![Qtech QSW-2800v2 [156/230] Configure layer2 acl](/img/pdf.png)
Qtech QSW-2800v2 [156/230] Configure layer2 acl
![Qtech QSW-2800v2 [156/230] Configure layer2 acl](/views2/1596593/page156/bg9c.png)
Chapter7 Security Configuration
7-2
Layer2 ACL: Mainly based on source MAC, destination MAC, VLAN, priority,
protocol type, rate limitation template, time-range template and etc. to classify the
data.
Layer3 ACL: Mainly based on source IP, destination IP, source port number,
destination port number, protocol type, priority, fragment, lifetime, rate limitation
template, time-range template and etc. to classify the data.
Mixed ACL: Mainly based on source MAC, destination MAC, source IP,
destination IP, source port number, destination port number, protocol type, priority,
VLAN, rate limitation template, time-range template and etc. to classify the data.
Layer3 ACL6: Mainly based on source IPv6, destination IPv6, source port number,
destination port number, protocol type, hop limitation, the next head, traffic class,
flow flag, rate limitation template, time-range template and etc. to classify the
data.
7.2.2 Configure Layer2 ACL
Background Information
One ACL is composed of some rules and actions.
Before configuring Layer2 ACL rules, first need to create one Layer2 ACL and specify
ACL type number to be from 1 to 1000.
Process
According to different destination, please execute corresponding steps. Refer to the
following table.
Objective
Procedure
Create one layer2
ACL
1. Use command of configure to enter Global Configuration View;
2. Use command of filter-list acl-number to create one layer2 ACL and
enter Layer2 ACL Configuration View;
3. End.
Configure layer2
ACL rule
1. Use command of configure to enter Global Configuration View;
2. Use command of filter-list acl-number to enter Layer2 ACL
Configuration View;
3. Use the following commands to configure ACL rule matching MAC
(user chooses the following commands according to your need);
filter filter number mac (src-mac-address/M|any) (dst-mac-address/M
Содержание
- Layer 2 ethernet switch 1
- Qsw 2800 1
- Content introduction 2
- Customers who are familiar with network fundamentals 2
- Ethernet switch telecommunication level hereinafter referred to as the qsw 2800 2
- From the simple principle function configuration step and configuration example in 2
- Including the basic configuration the two layers configuration operation of the qsw 2
- Intended audience 2
- Ip service qos configuration multicasting security reliability device 2
- Management and network management etc the above operation are introduced 2
- Manual instruction 2
- Method of qsw 2800 and understand its application scenarios more specialized 2
- Network administrators 2
- Network engineers 2
- Of various functional modules and service operation guidelines based on cli 2
- Preface 2
- Professional to use maintenance and management of qsw 2800 2
- The manual is intended for the following readers 2
- This manual introduces the qsw 2800 series carrier class layer 2 full giga 2
- Three ways the configuration operation helps user to master the configuration 2
- General format 3
- Introduce general format symbol convention keyboard mouse operation and safety 3
- Keyboard operation convention 3
- Manual convention 3
- Release update instruction 3
- Symbol convention 3
- Brackets 4
- Caused by possible pretermission inaccuracy or error in this manual 4
- Contents however does not take any legal responsibility of any loss or damage 4
- During operation installation or maintenance 4
- Legal disclaimer 4
- Mouse operation convention 4
- Qtech co commits itself to ensure accuracy fidelity and reliability to the manual 4
- Safety signs 4
- This manual utilizes general 3 safety signs to emphasis significances 4
- Table of contents 5
- Figure 10
- Basic configuration 12
- Chapter1 12
- Interface introduction 12
- Management interface 12
- Summary 12
- Login switch 13
- Login through console port 13
- Physical interface 13
- Parameter description when logging qsw 2800 switch through serial 15
- Please set the parameters according to table shown in table 1 1 15
- Property setting of qsw 2800 switch 15
- Result 15
- Serial port setting please perform the settings according to serial port 15
- To confirm 15
- Admin and password is 12345 16
- Login through telnet 16
- Login through ssh 17
- Generate ssh private public key 2 23
- Menu of the dialog and click next for confirmation referring to figure 23
- Select generation method by choosing dsa or rsa from the drop down 23
- Click next button if the generation is finished referring to figure 25
- Generate ssh private public key 5 25
- The generation of private public key will be displayed in the pop up dialog 25
- Category taking the admin user category as the example 27
- Button ok referring to figure ssh login parameters input 2 29
- During the creation of public key dialog i e value in step 4 and click 29
- From the pop up dialog input the passphrase that has been defined 29
- Keygen sshd auth ssh login metho 29
- Result 29
- Device file upload and download 30
- Ftp configuration 30
- According to the different purposes execute corresponding step please refer to the 32
- Appended list 32
- Following table 32
- Ftp download file 32
- Process 32
- Purpose 32
- This section introduces how to download file through ftp 32
- According to the different purposes execute corresponding step please refer to the 33
- Appended list 33
- Following table 33
- According to the different purposes execute corresponding step please refer to the 34
- Appended list 34
- Following table 34
- Ftp delete file 34
- Process 34
- Purpose 34
- This section introduces how to delete file through ftp 34
- Fetch switch config file 36
- File config from the switch the ftp client application shall be purchased and 36
- Installed by the user 36
- Notice 36
- Start ftp client program at pc and establish ftp connection with the switch 36
- Upgrade operation to the switch after the upload is finished 36
- Upload switch application switch z to switch flash root and download configuration 36
- Username and password configuration through command adduser 36
- Able to log into remote qsw 2800 switch via telnet and download switch application 37
- Backup and software upgrade 37
- Boot up and reboot the switch that the switch is able to implement auto upgrade to its 37
- From the ftp server to switch flash so that to implement remote upgrade to the 37
- Ftp client example 37
- Ftp with username 123 and password 123 pc ip address is 10 8 the user is 37
- Network requirement 37
- Purpose 37
- Remote pc as ftp server and the switch as ftp client with configuration 37
- Switch 37
- The user is able to use command upgrade os as auto start application for next switch 37
- This section introduces the example of switch as ftp client implementing config file 37
- Topology 37
- Tftp configuration 38
- According to the different purposes execute corresponding step please refer to the 39
- Address ipv4 and ipv6 39
- Addresses of tftp client side and server side and make sure that the routing 39
- Before tftp configuration the network administrator needs to configure ip 39
- Between client and server is available 39
- Configure tftp server on off 39
- Following table 39
- Process 39
- Purpose 39
- The qsw 2800 switch supports tftp functionality under two types of network 39
- This section introduces how to open or close tftp server of the switch 39
- According to the different purposes execute corresponding step please refer to the 40
- Confirmation from it the following commands can be applied for file upload 40
- Following table 40
- Notice 40
- Parameter description 40
- Process 40
- Purpose 40
- Request packet towards tftp server and sends data to the server along with 40
- Tftp upload file 40
- When the switch needs to upload file to tftp server the switch as client side sends 40
- According to the different purposes execute corresponding step please refer to the 41
- Following table 41
- Notice 41
- Os is downloaded from the host to the device for config modification or os upgrade 41
- Practical device operation and maintenance it is usually required that the config file or 41
- Process 41
- Purpose 41
- Server and receives data from the server along with configuration towards it in 41
- Tftp download file 41
- The command is applied for file downloading to the device 41
- When file download is required the client side sends request packet to the tftp 41
- Application program switch z is saved in the pc the switch downloads 42
- Backup and software upgrade 42
- Connecting with switch and pc is belonging to particular vlan pc ip address is 42
- Network requirement 42
- Parameter description 42
- Purpose 42
- Switch z from tftp server through the tftp and uploads switch config file to 42
- Tftp client example 42
- The switch as tftp client and pc as tftp server the tftp server has been tftp 42
- This section introduces the example of switch as tftp client implementing config file 42
- Working category configured inband switch ip address is 1 and the port 42
- Zmodem configuration 43
- According to the different purposes execute corresponding step please refer to the 45
- Appended list 45
- Following table 45
- Process 45
- Section 45
- To implement file download through device serial port with operation introduced in this 45
- Chapter2 46
- Ethernet interface configuration 46
- Layer 2 ethernet configuration 46
- Summary 46
- According to the different purposes execute corresponding step please refer to the 47
- Background 47
- Enter the ethernet interface view 47
- Ethernet interface 47
- Ethernet interface basic attribute configuration 47
- Following table 47
- It needs to enter the ethernet interface configuration view first and then configure the 47
- Open shutdown ethernet interface 47
- Procedure 47
- According to the different purposes execute corresponding step please refer to the 48
- Background 48
- Before using the command the command negotiation auto must be used to 48
- Can be provisioned as full duplex mode if port receiving and sending data packet is 48
- Configure ethernet interface duplex state 48
- Following table 48
- From the device as info please configure negotiation auto disable first 48
- If it is required that the port is able to receive data packet while sending then the port 48
- Implement that only when the fast ethernet port is working under non auto negotiation 48
- Mode that it can be configured as port duplex mode otherwise there will be prompt 48
- Negotiated by both the local port and peer port 48
- Precondition 48
- Procedure 48
- Required to be separated then it can be provisioned as half duplex mode similarly if 48
- The port is configured as auto negotiation the duplex mode can be automatically 48
- According to the different purposes execute corresponding step please refer to the 49
- And determined by both the local port and peer port 49
- Background 49
- Configure ethernet interface flow control 49
- Configure ethernet interface rate 49
- Congestion happens to local switch on the other side the peer switch will stop 49
- Following table 49
- Longer send flow control frame to peer 49
- Message sending to local switch once it receives the inform message and vice versa 49
- Procedure 49
- Rate provisioned is working under auto negotiation mode its rate is auto negotiated 49
- Sends message to peer switch to inform peer switch to stop sending message if 49
- The following command can be used to set the ethernet port rate when the port to be 49
- The mechanism is able to avoid message loss the following command can be used 49
- To enable or disable local ethernet port flow control once disabled the port will no 49
- When local and peer switches both start function of flow control the local switch 49
- According to the different purposes execute corresponding step please refer to the 50
- Configure ethernet interface broadcast multicast message suppression function 50
- Following table 50
- In order to prevent port congestion caused by flush of broadcast multicast message 50
- Procedure 50
- Purpose 50
- The command 50
- The switch provides storm suppression function to broadcast multicast message the 50
- User is allowed to restrain broadcast multicast message by configuring bandwidth via 50
- According to the different purposes execute corresponding step please refer to the 51
- Background 51
- Configure ethernet interface rate suppression function 51
- Different due to different interface type 51
- Following table 51
- Procedure 51
- Provide different bandwidth for different users the function of rate suppression 51
- Provides such ability the particular input output bandwidth control granularity may be 51
- There are particular situations that port rate is required to be controlled so that to 51
- According to the different purposes execute corresponding step please refer to the 52
- Background 52
- By configuring the priority of different interfaces it assures that the most important 52
- Command to configure the frame size 52
- Configure ethernet interface mtu 52
- Configure ethernet interface priority 52
- Ethernet _snap form is 1492 52
- Following table 52
- Or packet disassembly the mtu of using ethernet _ii form is 1500 the mtu of using 52
- Procedure 52
- Running at the same time 52
- Service cannot be influenced by delay or discard and guarantees the network efficient 52
- The long frame more than the standard ethernet frame length use the following 52
- The mtu of ethernet interface only influences the ip packaging on ethernet interface 52
- When exchanging data in high throughput such as file transmission it may encounter 52
- According to the different purposes execute corresponding step please refer to the 53
- Clear current ethernet interface statistics information 53
- Configure cable type adaptation 53
- Following table 53
- Interface when there is a large amount of information to be cleared 53
- Procedure 53
- Purpose 53
- Support cross cable type default 53
- Type it needs to configure the connected cable adaption method interface does not 53
- Use this section operation to clear the statistics information of current ethernet 53
- When the connection cable type of interface needs to match with the real used cable 53
- According to the different purposes execute corresponding step please refer to the 54
- Configure interface loopback detection 54
- Descript ethernet interface 54
- Distinguish each port 54
- Ethernet interface senior attribution configuration 54
- Following table 54
- Procedure 54
- Purpose 54
- Use the following command to configure interface description character string to 54
- According to the different purposes execute corresponding step please refer to the 55
- And configure the interval of timing monitoring outside loopback situation so as to 55
- Display ethernet interface state 55
- Following table 55
- Loop switch will make this interface be in controllable working state 55
- Procedure 55
- Timing monitor each interface whether to be outer loop if finding one interface to be 55
- Use the following configuration task to enable interface loopback monitoring function 55
- According to the different purposes execute corresponding step please refer to the 56
- Address table switch will update the corresponding table if mac source has not been 56
- After configuring the attributes of the current interface this section operation can be 56
- Following table 56
- In order to quickly forward message switch needs to maintain mac address table the 56
- Interface number of switch connected with the device the dynamic item not configured 56
- Mac address is as the following if one port supposed to be porta receives a data frame 56
- Mac address table includes the mac address of device connected with switch and the 56
- Mac table configuration 56
- Manually in the mac address table is learned by switch the method of switch learning 56
- Procedure 56
- Purpose 56
- Source and consider that the message with the destination mac address of mac 56
- Source can be forwarded by porta if mac source has been existed in the mac 56
- Switch to different ethernet interface configuration view 56
- Switch will analyze the source mac address of this data frame supposed to be mac 56
- Used to configure attributes of other interfaces 56
- Configure mac address table 57
- According to the changes in the network if user configures the aging time too short 58
- According to the different purposes execute corresponding step please refer to the 58
- Background 58
- Broadcast many data messages which cannot find destination mac address and it will 58
- Configure system mac address aging time 58
- Following table 58
- Hole list will not be aged and lost 58
- Influence the running performance of switch if user configures the aging time too long 58
- Notice 58
- Once the system is reset dynamic list will be lost but the stored static list and black 58
- Procedure 58
- Switch may delete effective mac address item 58
- Switch may save many old mac address items and this will exhaust mac address 58
- Table resources and cause that the switch cannot update mac address table 58
- The appropriate aging time can realize the mac address aging function effectively 58
- The longer or shorter aging time configured by user may result in that switch will 58
- According to the different purposes execute corresponding step please refer to the 59
- Add delete static arp mapping item manually 59
- Arp configuration 59
- Arp mapping table can dynamically be maintained or manually maintained usually 59
- By arp mapping table aging time and at the same time also cannot dynamically 59
- Can check add and delete arp mapping item in arp table by related manually 59
- Display layer 2 mac address table 59
- During the working time of device 59
- Following table 59
- Mac table item for user to query for specific information conveniently 59
- Maintained commands 59
- Map the ip address manually configured to mac address it is called static arp user 59
- Procedure 59
- Purpose 59
- Static arp mapping table can only be configured manually and will not be influenced 59
- This section introduces how to add delete static arp mapping table manually 59
- This section introduces how to quickly locate the relevant information of the specified 59
- Update this mapping relationship static arp mapping table continues to be effective 59
- According to the different purposes execute corresponding step please refer to the 60
- Address and may result in that user cannot access some nodes so user needs to use 60
- Check arp information 60
- Clear dynamic arp table 60
- Execute this command to cancel the mapping relationship of ip address and mac 60
- Following table 60
- Manually when necessary 60
- Procedure 60
- Purpose 60
- This command carefully 60
- This section helps user to delete device all dynamic arp mapping table items 60
- This section introduces how to clear dynamic arp mapping table 60
- According to the different purposes execute corresponding step please refer to the 61
- Configure dynamic arp mapping item aging time 61
- Corresponding relationship between network address and local hardware address 61
- Debug arp 61
- Each corresponding record keeps a period of time in cache and then gives up 61
- Following table 61
- Procedure 61
- Purpose 61
- The aging time of arp mapping item can reduce the address parse error problem that 61
- The dynamic arp table is not updated in time 61
- This section introduces how to check arp related information this section helps user 61
- This section introduces how to configure the aging time of dynamic arp mapping 61
- This section introduces how to debug arp 61
- To check arp mapping table in lan and detect fault of lan arp established 61
- According to the different purposes execute corresponding step please refer to the 62
- Aggregation only 62
- Background 62
- Configure aggregation group 62
- Connecting reliability link aggregation can be divided into manual aggregation 62
- Dynamic aggregation and static lacp aggregation pots in a same aggregation trunk 62
- Following table 62
- Group shall have a same port type i e if one of the ports is electric optical port all the 62
- Group to implement egress load sharing of each member ports as well as provide high 62
- Interface aggregation introduction 62
- Link aggregation configuration 62
- Link aggregation is to aggregate multiple ports into one single aggregation trunk 62
- Others must be the same 62
- Purpose 62
- The qsw 2800 is currently supporting manual aggregation and static lacp 62
- According to the different purposes execute corresponding step please refer to the 63
- Following table 63
- Functions as well as add member ports for enhancement of bandwidth and reliability 63
- Operations in this section can be used to provision trunk group with its basic 63
- Procedure 63
- Appendix list 64
- Port priority 64
- System priority 64
- According to the different purposes execute corresponding step please refer to the 65
- Following table 65
- Maintenance and debug 65
- Procedure 65
- Purpose 65
- When lacp function is abnormal it needs to check and debug 65
- Appendix list 66
- As the following 66
- Bandwidth and reliability between the two devices and the detailed requirements are 66
- Configure link aggregation group on two directly connected switches to increase the 66
- Example 66
- Network requirement 66
- The link between two devices has the ability of redundant backup when part of 66
- The links is failed the backup link can be used to replace the fault link and keep 66
- The transmission no break 66
- Active link has the ability of load sharing 67
- Configuration of one peer 67
- Configuration step 67
- Network topology 67
- Note the configuration of two peers is the same and this only display 67
- Divide lan local area network into multiple subclasses in logic and each subclass 68
- Enhance the network robust 68
- Generally speaking vlan divides the devices in the lan into multiple network 68
- Has its own broadcast domain that is vlan virtual local area network 68
- In the large scale of network it can restrict the network fault in vlan and 68
- Isolate broadcast domain and reduce broadcast storm and enhance the security 68
- Lan technologically 68
- Segments logically but not physically to realize the isolated broadcast domains in a 68
- Vlan configuration 68
- Vlan function 68
- Vlan introduction 68
- Vlan meaning 68
- According to the different purposes execute corresponding step please refer to the 69
- Appendix list 69
- Configure vlan based on interface 69
- Create vlan 69
- Following table 69
- Procedure 69
- Purpose 69
- This section introduces how to create vlan and it is the basic precondition for other 69
- Vlan function configuration 69
- According to the different purposes execute corresponding step please refer to the 70
- Following table 70
- Procedure 70
- This section introduces how to configure vlan based on interface 70
- According to the different purposes execute corresponding step please refer to the 71
- Appendix list 71
- Configure vlan based on mac address 71
- Following table 71
- Procedure 71
- Purpose 71
- This section introduces how to configure divided vlan based on mac address 71
- According to the different purposes execute corresponding step please refer to the 72
- Appendix list 72
- Configure vlan based on ip sub network 72
- Following table 72
- Procedure 72
- Purpose 72
- This section introduces how to configure vlan divided based on ip sub network 72
- According to the different purposes execute corresponding step please refer to the 73
- Appendix list 73
- Configure vlan based on protocol 73
- Following table 73
- Procedure 73
- Purpose 73
- This section introduces how to configure vlan divided based on protocol 73
- Appendix list 74
- According to the different purposes execute corresponding step please refer to the 75
- Configure vlan other parameters 75
- Following table 75
- Parameters according to real situation 75
- Procedure 75
- Purpose 75
- User can choose to use this section operation to configure other vlan related 75
- According to the different purposes execute corresponding step please refer to the 77
- Appendix list 77
- Following table 77
- Maintenance and debug 77
- Procedure 77
- Purpose 77
- When vlan function is abnormal it needs to check and debug 77
- Access server1 and the staff of market department can access server2 and the two 79
- And switchb to connect it requires that the staff of development department can 79
- Appendix list 79
- Departments cannot communicate with each other 79
- Example 79
- Network requirement 79
- The development department and market department of enterprise user use switcha 79
- Bind vlan translation item with interface 82
- Vlan translation configuration 82
- According to the different purposes execute corresponding step please refer to the 83
- Appendix list 83
- Configure or delete vlan translation item 83
- Following table 83
- Procedure 83
- Purpose 83
- This section introduces how to configure or delete vlan translation item 83
- Appendix list 89
- According to the different purposes execute corresponding step please refer to the 90
- Check vlan translation item related information 90
- Following table 90
- Interface or egress binding of interface or ingress and egress binding of interface at 90
- Procedure 90
- Purpose 90
- The same time 90
- This operation helps user to check the device interface whether to bind vlan 90
- This section introduces how to configure the related information of vlan translation 90
- Translation item including vlan translation item index information ingress binding of 90
- Access to the carrier network at last 91
- After passing the swticha the voice service data with vlan10 of user1 is transmitted 91
- Example 91
- In the access network family user connects with switcha through family gateway and 91
- Internet online business data with vlan12 of user2 is transmitted to be tagged 91
- Network requirement 91
- Tagged vlan11 through the gateway internet online business data of user2 is tagged 91
- To be tagged vlan100 of carrier operator and the internet online business data with 91
- Vlan101 91
- Vlan11 of user1 is transmitted to be tagged vlan101 of carrier operator the 91
- Vlan12 through the gateway 91
- Voice service data of user1 is tagged vlan10 and internet online business data is 91
- Chapter3 95
- Dhcp configuration 95
- Dhcp introduction 95
- Ip service configuration 95
- Summary 95
- Dhcp server 99
- Dhcp relay 100
- Configure dhcp server 103
- According to the different purposes execute corresponding step please refer to the 104
- Following table 104
- Procedure 104
- Appendix list 105
- Configure dhcp server supported option 105
- Dchp server has been configured already 105
- Precondition 105
- According to the different purposes execute corresponding step please refer to the 106
- Appendix list 106
- Following table 106
- Procedure 106
- According to the different purposes execute corresponding step please refer to the 107
- Appendix list 107
- Configure dhcp server security function 107
- Dchp server has been configured already 107
- Following table 107
- Precondition 107
- Procedure 107
- According to the different purposes execute corresponding step please refer to the 108
- Configure dhcp relay 108
- Configure dhcp relay to realize ip address assigned to user of dhcp server 108
- Crossing network 108
- Following table 108
- Procedure 108
- Purpose 108
- Appendix list 109
- According to the different purposes execute corresponding step please refer to the 110
- Following table 110
- Maintenance and debug 110
- Procedure 110
- Purpose 110
- When dhcp function is abnormal it can use this section operation to check and 110
- Appendix list 113
- Dhcp server assigns ip address dynamically for clients of different network segment 113
- Example 113
- Network requirement 113
- The detailed requirements are as follows 113
- The network segments of user are 10 24 and 10 24 113
- Chapter4 routing configuration 116
- Configure static routing 116
- Static routing configuration 116
- Static routing introduction 116
- Summary 116
- According to the different purposes execute corresponding step please refer to the 118
- Appended list 118
- Following table 118
- Maintenance and debug 118
- Process 118
- Purpose 118
- Requires function check debug and defection orientation 118
- The operation in this section is for situation when static route works abnormal and 118
- Appended list 119
- Chapter5 120
- Qos configuration 120
- Queue scheduling and congestion control configuration 120
- Queue scheduling and congestion control introduction 120
- Summary 120
- According to different destination please execute corresponding steps refer to the 123
- Balance delay and delay jitter of all kinds of packets in this way message of key 123
- Before configuring queue scheduling and congestion control it needs to configure 123
- Can be dealt fairly 123
- Capability of queue scheduling drr scheduling allows negative weight to 123
- Configure queue scheduling and congestion control 123
- Filter rule of acl please refer to command of 7 to configure acl action to specify 123
- Following table 123
- Guarantee that the long message can be scheduled but at the next time of round 123
- Interface queue priority for data to pass 123
- Prerequisite 123
- Process 123
- Purpose 123
- Robin this queue will not be scheduled until its weight is positive 123
- Scheduling in accordance with message length if message length exceeds the 123
- Service can be processed with high priority and non key service with same priority 123
- Using the operation in this section when there is congestion in the network qsw 123
- Will deal with message according to the configured scheduling policy so as to 123
- Wrr is a scheduling in accordance with the message number drr is a 123
- Attached list 124
- According to different destination please execute corresponding steps refer to the 125
- Attached list 125
- Configure sp scheduling 125
- Example 125
- Flow is from interface 1 0 1 1 0 2 1 0 3 of host1 to host2 there is congestion on 125
- Following table 125
- Interface 1 0 1 of host2 require to use sp algorithm 125
- Maintenance and debug 125
- Network diagram 125
- Network requirements 125
- Process 125
- Purpose 125
- This operation to check or debug 125
- When queue scheduling and congestion of qos function is abnormal user can use 125
- Chapter6 128
- Igmp configuration 128
- Igmp snooping configuration 128
- Summary 128
- Configure static layer 2 multicast 130
- Appendix list 131
- According to the different purposes execute corresponding step please refer to the 132
- Configure multicast vlan copy 132
- Following table 132
- Procedure 132
- According to the different purposes execute corresponding step please refer to the 133
- Appendix list 133
- Background 133
- Configure igmp snooping 133
- Following table 133
- Igmp snooping based on vlan runs on the switch between router and user host by 133
- Listening the igmp snooping message sent between upper router and host to 133
- Maintain the igmp message forwarding table so it can manage and control to 133
- Procedure 133
- Transmit the multicast data message to realize the multicast of layer 2 133
- Appendix list 135
- According to the different purposes execute corresponding step please refer to the 136
- Configure controllable multicast 136
- Following table 136
- It is usually used in the multicast of layer 2 scenarios to control iptv program 136
- Number and guarantee the service quality of most users 136
- Procedure 136
- Purpose 136
- According to the different purposes execute corresponding step please refer to the 138
- Following table 138
- Maintenance and debug 138
- Procedure 138
- Purpose 138
- User can use operation of this section 138
- When igmp snooping is abnormal and it needs to check debug or locate problem 138
- Example 141
- Acl configuration 155
- Acl introduction 155
- Chapter7 155
- Security configuration 155
- Summary 155
- According to different destination please execute corresponding steps refer to the 156
- Acl type number to be from 1 to 1000 156
- Background information 156
- Before configuring layer2 acl rules first need to create one layer2 acl and specify 156
- Configure layer2 acl 156
- Destination ip source port number destination port number protocol type priority 156
- Destination port number protocol type hop limitation the next head traffic class 156
- Destination port number protocol type priority fragment lifetime rate limitation 156
- Flow flag rate limitation template time range template and etc to classify the 156
- Following table 156
- Layer2 acl mainly based on source mac destination mac vlan priority 156
- Layer3 acl mainly based on source ip destination ip source port number 156
- Layer3 acl6 mainly based on source ipv6 destination ipv6 source port number 156
- Mixed acl mainly based on source mac destination mac source ip 156
- One acl is composed of some rules and actions 156
- Process 156
- Protocol type rate limitation template time range template and etc to classify the 156
- Template time range template and etc to classify the data 156
- Vlan rate limitation template time range template and etc to classify the data 156
- Acl type number to be from 1001 to 2000 159
- Attached list 159
- Background information 159
- Before configuring layer3 acl rules first need to create one layer3 acl and specify 159
- Configure layer3 acl 159
- One acl is composed of some rules and actions 159
- Process 159
- According to different destination please execute corresponding steps refer to the 160
- Following table 160
- Attached list 163
- According to different destination please execute corresponding steps refer to the 164
- Acl type number to be from 2001 to 3000 164
- Background information 164
- Before configuring mixed acl rules first need to create one mixed acl and specify 164
- Configure mixed acl 164
- Following table 164
- One acl is composed of some rules and actions 164
- Process 164
- According to different destination please execute corresponding steps refer to the 166
- Attached list 166
- Background information 166
- Before configuring layer3 acl6 rules first need to create one layer3 acl6 and 166
- Configure layer3 acl6 166
- Following table 166
- One acl is composed of some rules and actions 166
- Process 166
- Specify acl type number to be from 3001 to 4000 166
- Attached list 169
- Configure acl optional function 170
- Attached list 172
- According to different destination please execute corresponding steps refer to the 173
- Following table 173
- Maintenance and debug 173
- Process 173
- Purpose 173
- When acl function is abnormal user can use this operation to check or debug 173
- Attached list 175
- Example 176
- Chapter8 183
- Mstp configuration 183
- Reliability configuration 183
- Summary 183
- Rstp introduction 184
- Mstp introduction 186
- A cist priority vector calculation 187
- Assumptions 187
- Bridge b from the pd port of bridge d is as follow the total root is rd the 187
- Cost is ercb the domain root is rrb the inner root path cost is ircb the 187
- Designated bridge id is b the designated port is b the designated port id 187
- In cist priority vector is composed of the total root outer root path cost domain 187
- In order to facilitate the subsequent description we make the following 187
- In the initial condition the information carried in the message sent out by the 187
- Is pb the id of port receiving bpdu message is pb 187
- Msti priority vector calculation method as follow 187
- Pb port of the bridge b is as follow the total root is rb the outer root path 187
- Port receiving bpdu message 187
- Priority vector calculation 187
- Priority vector of the spanning tree we will introduce the cist priority vector and 187
- Root inner root path cost designated bridge id designated port id and the id of 187
- The information carried in the message which is received by pb port of 187
- The message the most important information carried in the message is the 187
- The mstp role of all bridges is computed according to the carrying information in 187
- A switch a role selection process 190
- And the switchb is better than switchc the link path costs are 4 5 and 10 190
- Another domain alone 190
- Figure 8 1 supposing that the bridge priority of switcha is better than switch b 190
- In initial state the port of every device will be calculated to be the designated port and 190
- Role selection process 190
- State of the figure 8 1 is shown in the table 8 2 190
- Switcha and switchb belong to the same domain and switchc belongs to 190
- The cist instance calculation process will be introduced briefly as follow with the 190
- The message priority vector carried in the message sent out by the device in initial 190
- The port priority vector of all ports of device keep the same as the message priority 190
- Vector in initial state 190
- Will send out the message priority vector which makes it to be the root bridge 190
- According to different destination please execute corresponding steps refer to the 193
- As long as the same configuration the two switches belong to the same domain 193
- Background information 193
- Before configuring switch to join designated mst domain it needs to configure 193
- Configure device to join designated mst domain 193
- Following table 193
- Mst domain name 193
- Mst domain revision level 193
- Msti and vlan mapping relationship 193
- Physical attribute of interface and interface vlan characteristic 193
- Process 193
- Purpose 193
- This section introduces how to configure switch to join mst domain 193
- Attached list 194
- According to different destination please execute corresponding steps refer to the 195
- Background information 195
- Before modifying mstp parameters please first finish the following tasks 195
- Configure interface physical attribute 195
- Configure interface to join in vlan 195
- Configure mstp parameter 195
- Configure switch to join in designated mst domain 195
- Following table 195
- In some specific network environment user can modify mstp parameters to achieve 195
- Introduce how to modify mstp parameters in this section 195
- Process 195
- Purpose 195
- The best result 195
- Default to configure 196
- Attached list 197
- Anyone forges configuration message and attacks switch maliciously when the 198
- Background information 198
- Bpdu protection 198
- Circumstances the edge interface will not receive bpdu message of stp but if 198
- Configure mstp protection function 198
- Configured the as edge interface to realize interface fast switching under normal 198
- Edge interface receives the configuration message system will configure these 198
- For the access layer device the access interface usually connects with user 198
- Interfaces to be non edge interface automatically and will calculate stp again 198
- Prevent this network attack 198
- Terminal such as pc or file server at this time the access interface can be 198
- This will results in network topology concussion bpdu protection function can 198
- According to different destination please execute corresponding steps refer to the 200
- After enabling tc bpdu message attack function the number of times which 200
- Deletion operation will cause great burden to the device and bring great hidden 200
- Following table 200
- It can avoid frequent deletion of mac table item and arp table item so as to 200
- Mstp processes bpdu message of tc type can be configured per unit time if 200
- Process 200
- Protect the switch 200
- Purpose 200
- Specified by threshold for other bpdu messages of tc type beyond the 200
- The configured threshold the mstp process only deals with the designated times 200
- The number of bpdu messages of tc type received by mstp process exceeds 200
- Threshold after the timer expires mstp process only deals with once in this way 200
- Trouble to the network stability 200
- When need to configure mstp protection user can use this section operation 200
- According to different destination please execute corresponding steps refer to the 201
- Attached list 201
- Following table 201
- Maintenance and debug 201
- Process 201
- Purpose 201
- When mstp function is abnormal user can use this operation to check or debug 201
- Attached list 203
- Basic function as following 203
- Example 203
- Network requirements 203
- Now there are four switches to support mstp protocol they are switcha switchb 203
- Switchc and switchd are other series switch produced by qtech configure mstp 203
- Switchc and switchd switcha and switchb are the qsw 2800 series switch 203
- Rlink configuration 208
- Rlink introduction 208
- Configure resilient link group function 209
- According to different destination please execute corresponding steps refer to the 210
- Following table 210
- Function to realize redundancy link backup and fast switching under double uplinks 210
- Network environment 210
- Process 210
- Purpose 210
- Using the operation in this section to configure resilient link group and its basic 210
- According to different destination please execute corresponding steps refer to the 211
- Attached list 211
- Background information 211
- Configure monitor link group function 211
- Following table 211
- Function to realize interface linkage function 211
- Process 211
- Purpose 211
- To use the operation in this section to configure monitor link group and its basic 211
- Attached list 212
- Background information 212
- Configure rlink other related parameter 212
- Enable rlink returning function after returning timer terminating it will switch to 212
- Keeps blocked state and do not preempt if needing to recover it to be the main link 212
- The main link 212
- The original main link fault recovers in order to keep flow stability the main link 212
- Use manual main standby switching of rlink group to enforce link switching 212
- User can use the following two methods 212
- When there is fault in the main link of rlink group it will switch to standby link after 212
- According to different destination please execute corresponding steps refer to the 213
- Can choose which step to use according to your need but first rlink group or mlink 213
- Following table 213
- Group should be configured 213
- Process 213
- Purpose 213
- Use the operation in this section to configure other related parameters of rlink user 213
- According to different destination please execute corresponding steps refer to the 214
- Attached list 214
- Following table 214
- Maintenance and debug 214
- Process 214
- Purpose 214
- When rlink function is abnormal user can use this operation to check or debug 214
- Attached list 216
- Configuration steps 217
- Configure protection vlan rlink group based on vlan 217
- Configure single point uplink 217
- Create rlink group1 217
- Example 217
- In single point uplink network environment configure rlink function the master and 217
- Network diagram 217
- Network requirements 217
- Optional default to be single mode 217
- Slave interfaces are on the same switch they are fe1 1 and fe1 2 217
- Switch config rlink group 1 217
- Switch config rlink1 type single 217
- Switch configure 217
- Chapter9 224
- Enable or disable poe power supply function 224
- Poe configuration 224
- Poe function configuration 224
- Summary 224
- According to the different purposes execute corresponding step please refer to the 225
- Auto mode it is recommended that user uses the force standard or force high mode 225
- Background information 225
- Configure power supply mode 225
- Following table 225
- Function 225
- Generally it is recommended that user uses the default mode of half auto 225
- If using one of the two modes user must enable the enhanced detection power supply 225
- Progress 225
- Qsw 2800 pe pe supports four power supply modes they are auto force 225
- Standard force high and half auto 225
- When the device cannot supply electricity normally using non standard pd in half 225
- According to the interface number the interface number is greater the priority is 226
- Background information 226
- Configure poe power supply parameter 226
- Configure the pd device description connected with the interface on the device it is 226
- Convenient for user to manage the downstream pd device 226
- Critical equipment can be first powered when the power consumption of pd equipment 226
- Currently qsw 2800 pe pe only supports power supply in signal line mode timing 226
- Electricity for it 226
- Higher and the port with greater interface number will be powered first 226
- Insufficient if the priority of different ports is the same it will order the priority 226
- Is greater than the total power supplied by the pse when the pse power is 226
- Poe power supply port supports three priorities the port priority ensures that the 226
- Power supply and power supply alarm function 226
- Progress 226
- Pse can only detect the standard pd and supply electricity for it after enabling pse 226
- The command of configuring the threshold power of pse in the global configuration 226
- The pd device according with the 802 af protocol is the standard pd device usually 226
- To detect the non standard pd pse can detect the non standard pd and supply 226
- View is used to protect the switch to avoid the influence of the unstable power supply 226
- According to the different purposes execute corresponding step please refer to the 227
- Following table 227
- According to the different purposes execute corresponding step please refer to the 228
- Check poe configuration information 228
- Following table 228
- Progress 228
- Purpose 228
- Right or wrong 228
- This operation is mainly used to check the configured poe function and its parameters 228
- Appendix a 229
Похожие устройства
- Qtech QSW-3200-24T Руководство пользователя
- Qtech QSW-3200-24T Техническое описание
- Qtech QSW-3200-28T Руководство пользователя
- Qtech QSW-3200-28T Техническое описание
- Qtech QSW-3200-28FC Руководство пользователя
- Qtech QSW-3200-28FC Техническое описание
- Qtech QSW-3900-24-Т-AC Руководство пользователя v1-1
- Qtech QSW-3900-24-Т-AC Руководство пользователя v1-7
- Qtech QSW-3900-24-Т-AC Руководство пользователя
- Qtech QSW-3900-48-SFP-AC Руководство пользователя v1-1
- Qtech QSW-3900-48-SFP-AC Руководство пользователя v1-7
- Qtech QSW-3900-48-SFP-AC Руководство пользователя
- Qtech QSW-3900-48-SFP-DC Руководство пользователя v1-1
- Qtech QSW-3900-48-SFP-DC Руководство пользователя v1-7
- Qtech QSW-3900-48-SFP-DC Руководство пользователя
- Qtech QSW-3900-48-Т-AC Руководство пользователя v1-1
- Qtech QSW-3900-48-Т-AC Руководство пользователя v1-7
- Qtech QSW-3900-48-Т-AC Руководство пользователя
- Qtech QSW-3900-48-Т-DC Руководство пользователя v1-1
- Qtech QSW-3900-48-Т-DC Руководство пользователя v1-7