q-Tech QSW-2800 series User manual
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
1
Content
CONTENT...........................................................................................................1
CHAPTER 1 SWITCH MANAGEMENT............................................................1-1
1.1 MANAGEMENT OPTIONS ...............................................................................................1-1
1.1.1 Out-Of-Band Management............................................................................1-1
1.1.2 In-band Management.....................................................................................1-4
1.2CLI INTERFACE............................................................................................................1-8
1.2.1 Configuration Modes.....................................................................................1-9
1.2.2 Configuration Syntax ..................................................................................1-11
1.2.3 Shortcut Key Support..................................................................................1-12
1.2.4 Help Function...............................................................................................1-12
1.2.5 Input Verification .........................................................................................1-13
1.2.6 Fuzzy Match Support...................................................................................1-13
CHAPTER 2 BASIC SWITCH CONFIGURATION..........................................2-15
2.1 BASIC CONFIGURATION ..............................................................................................2-15
2.2 TELNET MANAGEMENT ...............................................................................................2-16
2.2.1 Telnet............................................................................................................2-16
2.2.2 SSH...............................................................................................................2-18
2.3 CONFIGURE SWITCH IPADDRESSES............................................................................2-19
2.3.1 Switch IP Addresses Configuration Task List...........................................2-19
2.4 SNMP CONFIGURATION..............................................................................................2-21
2.4.1 Introduction to SNMP..................................................................................2-21
2.4.2 Introduction to MIB......................................................................................2-22
2.4.3 Introduction to RMON .................................................................................2-23
2.4.4 SNMP Configuration....................................................................................2-23
2.4.5 Typical SNMP Configuration Examples.....................................................2-26
2.4.6 SNMP Troubleshooting ...............................................................................2-27
2.5 SWITCH UPGRADE......................................................................................................2-28
2.5.1 Switch System Files....................................................................................2-28
2.5.2 BootROM Upgrade.......................................................................................2-28
2.5.3 FTP/TFTP Upgrade ......................................................................................2-31
CHAPTER 3 CLUSTER CONFIGURATION...................................................3-40
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
2
3.1 INTRODUCTION TO CLUSTER NETWORK MANAGEMENT ...................................................3-40
3.2 CLUSTER NETWORK MANAGEMENT CONFIGURATION SEQUENCE...................................3-40
3.3 EXAMPLES OF CLUSTER ADMINISTRATION....................................................................3-43
3.4 CLUSTER ADMINISTRATION TROUBLESHOOTING ...........................................................3-44
CHAPTER 4 PORT CONFIGURATION..........................................................4-45
4.1 INTRODUCTION TO PORT .............................................................................................4-45
4.2 NETWORK PORT CONFIGURATION TASK LIST ...............................................................4-45
4.3 PORT CONFIGURATION EXAMPLE ................................................................................4-47
4.4 PORT TROUBLESHOOTING ..........................................................................................4-48
CHAPTER 5 PORT ISOLATION FUNCTION CONFIGURATION...................5-49
5.1 INTRODUCTION TO PORT ISOLATION FUNCTION.............................................................5-49
5.2 TASK SEQUENCE OF PORT ISOLATION..........................................................................5-49
5.3 PORT ISOLATION FUNCTION TYPICAL EXAMPLES ..........................................................5-50
CHAPTER 6 PORT LOOPBACK DETECTION FUNCTION CONFIGURATION6-
51
6.1 INTRODUCTION TO PORT LOOPBACK DETECTION FUNCTION ..........................................6-51
6.2 PORT LOOPBACK DETECTION FUNCTION CONFIGURATION TASK LIST ............................6-52
6.3 PORT LOOPBACK DETECTION FUNCTION EXAMPLE.......................................................6-53
6.4 PORT LOOPBACK DETECTION TROUBLESHOOTING .......................................................6-54
CHAPTER 7 ULDP FUNCTION CONFIGURATION.......................................7-55
7.1 INTRODUCTION TO ULDP FUNCTION............................................................................7-55
7.2 ULDP CONFIGURATION TASK SEQUENCE ....................................................................7-56
7.3 ULDP FUNCTION TYPICAL EXAMPLES .........................................................................7-59
7.4 ULDP TROUBLESHOOTING .........................................................................................7-60
CHAPTER 8 LLDP FUNCTION OPERATION CONFIGURATION .................8-62
8.1 INTRODUCTION TO LLDP FUNCTION ............................................................................8-62
8.2 LLDP FUNCTION CONFIGURATION TASK SEQUENCE.....................................................8-63
8.3 LLDP FUNCTION TYPICAL EXAMPLE ...........................................................................8-66
8.4 LLDP FUNCTION TROUBLESHOOTING..........................................................................8-66
CHAPTER 9 PORT CHANNEL CONFIGURATION........................................9-67
9.1 INTRODUCTION TO PORT CHANNEL..............................................................................9-67
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
3
9.2 BRIEF INTRODUCTION TO LACP..................................................................................9-68
9.2.1 Static LACP Aggregation ............................................................................9-69
9.2.2 Dynamic LACP Aggregation.......................................................................9-69
9.3 PORT CHANNEL CONFIGURATION TASK LIST ................................................................9-69
9.4 PORT CHANNEL EXAMPLES ........................................................................................9-71
9.5 PORT CHANNEL TROUBLESHOOTING ...........................................................................9-73
CHAPTER 10 JUMBO CONFIGURATION...................................................10-74
10.1 INTRODUCTION TO JUMBO.......................................................................................10-74
10.2 JUMBO CONFIGURATION TASK SEQUENCE ...............................................................10-74
CHAPTER 11 EFM OAM CONFIGURATION...............................................11-75
11.1 INTRODUCTION TO EFM OAM.................................................................................11-75
11.2 EFM OAM CONFIGURATION ...................................................................................11-78
11.3 EFM OAM EXAMPLE .............................................................................................11-81
11.4 EFM OAM TROUBLESHOOTING ..............................................................................11-81
CHAPTER 12 PORT SECURITY..................................................................12-83
12.1 INTRODUCTION TO PORT SECURITY.....................................................................12-83
12.2 PORT SECURITY CONFIGURATION TASK LIST .......................................................12-83
12.3 EXAMPLE OF PORT SECURITY ............................................................................12-84
12.4 PORT SECURITY TROUBLESHOOTING ..................................................................12-85
CHAPTER 13 DDM CONFIGURATION........................................................13-86
13.1 INTRODUCTION TO DDM .........................................................................................13-86
13.1.1 Brief Introduction to DDM.......................................................................13-86
13.1.2 DDM Function ..........................................................................................13-87
13.2 DDM CONFIGURATION TASK LIST............................................................................13-88
13.3 EXAMPLES OF DDM...............................................................................................13-89
13.4 DDM TROUBLESHOOTING.......................................................................................13-93
CHAPTER 14 LLDP-MED............................................................................14-94
14.1 INTRODUCTION TO LLDP-MED...............................................................................14-94
14.2 LLDP-MED CONFIGURATION TASK SEQUENCE........................................................14-94
14.3 LLDP-MED EXAMPLE ...........................................................................................14-96
14.4 LLDP-MED TROUBLESHOOTING ............................................................................14-99
CHAPTER 15 BPDU-TUNNEL CONFIGURATION....................................15-100
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
4
15.1 INTRODUCTION TO BPDU-TUNNEL...........................................................................15-100
15.1.1 bpdu-tunnel function.............................................................................15-100
15.1.2 Background of bpdu-tunnel..................................................................15-100
15.2 BPDU-TUNNEL CONFIGURATION TASK LIST .............................................................15-101
15.3 EXAMPLES OF BPDU-TUNNEL.................................................................................15-101
15.4 BPDU-TUNNEL TROUBLESHOOTING ........................................................................15-102
CHAPTER 16 VLAN CONFIGURATION....................................................16-103
16.1 VLAN CONFIGURATION ........................................................................................16-103
16.1.1 Introduction to VLAN.............................................................................16-103
16.1.2 VLAN Configuration Task List..............................................................16-104
16.1.3 Typical VLAN Application .....................................................................16-107
16.1.4 Typical Application of Hybrid Port .......................................................16-108
16.2 DOT1Q-TUNNEL CONFIGURATION...........................................................................16-110
16.2.1 Introduction to Dot1q-tunnel ................................................................16-110
16.2.2 Dot1q-tunnel Configuration..................................................................16-112
16.2.3 Typical Applications of the Dot1q-tunnel ............................................16-112
16.2.4 Dot1q-tunnel Troubleshooting .............................................................16-113
16.3 SELECTIVE QINQCONFIGURATION ........................................................................16-113
16.3.1 Introduction to Selective QinQ.............................................................16-113
16.3.2 Selective QinQ Configuration...............................................................16-113
16.3.3 Typical Applications of Selective QinQ................................................16-114
16.3.4 Selective QinQ Troubleshooting ..........................................................16-116
16.4 VLAN-TRANSLATION CONFIGURATION...................................................................16-116
16.4.1 Introduction to VLAN-translation.........................................................16-116
16.4.2 VLAN-translation Configuration...........................................................16-116
16.4.3 Typical application of VLAN-translation..............................................16-117
16.4.4 VLAN-translation Troubleshooting ......................................................16-118
16.5 MULTI-TO-ONE VLAN TRANSLATION CONFIGURATION............................................16-119
16.5.1 Introduction to Multi-to-One VLAN Translation ..................................16-119
16.5.2 Multi-to-One VLAN Translation Configuration ....................................16-119
16.5.3 Typical application of Multi-to-One VLAN Translation .......................16-119
16.5.4 Multi-to-One VLAN Translation Troubleshooting................................16-121
16.6 DYNAMIC VLAN CONFIGURATION..........................................................................16-121
16.6.1 Introduction to Dynamic VLAN.............................................................16-121
16.6.2 Dynamic VLAN Configuration ..............................................................16-121
16.6.3 Typical Application of the Dynamic VLAN...........................................16-122
16.6.4 Dynamic VLAN Troubleshooting..........................................................16-123
16.7 GVRP CONFIGURATION........................................................................................16-124
16.7.1 Introduction to GVRP............................................................................16-124
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
5
16.7.2 GVRP Configuration Task List..............................................................16-125
16.7.3 Example of GVRP ..................................................................................16-126
16.7.4 GVRP Troubleshooting .........................................................................16-127
CHAPTER 17 MAC TABLE CONFIGURATION.........................................17-128
17.1 INTRODUCTION TO MAC TABLE.............................................................................17-128
17.1.1 Obtaining MAC Table.............................................................................17-128
17.1.2 Forward or Filter....................................................................................17-130
17.2 MAC ADDRESS TABLE CONFIGURATION TASK LIST .................................................17-131
17.3 TYPICAL CONFIGURATION EXAMPLES ....................................................................17-132
17.4 MAC TABLE TROUBLESHOOTING ..........................................................................17-132
17.5 MAC ADDRESS FUNCTION EXTENSION ..................................................................17-133
17.5.1 MAC Address Binding...........................................................................17-133
17.6 MAC NOTIFICATION CONFIGURATION ....................................................................17-135
17.6.1 Introduction to MAC Notification..........................................................17-135
17.6.2 MAC Notification Configuration ...........................................................17-135
17.6.3 MAC Notification Example....................................................................17-137
17.6.4 MAC Notification Troubleshooting.......................................................17-137
CHAPTER 18 MSTP CONFIGURATION....................................................18-138
18.1 INTRODUCTION TO MSTP......................................................................................18-138
18.1.1 MSTP Region .........................................................................................18-138
18.1.2 Port Roles...............................................................................................18-140
18.1.3 MSTP Load Balance ..............................................................................18-140
18.2 MSTP CONFIGURATION TASK LIST........................................................................18-140
18.3 MSTPEXAMPLE..................................................................................................18-144
18.4 MSTP TROUBLESHOOTING...................................................................................18-149
CHAPTER 19 QOS CONFIGURATION......................................................19-150
19.1 INTRODUCTION TO QOS........................................................................................19-150
19.1.1 QoS Terms..............................................................................................19-150
19.1.2 QoS Implementation..............................................................................19-151
19.1.3 Basic QoS Model ...................................................................................19-152
19.2 QOSCONFIGURATION TASK LIST ..........................................................................19-155
19.3 QOSEXAMPLE ....................................................................................................19-159
19.4 QOSTROUBLESHOOTING .....................................................................................19-161
CHAPTER 20 FLOW-BASED REDIRECTION...........................................20-162
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
6
20.1 INTRODUCTION TO FLOW-BASED REDIRECTION.......................................................20-162
20.2 FLOW-BASED REDIRECTION CONFIGURATION TASK SEQUENCE ...............................20-162
20.3 FLOW-BASED REDIRECTION EXAMPLES .................................................................20-163
20.4 FLOW-BASED REDIRECTION TROUBLESHOOTING HELP ...........................................20-163
CHAPTER 21 FLEXIBLE QINQ CONFIGURATION...................................21-164
21.1 INTRODUCTION TO FLEXIBLE QINQ........................................................................21-164
21.1.1 QinQ Technique.....................................................................................21-164
21.1.2 Basic QinQ .............................................................................................21-164
21.1.3 Flexible QinQ .........................................................................................21-164
21.2 FLEXIBLE QINQCONFIGURATION TASK LIST ..........................................................21-164
21.3 FLEXIBLE QINQEXAMPLE.....................................................................................21-166
21.4 FLEXIBLE QINQTROUBLESHOOTING......................................................................21-168
CHAPTER 22 LAYER 3 MANAGEMENT CONFIGURATION ....................22-169
22.1 LAYER 3MANAGEMENT INTERFACE .......................................................................22-169
22.1.1 Introduction to Layer 3 Management Interface...................................22-169
22.1.2 Layer 3 Interface Configuration Task List ...........................................22-169
22.2 IP CONFIGURATION ..............................................................................................22-170
22.2.1 Introduction to IPv4, IPv6......................................................................22-170
22.2.2 IP Configuration.....................................................................................22-172
22.2.3 IPv6 Troubleshooting ............................................................................22-174
22.3 ARP ...................................................................................................................22-174
22.3.1 Introduction to ARP...............................................................................22-174
22.3.2 ARP Configuration Task List.................................................................22-174
22.3.3 ARP Troubleshooting ............................................................................22-174
CHAPTER 23 ARP SCANNING PREVENTION FUNCTION CONFIGURATION
...................................................................................................................23-176
23.1 INTRODUCTION TO ARP SCANNING PREVENTION FUNCTION ....................................23-176
23.2 ARP SCANNING PREVENTION CONFIGURATION TASK SEQUENCE.............................23-176
23.3 ARP SCANNING PREVENTION TYPICAL EXAMPLES .................................................23-178
23.4 ARP SCANNING PREVENTION TROUBLESHOOTING HELP.........................................23-179
CHAPTER 24 PREVENT ARP SPOOFING CONFIGURATION.................24-180
24.1 OVERVIEW...........................................................................................................24-180
24.1.1 ARP (Address Resolution Protocol).....................................................24-180
24.1.2 ARP Spoofing.........................................................................................24-180
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
7
24.1.3 How to prevent void ARP Spoofing......................................................24-180
24.2 PREVENT ARP SPOOFING CONFIGURATION ............................................................24-181
24.3 PREVENT ARP SPOOFING EXAMPLE......................................................................24-182
CHAPTER 25 ARP GUARD CONFIGURATION ........................................25-184
25.1 INTRODUCTION TO ARP GUARD ..........................................................................25-184
25.2 ARP GUARD CONFIGURATION TASK LIST ............................................................25-185
CHAPTER 26 GRATUITOUS ARP CONFIGURATION ..............................26-186
26.1 INTRODUCTION TO GRATUITOUS ARP ....................................................................26-186
26.2 GRATUITOUS ARP CONFIGURATION TASK LIST.......................................................26-186
26.3 GRATUITOUS ARP CONFIGURATION EXAMPLE........................................................26-187
26.4 GRATUITOUS ARP TROUBLESHOOTING..................................................................26-188
CHAPTER 27 DHCP CONFIGURATION....................................................27-189
27.1 INTRODUCTION TO DHCP .....................................................................................27-189
27.2 DHCP SERVER CONFIGURATION...........................................................................27-190
27.3 DHCP RELAY CONFIGURATION .............................................................................27-192
27.4 DHCP CONFIGURATION EXAMPLES.......................................................................27-194
27.5 DHCP TROUBLESHOOTING...................................................................................27-197
CHAPTER 28 DHCPV6 CONFIGURATION ...............................................28-199
28.1 INTRODUCTION TO DHCPV6 .................................................................................28-199
28.2 DHCPV6SERVER CONFIGURATION.......................................................................28-200
28.3 DHCPV6RELAY DELEGATION CONFIGURATION......................................................28-202
28.4 DHCPV6PREFIX DELEGATION SERVER CONFIGURATION........................................28-202
28.5 DHCPV6PREFIX DELEGATION CLIENT CONFIGURATION .........................................28-204
28.6 DHCPV6CONFIGURATION EXAMPLES...................................................................28-205
28.7 DHCPV6TROUBLESHOOTING...............................................................................28-207
CHAPTER 29 DHCP OPTION 82 CONFIGURATION ................................29-208
29.1 INTRODUCTION TO DHCP OPTION 82.....................................................................29-208
29.2 DHCP OPTION 82 MESSAGE STRUCTURE ..............................................................29-208
29.2.1 Option 82 Working Mechanism ............................................................29-209
29.3 DHCP OPTION 82 CONFIGURATION TASK LIST .......................................................29-210
29.4 DHCP OPTION 82APPLICATION EXAMPLES ...........................................................29-213
29.5 DHCP OPTION 82 TROUBLESHOOTING ..................................................................29-215
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
8
CHAPTER 30 DHCP OPTION 60 AND OPTION 43...................................30-216
30.1 INTRODUCTION TO DHCP OPTION 60 AND OPTION 43..............................................30-216
30.2 DHCP OPTION 60AND OPTION 43 CONFIGURATION TASK LIST ................................30-216
30.3 DHCPV6OPTION 60 AND OPTION 43 EXAMPLE ......................................................30-217
30.4 DHCP OPTION 60AND OPTION 43 TROUBLESHOOTING ...........................................30-217
CHAPTER 31 DHCPV6 OPTION37, 38......................................................31-218
31.1 INTRODUCTION TO DHCPV6OPTION37, 38............................................................31-218
31.2 DHCPV6OPTION37, 38 CONFIGURATION TASK LIST ..............................................31-219
31.3 DHCPV6OPTION37, 38 EXAMPLES.......................................................................31-223
31.3.1 DHCPv6 Snooping option37, 38 Example ...........................................31-223
31.3.2 DHCPv6 Relay option37, 38 Example ..................................................31-225
31.4 DHCPV6OPTION37, 38 TROUBLESHOOTING .........................................................31-226
CHAPTER 32 DHCP SNOOPING CONFIGURATION................................32-227
32.1 INTRODUCTION TO DHCP SNOOPING.....................................................................32-227
32.2 DHCP SNOOPING CONFIGURATION TASK SEQUENCE .............................................32-228
32.3 DHCP SNOOPING TYPICAL APPLICATION...............................................................32-232
32.4 DHCP SNOOPING TROUBLESHOOTING HELP .........................................................32-233
32.4.1 Monitor and Debug Information ...........................................................32-233
32.4.2 DHCP Snooping Troubleshooting Help ...............................................32-233
CHAPTER 33 DHCP SNOOPING OPTION 82 CONFIGURATION ............33-234
33.1 INTRODUCTION TO DHCP SNOOPING OPTION 82 ....................................................33-234
33.1.1 DHCP option 82 Message Structure.....................................................33-234
33.1.2 DHCP Snooping option 82 Working Mechanism ................................33-235
33.2 DHCP SNOOPING OPTION 82 CONFIGURATION TASK LIST.......................................33-236
33.3 DHCP SNOOPING OPTION 82 APPLICATION EXAMPLES...........................................33-237
33.4 DHCP SNOOPING OPTION 82 TROUBLESHOOTING..................................................33-238
CHAPTER 34 IPV4 MULTICAST PROTOCOL ..........................................34-239
34.1 IPV4MULTICAST PROTOCOL OVERVIEW ................................................................34-239
34.1.1 Introduction to Multicast.......................................................................34-239
34.1.2 Multicast Address..................................................................................34-240
34.1.3 IP Multicast Packet Transmission........................................................34-241
34.1.4 IP Multicast Application ........................................................................34-241
34.2 DCSCM..............................................................................................................34-242
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
9
34.2.1 Introduction to DCSCM.........................................................................34-242
34.2.2 DCSCM Configuration Task List...........................................................34-242
34.2.3 DCSCM Configuration Examples .........................................................34-245
34.2.4 DCSCM Troubleshooting ......................................................................34-246
34.3 IGMP SNOOPING .................................................................................................34-246
34.3.1 Introduction to IGMP Snooping............................................................34-246
34.3.2 IGMP Snooping Configuration Task List .............................................34-247
34.3.3 IGMP Snooping Examples ....................................................................34-249
34.3.4 IGMP Snooping Troubleshooting.........................................................34-251
CHAPTER 35 IPV6 MULTICAST PROTOCOL ..........................................35-252
35.1 MLD SNOOPING...................................................................................................35-252
35.1.1 Introduction to MLD Snooping.............................................................35-252
35.1.2 MLD Snooping Configuration Task......................................................35-252
35.1.3 MLD Snooping Examples......................................................................35-254
35.1.4 MLD Snooping Troubleshooting ..........................................................35-257
CHAPTER 36 MULTICAST VLAN .............................................................36-258
36.1 INTRODUCTIONS TO MULTICAST VLAN ..................................................................36-258
36.2 MULTICAST VLAN CONFIGURATION TASK LIST ......................................................36-258
36.3 MULTICAST VLAN EXAMPLES...............................................................................36-259
CHAPTER 37 ACL CONFIGURATION.......................................................37-262
37.1 INTRODUCTION TO ACL ........................................................................................37-262
37.1.1 Access-list..............................................................................................37-262
37.1.2 Access-group.........................................................................................37-262
37.1.3 Access-list Action and Global Default Action .....................................37-262
37.2 ACL CONFIGURATION TASK LIST...........................................................................37-263
37.3 ACLEXAMPLE.....................................................................................................37-275
37.4 ACL TROUBLESHOOTING......................................................................................37-279
CHAPTER 38 802.1X CONFIGURATION ..................................................38-281
38.1 INTRODUCTION TO 802.1X.....................................................................................38-281
38.1.1 The Authentication Structure of 802.1x...............................................38-281
38.1.2 The Work Mechanism of 802.1x............................................................38-283
38.1.3 The Encapsulation of EAPOL Messages.............................................38-283
38.1.4 The Encapsulation of EAP Attributes ..................................................38-285
38.1.5 The Extension and Optimization of 802.1x..........................................38-290
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
10
38.1.6 The Features of VLAN Allocation.........................................................38-291
38.2 802.1X CONFIGURATION TASK LIST.......................................................................38-292
38.3 802.1X APPLICATION EXAMPLE.............................................................................38-295
38.3.1 Examples of Guest Vlan Applications .................................................38-295
38.3.2 Examples of IPv4 Radius Applications................................................38-298
38.3.3 Examples of IPv6 Radius Application..................................................38-299
38.4 802.1X TROUBLESHOOTING..................................................................................38-300
CHAPTER 39 THE NUMBER LIMITATION FUNCTION OF MAC IN PORT
CONFIGURATION......................................................................................39-301
39.1 INTRODUCTION TO THE NUMBER LIMITATION FUNCTION OF MAC IN PORT.................39-301
39.2 THE NUMBER LIMITATION FUNCTION OF MAC IN PORT CONFIGURATION TASK SEQUENCE
...................................................................................................................................39-302
39.3 THE NUMBER LIMITATION FUNCTION OF MAC IN PORT TYPICAL EXAMPLES..............39-303
39.4 THE NUMBER LIMITATION FUNCTION OF MAC IN PORT TROUBLESHOOTING HELP.....39-303
CHAPTER 40 OPERATIONAL CONFIGURATION OF AM FUNCTION.....40-305
40.1 INTRODUCTION TO AM FUNCTION ..........................................................................40-305
40.2 AM FUNCTION CONFIGURATION TASK LIST ............................................................40-305
40.3 AM FUNCTION EXAMPLE.......................................................................................40-307
40.4 AM FUNCTION TROUBLESHOOTING .......................................................................40-307
CHAPTER 41 SECURITY FEATURE CONFIGURATION ..........................41-308
41.1 INTRODUCTION TO SECURITY FEATURE ..................................................................41-308
41.2 SECURITY FEATURE CONFIGURATION.....................................................................41-308
41.2.1 Prevent IP Spoofing Function Configuration Task Sequence ...........41-308
41.2.2 Prevent TCP Unauthorized Label Attack Function Configuration Task
Sequence...........................................................................................................41-308
41.2.3 Anti Port Cheat Function Configuration Task Sequence ...................41-309
41.2.4 Prevent TCP Fragment Attack Function Configuration Task Sequence.41-
309
41.2.5 Prevent ICMP Fragment Attack Function Configuration Task Sequence41-
309
41.3 SECURITY FEATURE EXAMPLE...............................................................................41-310
CHAPTER 42 TACACS+ CONFIGURATION.............................................42-311
42.1 INTRODUCTION TO TACACS+...............................................................................42-311
42.2 TACACS+ CONFIGURATION TASK LIST .................................................................42-311
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
11
42.3 TACACS+ SCENARIOS TYPICAL EXAMPLES..........................................................42-312
42.4 TACACS+ TROUBLESHOOTING ............................................................................42-313
CHAPTER 43 RADIUS CONFIGURATION................................................43-314
43.1 INTRODUCTION TO RADIUS..................................................................................43-314
43.1.1 AAA and RADIUS Introduction.............................................................43-314
43.1.2 Message structure for RADIUS ............................................................43-314
43.2 RADIUS CONFIGURATION TASK LIST ....................................................................43-316
43.3 RADIUS TYPICAL EXAMPLES...............................................................................43-318
43.3.1 IPv4 Radius Example.............................................................................43-318
43.3.2 IPv6 RadiusExample..............................................................................43-319
43.4 RADIUS TROUBLESHOOTING ...............................................................................43-319
CHAPTER 44 SSL CONFIGURATION.......................................................44-321
44.1 INTRODUCTION TO SSL.........................................................................................44-321
44.1.1 Basic Element of SSL............................................................................44-321
44.2 SSL CONFIGURATION TASK LIST...........................................................................44-322
44.3 SSL TYPICAL EXAMPLE........................................................................................44-323
44.4 SSL TROUBLESHOOTING......................................................................................44-324
CHAPTER 45 IPV6 SECURITY RA CONFIGURATION.............................45-325
45.1 INTRODUCTION TO IPV6SECURITY RA...................................................................45-325
45.2 IPV6SECURITY RACONFIGURATION TASK SEQUENCE ...........................................45-325
45.3 IPV6SECURITY RATYPICAL EXAMPLES ................................................................45-326
45.4 IPV6SECURITY RATROUBLESHOOTING HELP .......................................................45-327
CHAPTER 46 MAB CONFIGURATION......................................................46-328
46.1 INTRODUCTION TO MAB .......................................................................................46-328
46.2 MAB CONFIGURATION TASK LIST..........................................................................46-328
46.3 MAB EXAMPLE....................................................................................................46-330
46.4 MAB TROUBLESHOOTING.....................................................................................46-332
CHAPTER 47 PPPOE INTERMEDIATE AGENT CONFIGURATION.........47-333
47.1 INTRODUCTION TO PPPOEINTERMEDIATE AGENT...................................................47-333
47.1.1 Brief Introduction to PPPoE .................................................................47-333
47.1.2 Introduction to PPPoE IA......................................................................47-333
47.2 PPPOEINTERMEDIATE AGENT CONFIGURATION TASK LIST.....................................47-337
47.3 PPPOEINTERMEDIATE AGENT TYPICAL APPLICATION ............................................47-339
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
12
47.4 PPPOEINTERMEDIATE AGENT TROUBLESHOOTING................................................47-340
CHAPTER 48 WEB PORTAL CONFIGURATION ......................................48-341
48.1 INTRODUCTION TO WEB PORTAL AUTHENTICATION .................................................48-341
48.2 WEB PORTAL AUTHENTICATION CONFIGURATION TASK LIST....................................48-341
48.3 WEB PORTAL AUTHENTICATION TYPICAL EXAMPLE ................................................48-343
48.4 WEB PORTAL AUTHENTICATION TROUBLESHOOTING...............................................48-344
CHAPTER 49 VLAN-ACL CONFIGURATION............................................49-345
49.1 INTRODUCTION TO VLAN-ACL.............................................................................49-345
49.2 VLAN-ACL CONFIGURATION TASK LIST................................................................49-345
49.3 VLAN-ACL CONFIGURATION EXAMPLE.................................................................49-347
49.4 VLAN-ACL TROUBLESHOOTING...........................................................................49-348
CHAPTER 50 SAVI CONFIGURATION......................................................50-349
50.1 INTRODUCTION TO SAVI .......................................................................................50-349
50.2 SAVI CONFIGURATION..........................................................................................50-349
50.3 SAVI TYPICAL APPLICATION .................................................................................50-353
50.4 SAVI TROUBLESHOOTING.....................................................................................50-354
CHAPTER 51 MRPP CONFIGURATION....................................................51-355
51.1 INTRODUCTION TO MRPP.....................................................................................51-355
51.1.1 Conception Introduction.......................................................................51-355
51.1.2 MRPP Protocol Packet Types ...............................................................51-357
51.1.3 MRPP Protocol Operation System.......................................................51-357
51.2 MRPP CONFIGURATION TASK LIST........................................................................51-358
51.3 MRPP TYPICAL SCENARIO...................................................................................51-360
51.4 MRPP TROUBLESHOOTING...................................................................................51-362
CHAPTER 52 ULPP CONFIGURATION ....................................................52-363
52.1 INTRODUCTION TO ULPP......................................................................................52-363
52.2 ULPP CONFIGURATION TASK LIST ........................................................................52-365
52.3 ULPP TYPICAL EXAMPLES ...................................................................................52-367
52.3.1 ULPP Typical Example1 ........................................................................52-367
52.3.2 ULPP Typical Example2 ........................................................................52-369
52.4 ULPP TROUBLESHOOTING ...................................................................................52-370
CHAPTER 53 ULSM CONFIGURATION....................................................53-371
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
13
53.1 INTRODUCTION TO ULSM .....................................................................................53-371
53.2 ULSM CONFIGURATION TASK LIST........................................................................53-372
53.3 ULSM TYPICAL EXAMPLE ....................................................................................53-373
53.4 ULSM TROUBLESHOOTING...................................................................................53-374
CHAPTER 54 MIRROR CONFIGURATION ...............................................54-375
54.1 INTRODUCTION TO MIRROR ...................................................................................54-375
54.2 MIRROR CONFIGURATION TASK LIST......................................................................54-375
54.3 MIRROR EXAMPLES..............................................................................................54-376
54.4 DEVICE MIRROR TROUBLESHOOTING.....................................................................54-377
CHAPTER 55 SFLOW CONFIGURATION.................................................55-378
55.1 INTRODUCTION TO SFLOW.....................................................................................55-378
55.2 SFLOW CONFIGURATION TASK LIST .......................................................................55-378
55.3 SFLOW EXAMPLES ...............................................................................................55-380
55.4 SFLOW TROUBLESHOOTING ..................................................................................55-381
CHAPTER 56 SNTP CONFIGURATION ....................................................56-382
56.1 INTRODUCTION TO SNTP......................................................................................56-382
56.2 TYPICAL EXAMPLES OF SNTP CONFIGURATION......................................................56-383
CHAPTER 57 NTP FUNCTION CONFIGURATION ...................................57-384
57.1 INTRODUCTION TO NTP FUNCTION.........................................................................57-384
57.2 NTP FUNCTION CONFIGURATION TASK LIST...........................................................57-384
57.3 TYPICAL EXAMPLES OF NTP FUNCTION.................................................................57-387
57.4 NTP FUNCTION TROUBLESHOOTING......................................................................57-388
CHAPTER 58 SUMMER TIME CONFIGURATION ....................................58-389
58.1 INTRODUCTION TO SUMMER TIME ..........................................................................58-389
58.2 SUMMER TIME CONFIGURATION TASK SEQUENCE...................................................58-389
58.3 EXAMPLES OF SUMMER TIME ................................................................................58-389
58.4 SUMMER TIME TROUBLESHOOTING........................................................................58-390
CHAPTER 59 MONITOR AND DEBUG .....................................................59-391
59.1 PING ...................................................................................................................59-391
59.2 PING6 .................................................................................................................59-391
59.3 TRACEROUTE.......................................................................................................59-391
59.4 TRACEROUTE6.....................................................................................................59-392
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
14
59.5 SHOW .................................................................................................................59-392
59.6 DEBUG................................................................................................................59-393
59.7 SYSTEM LOG........................................................................................................59-393
59.7.1 System Log Introduction ......................................................................59-393
59.7.2 System Log Configuration....................................................................59-395
59.7.3 System Log Configuration Example....................................................59-397
CHAPTER 60 RELOAD SWITCH AFTER SPECIFIED TIME.....................60-398
60.1 INTRODUCE TO RELOAD SWITCH AFTER SPECIFID TIME...........................................60-398
60.2 RELOAD SWITCH AFTER SPECIFID TIME TASK LIST .................................................60-398
CHAPTER 61 DEBUGGING AND DIAGNOSIS FOR PACKETS RECEIVED
AND SENT BY CPU...................................................................................61-399
61.1 INTRODUCTION TO DEBUGGING AND DIAGNOSIS FOR PACKETS RECEIVED AND SENT BY
CPU...........................................................................................................................61-399
61.2 DEBUGGING AND DIAGNOSIS FOR PACKETS RECEIVED AND SENT BY CPU TASK LIST61-399
CHAPTER 62 COMMANDS FOR BASIC SWITCH CONFIGURATION.....62-401
62.1 COMMANDS FOR BASIC CONFIGURATION ...............................................................62-401
62.1.1 authentication line.................................................................................62-401
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
1
Chapter 1 Switch Management
1.1 Management Options
After purchasing the switch, the user needs to configure the switch for network management.
Switch provides two management options: in-band management and out-of-band
management.
1.1.1 Out-Of-Band Management
Out-of-band management is the management through Console interface. Generally, the user
will use out-of-band management for the initial switch configuration, or when in-band
management is not available. For instance, the user must assign an IP address to the switch
via the Console interface to be able to access the switch through Telnet.
The procedures for managing the switch via Console interface are listed below:
Step 1: setting up the environment:
Out-of-band Management Configuration Environment
As shown in above, the serial port (RS-232) is connected to the switch with the serial cable
provided. The table below lists all the devices used in the connection.
Device Name
Description
PC ma
Has functional keyboard and RS-232, with terminal emulator installed,
such as HyperTerminal included in Windows 9x/NT/2000/XP.
Serial port cable
One end attach to the RS-232 serial port, the other end to the Console
port.
Switch
Functional Console port required.
Connected with cable
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
2
Step 2:Entering the HyperTerminal
Open the HyperTerminal included in Windows after the connection established. The example
below is based on the HyperTerminal included in Windows XP.
1) Click Start menu - All Programs -Accessories -Communication - HyperTerminal.
2) Type a name for opening HyperTerminal, such as “Switch”.
Opening HyperTerminal
3) In the “Connecting using” drop-list, select the RS-232 serial port used by the PC, e.g.
COM1, and click “OK”.
Opening HyperTerminal
4) COM1 property appears, select “9600” for “Baud rate”, “8” for “Data bits”, “none” for “Parity
checksum”, “1” for stop bit and “none” for traffic control; or, you can also click “Restore default”
and click “OK”.
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
3
Opening HyperTerminal
Step 3: Entering switch CLI interface
Power on the switch, the following appears in the HyperTerminal windows, that is the CLI
configuration mode for Switch.
Testing RAM...
0x077C0000 RAM OK
Loading MiniBootROM...
Attaching to file system ...
Loading nos.img ... done.
Booting......
Starting at 0x10000...
Attaching to file system ...
……
--- Performing Power-On Self Tests (POST) ---
DRAM Test....................PASS!
PCI Device 1 Test............PASS!
FLASH Test...................PASS!
FAN Test.....................PASS!
Done All Pass.
------------------ DONE ---------------------
Current time is SUN JAN 01 00:00:00 2006
……
Switch>
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
4
The user can now enter commands to manage the switch. For a detailed description for the
commands, please refer to the following chapters.
1.1.2 In-band Management
In-band management refers to the management by login to the switch using Telnet, or using
HTTP, or using SNMP management software to configure the switch. In-band management
enables management of the switch for some devices attached to the switch. In the case when
in-band management fails due to switch configuration changes, out-of-band management can
be used for configuring and managing the switch.
1.1.2.1 Management via Telnet
To manage the switch with Telnet, the following conditions should be met:
Switch has an IPv4/IPv6 address configured;
The host IP address (Telnet client) and the switch’s VLAN interface IPv4/IPv6 address is in the
same network segment;
If 2) is not met, Telnet client can connect to an IPv4/IPv6 address of the switch via other
devices, such as a router.
The switch is a Layer 3 switch that can be configured with several IPv4/IPv6 addresses, the
configuration method refers to the relative chapter. The following example assumes the
shipment status of the switch where only VLAN1 exists in the system.
The following describes the steps for a Telnet client to connect to the switch’s VLAN1 interface
by Telnet(IPV4 address example):
Manage the switch by Telnet
Step 1: Configure the IP addresses for the switch and start the Telnet Server function on the
switch.
Connected with cable
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
5
First is the configuration of host IP address. This should be within the same network segment
as the switch VLAN1 interface IP address. Suppose the switch VLAN1 interface IP address is
10.1.128.251/24. Then, a possible host IP address is 10.1.128.252/24. Run “ping
10.1.128.251” from the host and verify the result, check for reasons if ping failed.
The IP address configuration commands for VLAN1 interface are listed below. Before in-band
management, the switch must be configured with an IP address by out-of-band management
(i.e. Console mode), the configuration commands are as follows (All switch configuration
prompts are assumed to be “Switch” hereafter if not otherwise specified):
Switch>
Switch>enable
Switch#config
Switch(config)#interface vlan 1
Switch(Config-if-Vlan1)#ip address 10.1.128.251 255.255.255.0
Switch(Config-if-Vlan1)#no shutdown
To enable the Telnet Server function, users should type the CLI command telnet-server enable
in the global mode as below:
Switch>enable
Switch#config
Switch(config)# telnet-server enable
Step 2: Run Telnet Client program.
Run Telnet client program included in Windows with the specified Telnet target.
Run telnet client program included in Windows
Step 3: Login to the switch.
Login to the Telnet configuration interface. Valid login name and password are required,
otherwise the switch will reject Telnet access. This is a method to protect the switch from
unauthorized access. As a result, when Telnet is enabled for configuring and managing the
switch, username and password for authorized Telnet users must be configured with the
following command: username <username> privilege <privilege> [password (0|7)
<password>]. To open the local authentication style with the following command:
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
6
authentication line vty login local. Privilege option must exist and just is 15. Assume an
authorized user in the switch has a username of “test”, and password of “test”, the
configuration procedure should like the following:
Switch>enable
Switch#config
Switch(config)#username test privilege 15 password 0 test
Switch(config)#authentication line vty login local
Enter valid login name and password in the Telnet configuration interface, Telnet user will be
able to enter the switch’s CLI configuration interface. The commands used in the Telnet CLI
interface after login is the same as that in the Console interface.
Telnet Configuration Interface
1.1.2.2 Management via HTTP
To manage the switch via HTTP, the following conditions should be met:
Switch has an IPv4/IPv6 address configured;
The host IPv4/IPv6 address (HTTP client) and the switch’s VLAN interface IPv4/IPv6 address
are in the same network segment;
If 2) is not met, HTTP client should connect to an IPv4/IPv6 address of the switch via other
devices, such as a router.
Similar to management the switch via Telnet, as soon as the host succeeds to ping/ping6 an
IPv4/IPv6 address of the switch and to type the right login password, it can access the switch
via HTTP. The configuration list is as below:
Table of contents
Other q-Tech Switch manuals
q-Tech
q-Tech QSW-8200 series User manual
q-Tech
q-Tech QSW-6900-56LF Series Installation and operating manual
q-Tech
q-Tech QSW-4700 Series Installation and operating manual
q-Tech
q-Tech QSW-6300 Series Installation and operating manual
q-Tech
q-Tech QSW-4600 Series Installation and operating manual
q-Tech
q-Tech QSW-7600 Series Installation and operating manual
q-Tech
q-Tech QSW-6200-32T Installation and operating manual
q-Tech
q-Tech QSW-4600-12T-POE Installation and operating manual
q-Tech
q-Tech QSW-6900-32H Series User manual
