Zte ZXR10 8900 Series User manual

ZXR108900Series

10GRoutingSwitch

UserManual(FWVolume)

Version2.8.02.C

ZTECORPORATION

ZTEPlaza,KejiRoadSouth,

Hi-TechIndustrialPark,

NanshanDistrict,Shenzhen,

P .R.China

518057

Tel:(86)75526771900800-9830-9830

Fax:(86)75526772236

URL:http://support.zte.com.cn

E-mail:[email protected]

LEGALINFORMATION

Thecontentsofthisdocumentareprotectedbycopyrightlawsandinternationaltreaties.Anyreproductionordistributionof

thisdocumentoranyportionofthisdocument,inanyformbyanymeans,withoutthepriorwrittenconsentofZTECORPO-

RATIONisprohibited.Additionally,thecontentsofthisdocumentareprotectedbycontractualcondentialityobligations.

Allcompany,brandandproductnamesaretradeorservicemarks,orregisteredtradeorservicemarks,ofZTECORPORATION

oroftheirrespectiveowners.

Thisdocumentisprovided“asis” ,andallexpress,implied,orstatutorywarranties,representationsorconditionsaredis-

claimed,includingwithoutlimitationanyimpliedwarrantyofmerchantability,tnessforaparticularpurpose,titleornon-in-

fringement.ZTECORPORATIONanditslicensorsshallnotbeliablefordamagesresultingfromtheuseoforrelianceonthe

informationcontainedherein.

ZTECORPORATIONoritslicensorsmayhavecurrentorpendingintellectualpropertyrightsorapplicationscoveringthesubject

matterofthisdocument.ExceptasexpresslyprovidedinanywrittenlicensebetweenZTECORPORATIONanditslicensee,

theuserofthisdocumentshallnotacquireanylicensetothesubjectmatterherein.

ZTECORPORATIONreservestherighttoupgradeormaketechnicalchangetothisproductwithoutfurthernotice.

UsersmayvisitZTEtechnicalsupportwebsitehttp://ensupport.zte.com.cntoinquirerelatedinformation.

TheultimaterighttointerpretthisproductresidesinZTECORPORATION.

RevisionHistory

RevisionNo.RevisionDateRevisionReason

R1.020090630FirstRelease

SerialNumber:sjzl20093843

Contents

AboutThisManual..............................................i

FirewallOverview.............................................1

FunctionOverview..........................................................1

WorkingPrinciple........................................................2

WorkingModes...........................................................4

ManagementModes........................................................5

LoggingintoFWthroughConsolePort...........................5

LoggingintoFWthroughTelnet....................................6

LoggingintoFWthroughBrowser.................................7

SystemManagementConguration...................9

SystemManagementOverview.........................................9

QueryingSystemBasicInformation.................................10

QueryingSystemRunningInformation.............................10

ConguringSystemManagement.....................................11

SettingSystemParameters.........................................11

ManagingSystemServices.........................................15

SettingOpenServices................................................16

SettingWEBUIAuthentication.....................................20

CongurationMaintenance..............................................21

CongurationMaintenanceOverview............................21

ConguringMaintenance............................................22

RestoringSystem......................................................23

RebootingSystem.....................................................23

ConguringSystemManager...........................................23

SystemManagerOverview..........................................23

ConguringSystemManager.......................................23

SystemManagerCongurationExample.......................26

ResourceManagementConguration..............27

ResourceManagementOverview.....................................27

ConguringAddressResource.........................................28

AddressResourceCongurationOverview.....................28

SettingHostResource................................................28

SettingAddressRangeResource..................................31

SettingSubnetResource............................................35

SettingAddressGroup...............................................38

ConguringAreaResource..............................................41

AreaResourceCongurationOverview.........................41

ConguringAreaResource..........................................41

ConguringTimeResource.............................................44

TimeResourceCongurationOverview.........................44

ConguringWeekCycle..............................................45

ConguringYearCycle...............................................47

ConguringServiceResource..........................................50

ServiceResourceCongurationOverview......................50

ShowingSystemDenedServices................................50

ConguringCustomizedServices.................................51

ConguringServerGroup...........................................54

ZXR10FWFunctionManagement....................57

ZXR10FWFunctionManagementOverview.......................57

ConguringZXR10FW...................................................58

AccessingandExitingFWCongurationMode................58

CreatingandDeletingFW-TemplateMode.....................58

BindingManagementIP..............................................59

ConguringFlowRecovery..........................................60

BindingSlotNumber..................................................60

ConguringNATIP....................................................61

ConguringSession...................................................62

BindingFWT emplateforSpecicVLAN.........................62

ViewingManagementConguration..............................63

ConguringVLAN......................................................64

PacketFilteringandAccessControlRule

Conguration............................................67

ConguringPacketFilteringPolicy....................................67

PacketFilteringOverview............................................67

ConguringPacketFilteringPolicy................................67

PacketFilteringPolicyCongurationExample................73

PacketFilteringPolicyCongurationExample

One.....................................................73

PacketFilteringPolicyCongurationExample

Two......................................................75

ConguringAccessControlRules.....................................76

AccessControlRuleOverview......................................76

ConguringAccessControlRule...................................76

AccessControlRuleCongurationExample...................82

AccessControlRuleCongurationExample

One.....................................................82

AccessControlRuleCongurationExample

Two......................................................84

ConguringIDSInteraction.............................................86

IDSInteractionOverview............................................86

ConguringIDSInteraction.........................................86

NATConguration...........................................89

NATOverview...............................................................89

ConguringNAT............................................................90

NATCongurationExample.............................................96

Address-BasedSourceAddressTranslation

CongurationExample.......................................96

IPAddress-BasedDestinationAddressTranslation

CongurationExample.......................................97

Port-BasedDestinationAddressTranslation

CongurationExample.......................................98

ProtocolFilteringConguration.....................101

ProtocolFilteringOverview...........................................101

ConguringApplicationPortBinding...............................101

ApplicationPortBindingOverview..............................101

ConguringApplicationPortBinding...........................102

ApplyingPortBindingCongurationExample...............104

ConguringSIPService................................................104

IntrusionPreventionConguration...............107

IntrusionPreventionOverview.......................................107

ConguringIntrusionDetectionRule..............................107

LoadBalancingConguration........................113

LoadBalancingOverview..............................................113

ConguringLoadBalancing...........................................113

ConguringLoadBalancingServer.............................113

ConguringLoadBalancingGroup.............................116

HighAvailabilityCongurationExample..........................119

LogandAlarmConguration.........................123

LogandAlarmOverview...............................................123

LogConguration....................................................123

ViewingLog............................................................123

Alarms...................................................................124

ConguringLogsandAlamrs.........................................124

ConguringLog.......................................................124

ViewingLog............................................................126

ConguringAlarms..................................................127

Figures..........................................................133

Tables...........................................................135

Glossary........................................................137

AboutThisManual

ThismanualisZXR108900Series(V2.8.02.C)10GRout-

ingSwitchUserManual(FWVolume)andappliestoZXR10

8902/8905/8908/891210Groutingswitch(V2.8.02.C).

ZXR108900series10Groutingswitchhasthefollowingrelated

manuals:

ManualSummary

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchHardwareInstallation

Manual

Thismanualdescribes

installationpreparation,

19-inchcabinetinstallation,

maindeviceinstallation,

powercableconnection,cable

connectionandhardware

inspection.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchHardwareManual

Thismanualdescribes

devicefunctions,technical

characteristicsand

parameters,workingprinciple,

hardwarestructure,MCS,LIC,

powermoduleandfanplug-in

box.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchUserManual(Basic

ConfigurationVolume)

Thismanualdescribesusing

andoperationofdevice,

systemmanagement,

CLIprivilegeranking

configuration,port

configuration,network

protocolconfiguration,

DHCPconfiguration,

VRRPconfiguration,

ACLconfiguration,QoS

configuration,DOTIX

configuration,cluster

managementconfiguration,

networkmanagement

configuration,IPTV

configuration,VBAS

configuration,CPUguard,

URPFconfigurationandUDLD

configuration.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchUserManual(Ethernet

SwitchingVolume)

Thismanualdescribes

deviceVLANconfiguration,

STPconfiguration,MAC

addresstableoperation,link

aggregationconfiguration,

IGMPSnoopingconfiguration,

linkprotectionconfiguration,

EthernetOAMconfiguration

andEPONOLTconfiguration.

ConfidentialandProprietaryInformationofZTECORPORATIONi

ZXR108900SeriesUserManual(FWVolume)

ManualSummary

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchUserManual(IPv4

RoutingVolume)

Thismanualdescribes

staticroutingconfiguration,

RIPconfiguration,OSPF

configuration,IS-IS

configuration,BGP

configuration,loadbalancing

configuration,multicast

routingconfiguration,IP/LDP

FRRconfigurationandBFD

configuration.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchUserManual(MPLS

Volume)

Thismanualdescribesdevice

MPLSconfiguration,MPLS

L3VPNconfigurationandMPLS

L2VPNconfiguration.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchUserManual(IPv6

Volume)

Thismanualdescribesdevice

IPv6addressconfiguration,

IPv6neighbordiscovery

protocolconfiguration,IPv6

tunnelconfiguration,IPv6

staticroutingconfiguration,

RIPngconfiguration,OSPFv3

configuration,IS-ISv6

configurationandBGP+

configuration.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchUserManual(DPI

Volume)

Thismanualdescribes

devicesignaturesymbol

configuration,signature

entryconfiguration,

policyconfiguration,

subserviceconfiguration,

serviceconfigurationand

DPI-templateconfiguration.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchUserManual(FW

Volume)

Thischapterdescribes

systemmanagement

configuration,resource

managementconfiguration,

FWfunctionmanagement,

packetfilteringandaccess

controlruleconfiguration,NAT

configuration,protocolfiltering

configuration,intrusion

preventionconfiguration,high

availabilityconfiguration,and

logandalarmconfiguration.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchCommandManual

(CommandIndexVolume)

Thismanualdescribesvolume

andsectioncorrespondingto

eachcommandinZXR108900

series10Groutingswitch.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchCommandManual

(IPv6Volume)

Thismanualdescribes

IPv6-relatedcommandsin

ZXR108900series10G

routingswitch.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchCommandManual(IP

RoutingVolumeI)

ThismanualdescribesRIP,

OSPFandIS-IS-related

commandsinZXR108900

series10Groutingswitch.

iiConfidentialandProprietaryInformationofZTECORPORATION

AboutThisManual

ManualSummary

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchCommandManual(IP

RoutingVolumeII)

ThismanualdescribesBGP,

routemapandrouting

policy-relatedcommands

inZXR108900series10G

routingswitch.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchCommandManual

(MPLSVolume)

Thismanualdescribes

MPLS-relatedcommands

inZXR108900series10G

routingswitch.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchCommandManual

(QoSVolume)

Thismanualdescribes

QoS-relatedcommandsin

ZXR108900series10G

routingswitch.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchCommandManual

(SecurityVolume)

Thismanualdescribes

securityconfiguration-related

commandsinZXR108900

series10Groutingswitch.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchCommandManual

(BasicConfigurationVolumeI)

Thismanualdescribes

systemmanagement,file

management,userinterface,

logstatistics,FTP/TFTPserver

andIPvr-relatedcommands

inZXR108900series10G

routingswitch.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchCommandManual

(BasicConfigurationVolumeII)

Thismanualdescribes

interfaceconfiguration,DHCP

andVRRP-relatedcommands

inZXR108900series10G

routingswitch.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchCommandManual

(BasicConfigurationVolumeIII)

ThismanualdescribesNAT,

TimeRange,stackand

DEBUG-relatedcommands

inZXR108900series10G

routingswitch.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchCommandManual

(NetworkManagementVolume)

Thismanualdescribes

networkmanagement-related

commandsinZXR108900

series10Groutingswitch.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchCommandManual

(EthernetSwitchingVolume)

ThismanualdescribesMAC,

VLAN,SuperVLAN,STP,link

aggregation,VBAS,MACPING

andUDLD-relatedcommands

inZXR108900series10G

routingswitch.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchCommandManual

(VoiceandVideoVolume)

ThismanualdescribesVOIP

andIPTV-relatedcommands

inZXR108900series10G

routingswitch.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchCommandManual

(MulticastVolume)

Thismanualdescribes

multicastprotocol-related

commandsinZXR108900

series10Groutingswitch.

ConfidentialandProprietaryInformationofZTECORPORATIONiii

ZXR108900SeriesUserManual(FWVolume)

ManualSummary

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchCommandManual

(DPIVolume)

Thismanualdescribes

DPI-relatedcommandsin

ZXR108900series10G

routingswitch.

ZXR108900Series(V2.8.02.C)10G

RoutingSwitchCommandManual

(FWVolume)

Thismanualdescribes

FW-relatedcommandsin

ZXR108900series10G

routingswitch.

CommandssupportedbyZXR108900series(V2.8.02.C)10G

routingswitcharebasedonuniformplatformZXROSV4.8.22.

ZXR108900Series(V2.8.02.C)10GRoutingSwitchUserManual

(FWVolume)containsthefollowingchapters:

ChapterSummary

Chapter1FWOverviewThischapterdescribesFWfunctionalprinciple

andmanagementmode.

Chapter2System

Management

Configuration

Thischapterdescribesbasicconcept,

configurationandconfigurationexampleof

FWsystemmanagement.

Chapter3Resource

Management

Configuration

Thischapterdescribesbasicconcept,

configurationandconfigurationexampleof

FWresourcemanagement.

Chapter4ZXR10FW

FunctionManagement

Thischapterdescribesbasicconcept,

configurationandconfigurationexampleof

FWfunctionmanagement.

Chapter5Packet

Filteringand

AccessControlRule

Configuration

Thischapterdescribesbasicconcepts,

configurationsandconfigurationexamplesof

FWpacketfilteringandaccesscontrolrule.

Chapter6NAT

Configuration

Thischapterdescribesbasicconcept,

configurationandconfigurationexampleof

FWNAT.

Chapter7Protocol

FilteringConfiguration

Thischapterdescribesbasicconcept,

configurationandconfigurationexampleof

FWprotocolfiltering.

Chapter8Intrusion

Prevension

Configuration

Thischapterdescribesbasicconcept,

configurationandconfigurationexampleof

FWintrusionprevention.

Chapter9HighAvailab

ilityConfiguration

Thischapterdescribesbasicconcept,

configurationandconfigurationexampleof

FWhighavailability.

Chapter10Logand

AlarmConfiguration

Thischapterdescribesbasicconcept,

configurationandconfigurationexampleof

logandalarm.

GlossaryThispartlistsglossariesusedinthismanual.

ivConfidentialandProprietaryInformationofZTECORPORATION

Other manuals for ZXR10 8900 Series

Table of contents

Other Zte Switch manuals

Zte

Zte ZXR10 5916E Owner's manual

Zte

Zte ZXR10 2900E Series Installation manual

Zte

Zte ZXR10 8900 Series Installation manual

Zte

Zte MC8010CA User manual

Zte

Zte ZXR10 8900 Series Installation manual

Zte

Zte ZXR10 5900E Series User manual

Zte

Zte ZXR10 5900 Series User manual

Zte

Zte ZXR10 5900E Series User manual

Zte

Zte ZXR10 5900E Series User manual

Zte

Zte ZXR10 5900 Series User manual

Zte

Zte ZXR10 8900 Series Installation manual

Zte

Zte ZXR10 8900 Series Technical specifications

Zte

Zte ZXR10 5900E Series User manual

Zte

Zte ZXR10 2910E-PS User manual

Zte

Zte ZXR10 2920 User manual

Zte

Zte ZXR10 8900 Series User manual

Zte

Zte ZXR10 3928A Assembly instructions

Zte

Zte ZXR10 5900E Series Instructions for use

Zte

Zte MF275R User manual

Zte

Zte ZXR10 8900 Series Assembly instructions

Zte

Zte ZXR10 5900 Series Technical specifications

Zte

Zte ZXR10 5900E Series User manual

Zte

Zte ZXR10 5900E Series User manual

Zte

Zte ZXR10 8900 Series User manual

Popular Switch manuals by other brands

TRENDnet

TRENDnet TK-401R null

TRENDnet

TRENDnet TK-200K null

TRENDnet

TRENDnet TE100-S8 null

URC

URC Total Control MFS-8 installation manual

Azbil

Azbil HPQ-D11 user manual

Sony

Sony DFS-900M operating instructions

SICK

SICK i17S operating instructions

F&F

F&F SZR-277 quick start guide

Shure

Shure UAMS/BK user guide

Dräger

Dräger X-zone Switch Off Instructions for use

Asco

Asco Joucomatic 349 Series manual

BT Mini Hub user guide

D-Link

D-Link DES-1226G manual

Johnson Controls

Johnson Controls FS80-C installation instructions

MicroNet

MicroNet SP1200A user manual

Ruijie

Ruijie RG-PF2920 Series Hardware installation and reference guide

Altinex

Altinex DA1914SX user guide

RJM

RJM MASTERMIND PBC/6X user manual