H3C LS-3100-52P-OVS-H3 User manual
H3C S5500-EI Series Ethernet Switches
Operation Manual
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Manual Version: 20090108-C-1.01
Product Version: Release 2202
Copyright © 2008-2009, Hangzhou H3C Technologies Co., Ltd. and its licensors
All Rights Reserved
No part of this manual may be reproduced or transmitted in any form or by any means without prior
written consent of Hangzhou H3C Technologies Co., Ltd.
Trademarks
H3C, , Aolynk, , H3Care,
, TOP G, , IRF, NetPilot, Neocean, NeoVTL,
SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V2G, VnG, PSPT,
XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co.,
Ltd.
All other trademarks that may be mentioned in this manual are the property of their respective owners.
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Technical Support
customer_service@h3c.com
http://www.h3c.com
About This Manual
Organization
H3C S5500-EI Series Ethernet Switches Operation Manual is organized as follows:
Volume Features
00-Product
Overview Product Overview Acronyms
Ethernet Interface Link Aggregation Port Isolation Service Loopback
Group
DLDP LLDP Smart Link Monitor Link
VLAN GVRP QinQ BPDU Tunneling
VLAN Mapping Ethernet OAM Connectivity
Fault Detection MSTP
01-Access
Volume
RRPP Port Mirroring
IP Addressing ARP DHCP DNS
IP Performance
Optimization UDP Helper URPF IPv6 Basics
02-IP Services
Volume
Dual Stack Tunneling sFlow
IP Routing
Overview Static Routing RIP OSPF
IS-IS BGP
IPv6 Static
Routing RIPng
OSPFv3 IPv6 IS-IS IPv6 BGP Route Policy
03-IP Routing
Volume
BFD MCE
Mulitcast Overview Multicast Routing
and Forwarding IGMP PIM
MSDP MBGP IGMP Snooping Multicast VLAN
IPv6 Multicast
Routing and
Forwarding MLD IPv6 PIM IPv6 MBGP
04-Multicast
Volume
MLD Snooping IPv6 Multicast
VLAN
05-QoS Volume QoS User Profile
AAA 802.1X HABP MAC Authentication
Portal Port Security IP SourceGuard SSH2.0
06-Security
Volume PKI SSL Public Key ACL
Volume Features
Login Basic System
Configuration Device
Management File System
Management
HTTP SNMP RMON
MAC Address
Table Management
System
Maintaining and
Debugging
Information
Center PoE Track
NQA NTP VRRP Hotfix
Cluster
Management IRF Stack GR Overview Automatic
Configuration
07-System
Volume
IPC
Conventions
The manual uses the following conventions:
Command conventions
Convention Description
Boldface The keywords of a command line are in Boldface.
italic Command arguments are in italic.
[ ] Items (keywords or arguments) in square brackets [ ] are optional.
{ x | y | ... }
Alternative items are grouped in braces and separated by vertical bars.
One is selected.
[ x | y | ... ]
Optional alternative items are grouped in square brackets and
separated by vertical bars. One or none is selected.
{ x | y | ... } *
Alternative items are grouped in braces and separated by vertical bars.
A minimum of one or a maximum of all can be selected.
[ x | y | ... ] *
Optional alternative items are grouped in square brackets and
separated by vertical bars. Many or none can be selected.
&<1-n> The argument(s) before the ampersand (&) sign can be entered 1 to n
times.
# A line starting with the # sign is comments.
GUI conventions
Convention Description
Boldface Window names, button names, field names, and menu items are in
Boldface. For example, the New User window appears; click OK.
> Multi-level menus are separated by angle brackets. For example, File >
Create > Folder.
Symbols
Convention Description
Means reader be extremely careful. Improper operation may cause
bodily injury.
Means reader be careful. Improper operation may cause data loss or
damage to equipment.
Means an action or information that needs special attention to ensure
successful configuration or good performance.
Means a complementary description.
Means techniques helpful for you to make configuration with ease.
Related Documentation
In addition to this manual, each H3C S5500-EI Series Ethernet Switch documentation set includes the
following:
Manual Description
H3C S5500-EI Series Ethernet Switches
Installation Manual
It introduces the installation procedure,
commissioning, maintenance and monitoring of
the S5500-EI Series Ethernet switches.
H3C S5500-EI Series Ethernet Switches
Command Manual - Release 2202
It includes Feature List and Command Index,
Access Volume, IP Services Volume, IP Routing
Volume, IP Multicast Volume, QoS Volume,
Security Volume and System Volume
commands.
Obtaining Documentation
You can access the most up-to-date H3C product documentation on the World Wide Web at this URL:
http://www.h3c.com.
The following are the columns from which you can obtain different categories of product documentation:
[Products & Solutions]: Provides information about products and technologies, as well as solutions.
[Technical Support & Document > Technical Documents]: Provides several categories of product
documentation, such as installation, operation, and maintenance.
[Technical Support & Document > Product Support > Software]: Provides the documentation released
with the software version.
Documentation Feedback
We appreciate your comments.
i
Table of Contents
1 Obtaining the Documentation··················································································································1-1
CD-ROMs Shipped with the Devices······································································································1-1
H3C Website···········································································································································1-1
Software Release Notes ·························································································································1-1
2 Product Features·······································································································································2-1
Introduction to Product····························································································································2-1
Feature Lists ···········································································································································2-1
3 Features······················································································································································3-1
Access Volume ·······································································································································3-1
IP Services Volume·································································································································3-4
IP Routing Volume··································································································································3-5
Multicast Volume·····································································································································3-7
QoS Volume············································································································································3-9
Security Volume······································································································································3-9
System Volume·····································································································································3-11
1-1
1 Obtaining the Documentation
H3C Technologies Co., Ltd. provides various ways for you to obtain documentation, through which you
can obtain the product documentations and those concerning newly added new features. The
documentations are available in one of the following ways:
zCD-ROMs shipped with the devices
zH3C website
zSoftware release notes
CD-ROMs Shipped with the Devices
H3C delivers a CD-ROM together with each device. The CD-ROM contains a complete product
document set, including the operation manual and command manual. After installing the reader
program provided by the CD-ROM, you can search for the desired contents in a convenient way
through the reader interface.
The contents in the manual are subject to update on an irregular basis due to product version upgrade
or some other reasons. Therefore, the contents in the CD-ROM may not be the latest version. For the
latest software documentation, go to the H3C website.
H3C Website
Perform the following steps to query and download the product documentation from the H3C website.
Table 1-1 Download documentation from the H3C website
How to apply for an
account
Access the homepage of H3C at http://www.h3c.com and click
Registration at the top right. In the displayed page, provide your
information and click Submit to register.
How to get
documentation
In the homepage, select Technical Support & Document > Technical
Documents from the navigation bar at the top.
Select a product for its documents.
Software Release Notes
With software upgrade, new software features may be added. You can acquire the information about
the newly added software features through software release notes.
2-1
2 Product Features
Introduction to Product
H3C S5500-EI Series Ethernet Switches are Gigabit Ethernet switching products developed by
Hangzhou H3C Technologies Co., Ltd. The S5500-EI series switches have abundant service features.
They are designed as distribution and access devices for intranets and metropolitan area networks
(MANs). They can also be used for connecting server groups in data centers.
The S5500-EI series switches support the innovative Intelligent Resilient Framework (IRF) technology.
With IRF, multiple S5500-EI switches can be interconnected as a logical entity to form a new intelligent
network featuring high availability, scalability, and manageability.
Feature Lists
The S5500-EI series support abundant features and the related documents are divided into the
volumes as listed in Table 2-1.
Table 2-1 Feature list
Volume Features
Ethernet Interface Link Aggregation Port Isolation Service Loopback
Group
DLDP LLDP Smart Link Monitor Link
VLAN GVRP QinQ BPDU Tunneling
VLAN Mapping Ethernet OAM Connectivity Fault
Detection MSTP
01-Access
Volume
RRPP Port Mirroring
IP Addressing ARP DHCP DNS
IP Performance
Optimization UDP Helper URPF IPv6 Basics
02-IP Services
Volume
Dual Stack Tunneling sFlow
IP Routing
Overview Static Routing RIP OSPF
IS-IS BGP IPv6 Static
Routing RIPng
OSPFv3 IPv6 IS-IS IPv6 BGP Route Policy
03-IP Routing
Volume
BFD MCE
2-2
Volume Features
Mulitcast
Overview Multicast Routing
and Forwarding IGMP PIM
MSDP MBGP IGMP Snooping Multicast VLAN
IPv6 Multicast
Routing and
Forwarding MLD IPv6 PIM IPv6 MBGP
04-Multicast
Volume
MLD Snooping IPv6 Multicast
VLAN
05-QoS Volume QoS User Profile
AAA 802.1X HABP
MAC
Authentication
Portal Port Security IP Source Guard SSH2.0
06-Security
Volume
PKI SSL Public Key ACL
Login Basic System
Configuration Device
Management File System
Management
HTTP SNMP RMON
MAC Address
Table
Management
System
Maintaining and
Debugging
Information
Center PoE Track
NQA NTP VRRP Hotfix
Cluster
Management IRF Stack GR Overview Automatic
Configuration
07-System
Volume
IPC
3-1
3 Features
The following sections provide an overview of the main features of each module supported by the
S5500-EI series.
Access Volume
Table 3-1 Features in Access volume
Features Description
Ethernet Interface
This document describes:
zBasic Ethernet Interface Configuration
zCombo Port Configuration
zConfiguring Flow Control on an Ethernet Interface
zConfiguring the Suppression Time of Physical-Link-State Change on
an Ethernet Interface
zConfiguring Loopback Testing on an Ethernet Interface
zConfiguring a Port Group
zConfiguring Storm Suppression
zSetting the Interval for Collecting Ethernet Interface Statistics
zEnabling Forwarding of Jumbo Frames
zEnabling Loopback Detection on an Ethernet Interface
zConfiguring the MDI Mode for an Ethernet Interface
zTesting the Cable on an Ethernet Interface
zConfiguring the Storm Constrain Function on an Ethernet Interface
Link Aggregation
Link aggregation aggregates multiple physical Ethernet ports into one
logical link. This document describes:
zBasic Concepts of Link Aggregation
zConfiguring an Aggregation Group
zConfiguring an Aggregate Interface
zConfiguring a Load Sharing Mode for Load-Sharing Link Aggregation
Groups
Port Isolation
The port isolation feature allows you to isolate different ports within the
same VLAN. This document describes:
zIntroduction to Port Isolation
zConfiguring the Isolation Group
Service Loopback
Group
To increase service redirecting throughput, you can bundle multiple
service loopback ports into a logical link, called a service loopback group.
This document describes:
zIntroduction to Service Loopback Groups
zConfiguring a Service Loopback Group
3-2
Features Description
DLDP
In the use of fibers, link errors, namely unidirectional links, are likely to
occur. DLDP is designed to detect such errors. This document describes:
zDLDP Introduction
zEnabling DLDP
zSetting DLDP Mode
zSetting the Interval for Sending Advertisement Packets
zSetting the DelayDown Timer
zSetting the Port Shutdown Mode
zConfiguring DLDP Authentication
zResetting DLDP State
LLDP
LLDP enables a device tomaintain and manage its own and its immediate
neighbor’s device information, based on which the network management
system detects and determines the conditions of the communications
links. This document describes:
zIntroduction to LLDP
zPerforming Basic LLDP Configuration
zConfiguring the Encapsulation Format for LLDPDUs
zConfiguring the Encapsulation Format of the Management Address
zConfiguring CDP Compatibility
zConfiguring LLDP Trapping
Smart Link
Smart Link is a solution for active-standby link redundancy backup and
rapid transition in dual-uplink networking. This document describes:
zSmart Link Overview
zConfiguring a Smart Link Device
zConfiguring an Associated Device
Monitor Link
Monitor link is a port collaboration function used to enable a device to be
aware of the up/down state change of the ports on an indirectly connected
link. This document describes:
zMonitor Link Overview
zConfiguring Monitor Link
VLAN
Using the VLAN technology, you can partition a LAN into multiple logical
LANs. This document describes:
zIntroduction to VLAN
zTypes of VLAN
zIntroduction and Configuration of Isolate-user-vlan
zIntroduction and Configuration of Voice VLAN
GVRP
GVRP is a GARP application. This document describes:
zGARP overview
zGVRP configuration
zGARP Timers configuration
QinQ
As defined in IEEE802.1Q, 12 bits are used to identify a VLAN ID, so a
device can support a maximum of 4094 VLANs. The QinQ feature
extends the VLAN space by allowing Ethernet frames to travel across the
service provider network with double VLAN tags. This document
describes:
zIntroduction to QinQ
zConfiguring basic QinQ
zConfiguring Selective QinQ
zConfiguring the TPID Value in VLAN Tags
3-3
Features Description
BPDU Tunneling
BPDU tunneling enables transparently transmission of customer network
BPDU frames over the service provider network. This document
describes:
zIntroduction to BPDU Tunneling
zConfiguring BPDU Transparent Transmission
zConfiguring Destination Multicast MAC Address for BPDU Tunnel
Frames
VLAN Mapping
The VLAN mapping feature maps CVLAN tags to SVLAN tags. This
document describes:
zConfiguring One-to-One VLAN Mapping
zConfiguring Many-to-One VLAN Mapping
zConfiguring Two-to-Two VLAN Mapping
Ethernet OAM
Ethernet OAM is a tool monitoring Layer-2 link status. It helps network
administrators manage their networks effectively. This document
describes:
zEthernet OAM overview
zConfiguring Basic Ethernet OAM Functions
zConfiguring Link Monitoring
zEnabling OAM Loopback Testing
Connectivity Fault
Detection
Connectivity fault detection is an end-to-end, per-VLAN link-layer OAM
mechanism for link connectivity detection, fault verification, and fault
location. This document describes:
zConnectivity Fault Detection Overview
zBasic Configuration Tasks
zConfiguring CC on MEPs
zConfiguring LB on MEPs
zConfiguring LT on MEPs
MSTP
MSTP is used to eliminate loops in a LAN. It is compatible with STP and
RSTP. This document describes:
zIntroduction to MSTP
zConfiguring the Root Bridge
zConfiguring Leaf Nodes
zPerforming mCheck
zConfiguring Digest Snooping
zConfiguring No Agreement Check
zConfiguring Protection Functions
RRPP
RRPP is a link layer protocol designed for Ethernet rings. RRPP can
prevent broadcast storms caused by data loops when an Ethernet ring is
healthy, and rapidly restore the communication paths between the nodes
after a link is disconnected on the ring. This document describes:
zRRPP overview
zConfiguring Master Node
zConfiguring Transit Node
zConfiguring Edge Node
zConfiguring Assistant Edge Node
zConfiguring Ring Group
3-4
Features Description
Port Mirroring
Port mirroring copies packets passing through a port to another port
connected with a monitoring device for packet analysis to help implement
network monitoring and troubleshooting. This document describes:
zPort Mirroring overview
zLocal port mirroring configuration
zRemote port mirroring configuration
IP Services Volume
Table 3-2 Features in the IP Services volume
Features Description
IP Addressing
An IP address is a 32-bit address allocated to a network interface on a
device that is attached to the Internet. This document describes:
zIntroduction to IP addresses
zIP address configuration
ARP
Address Resolution Protocol (ARP) is used to resolve an IP address into a
data link layer address. This document describes:
zARP Overview
zConfiguring ARP
zConfiguring Gratuitous ARP
zProxy ARP and Local Proxy ARP configuration
zARP Attack Defense configuration
DHCP
DHCP is built on a client-server model, in which the client sends a
configuration request and then the server returns a reply to send
configuration parameters such as an IP address to the client. This
document describes:
zDHCP overview
zDHCP server configuration
zDHCP relay agent configuration
zDHCP Client configuration
zDHCP Snooping configuration
zBOOTP Client configuration
DNS
Used in the TCP/IP application, Domain Name System (DNS) is a
distributed database which provides the translation between domain name
and the IP address. This document describes:
zIntroduction to DNS
zConfiguring the DNS Client
zConfiguring the DNS Proxy
IP Performance
Optimization
In some network environments, you need to adjust the IP parameters to
achieve best network performance. This document describes:
zIP performance overview
zEnabling Reception and Forwarding of Directed Broadcasts to a
Directly Connected Network
zConfiguring TCP Attributes
zConfiguring ICMP to Send Error Packets
UDP Helper
UDP Helper functions as a relay agent that converts UDP broadcast
packets into unicast packets and forwards them to a specified server. This
document describes:
zUDP Helper overview
zUDP Helper configuration
3-5
Features Description
URPF
Unicast Reverse Path Forwarding (URPF) protects a network against
source address spoofing attacks. This document describes:
zURPF overview
zURPF configuration
IPv6 Basics
Internet protocol version 6 (IPv6), also called IP next generation (IPng),
was designed by the Internet Engineering Task Force (IETF) as the
successor to Internet protocol version 4 (IPv4). This document describes:
zIPv6 overview
zBasic IPv6 functions configuration
zIPv6 NDP configuration
zPMTU discovery configuration
zIPv6 TCP properties configuration
zICMPv6 packet sending configuration
zIPv6 DNS Client configuration
Dual Stack
A network node that supports both IPv4 and IPv6 is called a dual stack
node. A dual stack node configured with an IPv4 address and an IPv6
address can have both IPv4 and IPv6 packets transmitted. This document
describes:
zDual stack overview
zDual stack configuration
Tunneling
Tunneling is an encapsulation technique, which utilizes one network
transport protocol to encapsulate packets of another network transport
protocol and transfer them over the network. This document describes:
zTunneling overview
zIPv6 manually tunnel configuration
z6to4 tunnel configuration
zISATAP tunnel configuration
sFlow
Based on packet sampling, Sampled Flow (sFlow) is a traffic monitoring
technology mainly used to collect and analyze traffic statistics. This
document describes:
zsFlow Overview
zsFlow Configuration
IP Routing Volume
Table 3-3 Features in the IP Routing volume
Features Description
IP Routing Overview This document describes:
zIntroduction to IP routing and routing table
zRouting protocol overview
Static Routing
A static route is manually configured by the administrator. The proper
configuration and usage of static routes can improve network
performance and ensure bandwidth for important network applications.
This document describes:
zStatic route configuration
zDetecting Reachability of the Static Route’s Nexthop
3-6
Features Description
RIP
Routing Information Protocol (RIP) is a simple Interior Gateway Protocol
(IGP), mainly used in small-sized networks. This document describes:
zRIP basic functions configuration
zRIP advanced functions configuration
zRIP network optimization configuration
OSPF
Open Shortest Path First (OSPF) is an Interior Gateway Protocol based
on the link state developed by IETF. This document describes:
zEnabling OSPF
zConfiguring OSPF Areas
zConfiguring OSPF Network Types
zConfiguring OSPF Route Control
zConfiguring OSPF Sham Link
zConfiguring OSPF Network Optimization
zConfiguring OSPF Graceful Restart
IS-IS
Intermediate System-to-Intermediate System (IS-IS) is a link state
protocol, which uses the shortest path first (SPF) algorithm. This
document describes:
zConfiguring IS-IS Basic Functions
zConfiguring IS-IS Routing Information Control
zTuning and Optimizing IS-IS Networks
zConfiguring IS-IS Authentication
zConfiguring System ID to Host Name Mappings
zConfiguring IS-IS GR
zEnabling the Logging of Neighbor State Changes
zEnabling IS-IS SNMP Trap
BGP
Border gateway protocol (BGP) is an inter-autonomous system (inter-AS)
dynamic route discovery protocol. This document describes:
zConfiguring BGP Basic Functions
zControlling Route Generation
zControlling Route Distribution and Reception
zConfiguring BGP Route Attributes
zTuning and Optimizing BGP Networks
zConfiguring a Large Scale BGP Network
zConfiguring BGP GR
zEnabling Trap
zEnabling Logging of Peer State Changes
IPv6 Static Routing
Static routes are special routes that are manually configured by network
administrators. Similar to IPv4 static routes, IPv6 static routes work well in
simple IPv6 network environments. This document describes:
zIPv6 static route configuration
RIPng
RIP next generation (RIPng) is an extension of RIP-2 for IPv4. RIPng for
IPv6 is IPv6 RIPng. This document describes:
zConfiguring RIPng Basic Functions
zConfiguring RIPng Route Control
zTuning and Optimizing the RIPng Network
OSPFv3
OSPFv3 is OSPF version 3 for short, supporting IPv6 and compliant with
RFC2740 (OSPF for IPv6). This document describes:
zEnabling OSPFv3
zConfiguring OSPFv3 Area Parameters
zConfiguring OSPFv3 Network Types
zConfiguring OSPFv3 Routing Information Control
zTuning and Optimizing OSPFv3 Networks
3-7
Features Description
IPv6 IS-IS
The IS-IS routing protocol supports multiple network protocols, including
IPv6. IS-IS with IPv6 support is called IPv6 IS-IS dynamic routing
protocol. This document describes:
zConfiguring IPv6 IS-IS Basic Functions
zConfiguring IPv6 IS-IS Routing Information Control
IPv6 BGP
To support multiple network layer protocols, IETF extended BGP-4 by
introducing IPv6 BGP. This document describes:
zConfiguring IPv6 BGP Basic Functions
zControlling Route Distribution and Reception
zConfiguring IPv6 BGP Route Attributes
zTuning and Optimizing IPv6 BGP Networks
zConfiguring a Large Scale IPv6 BGP Network
Route Policy
Routing policy is used on the router for route inspection, filtering,
attributes modifying when routes are received, advertised, or
redistributed. This document describes:
zDefining Filters
zRoute policy configuration
BFD
Bidirectional forwarding detection (BFD) provides a single mechanism to
quickly detect and monitor the connectivity of links in networks.
zConfiguring BFD Basic Functions
zConfiguring Protocol-based BFD
zEnabling Trap
MCE
Multi-CE (MCE) enables a switch to function as the CEs of multiple VPN
instances in a BGP/MPLS VPN network, thus reducing the investment on
network equipment.
zIntroduction to MCE
zConfiguring a VPN Instance
zConfiguring Route Exchange between a MCE and a Site
zConfiguring Route Exchange between a MCE and a PE
Multicast Volume
Table 3-4 Features in Multicast volume
Features Description
Multicast Overview
This document describes the main concepts in multicast:
zIntroduction to Multicast
zMulticast Models
zMulticast Architecture
zMulticast Packets Forwarding Mechanism
Multicast Routing and
Forwarding
Multicast routing and forwarding refer to some policies that filter RPF
routing information for IP multicast support. This document describes:
zMulticast routing and forwarding overview
zMulticast routing and forwarding configuration
3-8
Features Description
IGMP
Internet Group Management Protocol (IGMP) is a protocol in the TCP/IP
suite responsible for management of IP multicast members. This
document describes:
zIGMP overview
zConfiguring basic functions of IGMP
zConfiguring IGMP performance parameters
zConfiguring IGMP SSM Mapping
zConfiguring IGMP Proxying
PIM
PIM leverages the unicast routing table created by any unicast routing
protocol to provide routing information for IP multicast. This document
describes:
zConfiguring PIM-DM
zConfiguring PIM-SM
zConfiguring PIM-SSM
zConfiguring PIM Common Features
MSDP
Multicast source discovery protocol (MSDP) describes interconnection
mechanism of multiple PIM-SM domains.It is used is to discover multicast
source information in other PIM-SM domains. This document describes:
zMSDP configuration
zConfiguring an MSDP Peer Connection
zConfiguring SA Messages Related Parameters
MBGP
As a multicast extension of MP-BGP, MBGP enables BGP to provide
routing information for multicast applications. This document describes:
zConfiguring MBGP Basic Functions
zConfiguring MBGP Route Attributes
zConfiguring a Large Scale MBGP Network
IGMP Snooping
Running at the data link layer, IGMP Snooping is a multicast control
mechanism on the Layer 2 Ethernet switch and it is used for multicast
group management and control. This document describes:
zConfiguring Basic Functions of IGMP Snooping
zConfiguring IGMP Snooping Port Functions
zConfiguring IGMP Snooping Querier
zConfiguring IGMP Snooping Policy
Multicast VLAN Multicast VLAN configuration
IPv6 Multicast Routing
and Forwarding
IPv6 multicast routing and forwarding refer to some policies that filter RPF
routing information for IPv6 multicast support. This document describes:
zIPv6 Multicast routing and forwarding overview
zIPv6 Multicast routing and forwarding configuration
MLD
MLD is used by an IPv6 router or a Ethernet Switch to discover the
presence of multicast listeners on directly-attached subnets. This
document describes:
zConfiguring Basic Functions of MLD
zAdjusting MLD Performance
IPv6 PIM
IPv6 PIM discovers multicast source and delivers information to the
receivers. This document describes:
zConfiguring IPv6 PIM-DM
zConfiguring IPv6 PIM-SM
zConfiguring IPv6 PIM-SSM
zConfiguring IPv6 PIM Common Features
3-9
Features Description
IPv6 MBGP
As an IPv6 multicast extension of MP-BGP, IPv6 MBGP enables BGP to
provide routing information for IPv6 multicast applications. This document
describes:
zConfiguring IPv6 MBGP Basic Functions
zConfiguring IPv6 MBGP Route Attributes
zConfiguring a Large Scale IPv6 MBGP Network
MLD Snooping
Multicast Listener Discovery Snooping (MLD Snooping) is an IPv6
multicast constraining mechanism that runs on Layer 2 devices to
manage and control IPv6 multicast groups. This document describes:
zConfiguring Basic Functions of MLD Snooping
zConfiguring MLD Snooping Port Functions
zConfiguring MLD Snooping Querier
zConfiguring MLD Snooping Policy
IPv6 Multicast VLAN IPv6 Multicast VLAN configuration
QoS Volume
Table 3-5 Features in the QoS ACL volume
Features Description
QoS
This document describes:
zQoS overview
zTraffic classification configuration
zTraffic policing Configuration
zTraffic shaping Configuration
zLine rate configuration
zQoS policy configuration
zCongestion management
zCongestion avoidance configuration
zPriority mapping configuration
zTraffic mirroring configuration
User Profile
User profile provides a configuration template to save predefined
configurations. This document describes:
zCreating a User Profile
zConfiguring a User Profile
zEnabling a User Profile
Security Volume
Table 3-6 Features in the Security volume
Features Description
AAA
Authentication, Authorization and Accounting (AAA) provide a uniform
framework used for configuring these three security functions to
implement the network security management. This document describes:
zIntroduction to AAA, RADIUS and HWTACACS
zAAA configuration
zRADIUS configuration
zHWTACACS configuration
3-10
Features Description
802.1x
IEEE 802.1x (hereinafter simplified as 802.1x) is a port-based network
access control protocol that is used as the standard for LAN user access
authentication. This document describes:
z802.1x overview
z802.1x configuration
z802.1x Guest-VLAN configuration
HABP
On an HABP-capable switch, HABP packets can bypass 802.1x
authentication and MAC authentication, allowing communication among
switches in a cluster. This document describes:
zIntroduction to HABP
zHABP configuration
MAC Authentication
MAC authentication provides a way for authenticating users based on
ports and MAC addresses; it requires noclient software to be installed on
the hosts. This document describes:
zRADIUS-Based MAC Authentication
zLocal MAC Authentication
Portal
Portal authentication, as its name implies, helps control access to the
Internet. This document describes:
zPortal overview
zPortal configuration
Port Security
Port security is a MAC address-based security mechanism for network
access controlling. It is an extension to the existing 802.1x authentication
and MAC authentication. This document describes:
zEnabling Port Security
zSetting the Maximum Number of Secure MAC Addresses
zSetting the Port Security Mode
zConfiguring Port Security Features
zConfiguring Secure MAC Addresses
zIgnoring Authorization Information from the Server
IP Source Guard
By filtering packets on a per-port basis, IP source guard prevents illegal
packets from traveling through, thus improving the network security. This
document describes:
zConfiguring a Static Binding Entry
zConfiguring Dynamic Binding Function
SSH2.0
SSH ensures secure login to a remote device in a non-secure network
environment. By encryption and strong authentication, it protects the
device against attacks. This document describes:
zConfiguring Asymmetric Keys
zConfiguring the Device as an SSH Server
zConfiguring the Device as an SSH Client
zConfiguring an SFTP Server
zConfiguring an SFTP Client
PKI
The Public Key Infrastructure (PKI) is a hierarchical framework designed
for providing information security through public key technologies and
digital certificates and verifying the identities of the digital certificate
owners. This document describes PKI related configuration.
SSL Secure Sockets Layer (SSL) is a security protocol providing secure
connection service for TCP-based application layer protocols, this
document describes SSL related configuration.
Public Key This document describes Public Key Configuration.
3-11
Features Description
ACL
An ACL is used for identifying traffic based on a series of preset matching
criteria. This document describes:
zACL overview and ACL types
zACL configuration
System Volume
Table 3-7 Features in the System volume
Features Description
Login
Upon logging into a device, you can configure user interface properties
and manage the system conveniently. This document describes:
zHow to log in to your Ethernet switch
zIntroduction to the user interface and common configurations
zLogging In Through the Console Port
zLogging In Through Telnet
zLogging in Through Web-based Network Management System
zLogging In Through NMS
zSpecifying Source IP address/Interface for Telnet Packets
zControlling Login Users
Basic System
Configuration
Basic system configuration involves the configuration of device name,
system clock, welcome message, user privilege levels and so on. This
document describes:
zConfiguration display
zBasic configurations
zCLI features
Device Management
Through the device management function, you can view the current
condition of your device and configure running parameters. This
document describes:
zDevice management overview
zRebooting a device
zConfiguring the scheduled automatic execution function
zSpecifying a file for the next device boot
zUpgrading Boot ROM
zConfiguring a detection interval
zConfiguring temperature alarm thresholds for a board
zClearing the 16-bit interface indexes not used in the current system
zConfiguring the system load sharing function
zConfiguring the traffic forwarding mode of SRPUs
zConfiguring the working mode of EA LPUs
zEnabling the port down function globally
zEnabling expansion memory data recovery function on a board
zIdentifying and diagnosing pluggable transceivers
File System
Management
A major function of the file system is to manage storage devices, mainly
including creating the file system, creating, deleting, modifying and
renaming a file or a directory and opening a file. This document
describes:
zFile system management
zConfiguration File Management
zFTP configuration
zTFTP configuration
Table of contents
Other H3C Switch manuals
H3C
H3C S9500 Series User manual
H3C
H3C S6520-EI Series User manual
H3C
H3C S6890 Series User manual
H3C
H3C S9820-8C-SAN User manual
H3C
H3C S5500-EI series User manual
H3C
H3C S6812 Series User manual
H3C
H3C S6800 Series Installation manual
H3C
H3C S5120-HI Series User manual
H3C
H3C S5560X-EI Series User manual
H3C
H3C S3100V2-52TP User manual
H3C
H3C S5830V2 series User manual
H3C
H3C S5560S Series Instruction Manual
H3C
H3C Aolynk ET204 User manual
H3C
H3C S5850-54QS User manual
H3C
H3C LS-5500-28C-PWR-SI-OVS User manual
H3C
H3C S9500 Series User manual
H3C
H3C E500C-F Series User manual
H3C
H3C S9500 Series User manual
H3C
H3C S5120-EI Series User manual
H3C
H3C S5130S-10P-EI User manual
