet NTP Packet NTP Packet 10:00:00 am 10:00:00 am 10:00:00 am 10:00:00 am 10:00:00am 10:00:00am...
Page 833: Ntp Implementation Mode
Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration 1.1.3 NTP Implementation Mode To accommodate networks of different structures and switches in different network positions, NTP can operate in multiple modes, as described in the following.
Page 834 Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration III. Broadcast mode Server Server Server Server Client Client Client Client Netw ork Netw ork Netw ork Netw ork Initiate a client/server mode Initiate a client/server mode...
Page 835: Ntp Implementation Mode Configuration
Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration NTP implementation mode Configuration on S5600 switches Configure the S5600 switch to operate in NTP broadcast server mode. In this case, the S5600 switch broadcast NTP packets through the VLAN interface configured on the switch.
Page 836 Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Operation Command Description ntp-service unicast-server remote-ip Optional server-name Configure to operate in authentication-keyid By default, no Ethernet the NTP client mode key-id priority switch operates in the NTP...
Page 837 Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Note: To reduce the risk of being attacked by malicious users against opened socket and enhance switch security, the S5600 series Ethernet switches provide the following functions, so that a socket is opened only when it is needed: Opening UDP port 123 (used for NTP) when NTP is enabled;...
Page 838: Access Control Permission Configuration
Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration IV. NTP multicast server mode When an S5600 series switch operates in NTP multicast server mode, it multicasts a clock synchronization packet periodically. The devices which are configured to be in the NTP multicast client mode will response this packet and start the clock synchronization procedure.
Page 839 Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration client side and the server side, the client is synchronized only to the server that passes the authentication. This improves network security. 1.4.1 Prerequisites NTP authentication configuration involves:...
Page 840 Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Operation Command Description In NTP client mode and NTP peer mode, you NTP client mode: need to associate the specified key with the ntp-service unicast-server corresponding { remote-ip | server-name } server on the client.
Page 841: Configuration Of Optional Ntp Parameters
Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Operation Command Description Required Configure ntp-service reliable specified key to be By default, an authentication authentication-keyid key-id a trusted key key is not a trusted key...
Page 842: Displaying And Debugging Ntp
Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Operation Command Description Configure Optional number ntp-service By default, up to 100 dynamic sessions that can max-dynamic-sessions sessions can be established established number locally. locally Enter...
Page 843: Ntp Server Mode Configuration
Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration 1.7 Configuration Example 1.7.1 NTP Server Mode Configuration I. Network requirements Configure the local clock of Quidway1 to be NTP master clock, with the stratum being Note: Quidway1 is a switch that allows the local clock to be the master clock.
Page 844: Ntp Peer Mode Configuration
Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration # After the above configuration, the S5600 switch is synchronized to Quidway1. View the NTP status of the S5600 series switch. [S5600] display ntp-service status Clock status: synchronized Clock stratum: 3 Reference clock ID: 1.0.1.11...
Page 845 Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Note: This example assumes that: Quidway2 is a switch that allows its local clock to be the master clock. Quidway3 is a switch that allows its local clock to be the master clock and the stratum of its clock is 1.
Page 846: Ntp Broadcast Mode Configuration
Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Clock status: synchronized Clock stratum: 2 Reference clock ID: 3.0.1.32 Nominal frequency: 250.0000 Hz Actual frequency: 249.9992 Hz Clock precision: 2^19 Clock offset: 0.66 ms Root delay: 27.47 ms Root dispersion: 208.39 ms...
Page 847 Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration II. Network diagram 3.0.1.31/24 3.0.1.31/24 3.0.1.31/24 3.0.1.31/24 3.0.1.31/24 3.0.1.31/24 3.0.1.31/24 3.0.1.31/24 Vlan-interface 2 Vlan-interface 2 Vlan-interface 2 Vlan-interface 2 Vlan-interface 2 Vlan-interface 2 Vlan-interface 2 Vlan-interface 2...
Page 848: Ntp Multicast Mode Configuration
Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration [S5600-2-Vlan-interface2] # Configure S5600-2 to be a broadcast client. [S5600-2-Vlan-interface2] ntp-service broadcast-client The above configuration configures S5600-1 and S5600-2 to listen to broadcast packets through their VLAN interface 2, and Quidway3 to send broadcast packets through VLAN interface 2.
Page 849 Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Configure S5600-1 and S5600-2 to listen to multicast packets through their VLAN interface 2. Note: This example assumes that Quidway3 is a switch that supports the local clock being the master clock.
Page 850 Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Configure S5600-2. # Enter system view. system-view [S5600-2] # Enter VLAN-interface 2 view. [[S5600-2] interface Vlan-interface 2 # Configure S5600-2 to be a multicast client.
Page 851: Ntp Server Mode With Authentication Configuration
Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration 1.7.5 NTP Server Mode with Authentication Configuration I. Network requirements The local clock of Quidway1 operates as the master NTP clock, with the clock stratum set to 2.
Page 852 Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Note: When you configure an NTP connection with authentication, it is necessary to add a specified key after the peer entity or server in the command. Otherwise, the later sent packets have no authentication information.
Page 853 Operation Manual – NTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration ************************************************************************* [5]1.0.1.11 127.127.1.0 350.1 15.1 note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured Note: When the switch receives an NTP packet with authentication information, there are the following scenarios: If the switch enables NTP authentication, it performs authentication operation.
Page 854 Operation Manual – SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 SSH Terminal Services....................1-1 1.1 SSH Terminal Services...................... 1-1 1.1.1 Introduction to SSH ....................1-1 1.1.2 SSH Server Configuration..................1-3 1.1.3 SSH Client Configuration ..................
Page 855: Ssh Terminal Services
Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Chapter 1 SSH Terminal Services 1.1 SSH Terminal Services 1.1.1 Introduction to SSH Secure Shell (SSH) can provide information security and powerful authentication to prevent such assaults as IP address spoofing, plain-text password interception when users log on to the Switch remotely through an insecure network environment.
Page 856 Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Workstation Workstation Workstation Workstation Local Switch Local Switch Local Switch Local Switch Local Switch Local Switch Local Ethernet Local Ethernet Local Ethernet Local Ethernet...
Page 857 Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services The server authenticates the username information from the client. If the user is configured as no authentication on the server, authentication stage is skipped and session request stage starts directly.
Page 858 Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Configuration Keyword Description Refer Generate a local RSA key pair rsa local-key-pair create “Generating local-key-pair destroying RSA key Destroy a local RSA key pair...
Page 859 Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Caution: When SSH protocol is specified, to ensure a successful login, you must configure the AAA authentication using the authentication-mode scheme command. protocol...
Page 860 Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Caution: For a successful SSH login, you must generate a local RSA key pair first. You just need to execute the command once, with no further action required even after the system is rebooted.
Page 861 Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Caution: If RSA authentication type is defined, then the RSA public key of the client user must be configured on the switch. By default, no authentication type is specified for a new user, so they cannot access the switch.
Page 862 Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services V. Configuring client public keys You can configure RSA public keys for client users on the switch and specify RSA private keys, which correspond to the public keys, on the client. Then client keys are generated randomly by the SSHv2.0 client software.
Page 863 Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Operation Command Description Required Keyname is the name of an existing public key. If Assign public key to ssh user username assign the user already has a...
Page 864 Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Table 1-8 Specify source IP address for sending traffic packets Operation Command Description — Enter system view system-view Specify source IP address ssh-server source-ip ip-address Optional for SSH Server.
Page 865: Displaying Ssh Configuration
Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Note: In the initial authentication, if the SSH client does not have the public key for the server which it accesses for the first time, the client continues to access the server and save locally the public key of the server.
Page 866: Ssh Server Configuration Example
Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Operation Command Description Display the current source display ssh-server IP address specified for source-ip SSH Server. Display the current source IP address specified for display ssh2 source-ip SSHv2.0 Client.
Page 867 Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services [Quidway] user-interface vty 0 4 [Quidway-ui-vty0-4] authentication-mode scheme # Set the user interfaces to support SSH. [Quidway-ui-vty0-4] protocol inbound ssh # Configure the login protocol for the clinet001 user as SSH and authentication type as password.
Page 868: Ssh Client Configuration Example
Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services [Quidway-rsa-key-code] public-key-code end [Quidway-rsa-public-key] peer-public-key end [Quidway] ssh user client002 assign rsa-key quidway002 # Start the SSH client software on the host which stores the RSA private keys and make corresponding configuration to establish an SSH connection.
Page 869 Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services [Quidway-rsa-public-key] peer-public-key end [Quidway] ssh client 10.165.87.136 assign rsa-key public Start SSH client. Settings for the two authentication types are described respectively in the following: Use the password authentication and start the client using the default encryption algorithm.
Page 870: Sftp Service
Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services 1.2 SFTP Service 1.2.1 SFTP Overview Secure FTP (SFTP) is a new feature introduced in SSHv2.0. SFTP is established on SSH connections to secure remote users’ login to the switch, perform file management and file transfer (such as upgrade the system), and provide secured data transfer.
Page 871: Sftp Client Configuration
Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Table 1-14 Set connection timeout time Operation Command Description — Enter system view system-view Required Set timeout time for the sftp timeout By default, the connection...
Page 872 Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Command Operation View Description Key word Rename a file on the rename SFTP server Download a file from remote SFTP server Upload a local file to...
Page 873 Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Operation Command Description three commands have Disable the SFTP client exit same function. quit III. Operating with SFTP directories SFTP directory-related operations include: changing or displaying the current directory, creating or deleting a directory, displaying files or information of a specific directory.
Page 874 Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Operation Command Description Download a file from the get remote-file [ local-file ] remote SFTP server Upload a file to the remote put local-file [ remote-file ]...
Page 875: Sftp Configuration Example
Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Operation Command Description Optional Display current source address This command display sftp source-ip specified for the SFTP can be executed Client. in any view.
Page 876 Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services [Quidway] sftp 10.111.27.91 # Display the current directory on the SFTP server, delete file z and verify the operation. sftp-client> dir -rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 vrpcfg.cfg...
Page 877 Operation Manual - SSH Terminal Services Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services drwxrwxrwx 1 noone nogroup 0 Sep 02 06:33 new2 # Download file pubkey2 and rename it to public. sftp-client> get pubkey2 public Remote file:flash:/pubkey2 --->...
Page 878 Operation Manual – File System Management Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 File System Management and Configuration............1-1 1.1 File Attribute Configuration ....................1-1 1.1.1 Introduction to File Attributes .................. 1-1 1.1.2 Configuring File Attributes..................1-2 1.2 File System Configuration....................
Page 879: File Attribute Configuration
Operation Manual – File System Management Chapter 1 File System Management and Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Chapter 1 File System Management and Configuration 1.1 File Attribute Configuration 1.1.1 Introduction to File Attributes An app file is an executable file, with .bin as the extension. A configuration file is used to store and restore configuration, with .cfg as the extension.
Page 880: Configuring File Attributes
Operation Manual – File System Management Chapter 1 File System Management and Quidway S5600 Series Ethernet Switches-Release 1510 Configuration File operations and file attribute operations are independent of each other. For example, if you delete a file with the main attribute from the Flash memory, the main attribute is not deleted.
Page 881: File System Configuration
Operation Manual – File System Management Chapter 1 File System Management and Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Caution: Before configuring the main or backup attribute for a file in the fabric, make sure the file already exists on all devices in the fabric.
Page 882: Directory Operations
Operation Manual – File System Management Chapter 1 File System Management and Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Note: For Ethernet switches that support IRF (intelligent resilient framework), you can input a file path and file name in one of the following ways: In URL (universal resource locator) format and starting with “unit[No.]>flash:/”...
Page 883 Operation Manual – File System Management Chapter 1 File System Management and Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Note: In the output information of the dir /all command, deleted files (that is, those in the recycle bin) are embraced in brackets.
Page 884: Flash Operations
Operation Manual – File System Management Chapter 1 File System Management and Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Operation Command Description copy fileurl-source Copy a file Optional fileurl-dest move fileurl-source Move a file Optional fileurl-dest Optional Display the content...
Page 885: Prompt Mode Configuration
Operation Manual – File System Management Chapter 1 File System Management and Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Caution: The format operation leads to the loss of all files, including the configuration files, on the Flash memory and is irretrievable.
Page 886: Configuration Backup And Restore
Operation Manual – File System Management Chapter 1 File System Management and Quidway S5600 Series Ethernet Switches-Release 1510 Configuration Copy unit1>flash:/vrpcfg.cfg to unit1>flash:/test/1.cfg?[Y/N]:y %Copy file unit1>flash:/vrpcfg.cfg to unit1>flash:/test/1.cfg...Done. # Display the file information after the copy operation. dir /all Directory of unit1>flash:/...
Page 887 Operation Manual – File System Management Chapter 1 File System Management and Quidway S5600 Series Ethernet Switches-Release 1510 Configuration The configurations of different units in the fabric system can be saved in different .cfg configuration files on the TFTP server. These configuration files correspond to different unit IDs.
Page 888: Ftp Lighting Configuration
FTP client is uploading file to the FTP server (the S5600 switch), and will stop rotating when the file uploading is finished, as show in Figure 2-1. Huawei Technologies Proprietary...
Page 889 FTP client (the S5600 switch) is downloading file from a FTP server, and will stop rotating when the file downloading is finished, as show in Figure 2-1. Huawei Technologies Proprietary...
Page 890: Tftp Lighting Configuration
The TFTP file transfer is initiated by a client: When a file needs to be downloaded, the client sends a read request to the TFTP server. It then receives data from the server and sends acknowledgement to the server. Huawei Technologies Proprietary...
Page 891: Tftp Lighting Procedure
Table 2-3 Download file from an TFTP server to the switch acting as an TFTP client Device Operation Command Description Required detailed Enable TFTP configuration, refer to TFTP server — server configuration instruction relevant to TFTP server. Huawei Technologies Proprietary...
Page 892 Device Operation Command Description Log into a remote Required TFTP server, tftp tftp-server get This command should TFTP client download source-file be executed in user save a remote file [ dest-file ] view. to the local device Huawei Technologies Proprietary...
Page 893 Operation Manual – FTP and TFTP Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 FTP and TFTP Configuration ..................1-1 1.1 FTP Configuration......................1-1 1.1.1 Introduction to FTP....................1-1 1.1.2 FTP Configuration: A Switch Operating as an FTP Server........1-2 1.1.3 Configuration Example: A Switch Operating as an FTP Server ......
Page 894: Ftp Configuration
Operation Manual – FTP and TFTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Chapter 1 FTP and TFTP Configuration 1.1 FTP Configuration 1.1.1 Introduction to FTP FTP (file transfer protocol) is commonly used in IP-based networks to transmit files.
Page 895 Operation Manual – FTP and TFTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Device Configuration Default Description Log into the switch through an FTP client — — application. Caution: The FTP-related functions require that the route between a FTP client and the FTP server is reachable.
Page 896 Operation Manual – FTP and TFTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Network Network Network Network Switch Switch Figure 1-1 Network diagram for FTP configurations The following configurations are performed on the FTP server:...
Page 897 Operation Manual – FTP and TFTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Note: Only one user can access an S5600 switch at a given time when the latter operates as an FTP server. FTP services are implemented in this way: An FTP client sends FTP requests to the FTP server.
Page 898 Operation Manual – FTP and TFTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Note: The specified interface must be an existing one, and otherwise a prompt appears to show the configuration fails. The value of argument ip-address must be an IP address on the device where the configuration is performed, and otherwise a prompt appears to show the configuration fails.
Page 899 Operation Manual – FTP and TFTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Operation Command Description Display the source IP display ftp-server address set for an FTP source-ip server Display the login FTP display ftp-user clients on an FTP server 1.1.3 Configuration Example: A Switch Operating as an FTP Server...
Page 900 Operation Manual – FTP and TFTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration [Quidway] local-user switch [Quidway-luser-switch] password simple hello [Quidway-luser-switch] service-type ftp Run an FTP client application on the PC to connect to the FTP server. Upload the application named switch.bin to the root directory of the Flash memory of the...
Page 901 Operation Manual – FTP and TFTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Caution: If available space on the Flash memory of the switch is not enough to hold the file to be uploaded, you need to delete files from the Flash memory to make room for the file.
Page 902 Operation Manual – FTP and TFTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Operation Command Description Optional Specify to transfer files in default, files ascii ASCII characters transferred ASCII characters. Specify to transfer files in...
Page 903 Operation Manual – FTP and TFTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Operation Command Description Terminate the current FTP connection and quit to quit Optional user view Terminate the current FTP control connection Optional...
Page 904 Operation Manual – FTP and TFTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Operation Command Description Display the source IP address so that the FTP This command can be client always uses it to display ftp source-ip executed in any view.
Page 905 Operation Manual – FTP and TFTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration II. Network diagram Network Network Network Network Switch Switch Figure 1-3 Network diagram for FTP configurations III. Configuration procedure Perform FTP server–related configurations on the PC, that is, create a user account on the FTP server with user name “switch”...
Page 906: Tftp Configuration
Operation Manual – FTP and TFTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration [ftp] # Enter the authorized directory on the FTP server. [ftp] cd switch # Run the put command to upload the configuration file named vrpcfg.cfgto the FTP server.
Page 907 Operation Manual – FTP and TFTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration To upload a file, a client sends writing request packets to the TFTP server, sends data to the TFTP server, and then receives acknowledgement packets from the TFTP server.
Page 908 Operation Manual – FTP and TFTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration 1.2.2 TFTP Configuration I. Prerequisites A switch operates as a TFTP client and a remote PC as the TFTP server. The network operates properly, as shown in Figure 1-4.
Page 909 Operation Manual – FTP and TFTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Operation Command Description Enter system view — system-view Specify source interface so that the TFTP tftp source-interface client always uses it to...
Page 910 Operation Manual – FTP and TFTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration The IP address of a VLAN interface on the switch is 1.1.1.1. The port through which the switch connects with the PC belongs to the VLAN. The IP address of the PC is 1.1.1.2.
Page 911 Operation Manual – FTP and TFTP Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration [Quidway-vlan-interface1] ip address 1.1.1.1 255.255.255.0 [Quidway-vlan-interface1] quit # Download the switch application named switch.bin from the TFTP server to the switch. tftp 1.1.1.2 get switch.bin switch.bin # Upload the switch configuration file named vrpcfg.cfg to the TFTP server.
Page 912 Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Information Center....................... 1-1 1.1 Information Center Overview ..................... 1-1 1.2 Information Center Configuration..................1-5 1.2.1 Enabling Synchronous Terminal Output ..............1-6 1.2.2 Enabling Information Output to a Log Host.............
Page 913: Information Center Overview
Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Chapter 1 Information Center 1.1 Information Center Overview Information center is an indispensable part of Ethernet switches and exists as an information hub of system software modules. The information center manages most information outputs;...
Page 914 Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center It refers to the system name of the host, which is “Quidway” by default. You can modify the host name with the sysname command. Refer to System Maintaining and Debugging part of the manual for detailed operations.
Page 915 Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Module name Description Forwarding module Fabric topology management module FTMCMD Fabric topology management command module FTPS FTP server module High availability module HABP Huawei authentication bypass protocol module...
Page 916 Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Module name Description PORTSEC Port Security module PPRDT Protocol packet redirect module QACL Quality of service / access control list module QOSF Traffic management module...
Page 917: Information Center Configuration
Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Switch information falls into three categories: log information, debugging information and trap information. The information center classifies the information into eight levels by severity or emergency. The higher the information severity is, the lower the corresponding level is.
Page 918 Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Table 1-3 Information channel names and numbers Output direction Channel number Default channel name Console console Monitor terminal monitor Log host loghost Trap buffer trapbuffer...
Page 919: Enabling Information Output To A Log Host
Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Note: Running the info-center synchronous command during debugging information collection may result in a command prompt echoed after each item of debugging information. To avoid unnecessary output, it is recommended that you disable synchronous terminal output in such cases.
Page 920 Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Operation Command Description info-center source { modu-name | default } Define channel { channel-number | Required information source channel-name } [ { log | trap...
Page 921 Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Operation Command Description info-center source { modu-name | default } Define channel { channel-number | Required information source channel-name } [ { log | trap...
Page 922 Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center 1.2.4 Enabling Information Output to a Monitor Terminal Table 1-8 lists the related configurations on the switch. Table 1-8 Enable information output to a monitor terminal...
Page 923: Enabling Information Output To The Log Buffer
Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center For example, to view log information of the switch on a monitor terminal, you need to not only enable log information output to the monitor terminal, but also enable log information terminal display function with the terminal logging command.
Page 924: Enabling Information Output To The Trap Buffer
Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Operation Command Description info-center source { modu-name | default } Define channel { channel-number | Required information source channel-name } [ { log | trap...
Page 925 Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Operation Command Description Optional This is to set the time stamp format info-center timestamp { log | trap Set the format of log/debugging/trap | debugging } { boot | date | time stamp information output.
Page 926: Displaying And Debugging Information Center Configuration
Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Note: To view debug information of specific modules, you need to set the information type as debug in the info-center source command, and enable debugging on corresponding modules with the debugging command as well.
Page 927: Information Center Configuration Examples
Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center 1.4 Information Center Configuration Examples 1.4.1 Log Output to a Unix Log Host I. Network requirements The switch sends the following log information in English to the Unix log host whose IP address is 202.38.1.10: the log information of the two modules ARP and IP, with...
Page 928: Log Output To A Linux Log Host
Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center # mkdir /var/log/Quidway # touch /var/log/Quidway/information Step 2: Edit the file “/etc/syslog.conf” as the superuser (root user) to add the following selector/action pair. # Quidway configuration messages local4.info...
Page 929 Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center II. Network diagram Network Network Switch Switch Switch Figure 1-2 Network diagram for log output to a Linux log host III. Configuration procedure Configure the switch: # Enable the information center.
Page 930: Log Output To The Console
Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Note: Note the following items when you edit file “/etc/syslog.conf”. A note must start in a new line following a “#" sign. In each pair, a tab should be used as a separator instead of a space.
Page 931 Operation Manual – Information Center Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 Information Center II. Network diagram console console console console Switch Switch Switch Switch Figure 1-3 Network diagram for log output to the console III. Configuration procedure # Enable the information center.
Page 932 Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 BootROM and Host Software Loading ..............1-1 1.1 Introduction to Loading Approaches .................. 1-1 1.2 Local Software Loading ..................... 1-1 1.2.1 Boot Menu .......................
Page 933 Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents 4.2.5 Updating the BootROM ................... 4-3 4.2.6 Updating the Host Software in the Fabric ............... 4-3 4.3 Displaying the Device Management Configuration............4-3 4.4 Remote Switch Update Configuration Example ..............4-4...
Page 934: Introduction To Loading Approaches
Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Chapter 1 BootROM and Host Software Loading Traditionally, the loading of switch software is accomplished through a serial port. This approach is slow, inconvenient, and cannot be used for remote loading.
Page 935: Boot Menu
Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Note: The loading process of the BootROM software is the same as that of the host software, except that during the former process, you should press and after entering the Boot Menu and the system gives different prompts.
Page 936: Loading Software Using Xmodem Through Console Port
Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading 1. Download application file to flash 2. Select application file to boot 3. Display all files in flash 4. Delete file from flash 5.
Page 937 Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Step 2: Enter 3 in the above menu to download the BootROM software using XMODEM. The system displays the following download baud rate setting menu: Please select your download baudrate: 1.* 9600...
Page 938 Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Figure 1-1 Properties dialog box Figure 1-2 Console port configuration dialog box Huawei Technologies Proprietary...
Page 939 Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Step 5: Click the button to disconnect the HyperTerminal from the switch and then click the button to reconnect the HyperTerminal to the switch, as shown in Figure 1-3.
Page 940 Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Figure 1-5 Sending file page Step 9: After the download completes, the system displays the following information: Loading ...CCCCCCCCCC done! Step 10: Reset HyperTerminal’s baud rate to 9600 bps (refer to Step 4 and 5).
Page 941: Loading Software Using Tftp Through Ethernet Port
Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3): Step 2: Enter 3 in the above menu to download the host software using XMODEM.
Page 942 Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading At the prompt "Enter your choice(0-9):" in the Boot Menu, press <6> or , and then press to enter the BootROM update menu shown below: Bootrom update menu: 1.
Page 943: Loading Software Using Ftp Through Ethernet Port
Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Caution: When loading BootROM and host software using Boot menu, you are recommended to use the PC directly connected to the device as TFTP server to promote upgrading reliability.
Page 944 Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Bootrom update menu: 1. Set TFTP protocol parameter 2. Set FTP protocol parameter 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3): Step 4: Enter 2 in the above menu to download the BootROM software using FTP.
Page 945: Remote Software Loading
Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Caution: When loading BootROM and host software using Boot menu, you are recommended to use the PC directly connected to the device as TFTP server to promote upgrading reliability.
Page 946 Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading 331 Give me your password, please Password: 230 Logged in successfully [ftp] get s5600.btm [ftp] bye Note: When using different FTP server software on PC, different information will be output to the switch.
Page 947 Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading II. Loading Process Using FTP Server As shown in Figure 1-9, the switch is used as the FTP server. You can telnet to the switch, and then execute the FTP commands to download the BootROM program s5600.btm from the switch.
Page 948 Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading [Quidway-luser-test] service-type ftp Step 4: Enable FTP client software on PC. Refer to Figure 1-10 for the command line interface in Windows operating system.
Page 949 Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Step 6: Enter “ftp 192.168.0.56” and enter the user name test, password pass, as shown in Figure 1-12, to log on the FTP server.
Page 950: Remote Loading Using Tftp
Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Upgrading Bootrom, please wait... Upgrade Bootrom succeeded! reboot When rebooting the switch, use the file s5600.btm as BootROM to finish BootROM loading.
Page 951: Basic System Configuration
Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration & Quidway S5600 Series Ethernet Switches-Release 1510 Debugging Chapter 2 Basic System Configuration & Debugging 2.1 Basic System Configuration 2.1.1 Basic System Configuration Tasks Table 2-1 Basic system configuration tasks...
Page 952: Setting The Summer Time
Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration & Quidway S5600 Series Ethernet Switches-Release 1510 Debugging 2.1.3 Setting the System Name of the Switch Table 2-3 Set the system name of the switch Operation Command Description...
Page 953 Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration & Quidway S5600 Series Ethernet Switches-Release 1510 Debugging When the system reaches the specified end time, it automatically subtracts the specified offset from the current time, so as to toggle the summer time to normal system time.
Page 954: Displaying The System Status
Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration & Quidway S5600 Series Ethernet Switches-Release 1510 Debugging 2.2 Displaying the System Status You can use the following display commands to check the status and configuration information about the system. For information about protocols and ports, and the associated display commands, refer to relevant sections.
Page 955 Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration & Quidway S5600 Series Ethernet Switches-Release 1510 Debugging Debugging information Debugging information Protocol debugging switches Protocol debugging switches Terminal display switches Terminal display switches Figure 2-1 Debugging information outpu You can use the following commands to operate the two kinds of switches.
Page 956 Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration & Quidway S5600 Series Ethernet Switches-Release 1510 Debugging 2.3.2 Displaying Debugging Status Table 2-12 Display the current debugging status in the system Operation Command Description display debugging [ fabric |...
Page 957: Network Connectivity Test
Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Network Connectivity Test Chapter 3 Network Connectivity Test 3.1 Network Connectivity Test 3.1.1 ping You can use the ping command to check the network connectivity and the reachability of a host.
Page 958 Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 3 Network Connectivity Test Table 3-2 The tracert command Operation Command Description Trace the gateways packet passes tracert [ -a source-ip ] [ -f first-ttl ]...
Page 959: Introduction To Device Management
Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 Device Management Chapter 4 Device Management 4.1 Introduction to Device Management The device management function of the Ethernet switch can report the current status and event-debugging information of the boards to you. Through this function, you can maintain and manage your physical device, and restart the system when some functions of the system are abnormal.
Page 960: Scheduling A Reboot On The Switch
Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 Device Management Note: When rebooting, the system checks whether there is any configuration change. If there is, it prompts you to indicate whether or not to proceed. This prevents you from losing your original configuration due to oblivion after system reboot.
Page 961: Updating The Bootrom
Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 Device Management Table 4-4 Specify the APP to be adopted at reboot Operation Command Description Specify the APP to boot boot-loader adopted backup-attribute file-url Optional...
Page 962: Remote Switch Update Configuration Example
Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 Device Management Table 4-7 Display the operating status of the device management Operation Command Description Display the APP to be display boot-loader adopted at reboot...
Page 963 Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 Device Management Configure an FTP user, whose name and password are switch and hello respectively. Authorize the user with the read-write right of the Switch directory on the PC.
Page 964 Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 Device Management Caution: If the Flash memory of the switch is not sufficient, delete the original applications in it before downloading the new ones. # Initiate an FTP connection with the following command in user view. Input the correct user name and password to log into the FTP server.
Page 965 Operation Manual – System Maintenance and Debugging Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 4 Device Management The current boot app is: switch.bin The main boot app is: switch.bin The backup boot app is: reboot Huawei Technologies Proprietary...
Page 966 Operation Manual – VLAN VPN Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 VLAN-VPN Configuration.................... 1-1 1.1 VLAN-VPN Overview ......................1-1 1.1.1 Introduction to VLAN-VPN ..................1-1 1.1.2 Implementation of VLAN-VPN................. 1-1 1.2 VLAN-VPN Configuration ....................1-2 1.2.1 Configuration Prerequisites..................
Page 967: Chapter 1 Vlan-Vpn Configuration
Operation Manual – VLAN VPN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VLAN-VPN Configuration Chapter 1 VLAN-VPN Configuration 1.1 VLAN-VPN Overview 1.1.1 Introduction to VLAN-VPN The VLAN-VPN function enables packets to be transmitted across the operators’ backbone networks with VLAN tags of private networks encapsulated in those of public networks.
Page 968: Vlan-Vpn Configuration
Operation Manual – VLAN VPN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VLAN-VPN Configuration packet. Otherwise, the packet becomes a packet carrying the default VLAN tag of the port. 1.2 VLAN-VPN Configuration 1.2.1 Configuration Prerequisites GARP VLAN registration protocol (GVRP), GARP multicast registration protocol (GMRP), neighbor topology discovery protocol (NTDP), spanning tree protocol (STP) , 802.1x protocol,and Centralized MAC address authentication are disabled...
Page 969: Inner Vlan Tag Priority Replication Configuration
Operation Manual – VLAN VPN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VLAN-VPN Configuration Note: After you enable the VLAN-VPN function for a port, you cannot change the attribute of the port to trunk or hybrid, or enable GVRP, GMRP, NTDP, STP, 802.1x, and Centralized MAC address authentication function for the port.
Page 970: Vlan-Vpn Configuration Example
Operation Manual – VLAN VPN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VLAN-VPN Configuration Caution: If you have configured the port priority, (refer to the ”QoS&QoS profile” part of Quidway S5600 Series Ethernet Switches Operation Manual), after you configure to replicate the tag priority of the inner VLAN tag of a VLAN-VPN packet, the switch will prompt that the port priority configuration on the current port is disabled.
Page 971 Operation Manual – VLAN VPN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VLAN-VPN Configuration # Set the TPID value of GigabitEthernet1/0/2 port of Switch A to 0x9100, and add the port to VLAN 10. system-view [SwitchA] vlan 10...
Page 972 Operation Manual – VLAN VPN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 VLAN-VPN Configuration Note: The following describes how a packet is forwarded from Switch A to Switch C. As the GigabitEthernet1/0/1 port of Switch A is a VLAN-VPN port, when a packet from the user’s private network side reaches GigabitEthernet1/0/1 port of Switch A,...
Page 973: Chapter 2 Bpdu Tunnel Configuration
Operation Manual – VLAN VPN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 BPDU Tunnel Configuration Chapter 2 BPDU Tunnel Configuration 2.1 BPDU Tunnel Overview 2.1.1 Introduction to the BPDU Tunnel Function In MAN networking solutions, the requirements may arise that the branches of an enterprise be interconnected through the operator’s network.
Page 974: Bpdu Tunnel Configuration
Operation Manual – VLAN VPN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 BPDU Tunnel Configuration Before the device in the operator’s network forwards the packet to the destination user network, the device restores the original protocol-specific MAC address. This ensures the data portion of the packet is consistent with that before the packet enters the tunnel.
Page 975: Configuration Prerequisites
Operation Manual – VLAN VPN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 BPDU Tunnel Configuration 2.2.1 Configuration Prerequisites One or more protocols among LACP, NDP, CDP, and VTP operate properly on the devices. 2.2.2 Configuring BPDU Tunnel Table 2-1 Configure BPDU Tunnel...
Page 976 Operation Manual – VLAN VPN Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 2 BPDU Tunnel Configuration II. Network diagram Customer 2 Customer 2 Customer 2 GE1/0/1 GE1/0/1 GE1/0/1 GE1/0/4 GE1/0/4 GE1/0/4 GE1/0/3 GE1/0/3 GE1/0/3 Provider 2 Provider 2 GE1/0/2 GE1/0/2...
Page 977 Operation Manual - HWPing Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 HWPing Configurations ....................1-1 1.1 Introduction to HWPing ...................... 1-1 1.2 HWPing Configuration ....................... 1-1 1.2.1 Introduction to HWPing Configuration..............1-1 1.2.2 Configuring HWPing....................1-2 1.2.3 Displaying HWPing Configuration ................
Page 978: Chapter 1 Hwping Configurations
Operation Manual - HWPing Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 HWPing Configurations Chapter 1 HWPing Configurations 1.1 Introduction to HWPing HWPing is a network diagnostic tool used to test the performance of protocols (only ICMP by far) operating on network. It is an enhanced alternative to the ping command.
Page 979: Configuring Hwping
Operation Manual - HWPing Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 HWPing Configurations Number of test packets sent in a test If this parameter is set to a number greater than one, the system sends the second test packet once it receives a response to the first one, or when the test timer times out if it receives no response after sending the first one, and so forth until the last test packet is sent out.
Page 980: Displaying Hwping Configuration
Operation Manual - HWPing Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 HWPing Configurations Operation Command Description Optional Configure timeout time of the timeout time By default, the timeout test. time is 3 seconds. Execute the test test-enable Required 1.2.3 Displaying HWPing Configuration...
Page 981 Operation Manual - HWPing Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 HWPing Configurations # Set the number of test packets sent in a test to 10. [Quidway-hwping-administrator-icmp] count 10 # Set the timeout time of test operations to 5.
Page 982 Operation Manual - DNS Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 DNS Configuration....................... 1-1 1.1 DNS Overview ........................1-1 1.1.1 Static Domain Name Resolution ................1-1 1.1.2 Dynamic Domain Name Resolution ................ 1-1 1.2 Configuring Static Domain Name Resolution ..............
Page 983: Chapter 1 Dns Configuration
1.1.2 Dynamic Domain Name Resolution I. Resolving procedure Huawei-3Com’s router supports the following dynamic domain name resolution procedures. The relationships of the user program, DNS Client and DNS Server are shown in Figure 1-1. A user program sends a name query to the resolver in the DNS Client.
Page 984 Operation Manual - DNS Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DNS Configuration Request Request Request Request User program User program Resolver Resolver Response Response Response Response DNS Server DNS Server Save Save Read Read Cache Cache DNS Client...
Page 985: Configuring Static Domain Name Resolution
Operation Manual - DNS Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DNS Configuration 1.2 Configuring Static Domain Name Resolution Table 1-1 Configure static domain name resolution: Operation Command Description Enter system system-view — view Required Create hostname to IP...
Page 986: Dns Configuration Example
Operation Manual - DNS Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DNS Configuration 1.3.2 DNS Configuration Example I. Network requirements As shown in Figure 1-2, S5600 is used as a DNS Client with dynamic domain name resolution to visit host 1 with IP address 3.1.1.1/16. The DNS Server has IP address 2.1.1.2/16.
Page 987: Troubleshooting Dns Configuration
Operation Manual - DNS Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1 DNS Configuration execute the reset command to clear the information stored in the caching memory of dynamic domain name resolution. Table 1-3 Display and maintain DNS Operation Command…...
Page 988 Operation Manual - Appendix Quidway S5600 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Appendix A Acronyms ........................A-1...
Page 989 Operation Manual - Appendix Quidway S5600 Series Ethernet Switches-Release 1510 Appendix A Acronyms Appendix A Acronyms Authentication, Authorization and Accounting Area Border Router Access Control List Address Resolution Protocol Autonomous System ASBR Autonomous System Border Router Backup Designated Router Committed Access Rate...
Page 990 Operation Manual - Appendix Quidway S5600 Series Ethernet Switches-Release 1510 Appendix A Acronyms ICMP Internet Control Message Protocol IGMP Internet Group Management Protocol Interior Gateway Protocol Internet Protocol Link State Advertisement LSDB Link State DataBase Medium Access Control Management Information Base...
Page 991 Operation Manual - Appendix Quidway S5600 Series Ethernet Switches-Release 1510 Appendix A Acronyms TFTP Trivial File Transfer Protocol Type of Service Time To Live User Datagram Protocol VLAN Virtual LAN Video On Demand VRRP Virtual Router Redundancy Protocol Weighted Round Robin...

Huawei Quidway S5600 Series Operation Manual

Table of Contents

Chapter 3 Product Overview

Chapter 1 Obtaining the Documentation

Chapter 2 Documentation and Software Version

Chapter 4 Networking Applications

CLI Overview

Chapter 8 User Control

Chapter 6 Igmp Configuration

Quick Links

Chapters

Troubleshooting

Related Manuals for Huawei Quidway S5600 Series

Summary of Contents for Huawei Quidway S5600 Series