User manual 3COM LS-5100-8P-PWR-EI-OVS
DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!
If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Diplodocs provides you a fast and easy access to the user manual 3COM LS-5100-8P-PWR-EI-OVS. We hope that this 3COM LS-5100-8P-PWR-EI-OVS user guide will be useful to you.
Manual abstract: user guide 3COM LS-5100-8P-PWR-EI-OVS
Detailed instructions for use are in the User's Guide.
[. . . ] DHCP H3C Low-End Ethernet Switches Configuration Examples
Table of Contents
Table of Contents
Chapter 1 DHCP Functions Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 1. 1 Supported DHCP Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 1. 1. 1 DHCP Functions Supported by the H3C Low-End Ethernet Switches . . . . . . . . . . . . . . . . . . . 1-1 1. 2 Configuration Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [. . . ] # Redistribute OSPF routes into BGP.
<S200> system-view [S200] bgp 200 [S200-bgp] import-route ospf 1 [S200-bgp] quit
# Define a prefix list named ospf_import and permit the routes with IP prefixes 162. 1. 3. 0/24, 162. 1. 4. 0/24, 166. 1. 3. 0/24, or 166. 1. 4. 0/24.
[S200] ip ip-prefix ospf_import index 10 permit 162. 1. 3. 0 24 [S200] ip ip-prefix ospf_import index 20 permit 162. 1. 4. 0 24 [S200] ip ip-prefix ospf_import index 30 permit 166. 1. 4. 0 24 [S200] ip ip-prefix ospf_import index 40 permit 166. 1. 3. 0 24
3-13
Routing H3C Low-End Ethernet Switches Configuration Examples
Chapter 3 Comprehensive Configuration Example
# Create a routing policy named ospf_import with the match mode as permit. Define an if-match clause to permit routes whose destination addresses match IP prefix list ospf_import.
[S200] route-policy ospf_import permit node 10 [S200-route-policy] if-match ip-prefix ospf_import [S200-route-policy] quit
# Redistribute BGP routes into OSPF and apply routing policy ospf_import.
[S200] ospf [S200-ospf-1] import-route bgp route-policy ospf_import
Configure interaction between IGP and BGP on S300. # Redistribute RIP routes into BGP.
<S300> system-view [S300] bgp 300 [S300-bgp] import-route rip [S300-bgp] quit
# Define a prefix list named rip_import and permit the routes with IP prefixes 162. 1. 1. 0/24, 162. 1. 2. 0/24, 166. 1. 3. 0/24, and 166. 1. 4. 0/24.
[S300] ip ip-prefix rip_import index 10 permit 162. 1. 1. 0 24 [S300] ip ip-prefix rip_import index 20 permit 162. 1. 2. 0 24 [S300] ip ip-prefix rip_import index 30 permit 166. 1. 3. 0 24 [S300] ip ip-prefix rip_import index 40 permit 166. 1. 4. 0 24
# Create a routing policy named rip_import with the matching mode as permit. Define an if-match clause to permit routes whose destination addresses match IP prefix list rip_import.
[S300] route-policy rip_import permit node 10 [S300-route-policy] if-match ip-prefix rip_import [S300-route-policy] quit
# Redistribute BGP routes into RIP and apply routing policy rip_import.
[S300] rip [S300-rip] import-route bgp route-policy rip_import
Configure interaction between IGP and BGP on S400. # Redistribute OSPF routes into BGP.
<S400> system-view [S400] bgp 400 [S400-bgp] import-route ospf 1 [S400-bgp] quit
# Define a prefix list named ospf_import and permit the routes with IP prefixes 162. 1. 1. 0/24, 162. 1. 2. 0/24, 162. 1. 3. 0/24, and 162. 1. 4. 0/24.
[S400] ip ip-prefix ospf_import index 10 permit 162. 1. 1. 0 24
3-14
Routing H3C Low-End Ethernet Switches Configuration Examples
Chapter 3 Comprehensive Configuration Example
[S400] ip ip-prefix ospf_import index 20 permit 162. 1. 2. 0 24 [S400] ip ip-prefix ospf_import index 30 permit 162. 1. 3. 0 24 [S400] ip ip-prefix ospf_import index 40 permit 162. 1. 4. 0 24
# Create a routing policy named ospf_import with the match mode as permit. Define an if-match clause to permit the routes whose destination addresses match IP prefix list ospf_import.
[S400] route-policy ospf_import permit node 10 [S400-route-policy] if-match ip-prefix ospf_import [S400-route-policy] quit
# Redistribute BGP routes into OSPF and apply the routing policy named ospf_import.
[S400] ospf [S400-ospf-1] import-route bgp route-policy ospf_import
3. 2. 6 Route Backup Configuration Example
I. Network requirements
As shown in Figure 3-8, implement route backup on S200_10. When the primary route cannot work, the device switches to the backup route automatically. When the primary route becomes feasible, the device switches to the primary route automatically. To achieve the route backup of S200_10, configure a static route to S200_10 on S300_A and redistribute this route into RIPv2.
II. Network diagram
Device S300_A S200_10
Interface Vlan-int 665 Vlan-int 665 Vlan-int 621 Vlan-int 622
IP address 166. 1. 5. 2/24 166. 1. 5. 1/24 162. 1. 1. 1/24 162. 1. 2. 1/24
AS 300 200
Figure 3-8 Network diagram for route backup
3-15
Routing H3C Low-End Ethernet Switches Configuration Examples
Chapter 3 Comprehensive Configuration Example
III. Configuration procedure
# Configure a default route on S200_10 and specify the next-hop IP address as 166. 1. 5. 2. Set the default preference to 200.
<S200_10> system-view [S200_10] ip route-static 0. 0. 0. 0 0. 0. 0. 0 166. 1. 5. 2 preference 200
# Configure a static route on S300_A and specify the destination IP addresses as 162. 1. 1. 0/24 and 162. 1. 2. 0/24. Specify the next-hop IP address as 166. 1. 5. 1 and the default preference to 200.
<S300_A> system-view [S300_A] ip route-static 162. 1. 1. 0 255. 255. 255. 0 166. 1. 5. 1 preference 200 [S300_A] ip route-static 162. 1. 2. 0 255. 255. 255. 0 166. 1. 5. 1 preference 200
# Redistribute the static route into RIP.
[S300_A] rip [S300_A-rip] import-route static
3. 2. 7 BGP MED Attribute Configuration Example
I. Network requirements
As shown in Figure 3-9, S100_1 forwards packets from S400 to S200_10. Modify the MED value to achieve this goal.
3-16
Routing H3C Low-End Ethernet Switches Configuration Examples
Chapter 3 Comprehensive Configuration Example
II. Network diagram
AS 400
VLAN-int 663 VLAN-int 664
S400_0 VLAN-int 16 S400
OSPF
VLAN-int 15 EBGP IBGP VLAN-int 31 VLAN-int 11 EBGP EBGP VLAN-int 13 EBGP VLAN-int 22 EBGP VLAN-int 23
AS 100
S100_1
S100_2
AS 200
S200 VLAN-int 12 S200_0 VLAN-int 665 VLAN-int 661
AS 300
S300 VLAN-int 14
S300_A
VLAN-int 662
S200_10 VLAN-int 621 VLAN-int 622 VLAN-int 623
S300_B VLAN-int 624
OSPF
RIP
Device S200_10 S300_B S400_0
Interface Vlan-int 621 Vlan-int 622 Vlan-int 623 Vlan-int 624 Vlan-int 663 Vlan-int 664
IP address 162. 1. 1. 1/24 162. 1. 2. 1/24 162. 1. 3. 1/24 162. 1. 4. 1/24 166. 1. 3. 1/24 166. 1. 4. 1/24
AS 200 300 400
Figure 3-9 Network diagram for MED attribute configuration
III. # Define a prefix list named as200_1 and permit the route with IP prefix 162. 1. 1. 0/24.
<S100_1> system-view [S100_1] ip ip-prefix as200_1 index 10 permit 162. 1. 1. 0 24
# Define a prefix list named as200_2 and permit the route with IP prefix 162. 1. 2. 0/24.
[S100_1] ip ip-prefix as200_2 index 10 permit 162. 1. 2. 0 24
# Define a prefix list named as300_1 and permit the route with IP prefix 162. 1. 3. 0/24.
[S100_1] ip ip-prefix as300_1 index 10 permit 162. 1. 3. 0 24
# Define a prefix list named as300_2 and permit the route with IP prefix 162. 1. 4. 0/24.
[S100_1] ip ip-prefix as300_2 index 10 permit 162. 1. 4. 0 24
# Define a prefix list named other and permit all the routes.
3-17
Routing H3C Low-End Ethernet Switches Configuration Examples
Chapter 3 Comprehensive Configuration Example
[S100_1] ip ip-prefix other index 10 permit 0. 0. 0. 0 0 less-equal 32
# Create a routing policy named as200, and specify node 10 with the permit matching mode in the routing policy. Set the MED value of the route matching prefix list as200_1 to 100.
[S100_1] route-policy as200 permit node 10 [S100_1-route-policy] if-match ip-prefix as200_1 [S100_1-route-policy] apply cost 100 [S100_1-route-policy] quit
# Create node 20 with the matching mode as permit in routing policy as200. Set the MED value of the route matching prefix list as200_2 to 100
[S100_1] route-policy as200 permit node 20 [S100_1-route-policy] if-match ip-prefix as200_2 [S100_1-route-policy] apply cost 100 [S100_1-route-policy] quit
# Create node 30 with the permit matching mode in routing policy as200. Set the MED value of the route matching prefix list as300_1 to 200.
[S100_1] route-policy as200 permit node 30 [S100_1-route-policy] if-match ip-prefix as300_1 [S100_1-route-policy] apply cost 200 [S100_1-route-policy] quit
# Create node 40 with the permit matching mode in routing policy as200. Set the MED value of the route matching prefix list as300_2 to 200.
[S100_1] route-policy as200 permit node 40 [S100_1-route-policy] if-match ip-prefix as300_2 [S100_1-route-policy] apply cost 200 [S100_1-route-policy] quit
# Create node 50 with the permit matching mode in routing policy as200. [. . . ] Therefore, if an ARP packet has a VLAN tag different from the default VLAN ID of the receiving port, it does not match the IP static binding entry and thus fails to pass ARP attack detection. An IP static binding entry configured on an H3C series Ethernet switch has a higher priority than a DHCP snooping entry: If the IP address in an IP static binding entry is the same as that in a DHCP snooping entry, the IP static binding entry overwrites the DHCP snooping entry; if the IP static binding entry is configured before DHCP snooping is enabled, no DHCP client cannot obtain the IP address specified in the IP static binding entry through the switch.
2-6
H3C Low-End Ethernet Switches Configuration Examples ARP Attack Prevention
Chapter 2 Configuration Examples
You can configure an uplink port on a switch as trusted or untrusted to flexibly implement ARP attack detection for ARP requests and replies received on the port. The ARP packets received from an ARP trusted port are not detected, while the ARP packets received from other ports are detected based on the DHCP snooping table and IP static bindings. You are not recommended to configure ARP attack detection or ARP packet rate limit on a port of an aggregation group.
2. 2 Configuration Example for ARP Attack Prevention in Authentication Mode
2. 2. 1 Network Requirements
In a campus network as shown in the following figure, the hosts are connected to the gateway and servers through access switches. [. . . ]
DISCLAIMER TO DOWNLOAD THE USER GUIDE 3COM LS-5100-8P-PWR-EI-OVS
Click on "Download the user Manual" at the end of this Contract if you accept its terms, the downloading of the manual 3COM LS-5100-8P-PWR-EI-OVS will begin.