![Qtech QSW-3900-48-SFP-DC [165/245] Arp spoofing](/img/pdf.png)
Qtech QSW-3900-48-SFP-DC [165/245] Arp spoofing
![Qtech QSW-3900-48-SFP-DC [165/245] Arp spoofing](/views2/1596601/page165/bga5.png)
QTECH Software Configuration Manual
12-164
12.2 ARP spoofing
Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning or ARP Poison Routing
(APR), is a technique used to attack an Ethernet wired or wireless network. ARP Spoofing may allow an attacker to
sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether (known as a denial
of service attack). The attack can only be used on networks that actually make use of ARP and not another method of
address resolution.
The principle of ARP spoofing is to send fake, or "spoofed", ARP messages to an Ethernet LAN. Generally,
the aim is to associate the attacker's MAC address with the IP address of another node (such as the default gateway).
Any traffic meant for that IP address would be mistakenly sent to the attacker instead. The attacker could then choose
to forward the traffic to the actual default gateway (passive sniffing) or modify the data before forwarding it
(man-in-the-middle attack). The attacker could also launch a denial-of-service attack against a victim by associating a
nonexistent MAC address to the IP address of the victim's default gateway.
ARP spoofing attacks can be run from a compromised host, or from an attacker's machine that is connected
directly to the target Ethernet segment.
A typical Ethernet frame. A spoofed frame could have false source MAC addresses to trick devices on the network.
12.2.1 How ARP spooing works?
The attacker send fake arp message to the victim causing it to update its ARP table with false entries.
The ARP attack works as follow :
1) The attacket send ARP messages to the victim with false updates
2) The victim update its ARP table with the attacker MAC address and the false IP address provided by the
attacker
3) When the victim is ready to send data (Ping in our case) it will send it using mac address listed in its ARP
Table (the attacker's)
12.2.2 ARP Spoofing/poising Animation
The attacker is constently sending false ARP messages to the victim causing it to update its ARP table.
When you ready to send Ping, watch closley where the ping goes.
12.3 ARP-Proxy
Proxy ARP (Address Resolution Protocol) is a technique by which a device on a given network answers
the ARP queries for a network address that is not on that network. The ARP Proxy is aware of the location of the
traffic's destination, and offers it's own MAC address in reply, effectively saying, "send it to me, and I'll get it to
where it needs to go." Serving as an ARP Proxy for another host effectively directs LAN traffic to the Proxy. The
"captured" traffic is then typically routed by the Proxy to the intended destination via another interface or via a
tunnel.
The process which results in the node responding with its own MAC address to an ARP request for a
different IP address for proxying purposes is sometimes referred to as 'publishing'.
For more details of configuration of Proxy-ARP please refer to ARP proxy configuration
Содержание
- Content 2
- Accessing switch 14
- Chapter 1 14
- Command line configuration mode 14
- Command line interface 14
- Command line configuration mode 15
- Domain configuration mode the function and details of each command mode are as following 15
- Qtech software configuration manual 15
- Command syntax comprehension 16
- Enable step 2 16
- Note defaulted login and password is admin 123456 16
- Password 1 16 chars 16
- Qtech config vlan 3 16
- Qtech quit 16
- Step 1 16
- Step 3 16
- Syntax help 16
- Username 1 32 chars 16
- Command symbols description 17
- History command 17
- Symbols in command 17
- 02 03 04 05 0 18
- Command parameter categories 18
- Integer 1 10 18
- Show spanning tree interface ethernet 0 0 1 ethernet 0 0 3 to ethernet 0 0 5 18
- User management 18
- Add user 19
- Modify password 19
- Modify privilege 19
- System default user name 19
- Caution admin user only supports local database authentication 20
- Caution user name supports case insensitivity while password doesn t support case sensitivity 20
- Display user information 20
- No username username 20
- Qtech admin 20
- Qtech config no username qtech 20
- Qtech config show username qtech 20
- Qtech config username qtech privilege 1 password 0 1234 20
- Remote authentication of administrator 20
- Remove user name 20
- Show username 20
- Show username username 20
- User name role 20
- View system user information 20
- ____________________________________________________________ 20
- Building please wait 21
- Display authentication configuration 21
- Manage switch by hyper terminal 21
- Muser local radius radiusname tacacs tacacsname pap chap local 21
- Qtech copy running config startup config 21
- Show muser 21
- Start radius tacacs remote authentication 21
- Startup config in flash will be updated are you sure y n ny 21
- Username 1 32 chars step 21
- Ways of managing switch 21
- Brief introduction of ssh 22
- Build successfully 22
- Manage switch by telnet 22
- Qtech quit 22
- Ready to load startup config press enter to run or ctrl c to cancel 22
- Ssh configuration list 22
- Step 1 22
- Step 3 22
- Step 5 22
- Step 7 22
- Clear configured key 23
- Configure default key 23
- Crypto key generate rsa 23
- Crypto key zeroize rsa 23
- Download or upload key by tftp or ftp 23
- Enable disable ssh function of the device 23
- Load keyfile public private ftp server ip filename username passwd 23
- Load keyfile public private tftp server ip filename 23
- No ssh 23
- Qtech config ssh 23
- Qtech crypto key generate rsa 23
- Qtech crypto key zeroize rsa 23
- Qtech load keyfile public tftp 1 pub txt 23
- Ssh key configuration 23
- Upload keyfile public private ftp server ip filename username passwd 23
- Upload keyfile public private tftp server ip filename 23
- Crypto key refresh 24
- Load new key 24
- Others 24
- Qtech crypto key refresh 24
- Show keyfile public private 24
- Show ssh 24
- Show users 24
- Stop username 24
- Chapter 2 25
- Configuration files management 25
- Configuration ip address by manual operation 25
- Configure manage ip interface 25
- Copy running config startup config 25
- Edit configuration files 25
- Ip address ip address mask ip addres 25
- Modify and save current configuration 25
- Qtech config if vlan ipaddress 192 68 00 255 55 25
- Switch manage and maintenance 25
- System ip configuration 25
- Clear startup config 26
- Configure file executing mode shift 26
- Copy startup config running config 26
- Display current configuration 26
- Display saved configuration 26
- Erase saved configuration 26
- Execute saved configuration 26
- Qtech clear startup config 26
- Qtech copy running config startup config 26
- Qtech show running config 26
- Qtech show running config garp oam 26
- Show running config module list 26
- Show startup config module list 26
- Buildrun mode continu 27
- Buildrun mode sto 27
- Load application configuration whole bootrom tftp tftpserver ip filename 27
- Online loading upgrade program 27
- Qtech buildrun mode continue 27
- Qtech buildrun mode stop 27
- Qtech load application tftp 192 68 00 app arj 27
- Qtech load configuration ftp 192 68 00 abc 27
- Qtech load whole bootrom tftp 192 68 00 rom3x26 bin 27
- Qtech upload alarm tftp 192 68 00 abc 27
- Qtech upload configuration ftp 192 68 00 abc username password 27
- Qtech upload logging tftp 192 68 00 abc 27
- Upload alarm configuration logging ftp ftpserver ip filename username userpassword 27
- Upload alarm configuration logging tftp tftpserver ip filename 27
- Upload and download files by ftp 27
- Upload and download files by tftp 27
- Download files by xmodem 28
- Load application configuration whole bootrom ftp ftpserver ip filename username userpassword 28
- Load application xmodem 28
- Qtech load application ftp 192 68 00 abc user 1234 28
- Qtech load application xmodem 28
- Qtech load configuration ftp 192 68 00 abc user 1234 28
- Qtech load configuration xmodem 28
- Qtech load whole bootrom ftp 192 68 00 abc user 1234 28
- Qtech load whole bootrom xmodem 28
- Qtech upload alarm ftp 192 68 00 abc user 1234 28
- Qtech upload configuration ftp 192 68 00 abc user 1234 28
- Qtech upload logging ftp 192 68 00 abc user 1234 28
- Basic configuration and management 29
- Bootrom version v1 2 29
- Compiled time jul 16 2009 10 10 00 29
- Copyright copyright c 2001 2009 29
- Epld version v1 29
- Flash memory bytes 8192k 29
- Hardware version v2 29
- Mac address 00 1f ce 11 87 6f 29
- Processor ppc 8245 400mhz 29
- Product serial number 010500050806020000043o 29
- Qtech config sh ver 29
- Reboot 29
- Sdram bytes 128m 29
- Show cloc 29
- Show cp 29
- Show memor 29
- Show syste 29
- Show user 29
- Show usernam 29
- Show versio 29
- Software platform broadband network platform software 29
- Software version qtech qsw 3900 v100r001b01d003p001sp9 29
- System maintenance 29
- Network connecting test command 30
- Login access list web snmp telnet telnet limit ip address wildcard 31
- Loopback external internal 31
- Loopback internal external 31
- Loopback test command 31
- Qtech config if ethernet 0 0 1 loopback external 31
- Qtech config login access list telnet 192 68 0 55 55 31
- Qtech config loopback internal 31
- Qtech config no login access list telnet 0 255 55 55 55 31
- Remote access restriction 31
- Show login access list 31
- The number of telnet user restriction 31
- Packets rate limit to cpu 32
- Routing tracert command 32
- Brief introduction of snmp 33
- Monitor system by snmp 33
- Snmp mechanism 33
- Mib overview 34
- Snmp configuration 34
- Snmp protocol version 34
- Configure community name and accessing right 35
- Configure syscontact 35
- Manager contact information support qtech ru 35
- No snmp server community community name 35
- No snmp server contact 35
- Qtech config no snmp server community qtech 35
- Qtech config show snmp community 35
- Qtech config show snmp contact 35
- Qtech config snmp server community qtech rw permit 35
- Qtech config snmp server contact support qtech ru 35
- Show snmp contact 35
- Snmp server community community name ro rw deny permit view view name 35
- Snmp server contact syscontact 35
- Configure syslocation 36
- Configure sysname 36
- Configure trap destination host adress 36
- Configure engine id 37
- Configure notify 37
- Engineid strin 37
- No snmp server enable traps notificationtype list notificationtype lis 37
- No snmp server engineid local remote ip address udp port port number 37
- Qtech config snmp server enable traps gbn 37
- Qtech config snmp server engineid local 12345 37
- Qtech config snmp server engineid remote 1 udp port 888 1234 37
- Qtech config snmp server name qsw 3900 37
- Show snmp engineid local remote 37
- Snmp server enable traps notificationtype list 37
- Snmp server engineid local engineid string remote ip address udp port port number engineid string 37
- Configure group 38
- Configure view 38
- Configure user 39
- No snmp server user username remote host udp port port 39
- Qtech config no snmp server group group1 1 39
- Qtech config show snmp group 39
- Qtech config snmp server group group1 1 read internet write internet notify internet 39
- Qtech config snmp server user user1 grp1 39
- Qtech config snmp server user user2 grp2 auth md5 auth password 1234 39
- Show snmp user 39
- Snmp server user username groupname remote host udp port port auth md5 sha authpassword encrypt authpassword authpassword authpassword authkey encrypt authkey authkey authkey priv des privpassword encrypt privpassword privpassword privpassword privkey encrypt privkey privkey privkey 39
- Alarm cpu 40
- Brief introduction of cpu alarm 40
- Cpu alarm configuration 40
- Cpu alarm configuration list 40
- Dlf forward multicast unicast 40
- Enable disable cpu alarm 40
- Enable disable dlf forword packet 40
- No alarm cpu 40
- No dlf forward multicast unicast 40
- Qtech config no dlf forward multicast 40
- Qtech config no dlf forward unicast 40
- Qtech config snmp server user user3 grp3 auth md5 auth password 1234 priv des priv password 4321 40
- Alarm cpu threshold busy busy unbusy unbusy 41
- Anti dos attack 41
- Anti dos ip fragment maxnum 41
- Configure cpu busy or unbusy threshold 41
- Display cpu alarm information 41
- Ip segment anti attack 41
- Qtech config alarm cpu 41
- Qtech config alarm cpu threshold busy 30 unbusy 10 41
- Qtech config show alarm cpu cpu status alarm enable cpu busy threshold 90 cpu unbusy threshold 60 cpu status unbusy 41
- Show alarm cpu 41
- Show anti dos 41
- Chapter 3 42
- Introduction to bridging 42
- Mac address table management 42
- Maintaining the bridge table 42
- Major functionalities of bridges 42
- Forwarding and filtering 44
- Brief introduction of mac address table management 46
- Configure system mac address aging time 46
- Mac address table management list 46
- Note when a bridge receives a broadcast or multicast frame it forwards the frame to all interfaces other than the receiving interface 46
- Add blackhole mac address 47
- Add mac address 47
- Configure mac address item 47
- Delete mac address item 48
- Display mac address learning 48
- Display mac address table 48
- Enable disable mac address learning 48
- Mac address table learning mode svl ivl 49
- Modify mac address learning mode 49
- Qtech config mac address table learning mode ivl 49
- Qtech config show mac address table learning mode 49
- Show mac address table learning mode 49
- Chapter 4 50
- Enable disable specified interface 50
- Enter interface configuration mode 50
- Interface ethernet interface number 50
- No shutdown 50
- Port configuration 50
- Port configuration introduction 50
- Port related configuration 50
- Shutdown 50
- Configure interface duplex mode and speed rate 51
- Description description list 51
- Duplex auto full half 51
- Interface description configuration 51
- Interface priority configuration 51
- No duplex 51
- No speed 51
- Qtech config if ethernet 0 0 1 duplex full 51
- Qtech config if ethernet 0 0 1 no shutdown 51
- Qtech config if ethernet 0 0 1 speed 100 51
- Qtech config if ethernet 0 0 3 description qtech 51
- Qtech config if ethernet 0 0 5 no priority 51
- Qtech config if ethernet 0 0 5 priority 1 51
- Qtech config if ethernet 0 1 1 shutdown 51
- Speed 10 10auto 100 100 auto 1000 1000 auto auto 51
- Bandwidth ingress egress target rate 52
- Enable disable interface flow control 52
- Enable disable vlan filtration of receiving packet of 52
- Flow control 52
- Ingress acceptable frame all tagged 52
- Ingress egress bandwidth control configuration 52
- Ingress filtering 52
- Interface 52
- Interface ingress acceptable frame configuration 52
- No bandwidth ingress egress 52
- No flow control 52
- No ingress acceptable frame 52
- No ingress filtering 52
- Qtech config if ethernet 0 0 5 ingress acceptable frame tagged 52
- Qtech config if ethernet 0 0 5 ingress filtering 52
- Qtech config if ethernet 0 0 5 no ingress filtering 52
- Qtech config show description interface ethernet 0 0 3 52
- Add access port to specified vlan 53
- No switchport mode 53
- No switchport trunk allowed vlan vlan list all 53
- No switchport trunk native 53
- Port mode configuration 53
- Qtech config if ethernet 0 0 1 switchport mode trunk 53
- Qtech config if ethernet 0 0 1 switchport trunk allowed vlan 3 4 70 150 53
- Qtech config if ethernet 0 0 5 flow control 53
- Qtech config if ethernet 0 0 5 no flow control 53
- Qtech config if ethernet 0 0 5 show flow control ethernet 0 0 5 53
- Show flow control interface num 53
- Switchport mode trunk access 53
- Switchport trunk allowed vlan vlan list all 53
- Switchport trunk native vlan vlan id 53
- The default vlan id of trunk port configuration 53
- Trunk allowed vlan configuration 53
- Brief introduction of interface mirror 54
- Clear interface interface num slot num 54
- Display clear interface statistics information 54
- Display interface information 54
- Interface mirror 54
- Interface mirror configuration 54
- No switchport access vlan vlan id 54
- Show interface interface num 54
- Show statistics interface interface num 54
- Switchport access vlan vlan id 54
- Brief introduction of port lacp 55
- Configure mirror interface 55
- Configure mirror source interface 55
- Display interface mirror 55
- Mirror destination interface interface num 55
- Mirror source interface interface list cpu both egress ingress 55
- No mirror destination interface interface num 55
- No mirror source interface interface list cpu 55
- Qtech config mirror destination interface ethernet 0 0 1 55
- Qtech config mirror source interface ethernet 0 0 1 to ethernet 0 0 12 both 55
- Qtech config no mirror source interface ethernet 0 0 10 to ethernet 0 0 12 55
- Qtech show mirror 55
- Show mirror 55
- Manual link aggregation 56
- Overview 56
- Port states in a manual aggregation 56
- Overview 57
- Port configuration considerations in manual aggregation 57
- Port states in static aggregation 57
- Static lacp link aggregation 57
- Aggregation port group 58
- Channel group channel group number 58
- Channel group channel group number mode active passive on 58
- Link aggregation configuration 58
- Load balance in a link aggregation group 58
- No channel group channel group number 58
- Port configuration considerations in static aggregation 58
- Qtech config channel group 0 58
- Qtech config if ethernet 0 0 3 channel group 3 mode active 58
- Brief introduction of interface car 60
- Configure the reopen time of the port shutdown by 60
- Enable disable interface car on interface 60
- Enable disable interface globally 60
- Interface bpdu rate configuration 60
- No port car 60
- Port car 60
- Port car configuration command list 60
- Qtech config if ethernet 0 0 8 port car 60
- Qtech config port car 60
- Alarm all packets 61
- Brief introduction of port alarm configuration 61
- Configure the port car rate 61
- Display port car information 61
- Enable disable port alarm globally 61
- Port alarm configuration 61
- Port alarm configuration list 61
- Port car open time time 61
- Port car rate rate 61
- Qtech config port car open time 10 61
- Qtech config port car rate 200 61
- Qtech config show port car 61
- Show port car 61
- Configure the exceed threshold and normal threshold 62
- Display port alarm 62
- Enable disable port alarm on the port 62
- Of port alarm 62
- Configuration interface shutdown control 63
- Configuration mode and time 63
- Display shutdown control 63
- Interface shutdown control configuration list 63
- No shutdown control broadcast multicast unicast 63
- Port isolation configuration 63
- Qtech config if ethernet 0 0 8 shutdown control broadcast 100 63
- Qtech config show shutdown control 63
- Show shutdown control 63
- Shutdown control broadcast multicast unicast target rate 63
- Shutdown control feature 63
- Shutdown control recover automatic open time seconds mode automatic manual seconds 63
- Total entries 1 63
- No port isolation interface list all 64
- No storm control broadcast multicast dlf 64
- Port isolation interface list 64
- Qtech config if ethernet 0 0 1 storm control multicast 64
- Qtech config if ethernet 0 0 1 storm control rate 2048 64
- Qtech config if ethernet 0 0 3 storm control multicast 5120 64
- Qtech config no port isolation ethernet 0 0 3 to ethernet 0 0 5 ethernet 0 0 8 64
- Qtech config port isolation ethernet 0 0 1 ethernet 0 0 3 to ethernet 0 0 5 ethernet 0 0 8 64
- Storm control broadcast multicast dlf 64
- Storm control rate target rate 64
- Strom control configuration 64
- Chapter 5 65
- Introduction to vlan 65
- Vlan configuration 65
- Vlan overview 65
- Vlan classification 66
- Vlan fundamental 66
- Vlan interface 66
- Default vlan 67
- Port based and 802 q vlan 67
- Port link type 67
- Super vlan 67
- Vlan interface type 67
- Create delete vlan 68
- Default vlan 68
- No vlan vlan list all 68
- Vlan configuration list 68
- Vlan vlan list 68
- Add delete vlan interface 69
- Configure interface default vlan id 69
- Configure interface type 69
- Description string 69
- No description 69
- No switchport interface list all 69
- Qtech config if vlan description market 69
- Qtech config if vlan no description 69
- Qtech config if vlan no switchport ethernet 0 0 3 to ethernet 0 0 5 ethernet 0 0 8 69
- Qtech config if vlan switchport ethernet 0 0 1 ethernet 0 0 3 to ethernet 0 0 5 ethernet 0 0 8 69
- Specify restore vlan description 69
- Switchport interface list all 69
- Brief introduction of gvrp 70
- Configure tag vlan 70
- Display vlan information 70
- Garp protocol 70
- No tag vlan vlan list 70
- Qtech config if ethernet 0 0 1 switchport access vlan 2 70
- Qtech config if ethernet 0 0 1 switchport mode access 70
- Qtech config if ethernet 0 0 1 tag vlan 5 7 10 70
- Qtech config show vlan 2 70
- Show vlan vlan id 70
- Switchport access vla 70
- Switchport access vlan vlan id 70
- Switchport trunk native vla 70
- Switchport trunk native vlan vlan id 70
- Tag vlan vlan list 70
- Brief introduction of gvrp 71
- Garp messages and timers 71
- A garp application entity may send leaveall messages at the interval set by its leaveall timer or the leaveall timer on another device on the network whichever is smaller this is because each time a device on the network receives a leaveall message it resets its leaveall timer 72
- Figure 1 72
- Garp message format 72
- Operating mechanism of garp 72
- Table 1 72
- The settings of garp timers apply to all garp applications such as gvrp on a lan 72
- Unlike other three timers which are set on a port basis the leaveall timer is set in system view and takes effect globally 72
- Enable disable global gvrp 73
- Gvrp configuration list 73
- No gvrp 73
- Qtech config gvrp 73
- Add delete vlan that can be dynamic learnt by gvrp 74
- Display gvrp 74
- Display vlan that can be learnt by gvrp 74
- Enable disable gvrp on a port 74
- Garp permit vlan vlan list 74
- No garp permit vlan vlan list 74
- No gvrp 74
- Qtech config garp permit vlan 2 4 74
- Qtech config if ethernet 0 0 8 gvrp 74
- Qtech config show garp permit vlan 74
- Qtech config show gvrp interface ethernet 0 0 1 74
- Show garp permit vlan 74
- Show gvrp 74
- Show gvrp interface interface list 74
- Brief introduction of qinq 75
- Examples for gvrp configuration 75
- Figure 1 75
- Introduction to qinq 75
- Qtech config if ethernet 0 0 2 gvrp 75
- Qtech config if ethernet 0 0 2 no gvrp 75
- Adjustable tpid value of qinq frames 76
- Figure 2 76
- Implementations of qinq 76
- Note the qinq feature requires configurations only on the service provider network and not on the customer network 76
- Table 1 76
- Configure global qinq 77
- Configure qinq mode of interface 77
- Dtag flexible qinq outer tpid tpid 77
- Dtag mode customer service provider 77
- No dtag 77
- Qinq configuration list 77
- Qtech config dtag outer tpid 9100 77
- Qtech config if ethernet 0 0 1 dtag mode customer 77
- Configure interface dynamic qinq 78
- Dtag insert startvlanid endvlanid targetvlanid 78
- Dtag pass through startvlanid endvlanid 78
- Enable disable vlan swap 78
- No dtag insert startvlanid endvlanid 78
- No dtag pass through startvlanid endvlanid 78
- No vlan swap 78
- Qtech config if ethernet 0 0 1 dtag insert 1 2 3 78
- Qtech config if ethernet 0 0 1 dtag pass through 1 2 78
- Qtech config if ethernet 0 0 1 no dtag pass through 1 2 78
- Qtech config no dtag insert 1 2 3 78
- Vlan swap 78
- Configure global vlan swap 79
- Configure rewrite outer vlan 79
- Display dynamic qinq 79
- No rewrite outer vlan start inner vid end inner vid outer vlan outer vid 79
- No vlan swap original vlanid swap vlan id 79
- Qtech config if ethernet 0 0 1 rewrite outer vlan 1 50 outer vlan 3 new outer vlan 100 79
- Qtech config no vlan swap vlan1 vlan2 79
- Qtech config show dtag 79
- Qtech config vlan swap 79
- Qtech config vlan swap vlan1 vlan2 79
- Rewrite outer vlan start inner vid end inner vid outer vlan outer vid new outer vlan new outer vid 79
- Show dtag 79
- Vlan swap original vlanid swap vlan id 79
- Display rewrite outer vlan 80
- Display vlan swap 80
- Qtech config show dtag pass through 80
- Qtech config show rewrite outer vlan 80
- Qtech config show vlan swap 80
- Show dtag pass through 80
- Show rewrite outer vlan 80
- Show vlan swap 80
- Brief introduction of layer 3 switching 81
- Chapter 6 81
- Layer 3 cnfiguration list 81
- Layer 3 configuration 81
- Transmission mode configuration 81
- Vlan division and the creation of layer 3 interface 81
- Configure accessing ip address range of vlan or 82
- Configure ip address for vlan interface or 82
- Create supervlan interface and add vlan to 82
- Create vlan interface for normal vlan 82
- Ip address range startip endip 82
- No ip def cpu 82
- Qtech config if supervlaninterface 1 no subvlan 3 qtech config if supervlaninterface 1 no subvlan 4 82
- Qtech config if vlaninterface 2 ip address 10 1 255 55 82
- Qtech config if vlaninterface 2 ip address primary 10 1 82
- Qtech config if vlaninterface 2 no ip address 82
- Qtech config interface supervlan interface 1 qtech config if supervlaninterface 1 subvlan 3 qtech config if supervlaninterface 1 subvlan 4 82
- Supervlan 82
- Supervlan interface 82
- Arp proxy configuration 83
- Arp proxy no arp proxy 83
- Brief introduction of static routing 83
- Default route 83
- Display interface configuration 83
- Qtech config arp proxy 83
- Qtech config no arp proxy 83
- Qtech config show ip interface 83
- Qtech config show ip interface supervlan interfac 3 83
- Qtech config show ip interface vlan interface 2 83
- Add delete static route 84
- Application environment of static routing 84
- Destination address and mask 84
- Display route table information 84
- Ip route ip dest mask dest nexthop 84
- Next hop address 84
- Qtech config ip route 192 68 00 255 55 55 55 10 1 54 84
- Qtech config no ip route 192 68 00 255 55 55 55 84
- Qtech config show ip route 84
- Qtech config show ip route 192 68 00 255 55 55 84
- Qtech config show ip route static 84
- Show ip route static 84
- Static routing configuration list 84
- Brief introduction of rip 85
- Chapter 7 85
- Rip configuration 85
- Rip overview 85
- Basic concept of rip 86
- Rip initialization and running procedure 86
- Rip routing table 86
- Rip timers 86
- Rip working mechanism 86
- Routing loops prevention 86
- Note ripv2 has two types of message transmission broadcast and multicast multicast is the default type using 224 as the multicast address the interface working in the ripv2 broadcast mode can also receive ripv1 messages 87
- Rip message format 87
- Rip version 87
- Ripv1 message format 87
- Rfc 1723 only defines plain text authentication for information about md5 authentication refer to rfc2082 ripv2 md5 authentication 88
- Ripv2 authentication 88
- Ripv2 authentication message 88
- Ripv2 message format 88
- With ripv1 you can configure the authentication mode in interface view however the configuration will not take effect because ripv1 does not support authentication 88
- Message types 89
- Protocols and standards 89
- Rip configuration list 89
- Trip retransmission mechanism 89
- Working mechanism 89
- Enable rip 90
- Ip rip input 90
- Ip rip output 90
- Ip rip version 1 90
- Ip rip version 2 mcast 90
- Ip rip work 90
- Network ip address 90
- No ip rip input 90
- No ip rip output 90
- No ip rip work 90
- No network ip address 90
- No route rip 90
- Rip version of specified interface 90
- Rip working status of specified interface 90
- Route rip 90
- Specify ip network to run rip protocol 90
- Auto summary 91
- Configure authentication to rip packet 91
- Configure split 91
- Enable host routing 91
- Enable route convergence 91
- Host route 91
- Ip rip authentication simple md5 password key id number key string string 91
- Ip rip split 91
- Ip rip version 2 bcast 91
- No auto summary 91
- No host route 91
- No ip rip authentication 91
- No ip rip split 91
- No ip rip version 91
- Configure distribute list 92
- Configure metricin 92
- Configure redistribution 92
- Define prefix list 92
- Ip prefix list 92
- Ip prefix list default 92
- Ip rip metricin value 92
- Ip rip metricout value 92
- No ip prefix list 92
- No ip prefix list default 92
- No ip rip metricin 92
- No ip rip metricout 92
- No redistribute 92
- Redistribute 92
- Display rip configuration 93
- Distribute list gate way in 93
- Distribute list prefix list in 93
- Distribute list prefix list out 93
- No distribute list 93
- Show ip rip 93
- Show ip rip interface 93
- Show ip route rip 93
- Brief introduction of ospf 94
- Chapter 8 94
- Ospf configuration 94
- Autonomous system 95
- Basic concepts 95
- Lsa types 95
- Ospf packets 95
- Ospf route computation 95
- Router id 95
- Area partition 96
- Neighbor and adjacency 96
- Ospf area partition and route summarization 96
- Area border router abr 97
- Autonomous system border router asbr 97
- Backbone router 97
- Classification of routers 97
- Internal router 97
- Ospf area partition 97
- Backbone area and virtual links 98
- Ospf router types 98
- Virtual link application 1 98
- Nssa area 99
- Totally stub area 99
- Virtual link application 2 99
- Abr route summarization 100
- Asbr route summarization 100
- Nssa area 100
- Route summarization 100
- Route types 100
- Classification of ospf networks 101
- Ii nbma network configuration principle 101
- Ospf network types 101
- Dr and bdr 102
- Dr and bdr in a network 102
- Dr bdr election 102
- Dr bdr introduction 102
- Note that 102
- The dr election is available on broadcast nbma interfaces rather than p2p or p2mp interfaces a dr is an interface of a router and belongs to a single network segment the router s 102
- The election votes are hello packets each router sends the dr elected by itself in a hello packet to all the other routers if two routers on the network declare themselves as the dr the router with the higher dr priority wins if dr priorities are the same the router with the higher router id wins in addition a router with the priority 0 cannot become the dr bdr 102
- Hello packet 103
- Note md5 authentication data is added following an ospf packet rather than contained in the authentication field 103
- Ospf packet format 103
- Ospf packet formats 103
- Ospf packet header 103
- Other interfaces may be a bdr or drother after dr bdr election and then a new router joins it cannot become the dr immediately even if it has the highest priority on the network the dr may not be the router with the highest priority in a network and the bdr may not be the router with the second highest priority 103
- Dd packet 104
- Hello packet format 104
- Dd packet format 105
- Lsr packet 105
- Lsr packet format 105
- Lsa header format 106
- Lsack packet 106
- Lsack packet format 106
- Lsu packet 106
- Lsu packet format 106
- Formats of lsas 107
- Lsa header format 107
- Router lsa 107
- Router lsa format 107
- Network lsa 108
- Network lsa format 108
- Summary lsa 108
- Summary lsa format 108
- As external lsa 109
- As external lsa format 109
- Note a type 3 lsa can be used to advertise a default route having the link state id and network mask set to 0 109
- Nssa external lsa 109
- Authentication 110
- Hot standby and gr 110
- Multi process 110
- Nssa external lsa format 110
- Supported ospf features 110
- Igp shortcut and forwarding adjacency 111
- Ospf graceful restart 111
- Te and ds tete 111
- Ospf configuration list 112
- Ospf sham link 112
- Protocols and standards 112
- Area area id authentication message digest 113
- Configure area authentication type 113
- Configure router id 113
- Enable disable ospf 113
- Network address wildcard mask area area id 113
- No network address wildcard mask area area id 113
- No router id 113
- No router ospf 113
- Qtech config router id 10 1 113
- Router id router id 113
- Router ospf 113
- Specify interface and area id 113
- Configure interface cost 114
- Configure interface type 114
- Ip ospf cost cost 114
- Ip ospf network broadcast non broadcast point to multipoint point to point 114
- No area area id authentication 114
- No ip ospf cost 114
- No ip ospf network 114
- Qtech config if vlaninterface 3 ip ospf cost 10 114
- Qtech config router ospf area 0 authentication message digest 114
- Configure hello time interval 115
- Configure priority when selecting dr 115
- Ip ospf hello interval seconds 115
- Ip ospf priority value 115
- No ip ospf hello interval 115
- No ip ospf priority 115
- Qtech config if vlaninterface 3 ip ospf hello interval 15 115
- Caution after modifying network type hello interval and dead interval are 116
- Configure interface invalid time of neighbour routers 116
- Configure retransmission lsa time interval of 116
- Configure time needed when interface sending link 116
- Ip ospf dead interval seconds 116
- Ip ospf retransmit interval seconds 116
- Ip ospf transmit delay seconds 116
- Neighbor router 116
- No ip ospf dead interval 116
- No ip ospf retransmit interval 116
- No ip ospf transmit delay 116
- Qtech config if vlaninterface 3 ip ospf dead interval 60 116
- Restore to the default value 116
- State update packet 116
- Area area id default cost cost 117
- Area area id stub no summery 117
- Configure packet authentication key 117
- Configure stub area of ospf 117
- Ip ospf authentication key password 117
- Ip ospf message digest key key id md5 key 117
- No area area id default cost 117
- No area area id stub 117
- No ip ospf authentication key 117
- No ip ospf message digest key 117
- Passwor 117
- Qtech config if vlaninterface 3 ip ospf authentication key abc123 117
- Qtech config router ospf area 1 stub qtech config router ospf area 1 default cost 10 117
- Configure ospf virtual connection 118
- Configure route convergence in ospf 118
- Configure ospf introduced default route 119
- Configure route introduced by ospf other route 119
- Default information originate always metric metric value type type value 119
- Message digest key keyid md5 key 119
- No default information originate 119
- No redistribute protocol 119
- Protoco 119
- Protocol 119
- Qtech config router ospf area 1 virtual link 10 1 119
- Qtech config router ospf default information originate always 119
- Qtech config router ospf redistribute rip 119
- Redistribute protocol metric metric type 1 2 tag tag value 119
- Configure external route parameter received by 120
- Default redistribute metric metric 120
- Default redistribute type 1 2 120
- No default redistribute metric 120
- No default redistribute type 120
- Ospf monitor and maintain 120
- Qtech config router ospf default redistribute metric 10 120
- Qtech config router ospf show ip ospf 120
- Qtech config router ospf show ip ospf database 120
- Qtech config router ospf show ip ospf neighbor 120
- Qtech config router ospf show ip ospf virtual link 120
- Show ip ospf 120
- Show ip ospf border routers 120
- Show ip ospf cumulative 120
- Show ip ospf database 120
- Show ip ospf error 120
- Show ip ospf interface 120
- Show ip ospf neighbor 120
- Show ip ospf request list 120
- Show ip ospf retrans list 120
- Show ip ospf virtual link 120
- Show ip route ospf 120
- Show router i 120
- Bgp configuration 121
- Brief introduction of bgp 121
- Chapter 9 121
- Configure as number 122
- Configure bgp peer 122
- Enable disable bgp 122
- Neighbor neighbor address remote as as number 122
- Network ip address mask address mask 122
- No network ip address mask address mask 122
- No router bgp as number 122
- Router bgp as number 122
- Configure bgp timer 123
- Bgp always compare med 124
- Bgp default local preference localpref 124
- Compare med from different as neighbors 124
- Configure as med 124
- Configure local preference 124
- Default metric metric 124
- No bgp always compare med 124
- No bgp default local preference 124
- No default metric 124
- No timers bgp 124
- Timers bgp keepalive interval hold time 124
- Configure bgp distribution list 125
- Configure bgp route aggregation 125
- Configure route information of igp protocol 125
- Define as path list 125
- Introduced by bgp 125
- Alternation matches either left side or right side 126
- Any character except listing in square brackets is in the front of the character 126
- Bgp monitor and maintenance 126
- Hyphen 126
- Match the beginning of the string 126
- Match the end of the string 126
- Show ip bgp ip address a b c d m 126
- Show ip bgp neighbors neighbor address 126
- Symbol description 126
- _ underline match comma the beginning of the string the end of the string or a space 126
- Show ip bgp summary 127
- Chapter 10 128
- Ip multicast address 128
- Multicast address 128
- Multicast overview 128
- Multicast protocol configuration 128
- Ethernet multicast mac address 129
- Note like having reserved the private network segment 10 8 for unicast iana has also reserved the network segments ranging from 239 to 239 55 55 55 for multicast these are administratively scoped addresses with the administratively scoped addresses you can define the range of multicast domains flexibly to isolate ip addresses between different multicast domains so that the same multicast address can be used in different multicast domains without causing collisions 129
- Enable disable global gmrp 130
- Gmrp configuration 130
- Gmrp configuration list 130
- Gmrp overview 130
- Add delete multicast that can be dynamic learnt by 131
- Display gmrp 131
- Enable disable gmrp on a port 131
- Display multicast that can be learnt by gmrp 132
- Igmp snooping 132
- Igmp snooping overview 132
- Qtech config garp permit multicast mac address 01 00 5e 00 01 01 vlan 1 132
- Qtech config show garp permit multicast 132
- Show garp permit multicast 132
- An igmp snooping enabled switch deems that all its ports on which igmp general queries with the source address other than 0 or pim hello messages are received to be router ports 133
- Basic concepts in igmp snooping 133
- Igmp snooping related ports 133
- Port aging timers in igmp snooping and related messages and actions 133
- Table 1 133
- Whenever mentioned in this document a router port is a port on the switch that leads the switch to a layer 3 multicast device rather than a port on a router 133
- A switch does not forward an igmp report through a non router port the reason is as follows due to the igmp report suppression mechanism if the switch forwards a report message through a member port all the attached hosts listening to the reported multicast 134
- How igmp snooping works 134
- The port aging mechanism of igmp snooping works only for dynamic ports a static port will never age out 134
- When receiving a general query 134
- When receiving a membership report 134
- Address will suppress their own reports upon hearing this report and this will prevent the switch from knowing whether any hosts attached to that port are still active members of the reported multicast group 135
- Processing of multicast protocol messages 135
- When receiving a leave group message 135
- Qtech software configuration manual 137
- Table 2 3 igmp snooping messages 137
- An igmp snooping enabled ethernet switch judges whether the multicast group exists when it receives an igmp leave packet sent by a host in a multicast group if this multicast group does not exist the switch will drop the igmp leave packet instead of forwarding it 138
- Caution 138
- Configuration 138
- Igmp snooping 138
- Igmp snooping configuration 138
- Igmp snooping host aging time 138
- Igmp snooping multicast interface aging time 138
- No igmp snooping 138
- Protocols and standards 138
- Qtech config igmp snooping host aging time 10 138
- Qtech config show igmp snooping 138
- Show igmp snooping 138
- Allowed learning 139
- Configure the number of the multicast group 139
- Igmp snooping deny permit group all 139
- Igmp snooping fast leave 139
- Igmp snooping group limit limit 139
- Igmp snooping interface fast leave configuration 139
- Igmp snooping max response time configuration 139
- Igmp snooping max response time seconds 139
- Igmp snooping permit deny group configuration 139
- Igmp snooping permit deny group group address 139
- Igmp snooping route port forward configuration 139
- Qtech config if ethernet 0 0 1 igmp snooping deny group 01 00 5e 00 01 01 139
- Qtech config if ethernet 0 0 1 igmp snooping fast leave 139
- Qtech config if ethernet 0 0 1 igmp snooping group limit 10 139
- Qtech config igmp snooping max response time 13 139
- Qtech config igmp snooping permit group all 139
- 0 configure igmp snooping query max response 140
- Configure igmp snooping querier vlan 140
- Configure igmp snooping query interval 140
- Enable disable igmp snooping querier 140
- Igmp snooping querier 140
- Igmp snooping querier vlan vlanid 140
- Igmp snooping query interval seconds 140
- Igmp snooping query max respon second 140
- Igmp snooping route port forward 140
- No igmp snooping querier 140
- No igmp snooping querier vlan 140
- No igmp snooping query interval 140
- No igmp snooping query max respon 140
- No igmp snooping route port forward 140
- Qtech config igmp snooping querier 140
- Qtech config igmp snooping querier 90 140
- Qtech config igmp snooping querier vlan 10 140
- Qtech config igmp snooping route port forward 140
- 1 configure igmp snooping query source ip 141
- 2 configure igmp snooping route port aging 141
- 3 add igmp snooping route port 141
- Brief introduction of static multicast 141
- Static multicast configuration 141
- Add interfaces to multicast group 142
- Create multicast group 142
- Display multicast group information 142
- Multicast mac address mac vlan vlan id 142
- Multicast mac address mac vlan vlan id interface all interface list 142
- Qtech config multicast mac address 01 00 5e 01 02 03 vlan 1 142
- Qtech config multicast mac address 01 00 5e 01 02 03 vlan 1 interface ethernet 0 0 2 to ethernet 0 0 4 ethernet 0 0 8 142
- Qtech config show multicast mac address 01 00 5e 01 02 03 142
- Show multicast mac address mac 142
- Show multicast table information 142
- Static multicast configuration 142
- ____________________________________________________________ 142
- Brief introduction of cross vlan multicast 143
- Cross vlan multicast configuration 143
- Delete interface members from multicast group 143
- Delete multicast group 143
- Dynamic port list 143
- Igmp port list 143
- Mac address 01 00 5e 01 02 03 143
- No multicast mac address mac vlan vlan id 143
- No multicast mac address mac vlan vlan id interface all interface list 143
- Qtech config no multicast mac address 01 00 5e 01 02 03 vlan 1 143
- Qtech config no multicast mac address 01 00 5e 01 02 03 vlan 1 interface ethernet 0 0 5 ethernet 0 0 6 143
- Static port list e0 0 2 e0 0 3 e0 0 4 e0 0 8 143
- Total entries 1 143
- Vlan id 1 143
- Configure tag untag attribution of multicast 144
- Display cross vlan multicast 144
- Enable disable cross vlan multicast 144
- Packet transmission and vlan id of the tagged attribution 144
- Brief introduction of dhcp 145
- Chapter 11 145
- Dhcp configuration 145
- Dhcp discovery 146
- Dhcp offers 146
- Dhcp requests 146
- Technical details 146
- Client configuration parameters 147
- Dhcp acknowledgement 147
- Dhcp information 147
- Dhcp ip address assignment 147
- Dhcp releasing 147
- Ip address assignment policy 147
- Options 147
- The client sends a request to the dhcp server to release the dhcp information and the client deactivates its ip address as clients usually do not know when users may unplug them from the network the protocol does not mandate the sending of dhcp release 147
- Dhcp packet format 148
- Note the ip addresses offered by other dhcp servers if any are not used by the dhcp client and are still available to other clients 148
- Obtaining ip addresses dynamically 148
- Updating ip address lease 148
- Format of dhcp packets 149
- Op operation types of dhcp packets 1 for request packets and 2 for response packets htype hlen hardware address type and length of the dhcp client hops number of dhcp relay agents which a dhcp packet passes for each dhcp relay agent that the dhcp request packet passes the field value increases by 1 xid random number that the client selects when it initiates a request the number is used to identify an address requesting process secs elapsed time after the dhcp client initiates a dhcp request flags the first bit is the broadcast response flag bit it is used to identify that the dhcp response packet is sent in the unicast or broadcast mode other bits are reserved ciaddr ip address of a dhcp client 149
- Qtech software configuration manual 149
- The field meanings are illustrated as follows 149
- Dhcp packet processing modes 150
- Dhcp server configuration list 150
- Protocols and standards 150
- Configure dhcp server 151
- Dhcp relay 151
- Dhcp server group num ip ip address 151
- Dhcp sever group num 151
- Display dhcp server configuration 151
- Enable dhcp relay 151
- No dhcp relay 151
- No dhcp server 151
- No dhcp server group num 151
- Qtech config dhcp server 1 ip 192 68 00 151
- Qtech config if vlaninterface 1 dhcp server 1 151
- Qtech config if vlaninterface 1 no dhcp server 151
- Qtech config no dhcp server 1 151
- Show dhcp relay 151
- Show dhcp server group num 151
- Show dhcp server inerface supervlan interface vlan interface vlan id 151
- Specify dhcp server for layer 3 interface 151
- Dhcp relay hide server ip 152
- Enter ip address pool configuration mode 152
- Hide dhcp server 152
- Ip pool ippoolname 152
- Local ip address pool configuration 152
- No ip pool ippoolname 152
- Qtech config show dhcp server 152
- Qtech config show dhcp server 1 152
- Qtech config show dhcp server interface vlan interface 1 152
- Vlan i 152
- Address pool 153
- Configure gateway and netmask of local ip 153
- Configure local ip address pool network interface 153
- Disable enable specified ip address in ip address 153
- From i 153
- Gateway ip address mask 153
- Ip addres 153
- Ip disable enable ip address 153
- No section section id section i 153
- Qtech config ip pool nic 153
- Qtech config ip pool nic gateway 192 68 00 255 55 55 153
- Qtech config ip pool nic ip disable 192 68 00 153
- Qtech config ip pool nic ip enable 192 68 00 153
- Qtech config ip pool nic no section 0 153
- Qtech config ip pool nic section 0 192 68 00 192 68 00 153
- Qtech config no ip pool nic 153
- Section section id from ip to ip 153
- Configure dns 154
- Configure lease time 154
- Configure wins 154
- Display ip address pool configuration 154
- 0 display ip bind 155
- 1 add dhcp client 155
- 2 show dhcp client 155
- Configure ip bind 155
- Dhcp client mac ip vlanid 155
- Introduction to dhcp relay agent 155
- Ip bind 155
- No dhcp client mac vlanid 155
- No ip bind 155
- Qtech config dhcp client 01 00 5e 22 22 22 5 2 155
- Qtech config ip bind 155
- Qtech config no dhcp client 01 00 5e 22 22 22 2 155
- Qtech config no ip bind 155
- Qtech config show dhcp client 155
- Qtech config show ip bind 155
- Show dhcp client 155
- Show ip bind 155
- Usage of dhcp relay agent 155
- Caution 156
- Dhcp relay agent fundamentals 156
- Option 82 supporting 157
- Introduction to option 82 supporting 158
- Primary terminologies 158
- Dhcp relay 159
- Dhcp relay configuration list 159
- Enable dhcp relay 159
- Mechanism of option 82 supporting on dhcp relay agent 159
- No dhcp relay 159
- Note request packets sent by a dhcp client fall into two categories dhcp discover packets and dhcp request packets as dhcp servers coming from different manufacturers process dhcp request packets in different ways that is some dhcp servers process option 82 in dhcp discover packets whereas the rest process option 82 in dhcp request packets a dhcp relay agent adds option 82 to both types of packets to accommodate to dhcp servers of different manufacturers 159
- Qtech config dhcp relay 159
- Show dhcp relay 159
- Configure vlan interface 160
- Dhcp option82 160
- Dhcp option82 strategy drop keep replace 160
- Introduction dhcp snooping 160
- No dhcp option82 160
- Qtech config if vlan dhcpserver ip ipadddress 160
- Qtech config if vlan interface ipaddress mask gateway 160
- Qtech config no dhcp relay 160
- Qtech config show dhcp relay 160
- Qtech config vlan vlannumber 160
- Show dhcp option82 160
- Support relay option82 160
- Dhcp snooping configuration list 162
- Arp configuration 163
- Brief introduction of arp 163
- Chapter 12 163
- Arp announcements 164
- Arp mediation 164
- Arp probe 164
- Inverse arp and reverse arp 164
- Variants of the protocol 164
- Arp proxy 165
- Arp spoofing 165
- Arp spoofing poising animation 165
- How arp spooing works 165
- Add and delete arp table item 166
- Anti flood arp 166
- Arp configuration list 166
- Display arp table item 166
- Qtech config arp 192 68 00 00 01 02 03 04 05 1 0 3 166
- Qtech config no arp 192 68 00 166
- Qtech config no arp all 166
- Qtech config no arp dynamic 166
- Qtech config no arp static 166
- Show arp all 166
- Arp aging seconds 167
- Configure arp aging time 167
- Display arp aging time 167
- Display arp table item 167
- Enable disable arp anti flood attack 167
- Qtech config show arp 192 68 00 167
- Show arp aging 167
- Show arp all 167
- Show arp dynamic 167
- Show arp static 167
- Anti flood 168
- Arp anti flood mac recover 168
- Configure arp anti flood recover time 168
- Configure deny action and threshold of arp 168
- 0 display arp anti flood attack information 169
- 1 bind blackhole mac generated by arp anti flood to 169
- 2 enable disable arp anti spoofing 169
- 3 configure unknown arp packet handling strategy 169
- Be general 169
- 4 enable disable arp anti spoofing valid check 170
- 5 enable disable arp anti spoofing deny disguiser 170
- 6 display arp anti spoofing 170
- 7 configure trust port of arp anti attack 171
- Acl configuration 172
- Acl match order 172
- Acl overview 172
- Chapter 13 172
- Ip acl depth first order 172
- Acl referenced by the upper level modules 173
- Acls activated directly on the hardware 173
- Acls based on time ranges 173
- Layer 2 acl depth first order 173
- Ways to apply acl on a switch 173
- Access list access list number match order config auto 174
- Acl support 174
- Configuring acl 174
- Matching order configuration 174
- Table 1 acl number restriction 174
- Absolute start time date end time date 175
- Acl configuration 175
- Configuration list 175
- Configure time range 175
- Create absolute time range 175
- Create periodic time range 175
- Enter time range configuration mode 175
- No absolute start time date end time date 175
- Periodic days of the week hh mm ss to day of the week hh mm ss 175
- Time range time range name 175
- Define extended acl 176
- Standard acl 176
- Define layer 2 acl 177
- Activate acl 178
- Monitor and maintanence of acl 178
- Access control list 180
- Brief introduction of qos 180
- Chapter 14 180
- Packet filtration 180
- Qos configuration 180
- Traffic classification 180
- 0 queue scheduler 181
- Choose interface outputting queue for packet 181
- Flow monitor 181
- Interface speed limitation 181
- Priority mark 181
- Redirection 181
- 1 cos map 182
- 2 flow mirror 182
- 3 statistics based on flow 182
- 4 copy packet to cpu 182
- Packet redirection configuration 182
- Qos configuration 182
- Qos configuration list 182
- Traffic redirect ip group access list number access list name subitem subitem link group access list number access list name subitem subitem interface interface num 182
- Priority configuration 183
- Queue and priority of ieee802 p protocol 183
- Queue scheduler configuration 183
- The cos map relationship of hardware priority 183
- Flow mirror configuration 184
- Flow statistic configuration 184
- Monitor and maintenance of qos 184
- Basic concepts in stp 186
- Brief introduction of stp configuration 186
- Chapter 15 186
- Introduction to stp 186
- Protocol packets of stp 186
- Stp configuration 186
- Why stp 186
- How stp works 187
- Note all the ports on the root bridge are designated ports 187
- Principle for configuration bpdu comparison the configuration bpdu that has the lowest root bridge id has the highest priority if all the configuration bpdus have the same root bridge id they will be compared for their root path costs if the root path cost in a configuration bpdu plus the path cost corresponding to this port is s the configuration bpdu with the smallest s value has the highest priority if all configuration bpdu have the same root path cost they will be compared for their designated bridge ids then their designated port ids and then the ids of the ports on which they are received the smaller the id the higher message priority 189
- Table 2 selection of the optimum configuration bpdu 189
- When the network topology is stable only the root port and designated ports forward traffic while other ports are all in the blocked state they only receive stp packets but do not forward user traffic 190
- In rstp a newly elected designated port can enter the forwarding state rapidly if this condition is met the designated port is an edge port or a port connected with a point to point link if the designated port is an edge port it can enter the forwarding state directly if the designated port is connected with a point to point link it can enter the forwarding state immediately after the device undergoes handshake with the downstream device and gets a response 193
- In rstp a newly elected root port can enter the forwarding state rapidly if this condition is met the old root port on the device has stopped forwarding data and the upstream designated port has started forwarding data 193
- Introduction to mstp 193
- To facilitate description the spanning tree computing process in this example is simplified while the actual process is more complicated 193
- Why mstp 193
- Some concepts in mstp 194
- Currently the device is not capable of recognizing boundary ports when the device interworks with a third party s device that supports boundary port recognition the third party s device may malfunction in recognizing a boundary port 195
- When in different mst instances a port can be in different states 196
- How mstp works 197
- Implementation of mstp on devices 197
- Protocols and standards 197
- Stp configuration 197
- Stp configuration list 197
- Configure stp priority 198
- Enable disable interface stp 198
- Enable disable stp 198
- No spanning tree 198
- No spanning tree priority 198
- Qtech config if ethernet 0 0 1 no spanning tree 198
- Qtech config spanning tree 198
- Spanning tree 198
- Spanning tree priority bridge priority 198
- Caution if the priorities of all network bridge in switching network are the same choose the one with the smallest mac address to be the root if stp enables configuring network bridge may cause the re accounting of the stp by default the network bridge priority is 32768 and ranges from 0 to 65535 199
- Configure hello time 199
- Configure max age 199
- Configure switch forward delay 199
- No spanning tree forward time 199
- No spanning tree hello time 199
- No spanning tree max age 199
- Qtech config spanning tree forward time 20 199
- Qtech config spanning tree hello time 5 199
- Qtech config spanning tree priority 30000 199
- Spanning tree forward time seconds 199
- Spanning tree hello time seconds 199
- Spanning tree max age seconds 199
- 0 configure spanning tree root guard 200
- Caution max age is used to configure the longest aging interval of stp lose packet when overtiming the stp will be frequently accounts and take crowded network to be link fault if the value is too small if the value is too large the link fault cannot be known timely max age is determined by diameter of network and the default time of 20 seconds is suggested 2 hello time 1 max age 2 forwarddelay 1 200
- Configure path cost of specified interfaces 200
- Configure stp priority od specified port 200
- No spanning tree cost 200
- No spanning tree port priority 200
- No spanning tree root guard 200
- Qtech config if ethernet 0 0 1 spanning tree port priority 120 200
- Qtech config spanning tree max age 10 200
- Spanning tree cost cost 200
- Spanning tree port priority port priority 200
- Spanning tree root guard 200
- 1 configure interface to force to send rstp packet 201
- 2 configure link type of specified interface 201
- 3 configure the current port as an edge port 201
- 4 configure the speed limit of sending bpdu of 201
- No spanning tree portfast 201
- Qtech config if ethernet 0 0 1 spanning tree mcheck 201
- Qtech config if ethernet 0 0 1 spanning tree point to point forcetrue 201
- Qtech config if ethernet 0 0 1 spanning tree portfast 201
- Qtech config if ethernet 0 0 1 spanning tree root guard 201
- Spanning tree mcheck 201
- Spanning tree point to point auto 201
- Spanning tree point to point forcefalse 201
- Spanning tree point to point forcetrue 201
- Spanning tree portfast 201
- Specified interface 201
- 5 stp monitor and maintainenance 202
- 6 enable disable stp remote loop detect 203
- 6 enable stp remote loop detect 203
- Brief introduction of mstp 203
- Mstp configuration 203
- Mstp configuration list 203
- Qtech config if ethernet 0 0 1 no spanning tree remote loop detect 203
- Qtech config spanning tree remote loop detect interface ethernet 0 0 1 203
- Received bpdu 4040 203
- Spanning tree remote loop detect 203
- Spanning tree remote loop detect interface 203
- Tcn 0 rst 4040 config bpdu 0 203
- Tcn 0 rst 9 config bpdu 0 203
- Configure mstp configuration mark 204
- Configure mstp netbridge priority 204
- Configure mstp timer parameter 204
- Configure mstp interface edge interface status 205
- Configure mstp interface link type 205
- Configure mstp interface path cost 205
- Configure mstp interface priority 205
- Qtech config if ethernet 0 0 2 spanning tree mst external cost 10 205
- Qtech config if ethernet 0 0 2 spanning tree mst instance 1 cost 10 205
- Qtech config if ethernet 0 0 2 spanning tree mst instance 1 port priority 16 205
- Qtech config if ethernet 0 0 2 spanning tree mst link type point to point forcefalse 205
- Qtech config if ethernet 0 0 2 spanning tree mst portfast 205
- Spanning tree mst external cost cost 205
- Spanning tree mst instance instance num cost cost 205
- Spanning tree mst instance instance num port priority priority 205
- Spanning tree mst link type point to point forcetrue forcefalse auto 205
- Spanning tree mst portfast 205
- 0 display mstp configuration information 206
- 1 enable disable digest snooping 206
- 2 configure ignore of vlan 206
- Configure spanning tree mst root guard 206
- No spanning tree mst config digest snooping 206
- No spanning tree mst root guard 206
- Qtech config if ethernet 0 0 1 spanning tree mst config digest snooping 206
- Qtech config if ethernet 0 0 1 spanning tree mst root guard 206
- Qtech config show spanning tree mst config id 206
- Qtech config show spanning tree mst instance 1 interface ethernet 0 0 2 206
- Show spanning tree mst config id 206
- Show spanning tree mst instance instance num interface interface list 206
- Spanning tree mst config digest snooping 206
- Spanning tree mst root guard 206
- 802 x configuration 208
- Aaa configuration mode 208
- Brief introduction of 802 x configuration 208
- Chapter 16 208
- Qtech config aaa 208
- Radius and tacacs server configuration 208
- X configuration command 208
- Add users 209
- Local authentication configuration 209
- System default user 209
- User s authentication 209
- Caution case sensitive is for password but not username 210
- Change password 210
- Level means the priority of the user to be added which is the number between 0 and 15 0 and 1 mean the normal user and 2 to 15 mean the administrator encryption type it can be 0 or 7 0 means clear text and 7 means encrypted text not supported now privilege it can be 0 1 or 2 to 15 0 and 1 mean normal users while 2 to 15 mean administrators password the login password of new added user which is 1 to 16 characters if the user s privilege level is not specified it will default to be normal user there is up to 8 users in the system 210
- Modify user s privilege level 210
- Copy running config startup config 211
- Delete user 211
- No username username 211
- Show username 211
- Show users 211
- Configure radius to be remote authentication server 212
- Configure tacacs remote authentication 212
- Remote authentication configuration 212
- 802 x configuration 213
- Dot1x 802 x daemon 213
- Dot1x eap finis 213
- Dot1x eap transfe 213
- No dot1 213
- Qtech config dot1x 213
- Qtech config dot1x eap finish 213
- Qtech config if ethernet 0 0 5 dot1x daemon time 20 213
- Qtech config show dot1x 213
- Show dot1 213
- Dot1x max user user num 214
- Dot1x port control auto forceauthorized forceunauthorized 214
- E0 0 5 forceauthorized disabled 3600 160 214
- Port ctrlmode reauth reauthperiod s maxhosts 214
- Qtech config dot1x user cut username aaa qtech com 214
- Qtech config if ethernet 0 0 5 dot1x max user 10 214
- Qtech config if ethernet 0 0 5 dot1x port control forceauthorized 214
- Qtech config show dot1x interface ethernet 0 0 5 214
- Total 26 item s printed 1 item s 214
- Brief introduction of sntp protocol 215
- Chapter 17 215
- Enable disable sntp client 215
- No sntp client 215
- Qtech config sntp client 215
- Sntp client 215
- Sntp client configuration 215
- Sntp client working mode configuration 215
- Sntp client broadcast delay configuration 216
- Sntp client multicast ttl configuration 216
- Sntp client poll interval configuration 216
- Sntp client unicast server configuration 216
- Sntp client md5 authentication configuration 217
- Sntp client retransmit configuration 217
- Sntp client valid server configuration 217
- Brief introduction of syslog 218
- Chapter 18 218
- Syslog configiration 218
- Enable disable syslog 219
- Logging 219
- Logging monitor all monitor no 219
- Logging sequence numbers 219
- Logging timestamps notime uptime datetime 219
- No logging 219
- No logging monitor all monitor no 219
- No logging sequence numbers 219
- No logging timestamps 219
- No terminal monitor 219
- Qtech config logging 219
- Qtech config logging monitor 0 219
- Qtech config logging sequence numbers 219
- Qtech config logging timestamps datetime 219
- Syslog sequence number configuration 219
- Syslog terminal outputting configuration 219
- Syslog time stamps configuration 219
- Terminal monitor 219
- Logging buffered 220
- Logging flash 220
- Module xxx 220
- No logging buffered 220
- No logging buffered filter 220
- No logging flash 220
- No logging flash filter 220
- No logging monitor all monitor no filter 220
- Qtech config logging buffered 220
- Qtech config logging buffered 6 220
- Qtech config logging flash 220
- Qtech config logging flash level list 0 to 2 6 220
- Qtech config logging monitor 0 7 220
- Qtech config terminal monitor 220
- Syslog flash storage outputting configuration 220
- Syslog logging buffered outputting configuration 220
- Syslog logging host outputting configuration 221
- Syslog snmp agent outputting configuration 221
- Module debug configuration 222
- Brief introduction of lldp protocol 223
- Chapter 19 223
- Lldp configuration 223
- Lldp operating mode 223
- Lldp overview 223
- Receiving lldpdus 223
- Sending lldpdus 223
- Configure lldp hello time 224
- Configure lldp hold time 224
- Enable disable global lldp 224
- Lldp configuration 224
- Lldp configuration list 224
- No lldp 224
- No lldp hello time 224
- No lldp hold time 224
- Qtech config lldp 224
- Qtech config lldp hello time 10 224
- Qtech config lldp hold time 2 224
- Chassis id 00 1f ce 10 14 f1 225
- Configuration 225
- Display lldp information 225
- Interface ethernet 0 0 1 225
- Interface lldp packet receiving sending mode 225
- Lldp hello time 30 s lldp hold time 4 lldp ttl 120 s 225
- Lldp rx tx rxtx 225
- Neighbor 1 225
- No lldp 225
- Port description e0 0 7 225
- Port id port 7 225
- Port lldp rxtx pkt tx 2019 pkt rx 1943 225
- Qtech config if ethernet 0 0 1 lldp tx 225
- Qtech config show lldp interface ethernet 0 0 1 225
- System description qtech switch 225
- System lldp enable 225
- System name qsw 3900 225
- Ttl 119 s 225
- Port duplex auto 226
- Port link aggregation support in aggregation aggregated port id is 7 226
- Port speed full 100 226
- Basic concepts in errp 227
- Brief introduction of errp 227
- Chapter 20 227
- Errp command configuration 227
- Errp domain 227
- Errp overview 227
- Control vlan and data vlan 228
- Errp ring 228
- Primary port and secondary port 228
- Common port and edge port 229
- Errp packets 229
- In an errp domain a transit node learns the hello timer value and the fail timer value on the master node through the received health packets guaranteeing the consistency of two timer values across a ring 229
- Multi domain intersection common port 229
- The fail timer value must be greater than or equal to 3 times of the hello timer value 229
- Timers 229
- Single ring 230
- Typical errp networking 230
- Domain 1 231
- Domain 2 231
- Multi domain tangent rings 231
- Ring 1 231
- Ring 2 231
- Dual homed rings 232
- Single domain intersecting rings 232
- How errp works 233
- Link down alarm mechanism 233
- Multi domain intersecting rings 233
- Polling mechanism 233
- Broadcast storm suppression mechanism in a 234
- Errp configuration 234
- Errp configuration list 234
- Multi homed subring in case of primary ring link failure 234
- No errp 234
- Protocols and standards 234
- Qtech config errp 234
- Ring recovery 234
- Configure control vlan of errp domain 235
- Configure errp timer 235
- Control vlan vlan id 235
- Enter errp configuration mode 235
- Errp domain domain id 235
- Errp fail timer timer value 235
- Errp hello timer timer value 235
- No control vlan 235
- Qtech config errp 0 control vlan 25 235
- Qtech config errp 0 no control vlan 235
- Qtech config errp domain 0 235
- Qtech config errp hello timer 1 235
- Create errp ring 236
- Display errp domain and ring information 236
- Enable disable errp ring 236
- Brief introduction of pppoe plus 237
- Chapter 21 237
- Enable disable pppoe plus 237
- No pppoeplus 237
- Pppoe plus configuration 237
- Pppoe plus configuration list 237
- Pppoeplus 237
- Qtech config pppoeplus 237
- Show pppoeplus 237
- Configure pppoe plus type 238
- Basic concepts in connectivity fault detection 239
- Brief introduction of cfm 239
- Cfm configuration 239
- Chapter 22 239
- Connectivity fault management overview 239
- Maintenance association 239
- Maintenance domain 239
- Maintenance point 239
- Basic functions of connectivity fault 240
- Continuity check 240
- Management 240
- Cfm configuration 241
- Cfm configuration list 241
- Cfm domain domain name level level id 241
- Configure cfm domain 241
- Linktrace 241
- Loopback 241
- No cfm domain level level id 241
- Protocols and standards 241
- Cfm mep level level id direction up down mpid mep id vlan vlan id 242
- Cfm mip level level id 242
- Cfm rmep level level id mpid mep id vlan vlan id 242
- Configure cfm mep level 242
- Configure cfm mip level 242
- Configure remote cfm rmep level 242
- No cfm mep level level id vlan vlan id 242
- No cfm mip level level id 242
- No cfm rmep level level id mpid mep id vlan vlan id 242
- Qtech config cfm domain customer level 7 242
- Qtech config cfm rmep level 7 mpid 7110 vlan 110 242
- Qtech config if ethernet 0 0 1 cfm mep level 7 direction up mpid 7110 vlan 110 242
- Qtech config if ethernet 0 0 1 cfm mip level 7 242
- Cfm cc enable level level list vlan vlan list 243
- Cfm cc interval 1 10 60 243
- Cfm ping 243
- Cfm ping c count s packetsize t timeout mac level level id vlan vlan id 243
- Configure cfm cc interval 243
- Enable disable vlan sending cfm cc enable level 243
- No cfm cc enable level level list vlan vlan list 243
- No cfm cc interval 243
- Qtech config cfm cc interval 1 243
- 0 display cfm domain 244
- 1 display cfm maintenance points local 244
- Cfm traceroute 244
- Cfm traceroute f first_ttl h maximum_hops w time_out target mac level level id vlan vlan id 244
- Qtech cfm traceroute 00 1f ce 10 14 f1 level 4 vlan 110 244
- Qtech config show cfm domain 244
- Show cfm domain 244
- Show cfm maintenance points local 244
- 2 display cfm maintenance points remote 245
- 3 display cfm cc database 245
- 4 display cfm errors 245
- Qtech config show cfm cc database 245
- Qtech config show cfm error 245
- Qtech config show cfm maintenance points local 245
- Qtech config show cfm maintenance points remote 245
- Show cfm cc database 245
- Show cfm errors 245
- Show cfm maintenance points remote 245
Похожие устройства
- Qtech QSW-3900-48-SFP-DC Руководство пользователя
- Qtech QSW-3900-48-Т-AC Руководство пользователя v1-1
- Qtech QSW-3900-48-Т-AC Руководство пользователя v1-7
- Qtech QSW-3900-48-Т-AC Руководство пользователя
- Qtech QSW-3900-48-Т-DC Руководство пользователя v1-1
- Qtech QSW-3900-48-Т-DC Руководство пользователя v1-7
- Qtech QSW-3900-48-Т-DC Руководство пользователя
- Qtech QSW-3900-24-SFP-AC Руководство пользователя v1-1
- Qtech QSW-3900-24-SFP-AC Руководство пользователя v1-7
- Qtech QSW-3900-24-SFP-AC Руководство пользователя
- Qtech QSW-3900-24-SFP-DC Руководство пользователя v1-1
- Qtech QSW-3900-24-SFP-DC Руководство пользователя v1-7
- Qtech QSW-3900-24-SFP-DC Руководство пользователя
- Qtech QSW-3900-24-Т-DC Руководство пользователя v1-1
- Qtech QSW-3900-24-Т-DC Руководство пользователя v1-7
- Qtech QSW-3900-24-Т-DC Руководство пользователя
- Qtech QSW-3900-2x10GE Руководство пользователя v1-1
- Qtech QSW-3900-2x10GE Руководство пользователя v1-7
- Qtech QSW-3900-2x10GE Руководство пользователя
- Qtech QSW-3900-1x10GE Руководство пользователя v1-1