![Qtech QSW-2800v2 [176/230] Example](/img/pdf.png)
Qtech QSW-2800v2 [176/230] Example
![Qtech QSW-2800v2 [176/230] Example](/views2/1596593/page176/bgb0.png)
Chapter7 Security Configuration
7-22
7.2.8 Example
7.2.8.1 Configure Layer2 ACL
Network Requirements
Switch is used as gateway, connecting with user PC. Require to configure ACL to
deny message with source MAC of 0001-0203-0405 and destination MAC of 0102-
0304-0506 to pass.
Network Diagram
Figure Layer2 ACL Topology
Configuration Steps
1. Create layer2 ACL.
Switch#configure
Switch(config)#filter-list 1
Switch(configure-filter-l2-1)#
2. Configure layer2 ACL rule.
Switch(configure-filter-l2-1)#filter 1 mac 00:01:02:03:04:05/48 01:02:03:04:05:06/48
3. Configure layer2 ACL action.
Switch(configure-filter-l2-1)#filter 1 action deny
4. Binding ACL to interface.
Switch(configure-filter-l2-1)#quit
Switch(config)#interface fastethernet 1/0/1
Switch(config-ge1/0/1)#filter-list in 1
Содержание
- Layer 2 ethernet switch 1
- Qsw 2800 1
- Content introduction 2
- Customers who are familiar with network fundamentals 2
- Ethernet switch telecommunication level hereinafter referred to as the qsw 2800 2
- From the simple principle function configuration step and configuration example in 2
- Including the basic configuration the two layers configuration operation of the qsw 2
- Intended audience 2
- Ip service qos configuration multicasting security reliability device 2
- Management and network management etc the above operation are introduced 2
- Manual instruction 2
- Method of qsw 2800 and understand its application scenarios more specialized 2
- Network administrators 2
- Network engineers 2
- Of various functional modules and service operation guidelines based on cli 2
- Preface 2
- Professional to use maintenance and management of qsw 2800 2
- The manual is intended for the following readers 2
- This manual introduces the qsw 2800 series carrier class layer 2 full giga 2
- Three ways the configuration operation helps user to master the configuration 2
- General format 3
- Introduce general format symbol convention keyboard mouse operation and safety 3
- Keyboard operation convention 3
- Manual convention 3
- Release update instruction 3
- Symbol convention 3
- Brackets 4
- Caused by possible pretermission inaccuracy or error in this manual 4
- Contents however does not take any legal responsibility of any loss or damage 4
- During operation installation or maintenance 4
- Legal disclaimer 4
- Mouse operation convention 4
- Qtech co commits itself to ensure accuracy fidelity and reliability to the manual 4
- Safety signs 4
- This manual utilizes general 3 safety signs to emphasis significances 4
- Table of contents 5
- Figure 10
- Basic configuration 12
- Chapter1 12
- Interface introduction 12
- Management interface 12
- Summary 12
- Login switch 13
- Login through console port 13
- Physical interface 13
- Parameter description when logging qsw 2800 switch through serial 15
- Please set the parameters according to table shown in table 1 1 15
- Property setting of qsw 2800 switch 15
- Result 15
- Serial port setting please perform the settings according to serial port 15
- To confirm 15
- Admin and password is 12345 16
- Login through telnet 16
- Login through ssh 17
- Generate ssh private public key 2 23
- Menu of the dialog and click next for confirmation referring to figure 23
- Select generation method by choosing dsa or rsa from the drop down 23
- Click next button if the generation is finished referring to figure 25
- Generate ssh private public key 5 25
- The generation of private public key will be displayed in the pop up dialog 25
- Category taking the admin user category as the example 27
- Button ok referring to figure ssh login parameters input 2 29
- During the creation of public key dialog i e value in step 4 and click 29
- From the pop up dialog input the passphrase that has been defined 29
- Keygen sshd auth ssh login metho 29
- Result 29
- Device file upload and download 30
- Ftp configuration 30
- According to the different purposes execute corresponding step please refer to the 32
- Appended list 32
- Following table 32
- Ftp download file 32
- Process 32
- Purpose 32
- This section introduces how to download file through ftp 32
- According to the different purposes execute corresponding step please refer to the 33
- Appended list 33
- Following table 33
- According to the different purposes execute corresponding step please refer to the 34
- Appended list 34
- Following table 34
- Ftp delete file 34
- Process 34
- Purpose 34
- This section introduces how to delete file through ftp 34
- Fetch switch config file 36
- File config from the switch the ftp client application shall be purchased and 36
- Installed by the user 36
- Notice 36
- Start ftp client program at pc and establish ftp connection with the switch 36
- Upgrade operation to the switch after the upload is finished 36
- Upload switch application switch z to switch flash root and download configuration 36
- Username and password configuration through command adduser 36
- Able to log into remote qsw 2800 switch via telnet and download switch application 37
- Backup and software upgrade 37
- Boot up and reboot the switch that the switch is able to implement auto upgrade to its 37
- From the ftp server to switch flash so that to implement remote upgrade to the 37
- Ftp client example 37
- Ftp with username 123 and password 123 pc ip address is 10 8 the user is 37
- Network requirement 37
- Purpose 37
- Remote pc as ftp server and the switch as ftp client with configuration 37
- Switch 37
- The user is able to use command upgrade os as auto start application for next switch 37
- This section introduces the example of switch as ftp client implementing config file 37
- Topology 37
- Tftp configuration 38
- According to the different purposes execute corresponding step please refer to the 39
- Address ipv4 and ipv6 39
- Addresses of tftp client side and server side and make sure that the routing 39
- Before tftp configuration the network administrator needs to configure ip 39
- Between client and server is available 39
- Configure tftp server on off 39
- Following table 39
- Process 39
- Purpose 39
- The qsw 2800 switch supports tftp functionality under two types of network 39
- This section introduces how to open or close tftp server of the switch 39
- According to the different purposes execute corresponding step please refer to the 40
- Confirmation from it the following commands can be applied for file upload 40
- Following table 40
- Notice 40
- Parameter description 40
- Process 40
- Purpose 40
- Request packet towards tftp server and sends data to the server along with 40
- Tftp upload file 40
- When the switch needs to upload file to tftp server the switch as client side sends 40
- According to the different purposes execute corresponding step please refer to the 41
- Following table 41
- Notice 41
- Os is downloaded from the host to the device for config modification or os upgrade 41
- Practical device operation and maintenance it is usually required that the config file or 41
- Process 41
- Purpose 41
- Server and receives data from the server along with configuration towards it in 41
- Tftp download file 41
- The command is applied for file downloading to the device 41
- When file download is required the client side sends request packet to the tftp 41
- Application program switch z is saved in the pc the switch downloads 42
- Backup and software upgrade 42
- Connecting with switch and pc is belonging to particular vlan pc ip address is 42
- Network requirement 42
- Parameter description 42
- Purpose 42
- Switch z from tftp server through the tftp and uploads switch config file to 42
- Tftp client example 42
- The switch as tftp client and pc as tftp server the tftp server has been tftp 42
- This section introduces the example of switch as tftp client implementing config file 42
- Working category configured inband switch ip address is 1 and the port 42
- Zmodem configuration 43
- According to the different purposes execute corresponding step please refer to the 45
- Appended list 45
- Following table 45
- Process 45
- Section 45
- To implement file download through device serial port with operation introduced in this 45
- Chapter2 46
- Ethernet interface configuration 46
- Layer 2 ethernet configuration 46
- Summary 46
- According to the different purposes execute corresponding step please refer to the 47
- Background 47
- Enter the ethernet interface view 47
- Ethernet interface 47
- Ethernet interface basic attribute configuration 47
- Following table 47
- It needs to enter the ethernet interface configuration view first and then configure the 47
- Open shutdown ethernet interface 47
- Procedure 47
- According to the different purposes execute corresponding step please refer to the 48
- Background 48
- Before using the command the command negotiation auto must be used to 48
- Can be provisioned as full duplex mode if port receiving and sending data packet is 48
- Configure ethernet interface duplex state 48
- Following table 48
- From the device as info please configure negotiation auto disable first 48
- If it is required that the port is able to receive data packet while sending then the port 48
- Implement that only when the fast ethernet port is working under non auto negotiation 48
- Mode that it can be configured as port duplex mode otherwise there will be prompt 48
- Negotiated by both the local port and peer port 48
- Precondition 48
- Procedure 48
- Required to be separated then it can be provisioned as half duplex mode similarly if 48
- The port is configured as auto negotiation the duplex mode can be automatically 48
- According to the different purposes execute corresponding step please refer to the 49
- And determined by both the local port and peer port 49
- Background 49
- Configure ethernet interface flow control 49
- Configure ethernet interface rate 49
- Congestion happens to local switch on the other side the peer switch will stop 49
- Following table 49
- Longer send flow control frame to peer 49
- Message sending to local switch once it receives the inform message and vice versa 49
- Procedure 49
- Rate provisioned is working under auto negotiation mode its rate is auto negotiated 49
- Sends message to peer switch to inform peer switch to stop sending message if 49
- The following command can be used to set the ethernet port rate when the port to be 49
- The mechanism is able to avoid message loss the following command can be used 49
- To enable or disable local ethernet port flow control once disabled the port will no 49
- When local and peer switches both start function of flow control the local switch 49
- According to the different purposes execute corresponding step please refer to the 50
- Configure ethernet interface broadcast multicast message suppression function 50
- Following table 50
- In order to prevent port congestion caused by flush of broadcast multicast message 50
- Procedure 50
- Purpose 50
- The command 50
- The switch provides storm suppression function to broadcast multicast message the 50
- User is allowed to restrain broadcast multicast message by configuring bandwidth via 50
- According to the different purposes execute corresponding step please refer to the 51
- Background 51
- Configure ethernet interface rate suppression function 51
- Different due to different interface type 51
- Following table 51
- Procedure 51
- Provide different bandwidth for different users the function of rate suppression 51
- Provides such ability the particular input output bandwidth control granularity may be 51
- There are particular situations that port rate is required to be controlled so that to 51
- According to the different purposes execute corresponding step please refer to the 52
- Background 52
- By configuring the priority of different interfaces it assures that the most important 52
- Command to configure the frame size 52
- Configure ethernet interface mtu 52
- Configure ethernet interface priority 52
- Ethernet _snap form is 1492 52
- Following table 52
- Or packet disassembly the mtu of using ethernet _ii form is 1500 the mtu of using 52
- Procedure 52
- Running at the same time 52
- Service cannot be influenced by delay or discard and guarantees the network efficient 52
- The long frame more than the standard ethernet frame length use the following 52
- The mtu of ethernet interface only influences the ip packaging on ethernet interface 52
- When exchanging data in high throughput such as file transmission it may encounter 52
- According to the different purposes execute corresponding step please refer to the 53
- Clear current ethernet interface statistics information 53
- Configure cable type adaptation 53
- Following table 53
- Interface when there is a large amount of information to be cleared 53
- Procedure 53
- Purpose 53
- Support cross cable type default 53
- Type it needs to configure the connected cable adaption method interface does not 53
- Use this section operation to clear the statistics information of current ethernet 53
- When the connection cable type of interface needs to match with the real used cable 53
- According to the different purposes execute corresponding step please refer to the 54
- Configure interface loopback detection 54
- Descript ethernet interface 54
- Distinguish each port 54
- Ethernet interface senior attribution configuration 54
- Following table 54
- Procedure 54
- Purpose 54
- Use the following command to configure interface description character string to 54
- According to the different purposes execute corresponding step please refer to the 55
- And configure the interval of timing monitoring outside loopback situation so as to 55
- Display ethernet interface state 55
- Following table 55
- Loop switch will make this interface be in controllable working state 55
- Procedure 55
- Timing monitor each interface whether to be outer loop if finding one interface to be 55
- Use the following configuration task to enable interface loopback monitoring function 55
- According to the different purposes execute corresponding step please refer to the 56
- Address table switch will update the corresponding table if mac source has not been 56
- After configuring the attributes of the current interface this section operation can be 56
- Following table 56
- In order to quickly forward message switch needs to maintain mac address table the 56
- Interface number of switch connected with the device the dynamic item not configured 56
- Mac address is as the following if one port supposed to be porta receives a data frame 56
- Mac address table includes the mac address of device connected with switch and the 56
- Mac table configuration 56
- Manually in the mac address table is learned by switch the method of switch learning 56
- Procedure 56
- Purpose 56
- Source and consider that the message with the destination mac address of mac 56
- Source can be forwarded by porta if mac source has been existed in the mac 56
- Switch to different ethernet interface configuration view 56
- Switch will analyze the source mac address of this data frame supposed to be mac 56
- Used to configure attributes of other interfaces 56
- Configure mac address table 57
- According to the changes in the network if user configures the aging time too short 58
- According to the different purposes execute corresponding step please refer to the 58
- Background 58
- Broadcast many data messages which cannot find destination mac address and it will 58
- Configure system mac address aging time 58
- Following table 58
- Hole list will not be aged and lost 58
- Influence the running performance of switch if user configures the aging time too long 58
- Notice 58
- Once the system is reset dynamic list will be lost but the stored static list and black 58
- Procedure 58
- Switch may delete effective mac address item 58
- Switch may save many old mac address items and this will exhaust mac address 58
- Table resources and cause that the switch cannot update mac address table 58
- The appropriate aging time can realize the mac address aging function effectively 58
- The longer or shorter aging time configured by user may result in that switch will 58
- According to the different purposes execute corresponding step please refer to the 59
- Add delete static arp mapping item manually 59
- Arp configuration 59
- Arp mapping table can dynamically be maintained or manually maintained usually 59
- By arp mapping table aging time and at the same time also cannot dynamically 59
- Can check add and delete arp mapping item in arp table by related manually 59
- Display layer 2 mac address table 59
- During the working time of device 59
- Following table 59
- Mac table item for user to query for specific information conveniently 59
- Maintained commands 59
- Map the ip address manually configured to mac address it is called static arp user 59
- Procedure 59
- Purpose 59
- Static arp mapping table can only be configured manually and will not be influenced 59
- This section introduces how to add delete static arp mapping table manually 59
- This section introduces how to quickly locate the relevant information of the specified 59
- Update this mapping relationship static arp mapping table continues to be effective 59
- According to the different purposes execute corresponding step please refer to the 60
- Address and may result in that user cannot access some nodes so user needs to use 60
- Check arp information 60
- Clear dynamic arp table 60
- Execute this command to cancel the mapping relationship of ip address and mac 60
- Following table 60
- Manually when necessary 60
- Procedure 60
- Purpose 60
- This command carefully 60
- This section helps user to delete device all dynamic arp mapping table items 60
- This section introduces how to clear dynamic arp mapping table 60
- According to the different purposes execute corresponding step please refer to the 61
- Configure dynamic arp mapping item aging time 61
- Corresponding relationship between network address and local hardware address 61
- Debug arp 61
- Each corresponding record keeps a period of time in cache and then gives up 61
- Following table 61
- Procedure 61
- Purpose 61
- The aging time of arp mapping item can reduce the address parse error problem that 61
- The dynamic arp table is not updated in time 61
- This section introduces how to check arp related information this section helps user 61
- This section introduces how to configure the aging time of dynamic arp mapping 61
- This section introduces how to debug arp 61
- To check arp mapping table in lan and detect fault of lan arp established 61
- According to the different purposes execute corresponding step please refer to the 62
- Aggregation only 62
- Background 62
- Configure aggregation group 62
- Connecting reliability link aggregation can be divided into manual aggregation 62
- Dynamic aggregation and static lacp aggregation pots in a same aggregation trunk 62
- Following table 62
- Group shall have a same port type i e if one of the ports is electric optical port all the 62
- Group to implement egress load sharing of each member ports as well as provide high 62
- Interface aggregation introduction 62
- Link aggregation configuration 62
- Link aggregation is to aggregate multiple ports into one single aggregation trunk 62
- Others must be the same 62
- Purpose 62
- The qsw 2800 is currently supporting manual aggregation and static lacp 62
- According to the different purposes execute corresponding step please refer to the 63
- Following table 63
- Functions as well as add member ports for enhancement of bandwidth and reliability 63
- Operations in this section can be used to provision trunk group with its basic 63
- Procedure 63
- Appendix list 64
- Port priority 64
- System priority 64
- According to the different purposes execute corresponding step please refer to the 65
- Following table 65
- Maintenance and debug 65
- Procedure 65
- Purpose 65
- When lacp function is abnormal it needs to check and debug 65
- Appendix list 66
- As the following 66
- Bandwidth and reliability between the two devices and the detailed requirements are 66
- Configure link aggregation group on two directly connected switches to increase the 66
- Example 66
- Network requirement 66
- The link between two devices has the ability of redundant backup when part of 66
- The links is failed the backup link can be used to replace the fault link and keep 66
- The transmission no break 66
- Active link has the ability of load sharing 67
- Configuration of one peer 67
- Configuration step 67
- Network topology 67
- Note the configuration of two peers is the same and this only display 67
- Divide lan local area network into multiple subclasses in logic and each subclass 68
- Enhance the network robust 68
- Generally speaking vlan divides the devices in the lan into multiple network 68
- Has its own broadcast domain that is vlan virtual local area network 68
- In the large scale of network it can restrict the network fault in vlan and 68
- Isolate broadcast domain and reduce broadcast storm and enhance the security 68
- Lan technologically 68
- Segments logically but not physically to realize the isolated broadcast domains in a 68
- Vlan configuration 68
- Vlan function 68
- Vlan introduction 68
- Vlan meaning 68
- According to the different purposes execute corresponding step please refer to the 69
- Appendix list 69
- Configure vlan based on interface 69
- Create vlan 69
- Following table 69
- Procedure 69
- Purpose 69
- This section introduces how to create vlan and it is the basic precondition for other 69
- Vlan function configuration 69
- According to the different purposes execute corresponding step please refer to the 70
- Following table 70
- Procedure 70
- This section introduces how to configure vlan based on interface 70
- According to the different purposes execute corresponding step please refer to the 71
- Appendix list 71
- Configure vlan based on mac address 71
- Following table 71
- Procedure 71
- Purpose 71
- This section introduces how to configure divided vlan based on mac address 71
- According to the different purposes execute corresponding step please refer to the 72
- Appendix list 72
- Configure vlan based on ip sub network 72
- Following table 72
- Procedure 72
- Purpose 72
- This section introduces how to configure vlan divided based on ip sub network 72
- According to the different purposes execute corresponding step please refer to the 73
- Appendix list 73
- Configure vlan based on protocol 73
- Following table 73
- Procedure 73
- Purpose 73
- This section introduces how to configure vlan divided based on protocol 73
- Appendix list 74
- According to the different purposes execute corresponding step please refer to the 75
- Configure vlan other parameters 75
- Following table 75
- Parameters according to real situation 75
- Procedure 75
- Purpose 75
- User can choose to use this section operation to configure other vlan related 75
- According to the different purposes execute corresponding step please refer to the 77
- Appendix list 77
- Following table 77
- Maintenance and debug 77
- Procedure 77
- Purpose 77
- When vlan function is abnormal it needs to check and debug 77
- Access server1 and the staff of market department can access server2 and the two 79
- And switchb to connect it requires that the staff of development department can 79
- Appendix list 79
- Departments cannot communicate with each other 79
- Example 79
- Network requirement 79
- The development department and market department of enterprise user use switcha 79
- Bind vlan translation item with interface 82
- Vlan translation configuration 82
- According to the different purposes execute corresponding step please refer to the 83
- Appendix list 83
- Configure or delete vlan translation item 83
- Following table 83
- Procedure 83
- Purpose 83
- This section introduces how to configure or delete vlan translation item 83
- Appendix list 89
- According to the different purposes execute corresponding step please refer to the 90
- Check vlan translation item related information 90
- Following table 90
- Interface or egress binding of interface or ingress and egress binding of interface at 90
- Procedure 90
- Purpose 90
- The same time 90
- This operation helps user to check the device interface whether to bind vlan 90
- This section introduces how to configure the related information of vlan translation 90
- Translation item including vlan translation item index information ingress binding of 90
- Access to the carrier network at last 91
- After passing the swticha the voice service data with vlan10 of user1 is transmitted 91
- Example 91
- In the access network family user connects with switcha through family gateway and 91
- Internet online business data with vlan12 of user2 is transmitted to be tagged 91
- Network requirement 91
- Tagged vlan11 through the gateway internet online business data of user2 is tagged 91
- To be tagged vlan100 of carrier operator and the internet online business data with 91
- Vlan101 91
- Vlan11 of user1 is transmitted to be tagged vlan101 of carrier operator the 91
- Vlan12 through the gateway 91
- Voice service data of user1 is tagged vlan10 and internet online business data is 91
- Chapter3 95
- Dhcp configuration 95
- Dhcp introduction 95
- Ip service configuration 95
- Summary 95
- Dhcp server 99
- Dhcp relay 100
- Configure dhcp server 103
- According to the different purposes execute corresponding step please refer to the 104
- Following table 104
- Procedure 104
- Appendix list 105
- Configure dhcp server supported option 105
- Dchp server has been configured already 105
- Precondition 105
- According to the different purposes execute corresponding step please refer to the 106
- Appendix list 106
- Following table 106
- Procedure 106
- According to the different purposes execute corresponding step please refer to the 107
- Appendix list 107
- Configure dhcp server security function 107
- Dchp server has been configured already 107
- Following table 107
- Precondition 107
- Procedure 107
- According to the different purposes execute corresponding step please refer to the 108
- Configure dhcp relay 108
- Configure dhcp relay to realize ip address assigned to user of dhcp server 108
- Crossing network 108
- Following table 108
- Procedure 108
- Purpose 108
- Appendix list 109
- According to the different purposes execute corresponding step please refer to the 110
- Following table 110
- Maintenance and debug 110
- Procedure 110
- Purpose 110
- When dhcp function is abnormal it can use this section operation to check and 110
- Appendix list 113
- Dhcp server assigns ip address dynamically for clients of different network segment 113
- Example 113
- Network requirement 113
- The detailed requirements are as follows 113
- The network segments of user are 10 24 and 10 24 113
- Chapter4 routing configuration 116
- Configure static routing 116
- Static routing configuration 116
- Static routing introduction 116
- Summary 116
- According to the different purposes execute corresponding step please refer to the 118
- Appended list 118
- Following table 118
- Maintenance and debug 118
- Process 118
- Purpose 118
- Requires function check debug and defection orientation 118
- The operation in this section is for situation when static route works abnormal and 118
- Appended list 119
- Chapter5 120
- Qos configuration 120
- Queue scheduling and congestion control configuration 120
- Queue scheduling and congestion control introduction 120
- Summary 120
- According to different destination please execute corresponding steps refer to the 123
- Balance delay and delay jitter of all kinds of packets in this way message of key 123
- Before configuring queue scheduling and congestion control it needs to configure 123
- Can be dealt fairly 123
- Capability of queue scheduling drr scheduling allows negative weight to 123
- Configure queue scheduling and congestion control 123
- Filter rule of acl please refer to command of 7 to configure acl action to specify 123
- Following table 123
- Guarantee that the long message can be scheduled but at the next time of round 123
- Interface queue priority for data to pass 123
- Prerequisite 123
- Process 123
- Purpose 123
- Robin this queue will not be scheduled until its weight is positive 123
- Scheduling in accordance with message length if message length exceeds the 123
- Service can be processed with high priority and non key service with same priority 123
- Using the operation in this section when there is congestion in the network qsw 123
- Will deal with message according to the configured scheduling policy so as to 123
- Wrr is a scheduling in accordance with the message number drr is a 123
- Attached list 124
- According to different destination please execute corresponding steps refer to the 125
- Attached list 125
- Configure sp scheduling 125
- Example 125
- Flow is from interface 1 0 1 1 0 2 1 0 3 of host1 to host2 there is congestion on 125
- Following table 125
- Interface 1 0 1 of host2 require to use sp algorithm 125
- Maintenance and debug 125
- Network diagram 125
- Network requirements 125
- Process 125
- Purpose 125
- This operation to check or debug 125
- When queue scheduling and congestion of qos function is abnormal user can use 125
- Chapter6 128
- Igmp configuration 128
- Igmp snooping configuration 128
- Summary 128
- Configure static layer 2 multicast 130
- Appendix list 131
- According to the different purposes execute corresponding step please refer to the 132
- Configure multicast vlan copy 132
- Following table 132
- Procedure 132
- According to the different purposes execute corresponding step please refer to the 133
- Appendix list 133
- Background 133
- Configure igmp snooping 133
- Following table 133
- Igmp snooping based on vlan runs on the switch between router and user host by 133
- Listening the igmp snooping message sent between upper router and host to 133
- Maintain the igmp message forwarding table so it can manage and control to 133
- Procedure 133
- Transmit the multicast data message to realize the multicast of layer 2 133
- Appendix list 135
- According to the different purposes execute corresponding step please refer to the 136
- Configure controllable multicast 136
- Following table 136
- It is usually used in the multicast of layer 2 scenarios to control iptv program 136
- Number and guarantee the service quality of most users 136
- Procedure 136
- Purpose 136
- According to the different purposes execute corresponding step please refer to the 138
- Following table 138
- Maintenance and debug 138
- Procedure 138
- Purpose 138
- User can use operation of this section 138
- When igmp snooping is abnormal and it needs to check debug or locate problem 138
- Example 141
- Acl configuration 155
- Acl introduction 155
- Chapter7 155
- Security configuration 155
- Summary 155
- According to different destination please execute corresponding steps refer to the 156
- Acl type number to be from 1 to 1000 156
- Background information 156
- Before configuring layer2 acl rules first need to create one layer2 acl and specify 156
- Configure layer2 acl 156
- Destination ip source port number destination port number protocol type priority 156
- Destination port number protocol type hop limitation the next head traffic class 156
- Destination port number protocol type priority fragment lifetime rate limitation 156
- Flow flag rate limitation template time range template and etc to classify the 156
- Following table 156
- Layer2 acl mainly based on source mac destination mac vlan priority 156
- Layer3 acl mainly based on source ip destination ip source port number 156
- Layer3 acl6 mainly based on source ipv6 destination ipv6 source port number 156
- Mixed acl mainly based on source mac destination mac source ip 156
- One acl is composed of some rules and actions 156
- Process 156
- Protocol type rate limitation template time range template and etc to classify the 156
- Template time range template and etc to classify the data 156
- Vlan rate limitation template time range template and etc to classify the data 156
- Acl type number to be from 1001 to 2000 159
- Attached list 159
- Background information 159
- Before configuring layer3 acl rules first need to create one layer3 acl and specify 159
- Configure layer3 acl 159
- One acl is composed of some rules and actions 159
- Process 159
- According to different destination please execute corresponding steps refer to the 160
- Following table 160
- Attached list 163
- According to different destination please execute corresponding steps refer to the 164
- Acl type number to be from 2001 to 3000 164
- Background information 164
- Before configuring mixed acl rules first need to create one mixed acl and specify 164
- Configure mixed acl 164
- Following table 164
- One acl is composed of some rules and actions 164
- Process 164
- According to different destination please execute corresponding steps refer to the 166
- Attached list 166
- Background information 166
- Before configuring layer3 acl6 rules first need to create one layer3 acl6 and 166
- Configure layer3 acl6 166
- Following table 166
- One acl is composed of some rules and actions 166
- Process 166
- Specify acl type number to be from 3001 to 4000 166
- Attached list 169
- Configure acl optional function 170
- Attached list 172
- According to different destination please execute corresponding steps refer to the 173
- Following table 173
- Maintenance and debug 173
- Process 173
- Purpose 173
- When acl function is abnormal user can use this operation to check or debug 173
- Attached list 175
- Example 176
- Chapter8 183
- Mstp configuration 183
- Reliability configuration 183
- Summary 183
- Rstp introduction 184
- Mstp introduction 186
- A cist priority vector calculation 187
- Assumptions 187
- Bridge b from the pd port of bridge d is as follow the total root is rd the 187
- Cost is ercb the domain root is rrb the inner root path cost is ircb the 187
- Designated bridge id is b the designated port is b the designated port id 187
- In cist priority vector is composed of the total root outer root path cost domain 187
- In order to facilitate the subsequent description we make the following 187
- In the initial condition the information carried in the message sent out by the 187
- Is pb the id of port receiving bpdu message is pb 187
- Msti priority vector calculation method as follow 187
- Pb port of the bridge b is as follow the total root is rb the outer root path 187
- Port receiving bpdu message 187
- Priority vector calculation 187
- Priority vector of the spanning tree we will introduce the cist priority vector and 187
- Root inner root path cost designated bridge id designated port id and the id of 187
- The information carried in the message which is received by pb port of 187
- The message the most important information carried in the message is the 187
- The mstp role of all bridges is computed according to the carrying information in 187
- A switch a role selection process 190
- And the switchb is better than switchc the link path costs are 4 5 and 10 190
- Another domain alone 190
- Figure 8 1 supposing that the bridge priority of switcha is better than switch b 190
- In initial state the port of every device will be calculated to be the designated port and 190
- Role selection process 190
- State of the figure 8 1 is shown in the table 8 2 190
- Switcha and switchb belong to the same domain and switchc belongs to 190
- The cist instance calculation process will be introduced briefly as follow with the 190
- The message priority vector carried in the message sent out by the device in initial 190
- The port priority vector of all ports of device keep the same as the message priority 190
- Vector in initial state 190
- Will send out the message priority vector which makes it to be the root bridge 190
- According to different destination please execute corresponding steps refer to the 193
- As long as the same configuration the two switches belong to the same domain 193
- Background information 193
- Before configuring switch to join designated mst domain it needs to configure 193
- Configure device to join designated mst domain 193
- Following table 193
- Mst domain name 193
- Mst domain revision level 193
- Msti and vlan mapping relationship 193
- Physical attribute of interface and interface vlan characteristic 193
- Process 193
- Purpose 193
- This section introduces how to configure switch to join mst domain 193
- Attached list 194
- According to different destination please execute corresponding steps refer to the 195
- Background information 195
- Before modifying mstp parameters please first finish the following tasks 195
- Configure interface physical attribute 195
- Configure interface to join in vlan 195
- Configure mstp parameter 195
- Configure switch to join in designated mst domain 195
- Following table 195
- In some specific network environment user can modify mstp parameters to achieve 195
- Introduce how to modify mstp parameters in this section 195
- Process 195
- Purpose 195
- The best result 195
- Default to configure 196
- Attached list 197
- Anyone forges configuration message and attacks switch maliciously when the 198
- Background information 198
- Bpdu protection 198
- Circumstances the edge interface will not receive bpdu message of stp but if 198
- Configure mstp protection function 198
- Configured the as edge interface to realize interface fast switching under normal 198
- Edge interface receives the configuration message system will configure these 198
- For the access layer device the access interface usually connects with user 198
- Interfaces to be non edge interface automatically and will calculate stp again 198
- Prevent this network attack 198
- Terminal such as pc or file server at this time the access interface can be 198
- This will results in network topology concussion bpdu protection function can 198
- According to different destination please execute corresponding steps refer to the 200
- After enabling tc bpdu message attack function the number of times which 200
- Deletion operation will cause great burden to the device and bring great hidden 200
- Following table 200
- It can avoid frequent deletion of mac table item and arp table item so as to 200
- Mstp processes bpdu message of tc type can be configured per unit time if 200
- Process 200
- Protect the switch 200
- Purpose 200
- Specified by threshold for other bpdu messages of tc type beyond the 200
- The configured threshold the mstp process only deals with the designated times 200
- The number of bpdu messages of tc type received by mstp process exceeds 200
- Threshold after the timer expires mstp process only deals with once in this way 200
- Trouble to the network stability 200
- When need to configure mstp protection user can use this section operation 200
- According to different destination please execute corresponding steps refer to the 201
- Attached list 201
- Following table 201
- Maintenance and debug 201
- Process 201
- Purpose 201
- When mstp function is abnormal user can use this operation to check or debug 201
- Attached list 203
- Basic function as following 203
- Example 203
- Network requirements 203
- Now there are four switches to support mstp protocol they are switcha switchb 203
- Switchc and switchd are other series switch produced by qtech configure mstp 203
- Switchc and switchd switcha and switchb are the qsw 2800 series switch 203
- Rlink configuration 208
- Rlink introduction 208
- Configure resilient link group function 209
- According to different destination please execute corresponding steps refer to the 210
- Following table 210
- Function to realize redundancy link backup and fast switching under double uplinks 210
- Network environment 210
- Process 210
- Purpose 210
- Using the operation in this section to configure resilient link group and its basic 210
- According to different destination please execute corresponding steps refer to the 211
- Attached list 211
- Background information 211
- Configure monitor link group function 211
- Following table 211
- Function to realize interface linkage function 211
- Process 211
- Purpose 211
- To use the operation in this section to configure monitor link group and its basic 211
- Attached list 212
- Background information 212
- Configure rlink other related parameter 212
- Enable rlink returning function after returning timer terminating it will switch to 212
- Keeps blocked state and do not preempt if needing to recover it to be the main link 212
- The main link 212
- The original main link fault recovers in order to keep flow stability the main link 212
- Use manual main standby switching of rlink group to enforce link switching 212
- User can use the following two methods 212
- When there is fault in the main link of rlink group it will switch to standby link after 212
- According to different destination please execute corresponding steps refer to the 213
- Can choose which step to use according to your need but first rlink group or mlink 213
- Following table 213
- Group should be configured 213
- Process 213
- Purpose 213
- Use the operation in this section to configure other related parameters of rlink user 213
- According to different destination please execute corresponding steps refer to the 214
- Attached list 214
- Following table 214
- Maintenance and debug 214
- Process 214
- Purpose 214
- When rlink function is abnormal user can use this operation to check or debug 214
- Attached list 216
- Configuration steps 217
- Configure protection vlan rlink group based on vlan 217
- Configure single point uplink 217
- Create rlink group1 217
- Example 217
- In single point uplink network environment configure rlink function the master and 217
- Network diagram 217
- Network requirements 217
- Optional default to be single mode 217
- Slave interfaces are on the same switch they are fe1 1 and fe1 2 217
- Switch config rlink group 1 217
- Switch config rlink1 type single 217
- Switch configure 217
- Chapter9 224
- Enable or disable poe power supply function 224
- Poe configuration 224
- Poe function configuration 224
- Summary 224
- According to the different purposes execute corresponding step please refer to the 225
- Auto mode it is recommended that user uses the force standard or force high mode 225
- Background information 225
- Configure power supply mode 225
- Following table 225
- Function 225
- Generally it is recommended that user uses the default mode of half auto 225
- If using one of the two modes user must enable the enhanced detection power supply 225
- Progress 225
- Qsw 2800 pe pe supports four power supply modes they are auto force 225
- Standard force high and half auto 225
- When the device cannot supply electricity normally using non standard pd in half 225
- According to the interface number the interface number is greater the priority is 226
- Background information 226
- Configure poe power supply parameter 226
- Configure the pd device description connected with the interface on the device it is 226
- Convenient for user to manage the downstream pd device 226
- Critical equipment can be first powered when the power consumption of pd equipment 226
- Currently qsw 2800 pe pe only supports power supply in signal line mode timing 226
- Electricity for it 226
- Higher and the port with greater interface number will be powered first 226
- Insufficient if the priority of different ports is the same it will order the priority 226
- Is greater than the total power supplied by the pse when the pse power is 226
- Poe power supply port supports three priorities the port priority ensures that the 226
- Power supply and power supply alarm function 226
- Progress 226
- Pse can only detect the standard pd and supply electricity for it after enabling pse 226
- The command of configuring the threshold power of pse in the global configuration 226
- The pd device according with the 802 af protocol is the standard pd device usually 226
- To detect the non standard pd pse can detect the non standard pd and supply 226
- View is used to protect the switch to avoid the influence of the unstable power supply 226
- According to the different purposes execute corresponding step please refer to the 227
- Following table 227
- According to the different purposes execute corresponding step please refer to the 228
- Check poe configuration information 228
- Following table 228
- Progress 228
- Purpose 228
- Right or wrong 228
- This operation is mainly used to check the configured poe function and its parameters 228
- Appendix a 229
Похожие устройства
- Qtech QSW-3200-24T Руководство пользователя
- Qtech QSW-3200-24T Техническое описание
- Qtech QSW-3200-28T Руководство пользователя
- Qtech QSW-3200-28T Техническое описание
- Qtech QSW-3200-28FC Руководство пользователя
- Qtech QSW-3200-28FC Техническое описание
- Qtech QSW-3900-24-Т-AC Руководство пользователя v1-1
- Qtech QSW-3900-24-Т-AC Руководство пользователя v1-7
- Qtech QSW-3900-24-Т-AC Руководство пользователя
- Qtech QSW-3900-48-SFP-AC Руководство пользователя v1-1
- Qtech QSW-3900-48-SFP-AC Руководство пользователя v1-7
- Qtech QSW-3900-48-SFP-AC Руководство пользователя
- Qtech QSW-3900-48-SFP-DC Руководство пользователя v1-1
- Qtech QSW-3900-48-SFP-DC Руководство пользователя v1-7
- Qtech QSW-3900-48-SFP-DC Руководство пользователя
- Qtech QSW-3900-48-Т-AC Руководство пользователя v1-1
- Qtech QSW-3900-48-Т-AC Руководство пользователя v1-7
- Qtech QSW-3900-48-Т-AC Руководство пользователя
- Qtech QSW-3900-48-Т-DC Руководство пользователя v1-1
- Qtech QSW-3900-48-Т-DC Руководство пользователя v1-7