H3C Technologies H3C S3100 Series Switches User Manual
H3C Technologies Routers
Table of contents
Document Outline
- 00-1Title page
- 00-2Preface
- 01-CLI Operation
- 02-Login Operation
- 1 Logging into an Ethernet Switch
- 2 Logging in through the Console Port
- 3 Logging in through Telnet
- 4 Logging in Using a Modem
- 5 Logging in through the Web-based Network Management System
- 6 Logging in through NMS
- 7 User Control
- 03-Configuration File Management Operation
- 04-VLAN Operation
- 1 VLAN Overview
- 2 VLAN Configuration
- VLAN Configuration
- Configuring a Port-Based VLAN
- Configuring a MAC-Based VLAN
- Configuring a Protocol-Based VLAN
- 05-Static Route Operation
- 06-IP Address-IP Performance Operation
- 07-Voice VLAN Operation
- 1 Voice VLAN Configuration
- Voice VLAN Overview
- Voice VLAN Configuration
- Displaying and Maintaining Voice VLAN
- Voice VLAN Configuration Example
- 1 Voice VLAN Configuration
- 08-GVRP Operation
- 09-Port Basic Configuration Operation
- 1 Port Basic Configuration
- Ethernet Port Configuration
- Combo Port Configuration
- Initially Configuring a Port
- Configuring Port Auto-Negotiation Speed
- Limiting Traffic on individual Ports
- Enabling Flow Control on a Port
- Duplicating the Configuration of a Port to Other Ports
- Configure loopback detection for Ethernet port(s)
- Enabling Loopback Test
- Configuring a Port Group
- Enabling the System to Test Connected Cable
- Configuring the Interval to Perform Statistical Analysis on Port Traffic
- Disabling Up/Down Log Output on a Port
- Configuring Storm Control on a Port
- Setting the Port State Change Delay
- Displaying and Maintaining Basic Port Configuration
- Ethernet Port Configuration Example
- Troubleshooting Ethernet Port Configuration
- Ethernet Port Configuration
- 1 Port Basic Configuration
- 10-Link Aggregation Operation
- 1 Link Aggregation Configuration
- 11-Port Isolation Operation
- 12-Port Security-Port Binding Operation
- 1 Port Security Configuration
- Port Security Overview
- Port Security Configuration Task List
- Enabling Port Security
- Setting the Maximum Number of MAC Addresses Allowed on a Port
- Setting the Port Security Mode
- Configuring Port Security Features
- Configuring Guest VLAN for a Port in macAddressOrUserLoginSecure mode
- Ignoring the Authorization Information from the RADIUS Server
- Configuring Security MAC Addresses
- Displaying and Maintaining Port Security Configuration
- Port Security Configuration Example
- 2 Port Binding Configuration
- 1 Port Security Configuration
- 13-DLDP Operation
- 14-MAC Address Table Management Operation
- 1 MAC Address Table Management
- Overview
- MAC Address Table Management
- Displaying MAC Address Table Information
- Configuration Example
- 1 MAC Address Table Management
- 15-MSTP Operation
- 1 MSTP Configuration
- Overview
- MSTP Configuration Task List
- Configuring Root Bridge
- Configuring an MST Region
- Specifying the Current Switch as a Root Bridge/Secondary Root Bridge
- Configuring the Bridge Priority of the Current Switch
- Configuring How a Port Recognizes and Sends MSTP Packets
- Configuring the MSTP Operation Mode
- Configuring the Maximum Hop Count of an MST Region
- Configuring the Network Diameter of the Switched Network
- Configuring the MSTP Time-related Parameters
- Configuring the Timeout Time Factor
- Configuring the Maximum Transmitting Rate on the Current Port
- Configuring the Current Port as an Edge Port
- Setting the Link Type of a Port to P2P
- Enabling MSTP
- Configuring Leaf Nodes
- Configuring the MST Region
- Configuring How a Port Recognizes and Sends MSTP Packets
- Configuring the Timeout Time Factor
- Configuring the Maximum Transmitting Rate on the Current Port
- Configuring a Port as an Edge Port
- Configuring the Path Cost for a Port
- Configuring Port Priority
- Setting the Link Type of a Port to P2P
- Enabling MSTP
- Performing mCheck Operation
- Configuring Guard Functions
- Configuring Digest Snooping
- Configuring Rapid Transition
- Configuring VLAN-VPN Tunnel
- MSTP Maintenance Configuration
- Enabling Trap Messages Conforming to 802.1d Standard
- Displaying and Maintaining MSTP
- MSTP Configuration Example
- VLAN-VPN Tunnel Configuration Example
- 1 MSTP Configuration
- 16-Multicast Operation
- 1 Multicast Overview
- 2 IGMP Snooping Configuration
- IGMP Snooping Overview
- IGMP Snooping Configuration
- Enabling IGMP Snooping
- Configuring the Version of IGMP Snooping
- Configuring Timers
- Configuring Fast Leave Processing
- Configuring a Multicast Group Filter
- Configuring the Maximum Number of Multicast Groups on a Port
- Configuring IGMP Snooping Querier
- Suppressing Flooding of Unknown Multicast Traffic in a VLAN
- Configuring Static Member Port for a Multicast Group
- Configuring a Static Router Port
- Configuring a Port as a Simulated Group Member
- Configuring a VLAN Tag for Query Messages
- Configuring Multicast VLAN
- Displaying and Maintaining IGMP Snooping
- IGMP Snooping Configuration Examples
- Troubleshooting IGMP Snooping
- 3 MLD Snooping Configuration
- MLD Snooping Overview
- MLD Snooping Configuration Task List
- Configuring Basic Functions of MLD Snooping
- Configuring MLD Snooping Port Functions
- Configuring MLD Snooping Querier
- Configuring MLD Snooping Proxying
- Configuring an MLD Snooping Policy
- Displaying and Maintaining MLD Snooping
- MLD Snooping Configuration Examples
- Troubleshooting MLD Snooping
- 4 IPv6 Multicast VLAN Configuration
- 5 Multicast User Control Policy Configuration
- 6 Common Multicast Configuration
- 17-802.1x-System Guard Operation
- 1 802.1x Configuration
- Introduction to 802.1x
- Introduction to 802.1x Configuration
- Basic 802.1x Configuration
- Advanced 802.1x Configuration
- Specifying a Mandatory Authentication Domain for a Port
- Configuring Proxy Checking
- Configuring Client Version Checking
- Enabling DHCP-triggered Authentication
- Enabling the Unicast Trigger Function for 802.1X Authentication
- Configuring Guest VLAN
- Configuring Auth-Fail VLAN for 802.1X Authentication
- Configuring 802.1x Re-Authentication
- Configuring the 802.1x Re-Authentication Timer
- Displaying and Debugging 802.1x
- Configuration Example
- 2 Quick EAD Deployment Configuration
- 3 HABP Configuration
- 4 System-Guard Configuration (For S3100-EI)
- 5 System-Guard Configuration (For S3100-SI)
- 1 802.1x Configuration
- 18-AAA Operation
- 1 AAA Overview
- 2 AAA Configuration
- AAA Configuration Task List
- RADIUS Configuration Task List
- Creating a RADIUS Scheme
- Configuring RADIUS Authentication/Authorization Servers
- Configuring Ignorance of Assigned RADIUS Authorization Attributes
- Configuring the Sending Mode of Accounting Start Requests
- Configuring RADIUS Accounting Servers
- Configuring Shared Keys for RADIUS Messages
- Configuring the Maximum Number of RADIUS Request Transmission Attempts
- Configuring the Type of RADIUS Servers to be Supported
- Configuring the Status of RADIUS Servers
- Configuring the Attributes of Data to be Sent to RADIUS Servers
- Configuring the Local RADIUS Authentication Server Function
- Configuring Timers for RADIUS Servers
- Enabling Sending Trap Message when a RADIUS Server Goes Down
- Enabling the User Re-Authentication at Restart Function
- HWTACACS Configuration Task List
- Creating an HWTACACS Scheme
- Configuring TACACS Authentication Servers
- Configuring TACACS Authorization Servers
- Configuring TACACS Accounting Servers
- Configuring Shared Keys for HWTACACS Messages
- Configuring the Attributes of Data to be Sent to TACACS Servers
- Configuring the Timers Regarding TACACS Servers
- Displaying and Maintaining AAA
- AAA Configuration Examples
- Troubleshooting AAA
- 3 EAD Configuration
- 19-MAC Address Authentication Operation
- 20-Web Authentication Operation
- 1 Web Authentication Configuration
- Introduction to Web Authentication
- Web Authentication Configuration
- Configuring an Auth-Fail VLAN for Web Authentication
- Configuring a Web Authentication-Free User
- Configuring HTTPS Access for Web Authentication
- Customizing Web Authentication Pages
- Configuring Web Authentication Transition
- Configuring a Proxy Server Port for Web Authentication
- Displaying and Maintaining Web Authentication
- Web Authentication Configuration Example
- 1 Web Authentication Configuration
- 21-Triple Authentication Operation
- 22-ARP Operation
- 23-DHCP Operation
- 1 DHCP Overview
- 2 DHCP Server Configuration
- Introduction to DHCP Server
- DHCP Server Configuration Task List
- Enabling DHCP
- Configuring the Global Address Pool Based DHCP Server
- Configuration Task List
- Enabling the Global Address Pool Mode on Interface(s)
- Creating a DHCP Global Address Pool
- Configuring an Address Allocation Mode for the Global Address Pool
- Configuring a Domain Name Suffix for the DHCP Client
- Configuring DNS Servers for the DHCP Client
- Configuring WINS Servers for the DHCP Client
- Configuring Gateways for the DHCP Client
- Configuring BIMS Server Information for the DHCP Client
- Configuring Option 184 Parameters for the Client with Voice Service
- Configuring a Self-Defined DHCP Option
- Configuring the Interface Address Pool Based DHCP Server
- Configuration Task List
- Enabling the Interface Address Pool Mode on Interface(s)
- Configuring an Address Allocation Mode for an Interface Address Pool
- Configuring a Domain Name Suffix for the DHCP Client
- Configuring DNS Servers for the DHCP Client
- Configuring WINS Servers for the DHCP Client
- Configuring BIMS Server Information for the DHCP Client
- Configuring Option 184 Parameters for the Client with Voice Service
- Configuring a Self-Defined DHCP Option
- Configuring DHCP Server Security Functions
- Configuring DHCP Accounting Functions
- Enabling the DHCP Server to Process Option 82
- Displaying and Maintaining the DHCP Server
- DHCP Server Configuration Examples
- Troubleshooting a DHCP Server
- 3 DHCP Snooping Configuration
- Introduction
- DHCP Snooping Configuration
- Configuring Unauthorized DHCP Server Detection
- Displaying DHCP Snooping Configuration
- DHCP Snooping Configuration Example
- 4 DHCP Packet Rate Limit Configuration
- 5 DHCP/BOOTP Client Configuration
- 24-ACL Operation
- 1 ACL Configuration
- ACL Overview
- ACL Configuration
- ACL Assignment
- Displaying ACL Configuration
- Example for Upper-Layer Software Referencing ACLs
- Example for Applying ACLs to Hardware
- 1 ACL Configuration
- 25-QoS-QoS Profile Operation
- 1 QoS Configuration
- Overview
- QoS Supported by the S3100 Series Ethernet Switches
- Introduction to QoS Features
- QoS Configuration
- Configuring Priority Trust Mode
- Configuring Priority Mapping
- Marking Packet Priority
- Configuring Traffic Policing
- Configuring Traffic Shaping
- Configuring Port Rate Limiting
- Configuring Traffic Redirecting
- Configuring VLAN Marking
- Configuring Queue Scheduling
- Configuring Traffic Accounting
- Enabling the Burst Function
- Configuring Traffic Mirroring
- Displaying QoS
- QoS Configuration Example
- 2 QoS Profile Configuration
- 1 QoS Configuration
- 26-Mirroring Operation
- 27-Stack-Cluster Operation
- 1 Stack
- 2 Cluster
- Cluster Overview
- Cluster Configuration Tasks
- Configuring the Management Device
- Management device configuration tasks
- Enabling NDP globally and on specific ports
- Configuring NDP-related parameters
- Enabling NTDP globally and on a specific port
- Configuring NTDP-related parameters
- Enabling the cluster function
- Configuring cluster parameters
- Configuring inside-outside interaction for a cluster
- Configuring Member Devices
- Managing a Cluster through the Management Device
- Configuring the Enhanced Cluster Features
- Configuring the Cluster Synchronization Function
- Configuring the Management Device
- Displaying and Maintaining Cluster Configuration
- Cluster Configuration Example
- 28-PoE-PoE Profile Operation
- 1 PoE Configuration
- PoE Overview
- PoE Configuration
- PoE Configuration Tasks
- Enabling the PoE Feature on a Port
- Setting the Maximum Output Power on a Port
- Setting PoE Management Mode and PoE Priority of a Port
- Setting the PoE Mode on a Port
- Configuring the PD Compatibility Detection Function
- Configuring PoE Over-Temperature Protection on the Switch
- Upgrading the PSE Processing Software Online
- Displaying PoE Configuration
- PoE Configuration Example
- 2 PoE Profile Configuration
- 1 PoE Configuration
- 29-SNMP-RMON Operation
- 30-NTP Operation
- 1 NTP Configuration
- Introduction to NTP
- NTP Configuration Tasks
- Configuring NTP Implementation Modes
- Configuring Access Control Right
- Configuring NTP Authentication
- Configuring Optional NTP Parameters
- Displaying NTP Configuration
- Configuration Example
- 1 NTP Configuration
- 31-SSH Operation
- 1 SSH Configuration
- SSH Overview
- SSH Server and Client Configuration Task List
- Configuring the SSH Server
- Configuring the User Interfaces for SSH Clients
- Configuring the SSH Management Functions
- Configuring the SSH Server to Be Compatible with SSH1 Clients
- Generating/Destroying Key Pairs
- Creating an SSH User and Specifying an Authentication Type
- Specifying a Service Type for an SSH User
- Configuring the Public Key of a Client on the Server
- Assigning a Public Key to an SSH User
- Exporting the RSA or DSA Public Key
- Configuring the SSH Client
- Displaying and Maintaining SSH Configuration
- Comparison of SSH Commands with the Same Functions
- SSH Configuration Examples
- When Switch Acts as Server for Local Password Authentication
- When Switch Acts as Server for Password and RADIUS Authentication
- When Switch Acts as Server for Password and HWTACACS Authentication
- When Switch Acts as Server for Publickey Authentication
- When Switch Acts as Client for Password Authentication
- When Switch Acts as Client for Publickey Authentication
- When Switch Acts as Client and First-Time Authentication is not Supported
- 1 SSH Configuration
- 32-File System Management Operation
- 33-FTP-SFTP-TFTP Operation
- 1 FTP and SFTP Configuration
- Introduction to FTP and SFTP
- FTP Configuration
- SFTP Configuration
- 2 TFTP Configuration
- 1 FTP and SFTP Configuration
- 34-Information Center Operation
- 1 Information Center
- Information Center Overview
- Information Center Configuration
- Introduction to the Information Center Configuration Tasks
- Configuring Synchronous Information Output
- Configuring to Display the Time Stamp with the UTC Time Zone
- Setting to Output System Information to the Console
- Setting to Output System Information to a Monitor Terminal
- Setting to Output System Information to a Log Host
- Setting to Output System Information to the Trap Buffer
- Setting to Output System Information to the Log Buffer
- Setting to Output System Information to the SNMP NMS
- Displaying and Maintaining Information Center
- Information Center Configuration Examples
- 1 Information Center
- 35-System Maintenance and Debugging Operation
- 1 Boot ROM and Host Software Loading
- 2 Basic System Configuration and Debugging
- 3 Network Connectivity Test
- 4 Device Management
- Introduction to Device Management
- Device Management Configuration
- Device Management Configuration Tasks
- Rebooting the Ethernet Switch
- Scheduling a Reboot on the Switch
- Configuring Real-time Monitoring of the Running Status of the System
- Specifying the APP to be Used at Reboot
- Upgrading the Boot ROM
- Enabling Auto Power Down on the 1000 Mbps Uplink Port
- Identifying and Diagnosing Pluggable Transceivers
- Displaying the Device Management Configuration
- Remote Switch APP Upgrade Configuration Example
- 5 Scheduled Task Configuration
- 36-VLAN-VPN Operation
- 1 VLAN-VPN Configuration
- 2 Selective QinQ Configuration
- 3 BPDU Tunnel Configuration
- 37-VLAN Mapping Operation
- 38-HWPing Operation
- 39-IPv6 Management Operation
- 1 IPv6 Configuration
- IPv6 Overview
- IPv6 Configuration Task List
- Configuring an IPv6 Unicast Address
- Configuring IPv6 NDP
- Configuring a Static IPv6 Route
- Configuring IPv6 TCP Properties
- Configuring the Maximum Number of IPv6 ICMP Error Packets Sent within a Specified Time
- Configuring the Hop Limit of ICMPv6 Reply Packets
- Configuring ND Snooping
- Configuring the ND Detection
- Configuring DHCPv6 Snooping
- Configuring IPv6 Filtering
- Configuring IPv6 DNS
- Displaying and Maintaining IPv6
- IPv6 Configuration Examples
- 2 IPv6 Application Configuration
- 1 IPv6 Configuration
- 40-DNS Operation
- 41-Smart Link-Monitor Link Operation
- 42-ARP and IP Attack Defense Operation
- 1 ARP and IP Attack Defense Configuration
- ARP Packet Filtering Based on Gateway’s Address
- Configuring the Maximum Number of Dynamic ARP Entries a VLAN Interface Can Learn
- ARP/IP Attack Defense Based on 802.1x
- Configuring ARP Source MAC Address Consistency Check
- ARP Attack Defense Configuration Example I
- ARP Attack Defense Configuration Example II
- ARP/IP Attack Defense Configuration Example III
- 1 ARP and IP Attack Defense Configuration
- 43-LLDP Operation
- 44-PKI Operation
- 1 PKI Configuration
- Introduction to PKI
- PKI Configuration Task List
- Configuring an Entity DN
- Configuring a PKI Domain
- Submitting a PKI Certificate Request
- Retrieving a Certificate Manually
- Configuring PKI Certificate Verification
- Destroying a Local RSA Key Pair
- Deleting a Certificate
- Configuring an Access Control Policy
- Displaying and Maintaining PKI
- PKI Configuration Examples
- Troubleshooting PKI
- 1 PKI Configuration
- 45-SSL Operation
- 46-HTTPS Operation
- 1 HTTPS Configuration
- HTTPS Overview
- HTTPS Configuration Task List
- Associating the HTTPS Service with an SSL Server Policy
- Enabling the HTTPS Service
- Associating the HTTPS Service with a Certificate Attribute Access Control Policy
- Associating the HTTPS Service with an ACL
- Displaying and Maintaining HTTPS
- HTTPS Configuration Example
- 1 HTTPS Configuration
- 47-Ethernet OAM Operation
- 1 Ethernet OAM Configuration
- 48-CFD Operation
- 49-Appendix