3Com 3CRBSG2893 User Guide
3Com 3CRBSG2893 - Baseline Smart 28PORT Gig Sfp 10/100/1000 Manual
 |
UPC - 662705557137
View all 3Com 3CRBSG2893 manuals
Add to My Manuals
Save this manual to your list of manuals |
3Com 3CRBSG2893 manual content summary:
- 3Com 3CRBSG2893 | User Guide - Page 1
3Com Baseline Switch 2900 Family User Guide Baseline Switch 2920-SFP Plus Baseline Switch 2928-SFP Plus Baseline Switch 2952-SFP Plus Baseline Switch 2928-PWR Plus Baseline Switch 2928-HPWR Plus Manual Version: 6W102-20090810 www.3com.com 3Com Corporation 350 Campus Drive, Marlborough, MA, USA 01752 - 3Com 3CRBSG2893 | User Guide - Page 2
part of 3Com Corporation to provide notification of such revision or change. 3Com Corporation provides this documentation without warranty, term, or or delivered to you in conjunction with, this User Guide. Unless otherwise indicated, 3Com registered trademarks are registered in the United States - 3Com 3CRBSG2893 | User Guide - Page 3
Manual Organization 3Com Baseline Switch 2900 Family User Guide is organized as follows: Part Contents 1 Overview Perform overview of 3Com baseline switch Manage files on the device, such as displaying the file list, downloading a file, uploading a file, and removing a file. 11 Port - 3Com 3CRBSG2893 | User Guide - Page 4
and LACP 28 LLDP 29 IGMP Snooping 30 Routing 31 DHCP 32 Service Management 33 Diagnostic Tools 34 ARP 35 802.1X 36 AAA 37 RADIUS 38 User 39 PKI 40 Port Isolation Group 41 Authorized IP 42 ACL-QoS 43 PoE Contents Configure RMON, and dissplay, create, modify, and clear RMON statistics. Display - 3Com 3CRBSG2893 | User Guide - Page 5
Conventions The manual uses the following conventions: Command conventions Convention Boldface italic [ ] { x | y | ... } [ x | y | ... ] { x | y | ... } * [ x names are inside square brackets. For example, pop up the [New User] window. Multi-level menus are separated by forward slashes. For - 3Com 3CRBSG2893 | User Guide - Page 6
In addition to this manual, each 3com Baseline Switch 2900 documentation set includes the following: Manual Description 3Com Baseline Switch 2900 Family This guide provides all the information you need to install Getting Started Guide and use the 3Com Baseline Switch 2900 Family. Obtaining - 3Com 3CRBSG2893 | User Guide - Page 7
Web Interface 2-1 Default Login Information 2-1 Example 2-2 Logging Out of the Web Interface 2-3 Introduction to the Web Interface 2-3 Web User Level 2-4 In to the CLI 3-6 CLI Commands 3-6 initialize 3-6 ipsetup 3-7 password 3-8 ping 3-8 quit 3-9 reboot 3-9 summary 3-10 upgrade 3-11 - 3Com 3CRBSG2893 | User Guide - Page 8
1 Overview The 3Com baseline switch 2900 family can be configured through the command line interface (CLI), web interface, and SNMP/MIB. These configuration methods are suitable for different application scenarios. z The web interface supports all switch 2900 series configurations. z The CLI - 3Com 3CRBSG2893 | User Guide - Page 9
management function to facilitate the operations and maintenance on 3Com's network devices. Through this function, the administrator can The default Web login information Information needed at login Username Password IP address of the device (VLAN-interface 1) Default value admin None Default IP - 3Com 3CRBSG2893 | User Guide - Page 10
its default IP address IP address http://169.254.147.198 in the address bar, and press Enter to enter the login page of the Web interface, as shown in Figure 2-3. Input the username admin and the verification code, leave the password blank, select the language (English and Chinese are supported - 3Com 3CRBSG2893 | User Guide - Page 11
the IP address of the VLAN interface acting as the management interface. For detailed configuration, refer to the corresponding configuration manuals of these modules. z If you click the verification code displayed on the Web login page, you can get a new verification code. z Up to five users can - 3Com 3CRBSG2893 | User Guide - Page 12
log out of the Web interface. The Web network management functions not supported by the device will not be displayed in the navigation tree. Web User Level Web user levels, from low to high, are visitor, monitor, configure, and management. A user with a higher level has all the operating rights of - 3Com 3CRBSG2893 | User Guide - Page 13
higher level can perform the corresponding operations. Table 2-2 Description of Web-based NM functions Function menu Description User level Wizard IP Setup Perform quick configuration of the device. Management Setup Display global settings and port settings of a stack. Configure Configure - 3Com 3CRBSG2893 | User Guide - Page 14
User level Save Save the current configuration to the configuration file to be used at the next startup. Configure Initialize Restore the factory default settings. Configure File Manage ment File Manage files on the device, such as displaying the Manageme file list, downloading - 3Com 3CRBSG2893 | User Guide - Page 15
modify and delete an SNMP group. Display SNMP user information. Create, modify and delete an SNMP user. Monitor Configure Monitor Configure Trap Display the status Create Modify Create VLAN interfaces and configure IP addresses for them. Modify the IP addresses and status of VLAN interfaces. - 3Com 3CRBSG2893 | User Guide - Page 16
Function menu Description User level OUI Display the addresses of the OUIs that can be Summary identified by voice VLAN. Monitor OUI Add Add the address of an OUI - 3Com 3CRBSG2893 | User Guide - Page 17
Function menu Description User level Remove Delete the selected IPv4 static routes. Configure DHCP snooping trusted and untrusted ports. Configure Service Service Displays the states of services: enabled or disabled. Enable/disable services, and set related parameters. Configure Management - 3Com 3CRBSG2893 | User Guide - Page 18
Users Local User User Group Display configuration information about local users. Create, modify and remove a local user. Display configuration information about user groups. Create, modify and remove a user Modify Sec urity Authoriz Summary ed IP Setup Display port isolation group information. - 3Com 3CRBSG2893 | User Guide - Page 19
Function menu Description User level Summary Display classifier configuration information. Monitor Classifie Create r and trust mode. Monitor Configure PoE PoE Summary Setup Display PSE information and PoE interface information. Configure a PoE interface. Monitor Configure Introduction to - 3Com 3CRBSG2893 | User Guide - Page 20
panel. Restore button Click the button to restore all the items in the current configuration page to the system default. Expand button As shown in Figure 2-6, click the plus sign before a corresponding item. You can see the collapsed contents. Figure 2-6 Expand button icon Click the icon to enter - 3Com 3CRBSG2893 | User Guide - Page 21
Sort display Configuration Guidelines z The Web-based console supports Microsoft Internet Explorer 6.0 SP2 and higher, but it does not support the Back, Next, Refresh buttons provided by the to open the Web interface. To avoid this problem, it is recommended to turn off the Windows firewall before - 3Com 3CRBSG2893 | User Guide - Page 22
z If the software version of the device changes, when you log in to the device through the Web interface, you are recommended to delete the temporary Internet files of IE; otherwise, the Web page content may not be displayed correctly. 2-14 - 3Com 3CRBSG2893 | User Guide - Page 23
3Com baseline switch 2900 family can be configured through the command line interface (CLI), web interface, and SNMP/MIB, among which the web interface supports all switch supported by the CLI, use the web interface. z You will enter user a PC, and reconfigure the IP address of VLAN-interface 1 - 3Com 3CRBSG2893 | User Guide - Page 24
the serial port of the console terminal or PC. Step3 Connect the RJ-45 connector of the console cable to the console port of the switch. (as shown below) Figure 3-2 Network diagram for configuration environment setup Console port Console cable Serial port Pay attention to the mark on the console - 3Com 3CRBSG2893 | User Guide - Page 25
is used to communicate with the switch. 1) Start the PC and run the terminal emulation program. 2) Set terminal parameters as follows: z Bits per second: 38,400 z Data bits: 8 z Parity: None z Stop bits: 1 z Flow control: None z Emulation: VT100 The specific procedure is as follows: Step1 Select - 3Com 3CRBSG2893 | User Guide - Page 26
Figure 3-4 Set the serial port used by the HyperTerminal connection Step3 Click OK after selecting a serial port. The following dialog box appears. Set Bits per second to 38400, Data bits to 8, Parity to None, Stop bits to 1, and Flow control to None. Figure 3-5 Set the serial port parameters Step4 - 3Com 3CRBSG2893 | User Guide - Page 27
Figure 3-6 HyperTerminal window Step5 Click Properties in the HyperTerminal window to enter the Switch Properties dialog box. Click the Settings tab, set the emulation to VT100, and then click OK. Figure 3-7 Set terminal emulation in Switch Properties dialog box 3-5 - 3Com 3CRBSG2893 | User Guide - Page 28
initialize Specify VLAN-interface 1 to obtain an IP address through DHCP or manual configuration ipsetup { dhcp | ip address ip-address { mask | mask-length } [ default-gateway ip-address ] } Modify the login password of a user password Download the Boot ROM program or boot file from - 3Com 3CRBSG2893 | User Guide - Page 29
next startup and restores the factory default settings. Examples # Delete the configuration file ip address ip-address { mask | mask-length } command to assign an IP address to VLAN-interface 1. By default, the device automatically obtains its IP address through DHCP; if fails, it uses the assigned default IP - 3Com 3CRBSG2893 | User Guide - Page 30
the login password of a user. Examples # Modify the login password of user admin. password Change password for user: admin Old password: *** Enter new password: ** Retype password: ** The password has been successfully changed. ping Syntax ping host Parameters host: Destination IP address - 3Com 3CRBSG2893 | User Guide - Page 31
above information shows that IP address 1.1.2.2 is reachable quit * Copyright (c) 2004-2009 3Com Corp. and its licensors. All rights reserved. written permission of 3Com Corporation and its possible under the applicable law.* User interface aux0 is available. Please press - 3Com 3CRBSG2893 | User Guide - Page 32
menu option: Summary IP Method: IP address: Subnet mask: DHCP 10.153.96.86 255.255.255.0 Default gateway: 0.0.0.0 Current boot app is: flash:/2900_release.bin Next main boot app is: NULL Next backup boot app is: NULL 3Com Corporation 3Com Baseline Switch 2928-PWR Plus Software Version 5.20 - 3Com 3CRBSG2893 | User Guide - Page 33
3Com Baseline Switch 2928-PWR Plus 128M bytes DRAM 128M bytes Nand Flash Memory Config Register points to Nand Flash Hardware Version is REV.B CPLD Version is 001 Bootrom Version is 112 [SubSlot 0] 24GE+4SFP+POE If the Boot ROM file in the downloaded software package is not applicable, the original - 3Com 3CRBSG2893 | User Guide - Page 34
Perform the following configurations on the switch. # Configure the IP address of VLAN-interface 1 of the switch as 192.168.1.2/24, and specify the default gateway as 192.168.1.1. ipsetup ip-address 192.168.1.2 24 default-gateway 192.168.1.1 # Download the host software package Switch2900 - 3Com 3CRBSG2893 | User Guide - Page 35
File downloaded successfully. The specified file will be used as the boot file at the next reboot. # Reboot the switch. reboot After getting the new application file, reboot the switch to have the upgraded application take effect. 3-13 - 3Com 3CRBSG2893 | User Guide - Page 36
Table of Contents 1 Configuration Wizard 1-1 Overview 1-1 Basic Service Setup 1-1 Entering the Configuration Wizard Homepage 1-1 Configuring System Parameters 1-1 Configuring Management IP Address 1-3 Finishing Configuration Wizard 1-4 i - 3Com 3CRBSG2893 | User Guide - Page 37
1 Configuration Wizard Overview The configuration wizard guides you through the basic service setup, including the system name, system location, contact information, and management IP address (IP address of the VLAN interface). Basic Service Setup Entering the Configuration Wizard Homepage From the - 3Com 3CRBSG2893 | User Guide - Page 38
set the physical location in the setup page you enter by selecting Device > SNMP. For details, refer to SNMP Configuration. Set the contact information for users to get in touch with the device vendor for help. You can also set the contact information in the setup page you enter by selecting - 3Com 3CRBSG2893 | User Guide - Page 39
Configuring Management IP Address Modifying the management IP address used for the current login will tear down the connection to the device. Use the new management IP address to re-log in to the system. A management IP address is the IP address of a VLAN interface, which can be used to access the - 3Com 3CRBSG2893 | User Guide - Page 40
to bring the port to work properly. By default, the VLAN interface is down if no Ethernet through BOOTP. z Manual: Allows you to specify an IPv4 address and a mask length. Support for IPv4 obtaining if Manual is selected. Finishing Configuration Wizard After finishing the management IP address - 3Com 3CRBSG2893 | User Guide - Page 41
Figure 1-4 Configuration finishes The page displays your configurations. Review the configurations and if you want to modify the settings click Back to go back to the page. Click Finish to confirm your settings and the system performs the configurations. 1-5 - 3Com 3CRBSG2893 | User Guide - Page 42
Table of Contents 1 IRF 1-1 IRF Overview 1-1 Introduction to Stack 1-1 Establishing a Stack 1-1 Configuring an IRF Stack 1-2 Configuration Task List 1-2 Configuring Global Parameters of a Stack 1-3 Configuring Stack Ports 1-4 Displaying Topology Summary of a Stack 1-4 Displaying Device - 3Com 3CRBSG2893 | User Guide - Page 43
: Managed devices in a stack. z Stack port: Ports between stack devices. Establishing a Stack An administrator can establish a stack as follows: z Configure a private IP address pool for a stack and create the stack on the network device which is to be configured as the master device. z Configure - 3Com 3CRBSG2893 | User Guide - Page 44
default, no IP address pool is configured for a stack and no stack is established. Configuring Stack Ports Required Configure the ports of the master device that connect to slave devices as stack ports. By default By default, the username, password, and access the username, password, and access - 3Com 3CRBSG2893 | User Guide - Page 45
Configuring Global Parameters of a Stack Select IRF from the navigation tree to enter the page shown in Figure 1-2. You can configure global parameters of a stack in the Global Settings area. Figure 1-2 Set up Table 1-2 describes configuration items of global parameters. 1-3 - 3Com 3CRBSG2893 | User Guide - Page 46
number of devices to be added to the stack. Otherwise, some devices may not be able to join the stack automatically for lack of private IP addresses. Enable the device to establish a stack. After you enable the device to establish a stack, the device becomes the master device of the stack and - 3Com 3CRBSG2893 | User Guide - Page 47
Table 1-3 Fields of topology summary Fields Description Member ID Role Member ID of the device in the stack: z Value 0 indicates that the device is the master device of the stack. z A value other than 0 indicates that the device is a slave device and the value is the member ID of the slave - 3Com 3CRBSG2893 | User Guide - Page 48
shown in Figure 1-6, Switch A, Switch B, Switch C, and Switch D are connected with one another. z Create a stack, where Switch A is the master device, Switch B, Switch C, and Switch D are slave devices. An administrator can log in to Switch B, Switch C and Switch D through Switch A to perform remote - 3Com 3CRBSG2893 | User Guide - Page 49
z Type 192.168.1.1 in the text box of Private Net IP. z Type 255.255.255.0 in the text box of Mask. z Select Enable from the Build Stack drop-down list. z Click Apply. Now, switch A becomes the master device. # Configure a stack port on Switch A. z On the page of the Setup tab, perform the following - 3Com 3CRBSG2893 | User Guide - Page 50
Configure the slave devices # On Switch B, configure local ports GigabitEthernet 1/0/2 connecting with switch A, GigabitEthernet 1/0/1 connecting with Switch C, and GigabitEthernet 1/0/3 connecting with Switch D as stack ports. z Select IRF from the navigation tree of Switch B to enter the page of - 3Com 3CRBSG2893 | User Guide - Page 51
area, select the check boxes before GigabitEthernet1/0/1, GigabitEthernet1/0/2, and GigabitEthernet1/0/3. z Click Enable. Now, switch B becomes a slave device. # On Switch C, configure local port GigabitEthernet 1/0/1 connecting with Switch B as a stack port. z Select IRF from the navigation tree of - 3Com 3CRBSG2893 | User Guide - Page 52
, select the check box before GigabitEthernet1/0/1. z Click Enable. Now, Switch C becomes a slave device. # On Switch D, configure local port GigabitEthernet 1/0/1 connecting with Switch B as a stack port. z Select IRF from the navigation tree of Switch D to enter the page of the Setup tab, and then - 3Com 3CRBSG2893 | User Guide - Page 53
the configuration # Display the stack topology on Switch A. z Select IRF from the navigation tree of Switch A and click the Topology Summary tab. the master device of a stack, you are not allowed to modify the private IP address pool on the device. 2) If a device is already configured as a slave device - 3Com 3CRBSG2893 | User Guide - Page 54
Table of Contents 1 Summary 1-1 Overview 1-1 Displaying Device Summary 1-1 Displaying System Information 1-1 Displaying Device Information 1-2 i - 3Com 3CRBSG2893 | User Guide - Page 55
in to the Web interface, the System Information page appears by default, as shown in Figure 1-1. Figure 1-1 System information Select from the refreshes the system information at the specified interval. z If you select Manual, the system refreshes the information only when you click the Refresh - 3Com 3CRBSG2893 | User Guide - Page 56
The System Resource State displays the most current CPU usage and memory usage. Recent system operation logs Table 1-1 describes the fields Summary page displays up to five the most recent system operation logs about the login and logout events. z For more system operation logs, you can click More - 3Com 3CRBSG2893 | User Guide - Page 57
Figure 1-2 Device information Select from the Refresh Period drop-down list: z If you select a certain period, the system refreshes the information at the specified interval. z If you select Manual, the system refreshes the information only when you click the Refresh button. 1-3 - 3Com 3CRBSG2893 | User Guide - Page 58
Table of Contents 1 Device Basic Information Configuration 1-1 Overview 1-1 Configuring Device Basic Information 1-1 Configuring System Name 1-1 Configuring Idle Timeout Period 1-1 i - 3Com 3CRBSG2893 | User Guide - Page 59
name will be displayed on the top of the navigation bar. z Set the idle timeout period for a logged-in user. That is, the system will log an idle user off the Web for security purpose after the configured period. Configuring Device Basic Information Configuring System Name Select Device > Basic - 3Com 3CRBSG2893 | User Guide - Page 60
Figure 1-2 Configuring idle timeout period Table 1-2 describes the idle timeout period configuration item. Table 1-2 Idle timeout period configuration item Item Idle timeout Description Set the idle timeout period for a logged-in user. 1-2 - 3Com 3CRBSG2893 | User Guide - Page 61
Table of Contents 1 System Time Configuration 1-1 Overview 1-1 Configuring System Time 1-1 System Time Configuration Example 1-2 Configuration Guidelines 1-3 i - 3Com 3CRBSG2893 | User Guide - Page 62
Overview The system time module allows you to display and set the device system time on the Web interface. The device supports setting system time through manual configuration and automatic synchronization of NTP server time. An administrator can by no means keep time synchronized among all the - 3Com 3CRBSG2893 | User Guide - Page 63
time configuration items Item Description Manual Select to manually configure the system time, including IP address of the local clock source. System Time Configuration Example Network requirements z As shown in Figure 1-2, the local clock of Device A is set as the reference clock. z Switch - 3Com 3CRBSG2893 | User Guide - Page 64
B. z Select System > System Time from the navigation tree and perform the configurations as shown in Figure 1-3. Figure 1-3 Configure Device A as the NTP server of Switch B z Select NTP. z Type 24 in the ID box, and type aNiceKey in the Key String text box for key 1. z Type 1.0.1.11 in the NTP - 3Com 3CRBSG2893 | User Guide - Page 65
z A device can act as a server to synchronize the clock of other devices only after its clock has been synchronized. If the clock of a server has a stratum level higher than or equal to that of a client's clock, the client will not synchronize its clock to the server's. z The synchronization process - 3Com 3CRBSG2893 | User Guide - Page 66
Table of Contents 1 Log Management 1-1 Overview 1-1 Configuring Log Management 1-1 Configuration Task List 1-1 Setting Syslog Related Parameters 1-1 Displaying Syslog 1-2 Setting Loghost 1-4 i - 3Com 3CRBSG2893 | User Guide - Page 67
way for administrators to know network and device status. With system log information, administrators can take corresponding actions against network problems and security problems. System logs can be stored in the log buffer, or sent to the loghost. Configuring Log Management Configuration Task - 3Com 3CRBSG2893 | User Guide - Page 68
be stored in the log buffer. Set the refresh period on the log information displayed on the Web interface. You can select manual refresh or automatic refresh: z Manual: You need to click Refresh to refresh the Web interface when displaying log information. z Automatic: You can select to refresh the - 3Com 3CRBSG2893 | User Guide - Page 69
Figure 1-2 Display syslog Table 1-3 describes the syslog display items. Table 1-3 Syslog display items Item Time/Date Source Level Digest Description Description Displays the time/date when system logs are generated. Displays the module that generates system logs. Displays the severity level of - 3Com 3CRBSG2893 | User Guide - Page 70
to enter the loghost configuration page, as shown in Figure 1-3. Figure 1-3 Set loghost Table 1-5 describes the loghost configuration item. Table 1-5 Loghost configuration item Item Loghost IP Description IP address of the loghost. z You can specify up to four loghosts. z You must input a valid - 3Com 3CRBSG2893 | User Guide - Page 71
Table of Contents 1 Configuration Management 1-1 Back Up Configuration 1-1 Restore Configuration 1-1 Save Configuration 1-2 Initialize 1-3 i - 3Com 3CRBSG2893 | User Guide - Page 72
.xml file) for the next startup to the host of the current user Select Device > Configuration from the navigation tree to enter the backup configuration this figure, a file download dialog box appears. You can select to view the .xml file or to save the file locally. The switch uses both .cfg and - 3Com 3CRBSG2893 | User Guide - Page 73
the Save Current Settings button to save the current configuration to the configuration file. z Saving the configuration takes a period of time. z The system does not support the operation of saving configuration of two or more consecutive users. If such a case occurs, the system prompts the latter - 3Com 3CRBSG2893 | User Guide - Page 74
Initialize This operation will restore the system to factory defaults, delete the current configuration file, and reboot the device. Select Device > shown in Figure 1-4. Figure 1-4 Initialize confirmation dialog box Click the Restore Factory-Default Settings button to restore the system to - 3Com 3CRBSG2893 | User Guide - Page 75
Table of Contents 1 Device Maintenance 1-1 Software Upgrade 1-1 Device Reboot 1-2 Electronic Label 1-3 Diagnostic Information 1-3 i - 3Com 3CRBSG2893 | User Guide - Page 76
1 Device Maintenance Software Upgrade Software upgrade allows you to obtain a target application file from the current host and set the file as the main boot file or backup boot file to be used at the next reboot. A boot file, also known as the system software or device software, is an application - 3Com 3CRBSG2893 | User Guide - Page 77
Table 1-1 Software upgrade configuration items Item Description File Filename Specifies the filename of the local application file, which must be with an extension .bin. Specifies a filename for the file to be saved on the device. The filename must have an extension, which must be the same as - 3Com 3CRBSG2893 | User Guide - Page 78
not be rebooted. In this case, you need to save the current configuration manually before you can reboot the device. z If you do not select the check statistics of multiple functional modules to a file named default.diag, and then you can locate problems faster by checking this file. Select Device > - 3Com 3CRBSG2893 | User Guide - Page 79
1-5 The diagnostic information file is created Click Click to Download, and the File Download dialog box appears. You can select to open this view this file by selecting Device > File Management, or downloading this file to the local host. For the details, refer to File Management Configuration. 1-4 - 3Com 3CRBSG2893 | User Guide - Page 80
Table of Contents 1 File Management 1-1 Overview 1-1 File Management Configuration 1-1 Displaying File List 1-1 Downloading a File 1-1 Uploading a File 1-2 Removing a File 1-2 i - 3Com 3CRBSG2893 | User Guide - Page 81
and the system provides the file management function for the users to manage those files conveniently and effectively. File management function provides the following operations: z Displaying File List z Downloading a File z Uploading a File z Removing a File File Management Configuration Displaying - 3Com 3CRBSG2893 | User Guide - Page 82
box appears. You can select to open the file or to save the file locally. You can download only one file at one time. Uploading a File Select Device > File Management from the navigation tree to enter the file management page, as shown in - 3Com 3CRBSG2893 | User Guide - Page 83
Table of Contents 1 Port Management Configuration 1-1 Overview 1-1 Configuring a Port 1-1 Setting Operation Parameters for a Port 1-1 Viewing the Operation Parameters of a Port 1-5 Port Management Configuration Example 1-6 i - 3Com 3CRBSG2893 | User Guide - Page 84
1 Port Management Configuration Overview You can use the port management feature to set and view the operation parameters of a Layer 2 Ethernet port, including but not limited to its state, rate, duplex mode, link type, PVID, MDI mode, flow control settings, MAC learning limit, and storm suppression - 3Com 3CRBSG2893 | User Guide - Page 85
: auto-negotiated to 100 or 1000 Mbps z Auto 10 100 1000: auto-negotiated to 10, 100, or 1000 Mbps Duplex Link Type PVID SFP optical ports do not support the 10 or 100 option. Set the duplex mode of the port. z Auto: auto-negotiation z Full: full duplex z Half: half duplex Ethernet electrical - 3Com 3CRBSG2893 | User Guide - Page 86
of at least one end must be set to auto. SFP optical ports do not support this feature. Enable or disable flow control on the port. By default, auto power down is disabled. Set the MAC learning limit on the port. Available options include: z User Defined: Select this option to set the limit manually. - 3Com 3CRBSG2893 | User Guide - Page 87
Item Broadcast Suppression Description Set broadcast suppression on the port. You can suppress broadcast traffic by percentage or by PPS as follows: z ratio: Sets the maximum percentage of broadcast traffic to the total bandwidth of an Ethernet port. When this option is selected, you need to input - 3Com 3CRBSG2893 | User Guide - Page 88
Viewing the Operation Parameters of a Port Select Device > Port Management from the navigation tree. The Summary tab is displayed by default. Select the parameter you want to view by clicking the radio button before it to display the setting of this parameter for all the ports - 3Com 3CRBSG2893 | User Guide - Page 89
Configuration Example Network requirements As shown in Figure 1-4: z Server A, Server B, and Server C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 or the switch respectively. The rates of the network adapters of these servers are all 1000 Mbps. z The - 3Com 3CRBSG2893 | User Guide - Page 90
Configuration procedure # Set the rate of GigabitEthernet 1/0/4 to 1000 Mbps. z Select Device > Port Management from the navigation tree, click the Setup tab to enter the page shown in Figure 1-5, and make the following configurations: Figure 1-5 Configure the rate of GigabitEthernet 1/0/4 z Select - 3Com 3CRBSG2893 | User Guide - Page 91
Figure 1-6 Batch configure port rate # Display the rate settings of ports. z Click the Summary tab. z Select the Speed option to display the rate information of all ports on the lower part of the page, as shown in Figure 1-7. 1-8 - 3Com 3CRBSG2893 | User Guide - Page 92
Figure 1-7 Display the rate settings of ports 1-9 - 3Com 3CRBSG2893 | User Guide - Page 93
Table of Contents 1 Port Mirroring Configuration 1-1 Introduction to Port Mirroring 1-1 Implementing Port Mirroring 1-1 Configuring Port Mirroring 1-1 Configuration Task List 1-1 Creating a Mirroring Group 1-2 Configuring Ports for a Mirroring Group 1-3 Configuration Examples 1-4 Local Port - 3Com 3CRBSG2893 | User Guide - Page 94
1 Port Mirroring Configuration Introduction to Port Mirroring Port mirroring is to copy the packets passing through a port (called a mirroring port) to another port (called the monitor port) connected with a monitoring device for packet analysis. You can select to port-mirror inbound, outbound, or - 3Com 3CRBSG2893 | User Guide - Page 95
Perform the tasks described in Table 1-1 to configure local port mirroring: Table 1-1 Local port mirroring configuration task list Task Create a local mirroring group Configure the mirroring ports Configure the monitor port Remarks Required Refer to section Creating a Mirroring Group for details. - 3Com 3CRBSG2893 | User Guide - Page 96
Table 1-2 Configuration items of creating a mirroring group Item Description Mirroring Group ID ID of the mirroring group to be created Type Specify the type of the mirroring group to be created: z Local: Creates a local mirroring group. Return to Local port mirroring configuration task list. - 3Com 3CRBSG2893 | User Guide - Page 97
2 on the server. To satisfy the above requirement through local port mirroring, perform the following configuration on Switch C: z Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as mirroring ports. z Configure GigabitEthernet 1/0/3 as the monitor port. Figure 1-4 Network diagram for - 3Com 3CRBSG2893 | User Guide - Page 98
Figure 1-5 Create a local mirroring group z Type in mirroring group ID 1. z Select Local in the Type drop-down list. z Click Apply. # Configure the mirroring ports. Click Modify Port to enter the page for configuring ports for the mirroring group, as shown in Figure 1-6. Figure 1-6 Configure the - 3Com 3CRBSG2893 | User Guide - Page 99
z Select 1 - Local in the Mirroring Group ID drop-down list. z Select Mirror Port in the Port Type drop-down list. z Select both in the Stream Orientation drop-down list. z Select GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 on the chassis front panel. z Click Apply. A configuration progress - 3Com 3CRBSG2893 | User Guide - Page 100
z Click Apply. A configuration progress dialog box appears. z After the configuration process is complete, click Close in the dialog box. Configuration Guidelines Pay attention to the following points during local port mirroring configuration: z To ensure operation of your device, do not enable STP, - 3Com 3CRBSG2893 | User Guide - Page 101
Table of Contents 1 User Management 1-1 Overview 1-1 Users 1-1 Creating a User 1-1 Setting the Super Password 1-2 Switching the User Access Level to the Management Level 1-3 i - 3Com 3CRBSG2893 | User Guide - Page 102
, and access level for an FTP or Telnet user. z Set the super password for switching the current Web user level to the management level. z Switch the current Web user access level to the management level. Users Creating a User Select Device > Users from the navigation tree, and click the Create - 3Com 3CRBSG2893 | User Guide - Page 103
of plain text for login authentication. Service Type Set the service type, including FTP and Telnet services. You must select either of them. Setting the Super Password In this part, users of the management level can specify the password for a lower-level user to switch from the current access - 3Com 3CRBSG2893 | User Guide - Page 104
, make sure that the super password is already configured. A user cannot switch to the management level without a super password. z The access level switchover of a user is valid for the current login only. The access level configured for the user is not changed. When the user re-logs in to the Web - 3Com 3CRBSG2893 | User Guide - Page 105
Figure 1-3 Switch to the management level. 1-4 - 3Com 3CRBSG2893 | User Guide - Page 106
Table of Contents 1 Loopback Test Configuration 1-1 Overview 1-1 Loopback Operation 1-1 Configuration Guidelines 1-2 i - 3Com 3CRBSG2893 | User Guide - Page 107
port loopback test can be an internal loopback test or an external loopback test. z In an internal loopback test, self loop is established in the switching chip to check whether there is a chip failure related to the functions of the port. z In an external loopback test, a loopback plug is used on - 3Com 3CRBSG2893 | User Guide - Page 108
loopback test but not an external loopback test on a port that is physically down, while you can perform neither test on a port that is manually shut down. z The system does not allow Rate, Duplex, Cable Type and Port Status configuration on a port under a loopback test. z An Ethernet port works - 3Com 3CRBSG2893 | User Guide - Page 109
Table of Contents 1 VCT 1-1 Overview 1-1 Testing Cable Status 1-1 i - 3Com 3CRBSG2893 | User Guide - Page 110
1 VCT Overview z The optical interface of a SFP port does not support this feature. z A link in the up state goes down and then up automatically if you perform this operation on one of the Ethernet interfaces forming - 3Com 3CRBSG2893 | User Guide - Page 111
Table 1-1 Description on the cable test result Item Description Cable status Status and length of the cable. The status of a cable can be normal, abnormal, abnormal(open), abnormal(short), or failure. z When a cable is normal, the cable length displayed is the total length of the cable. z When a - 3Com 3CRBSG2893 | User Guide - Page 112
Table of Contents 1 Flow Interval Configuration 1-1 Overview 1-1 Monitoring Port Traffic Statistics 1-1 Setting the Traffic Statistics Generating Interval 1-1 Viewing Port Traffic Statistics 1-1 i - 3Com 3CRBSG2893 | User Guide - Page 113
1 Flow Interval Configuration Overview With the flow interval module, you can view the average receiving rate and average sending rate of a port over the specified interval. Monitoring Port Traffic Statistics Setting the Traffic Statistics Generating Interval Select Device > Flow interval from the - 3Com 3CRBSG2893 | User Guide - Page 114
Figure 1-2 Port traffic statistics 1-2 - 3Com 3CRBSG2893 | User Guide - Page 115
Table of Contents 1 Storm Constrain Configuration 1-1 Overview 1-1 Configuring Storm Constrain 1-1 Setting the Traffic Statistics Generating Interval 1-1 Configuring Storm Constrain 1-2 i - 3Com 3CRBSG2893 | User Guide - Page 116
or shuts down the port, and optionally, sends trap messages and logs. Alternatively, you can configure the storm suppression function to control a specific type of traffic. As the storm suppression function and the storm constrain function are mutually exclusive, do not enable them at the same time - 3Com 3CRBSG2893 | User Guide - Page 117
is used for measuring the average traffic sending and receiving rates over a specific interval. z For network stability sake, set the traffic statistics generating interval for the storm constrain function to the default or a greater value. Configuring Storm Constrain Select Device > Storm Constrain - 3Com 3CRBSG2893 | User Guide - Page 118
Figure 1-2 Add storm constrain settings for ports Table 1-1 describes the port storm constrain configuration items. Table 1-1 Port storm constrain configuration items Item Remarks Control Mode Specify the action to be performed when a type of traffic exceeds the corresponding upper threshold. - 3Com 3CRBSG2893 | User Guide - Page 119
Item Trap Log Select ports Remarks Select or clear the option to enable or disable the system to send trap messages both when an upper threshold is crossed and when the corresponding lower threshold is crossed after that. Select or clear the option to enable or disable the system to output logs - 3Com 3CRBSG2893 | User Guide - Page 120
Table of Contents 1 RMON 1-1 RMON Overview 1-1 Working Mechanism 1-1 RMON Groups 1-2 Configuring RMON 1-3 Configuration Task List 1-3 Configuring a Statistics Entry 1-5 Configuring a History Entry 1-6 Configuring an Event Entry 1-7 Configuring an Alarm Entry 1-7 Displaying RMON Statistics - 3Com 3CRBSG2893 | User Guide - Page 121
. z Embedding RMON agents in network devices such as routers, switches, and hubs to provide the RMON probe function. Management devices of information, statistics, history, alarm, and event, in most cases. The 3Com device adopts the second way and realizes the RMON agent function. With the - 3Com 3CRBSG2893 | User Guide - Page 122
RMON Groups Among the RMON groups defined by RMON specifications (RFC 2819), the realized public MIB of the device supports the statistics group, history group, alarm group, and event group. Statistics group The statistics group defines that the system collects statistics on various traffic - 3Com 3CRBSG2893 | User Guide - Page 123
z Log-Trap: Logging event information in the event log table and sending a trap to the NMS. z None: No action. Configuring RMON Configuration Task List Configuring the RMON statistics function RMON statistics function can be implemented by either the statistics group or the history group, but - 3Com 3CRBSG2893 | User Guide - Page 124
Configuring the RMON alarm function z If you need to configure that the managed device sends a trap to the NMS when it triggers an alarm event, you should configure the SNMP agent as described in SNMP Configuration before configuring the RMON alarm function. z As the alarm variables that can be - 3Com 3CRBSG2893 | User Guide - Page 125
Task Displaying RMON Event Logs Remarks If you have configured the system to log an event after the event is triggered when you configure the event group, the event is recorded into the RMON log. You can perform this task to display the details of the log table Configuring a Statistics Entry - 3Com 3CRBSG2893 | User Guide - Page 126
Configuring a History Entry Select Device > RMON from the navigation tree and click the History tab to enter the page, as shown in Figure 1-3. Click Add to enter the page for adding a history entry, as shown in Figure 1-4. Figure 1-3 History entry Figure 1-4 Add a history entry Table 1-6 describes - 3Com 3CRBSG2893 | User Guide - Page 127
Configuring an Event Entry Select Device > RMON from the navigation tree and click the Event tab to enter the page, as shown in Figure 1-5. Click Add to enter the page for adding an event entry, as shown in Figure 1-6. Figure 1-5 Event entry Figure 1-6 Add an event entry Table 1-7 describes the - 3Com 3CRBSG2893 | User Guide - Page 128
Figure 1-7 Alarm entry Figure 1-8 Add an alarm entry Figure 1-8 describes the items for configuring an alarm entry. Table 1-8 Alarm entry configuration items Item Description Alarm variable Statics Item Interface Name Set the traffic statistics that will be collected and monitored, see Table - 3Com 3CRBSG2893 | User Guide - Page 129
the value of the alarm variable is higher than the alarm rising threshold or lower than the alarm falling threshold, the system will adopt the default action, that is, log-and-trap. Rising Threshold Set the alarm rising threshold. Alarm Rising Event Set the action that the system will take when - 3Com 3CRBSG2893 | User Guide - Page 130
Figure 1-9 RMON statistics information Table 1-9 describes the fields of RMON statistics. Table 1-9 Fields of RMON statistics Item Number of Received Bytes Number of Received Packets Number of Received Broadcasting Packets Number of Received Multicast Packets Number of Received Packets With CRC - 3Com 3CRBSG2893 | User Guide - Page 131
Item Description Number of Received Packets Smaller Than 64 Bytes Total number of undersize packets (shorter than 64 octets) received by the interface, corresponding to the MIB node etherStatsUndersizePkts. Number of Received Packets Larger Than 1518 Bytes Total number of oversize packets ( - 3Com 3CRBSG2893 | User Guide - Page 132
received during the sampling period, corresponding to the MIB node etherHistoryFragments. Number of jabbers received during the sampling period (Support for the field depends on the device model.), corresponding to the MIB node etherHistoryJabbers. Number of collision packets received during - 3Com 3CRBSG2893 | User Guide - Page 133
Displaying RMON Event Logs Select Device > RMON from the navigation tree and click the Log tab to enter the page, as shown in Figure 1-11, which displays log information for all event entries. Figure 1-11 Log Return to Display RMON running status. RMON Configuration Example Network requirements As - 3Com 3CRBSG2893 | User Guide - Page 134
Figure 1-13 Add a statistics entry z Select GigabitEthernet1/0/1 from the Interface Name drop-down box. z Type user1-rmon in the text box of Owner. z Click Apply. # Display RMON statistics for interface Ethernet 1/0/1. z Click the icon corresponding to GigabitEthernet 1/0/1. z You can view the - 3Com 3CRBSG2893 | User Guide - Page 135
Figure 1-14 Display RMON statistics # Create an event to start logging after the event is triggered. z Click the Event tab, click Add, and then perform the following configurations, as shown in Figure 1-15. Figure 1-15 Configure an event group 1-15 - 3Com 3CRBSG2893 | User Guide - Page 136
z Type 1-rmon in the text box of Owner. z Select the check box before Log. z Click Apply. z The page goes to the page displaying the event entry, and you can see that the entry index of the new event is 1, as shown in Figure 1-16. Figure 1-16 Display the index of a event entry # Configure an alarm - 3Com 3CRBSG2893 | User Guide - Page 137
z Select Number of Received Bytes from the Statics Item drop-down box. z Select GigabitEthernet1/0/1 from the Interface Name drop-down box. z Type 10 in the text box of Interval. z Select Delta from the Simple Type drop-down box. z Type 1-rmon in the text box of Owner. z Type 1000 in the text box of - 3Com 3CRBSG2893 | User Guide - Page 138
Table of Contents 1 Energy Saving Configuration 1-1 Overview 1-1 Configuring Energy Saving on a Port 1-1 i - 3Com 3CRBSG2893 | User Guide - Page 139
configuration items for configuring energy saving on a port. Table 1-1 Configuration items for configuring energy saving on a port Item Time Range Sun through Sat PoE Disabled Description Set the time period when the port is in the state of energy saving. z Up to five energy saving policies with - 3Com 3CRBSG2893 | User Guide - Page 140
Speed Shutdown Description Set the port to transmit data at the lowest speed. If you configure the lowest speed limit on a port that does not support 10 Mbps, the configuration cannot take effect. Shut down the port. An energy saving policy can have all the three energy saving schemes configured - 3Com 3CRBSG2893 | User Guide - Page 141
1-1 MIB Overview 1-2 SNMP Configuration 1-3 Configuration Task List 1-3 Enabling SNMP 1-4 Configuring an SNMP View 1-5 Configuring an SNMP Community 1-7 Configuring an SNMP Group 1-8 Configuring an SNMP User 1-10 Configuring SNMP Trap Function 1-11 SNMP Configuration Example 1-13 i - 3Com 3CRBSG2893 | User Guide - Page 142
information, find and diagnose network problems, plan for network growth, station that runs the SNMP client software. It offers a user friendly interface, making it easier for network administrators to SNMP Protocol Version Currently, SNMP agents support SNMPv3 and are compatible with SNMPv1 and - 3Com 3CRBSG2893 | User Guide - Page 143
InformRequest; it supports more data types such as Counter64; and it provides various error codes, thus being able to distinguish errors in more detail. z SNMPv3 offers an authentication that is implemented with a User-Based Security Model (USM). You can set the authentication and privacy functions. - 3Com 3CRBSG2893 | User Guide - Page 144
: Table 1-1 SNMPv1 or SNMPv2c configuration task list Task Remarks Enabling SNMP Configuring an SNMP View Required The SNMP agent function is disabled by default. Optional After creating SNMP views, you can specify an SNMP view for an SNMP community to limit the MIB objects that can be accessed - 3Com 3CRBSG2893 | User Guide - Page 145
about the target host of the SNMP traps. By default, an agent is allowed to send SNMP traps to user belongs. Configuring SNMP Trap Function Optional Allows you to configure that the agent can send SNMP traps to the NMS, and configure information about the target host of the SNMP traps By default - 3Com 3CRBSG2893 | User Guide - Page 146
engine ID, the user is invalid. Configure the maximum size of an SNMP packet that the agent can receive/send. Set a character string to describe the contact information for system maintenance. If the device is faulty, the maintainer can contact the manufacture factory according to the contact - 3Com 3CRBSG2893 | User Guide - Page 147
Figure 1-5 View page Creating an SNMP view Click Add, the window appears as shown in Figure 1-6. Type the view name and click Apply, and then you enter the page as shown in Figure 1-7. Figure 1-6 Create an SNMP view (1) Figure 1-7 Create an SNMP view (2) Table 1-4 describes the configuration items - 3Com 3CRBSG2893 | User Guide - Page 148
position of a node in the MIB tree, and it can uniquely identify a MIB subtree. Set the subtree mask. If no subtree mask is specified, the default subtree mask (all Fs) will be used for mask-OID matching. Adding rules to an SNMP view Click the icon corresponding to the specified view - 3Com 3CRBSG2893 | User Guide - Page 149
by the NMS. Associate the community with a basic ACL to allow or prohibit the access to the agent from the NMS with the specified source IP address. Return to SNMPv1 or SNMPv2c configuration task list. Configuring an SNMP Group Select Device > SNMP from the navigation tree, then click the Group tab - 3Com 3CRBSG2893 | User Guide - Page 150
Figure 1-11 SNMP group Figure 1-12 Create an SNMP group Table 1-6 describes the configuration items for creating an SNMP group. Table 1-6 Configuration items for creating an SNMP group Item Group Name Security Level Description Set the SNMP group name. Select the security level for the SNMP - 3Com 3CRBSG2893 | User Guide - Page 151
, that is, you can configure to allow or prohibit SNMP packets with a specific source IP address, so as to restrict the intercommunication between the NMS and the agent. Return to SNMPv3 configuration task list. Configuring an SNMP User Select Device > SNMP from the navigation tree, then click the - 3Com 3CRBSG2893 | User Guide - Page 152
level is Auth/Priv. The confirm privacy password must be the same with the privacy password. Associate a basic ACL with the user to restrict the source IP address of SNMP packets, that is, you can configure to allow or prohibit SNMP packets with a specific source IP address, so as to allow or - 3Com 3CRBSG2893 | User Guide - Page 153
type: IPv4 or IPv6, and then type the corresponding IP address in the text box according to the IP address type. Set the security name, which can be an SNMPv1 community name, an SNMPv2c community name, or an SNMPv3 user name. Set UDP port number. Select the security model, that is, the SNMP - 3Com 3CRBSG2893 | User Guide - Page 154
Example Network requirements z As shown in Figure 1-17, the NMS connects to the agent, Switch, through an Ethernet. z The IP address of the NMS is 1.1.1.2/24. z The IP address of the VLAN interface on Switch is 1.1.1.1/24. z The NMS monitors the agent using SNMPv3. The agent reports errors or - 3Com 3CRBSG2893 | User Guide - Page 155
Figure 1-19 Create an SNMP view (1) z Type view1 in the text box. z Click Apply to enter the SNMP rule configuration page, as shown in Figure 1-20. Figure 1-20 Create an SNMP view (2) z Select the Included radio box. z Type the MIB subtree OID interfaces. z Click Add. z Click Apply. A configuration - 3Com 3CRBSG2893 | User Guide - Page 156
Group Name. z Select view1 from the Read View drop-down box. z Select view1 from the Write View drop-down box. z Click Apply. # Configure an SNMP user z Click the User tab and then click Add to enter the page as shown in Figure 1-23. Figure 1-23 Create an SNMP - 3Com 3CRBSG2893 | User Guide - Page 157
Add to enter the page as shown in Figure 1-25. Figure 1-25 Add target hosts of SNMP traps z Select the destination IP address type as IPv4. z Type the destination address 1.1.1.2. z Type the user name user1. z Type the UDP port 5000. z Select v3 from the Security Model drop-down box. z Click Apply - 3Com 3CRBSG2893 | User Guide - Page 158
, privacy mode, privacy password, and so on. Besides, you need to configure the aging time and retry times. After the above configurations, you can configure the device as needed through the NMS. For related configurations, refer to the manual provided for NMS. Configuration verification z After - 3Com 3CRBSG2893 | User Guide - Page 159
Table of Contents 1 Interface Statistics 1-1 Overview 1-1 Displaying Interface Statistics 1-1 i - 3Com 3CRBSG2893 | User Guide - Page 160
1 Interface Statistics Overview The interface statistics module displays statistics information about the packets received and sent through interfaces. Displaying Interface Statistics Select Device > Interface Statistics from the navigation tree to enter the interface statistics display page, as - 3Com 3CRBSG2893 | User Guide - Page 161
Field OutUcastPkts OutNUcastPkts OutDiscards OutErrors Description Number of unicast packets sent through the interface. Number of non-unicast packets sent through the interface. Number of valid packets discarded in the outbound direction. Number of invalid packets sent through the interface. 1-2 - 3Com 3CRBSG2893 | User Guide - Page 162
Table of Contents 1 VLAN Configuration 1-1 Overview 1-1 Introduction to VLAN 1-1 How VLAN Works 1-1 VLAN Types 1-2 Introduction to Port-Based VLAN 1-3 Configuring a VLAN 1-4 Configuration Task List 1-4 Creating VLANs 1-4 Selecting VLANs 1-5 Modifying a VLAN 1-6 Modifying Ports 1-8 VLAN - 3Com 3CRBSG2893 | User Guide - Page 163
VLANs, you can isolate them at Layer 2. For hosts in different VLANs to communicate, routers or Layer 3 switches are required. z Flexible virtual workgroup creation. As users from the same workgroup can be assigned to the same VLAN regardless of their physical locations, network construction and - 3Com 3CRBSG2893 | User Guide - Page 164
MAC addresses are encapsulated in non-canonical format. The field is set to 0 by default. z The 12-bit VLAN ID field identifies the VLAN the frame belongs to. The including 802.2 LLC, 802.2 SNAP, and 802.3 raw, are also supported by Ethernet. The VLAN tag fields are also used in these encapsulations - 3Com 3CRBSG2893 | User Guide - Page 165
three: z Access. An access port belongs to only one VLAN and usually connects to a user device. z Trunk. A trunk port can join multiple VLANs to receive and send traffic is not carried on the port. the port but is different from the default one. Send the frame if its VLAN is carried on the port. - 3Com 3CRBSG2893 | User Guide - Page 166
Configuring a VLAN Configuration Task List Use one of the following two approaches or combine the following two approaches to configure a VLAN: z Approach I: modify a VLAN, as shown in Table 1-1. z Approach II: modify a port, as shown in Table 1-2. Table 1-1 VLAN configuration task list (approach - 3Com 3CRBSG2893 | User Guide - Page 167
ID of the VLAN to be modified in the list in the middle of the page. Set the description string of the selected VLAN. By default, the description string of a VLAN is its VLAN ID, such as VLAN 0001. Return to VLAN configuration task list (approach I). Return to VLAN configuration task - 3Com 3CRBSG2893 | User Guide - Page 168
Figure 1-5 The Select VLAN tab Table 1-4 describes the configuration items of selecting VLANs. Table 1-4 Configuration items of selecting VLANs Item Display all VLANs Display a subnet of all configured VLANs Description Select one of the two radio buttons: z Display all VLANs: displays all - 3Com 3CRBSG2893 | User Guide - Page 169
selection are created first and then selected on the page for selecting VLANs. Modify Description Modify the description string of the selected VLAN. By default, the description string of a VLAN is its VLAN ID, such as VLAN 0001. Select memb ership type Untagged Tagged Not A Member Select ports - 3Com 3CRBSG2893 | User Guide - Page 170
Modifying Ports Select Network > VLAN from the navigation tree and click Modify Port to enter the page for modifying ports, as shown in Figure 1-7. Figure 1-7 The Modify Port tab Table 1-6 describes the configuration items of modifying ports. Table 1-6 Configuration items of modifying ports Item - 3Com 3CRBSG2893 | User Guide - Page 171
VLAN 100 to pass through. Figure 1-8 Network diagram for VLAN configuration Configuration procedure 1) Configure Switch A # Configure GigabitEthernet 1/0/1 as a trunk port and configure VLAN 100 as its default VLAN. Select Device > Port Management from the navigation tree and click Setup to enter - 3Com 3CRBSG2893 | User Guide - Page 172
Figure 1-9 Configure GigabitEthernet 1/0/1 as a trunk port and its PVID as 100 z Select Trunk in the Link Type drop-down list. z Select the PVID check box, and then type in PVID 100. z Select GigabitEthernet 1/0/1 on the chassis front device panel. z Click Apply. # Create VLAN 2, VLAN 6 through VLAN - 3Com 3CRBSG2893 | User Guide - Page 173
Figure 1-10 Create VLAN 2, VLAN 6 through VLAN 50, and VLAN 100 z Type in VLAN IDs 2, 6-50, 100. z Click Apply. # Assign GigabitEthernet 1/0/1 to VLAN 100 as an untagged member. Click Select VLAN to enter the page for selecting VLANs, as shown in Figure 1-11. Figure 1-11 Set a VLAN range z Select - 3Com 3CRBSG2893 | User Guide - Page 174
z Click Select. Click Modify VLAN to enter the page for modifying the ports in a VLAN, as shown in Figure 1-12. Figure 1-12 Assign GigabitEthernet 1/0/1 to VLAN 100 as an untagged member z Select 100 - VLAN 0100 in the Please select a VLAN to modify: drop-down list. z Select the Untagged radio - 3Com 3CRBSG2893 | User Guide - Page 175
, click Close in the dialog box. 2) Configure Switch B Configure Switch B as you configure Switch A. Configuration Guidelines When configuring VLAN, note that: 1) VLAN 1 is the default VLAN, which can be neither created nor removed manually. 2) Some VLANs are reserved for some special purposes - 3Com 3CRBSG2893 | User Guide - Page 176
Table of Contents 1 VLAN Interface Configuration 1-1 Overview 1-1 Configuring VLAN Interfaces 1-1 Configuration Task List 1-1 Creating a VLAN Interface 1-1 Modifying a VLAN Interface 1-3 i - 3Com 3CRBSG2893 | User Guide - Page 177
different VLANs to communicate, you must use a router or Layer 3 switch to perform layer 3 forwarding. To achieve this, VLAN interfaces are used assign the VLAN interface an IP address and specify it as the gateway of the VLAN to forward the traffic destined for an IP network segment different from - 3Com 3CRBSG2893 | User Guide - Page 178
VLAN interface gets an IPv4 address. Allow the VLAN interface to automatically obtain an IP address by selecting the DHCP or BOOTP option, or manually assign the VLAN interface an IP address by selecting the Manual option. Configure an IPv4 address for the VLAN interface. This option is available - 3Com 3CRBSG2893 | User Guide - Page 179
the correct Apply button to submit the modification. z After you change the IP address of the VLAN interface you are using to log in to the device , you will be disconnected from the device. You can use the changed IP address to re-log in. Select Network > VLAN Interface from the navigation - 3Com 3CRBSG2893 | User Guide - Page 180
interface an IP address by selecting the Manual option. Select Up or Down in the Admin Status drop-down list to bring up or shut down the selected VLAN interface. When the VLAN interface fails, you can shut down and then bring up the VLAN interface, which may restore it. By default, a VLAN - 3Com 3CRBSG2893 | User Guide - Page 181
to the OUI List 1-7 Voice VLAN Configuration Examples 1-8 Configuring Voice VLAN on a Port in Automatic Voice VLAN Assignment Mode 1-8 Configuring a Voice VLAN on a Port in Manual Voice VLAN Assignment Mode 1-13 Configuration Guidelines 1-18 i - 3Com 3CRBSG2893 | User Guide - Page 182
, add them to the OUI list after their removal. Voice VLAN Assignment Modes A port connected to a voice device, an IP phone for example, can be assigned to a voice VLAN in one of these two modes: Automatic mode and manual mode. Ports on a same device can be assigned to VLANs in different modes. 1-1 - 3Com 3CRBSG2893 | User Guide - Page 183
system matches the source MAC addresses in the untagged packets sent by the IP phone upon its power-on against the OUI list. If a match is Tagged voice traffic Manual mode Untagged voice traffic Access Not supported Not supported Not supported Supported, but you must configure the default VLAN of - 3Com 3CRBSG2893 | User Guide - Page 184
operate normally. z If an IP phone sends untagged voice traffic, to deliver the voice VLAN function, you must configure the default VLAN of the access port as configured for the device. If the default VLAN of the port is the voice VLAN and the port works in manual VLAN assignment mode, the port - 3Com 3CRBSG2893 | User Guide - Page 185
voice VLAN function is disabled on a port. Optional The system supports up to 16 OUI addresses. By default, the system is configured with seven OUI addresses, as shown in Table 1-1. Configuring voice VLAN on a port working in manual voice VLAN assignment mode Perform the tasks described in Table - 3Com 3CRBSG2893 | User Guide - Page 186
Voice VLAN on a Port Adding OUI Addresses to the OUI List Required Configure the voice VLAN assignment mode of a port as manual and enable voice VLAN on the port. By default, the voice VLAN assignment mode of a port is automatic, and voice VLAN is disabled on a port. Optional You can configure up - 3Com 3CRBSG2893 | User Guide - Page 187
is, manual voice VLAN assignment mode Select Enable or Disable in the drop-down list to enable or disable the voice VLAN function on the port. Set the voice VLAN ID. This option is available when the voice VLAN port state is set to Enable. The device supports only one voice VLAN - 3Com 3CRBSG2893 | User Guide - Page 188
voice VLAN. Return to Configuring voice VLAN on a port in automatic voice VLAN assignment mode. Return to Configuring voice VLAN on a port working in manual voice VLAN assignment mode. Adding OUI Addresses to the OUI List Select Network > Voice VLAN from the navigation tree and click the OUI Add - 3Com 3CRBSG2893 | User Guide - Page 189
voice VLAN on a port working in manual voice VLAN assignment mode. Voice VLAN Configuration voice traffic to pass through. z The IP phone connected to hybrid port GigabitEthernet 1/0/1 in automatic voice VLAN assignment mode Switch A GE1/0/1 VLAN 2 VLAN 2 Internet Switch B GE1/0/3 010-1001 OUI: - 3Com 3CRBSG2893 | User Guide - Page 190
Figure 1-5 Create VLAN 2 z Type in VLAN ID 2. z Click Create. # Configure GigabitEthernet 1/0/1 as a hybrid port. z Select Device > Port Management from the navigation tree, and click Setup on the displayed page to enter the page shown in Figure 1-6. 1-9 - 3Com 3CRBSG2893 | User Guide - Page 191
Figure 1-6 Configure GigabitEthernet 1/0/1 as a hybrid port z Select Hybrid from the Link Type dropdown list. z Select GigabitEthernet 1/0/1 from the chassis front panel. z Click Apply. # Configure the voice VLAN function globally. z Select Network > Voice VLAN from the navigation tree and click the - 3Com 3CRBSG2893 | User Guide - Page 192
z Select Enable in the Voice VLAN security drop-down list. (You can skip this step, because the voice VLAN security mode is enabled by default) z Set the voice VLAN aging timer to 30 minutes. z Click Apply. # Configure voice VLAN on GigabitEthernet 1/0/1. z Click the Port Setup tab to enter the page - 3Com 3CRBSG2893 | User Guide - Page 193
Type in description string test. z Click Apply. Verify the configuration z When the configurations described above are completed, the OUI Summary tab is displayed by default, as shown in Figure 1-10. You can view the information about the newly-added OUI address. Figure 1-10 Current OUI list of the - 3Com 3CRBSG2893 | User Guide - Page 194
z The IP phone connected to hybrid port GigabitEthernet 1/0/1 sends untagged voice traffic. z GigabitEthernet 1/0/1 operates in manual voice VLAN voice VLAN configuration on a port in manual voice VLAN assignment mode Switch A GE1/0/1 VLAN 2 VLAN 2 Internet Switch B GE1/0/3 010-1001 OUI: 0011- - 3Com 3CRBSG2893 | User Guide - Page 195
Figure 1-13 Create VLAN 2 z Type in VLAN ID 2. z Click Create. # Configure GigabitEthernet 1/0/1 as a hybrid port and configure its default VLAN as VLAN 2. z Select Device > Port Management from the navigation tree, and click Setup on the displayed page to enter the page shown in Figure 1-14. 1-14 - 3Com 3CRBSG2893 | User Guide - Page 196
Figure 1-14 Configure GigabitEthernet 1/0/1 as a hybrid port z Select Hybrid from the Link Type dropdown list. z Select the PVID option and type 2 in the text box. z Select GigabitEthernet 1/0/1 from the chassis front panel. z Click Apply. # Assign GigabitEthernet 1/0/1 to VLAN 2 as an untagged - 3Com 3CRBSG2893 | User Guide - Page 197
Figure 1-15 Assign GigabitEthernet 1/0/1 to VLAN 2 as an untagged member z Select GigabitEthernet 1/0/1 from the chassis front panel. z Select the Untagged option. z Type in VLAN ID 2. z Click Apply. A configuration progress dialog box appears, as shown in Figure 1-16. Figure 1-16 Configuration - 3Com 3CRBSG2893 | User Guide - Page 198
Figure 1-17 Configure voice VLAN on GigabitEthernet 1/0/1 z Select Manual in the Voice VLAN port mode drop-down list. z Select Enable in the Voice VLAN port state drop-down list. z Type in voice VLAN ID 2. z - 3Com 3CRBSG2893 | User Guide - Page 199
Type in description string test. z Click Apply. Verify the configuration z When the configurations described above are completed, the OUI Summary tab is displayed by default, as shown in Figure 1-19. You can view the information about the newly-added OUI address. Figure 1-19 Current OUI list of the - 3Com 3CRBSG2893 | User Guide - Page 200
protocol-based VLAN cannot be associated with the port. z At present, only one VLAN is supported and only an existing static VLAN can be configured as the voice VLAN. z If Link z After you assign a port working in manual voice VLAN assignment mode to the voice VLAN, the voice VLAN takes effect. 1-19 - 3Com 3CRBSG2893 | User Guide - Page 201
Table of Contents 1 MAC Address Configuration 1-1 Overview 1-1 Configuring MAC Addresses 1-2 Configuring a MAC Address Entry 1-2 Setting the Aging Time of MAC Address Entries 1-4 MAC Address Configuration Example 1-5 i - 3Com 3CRBSG2893 | User Guide - Page 202
static and dynamic. Static entries are manually configured and never age out. Dynamic entries can be manually configured or dynamically learned and will age and do the following: z If an entry is found for the MAC address, updates the entry. z If no entry containing the MAC address is found, adds an - 3Com 3CRBSG2893 | User Guide - Page 203
z Broadcast mode: If the device receives a frame with the destination address being all Fs, or no entry matches the destination MAC address, the device broadcasts the frame to all the ports except the receiving port. Figure 1-1 MAC address table of the device Configuring MAC Addresses MAC addresses - 3Com 3CRBSG2893 | User Guide - Page 204
Figure 1-2 The MAC tab Figure 1-3 Create a MAC address entry Table 1-1 shows the detailed configuration of creating a MAC address entry. 1-3 - 3Com 3CRBSG2893 | User Guide - Page 205
in the tab are as follows: z Config static: indicates static MAC address entries manually configured by the users z Config dynamic: indicates dynamic MAC address entries manually configured by the users z Blackhole: indicates blackhole MAC address entries z Learned: indicates dynamic MAC address - 3Com 3CRBSG2893 | User Guide - Page 206
MAC Address Configuration Example Network requirements Use the MAC address table management function of the Web-based NMS. It is required to add a static MAC address 00e0-fc35-dc71 under GigabitEthernet 1/0/1 in VLAN 1. Configuration procedure # Create a static MAC address entry. Select Network > - 3Com 3CRBSG2893 | User Guide - Page 207
Table of Contents 1 MSTP Configuration 1-1 Overview 1-1 Introduction to STP 1-1 Protocol Packets of STP 1-1 Basic Concepts in STP 1-1 How STP Works 1-3 Introduction to RSTP 1-9 Introduction to MSTP 1-9 Why MSTP 1-9 Basic Concepts in MSTP 1-10 How MSTP Works 1-14 Implementation of MSTP on - 3Com 3CRBSG2893 | User Guide - Page 208
1 MSTP Configuration Overview As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blocking redundant links in a network, and in the mean time, allows for link redundancy. Like many other protocols, STP evolves as the network grows. The later - 3Com 3CRBSG2893 | User Guide - Page 209
Root port On a non-root bridge, the port nearest to the root bridge is called the root port. The root port is responsible for communication with the root bridge. Each non-root bridge has one and only one root port. The root bridge has no root port. Designated bridge and designated port The - 3Com 3CRBSG2893 | User Guide - Page 210
root bridge. z Designated bridge ID: consisting of the priority and MAC address of the designated bridge. z Designated port ID: designated port priority plus port name. z Message age: age of the configuration BPDU while it propagates in the network. z Max age: maximum age of the configuration BPDU - 3Com 3CRBSG2893 | User Guide - Page 211
costs are compared. Assume that the root path cost in a configuration BPDU plus the path cost of a receiving port is S. The configuration BPDU with path cost is replaced with that of the configuration BPDU of the root port plus the path cost of the root port. z The designated bridge ID is replaced - 3Com 3CRBSG2893 | User Guide - Page 212
BPDU on the port is superior, the device blocks this port without updating its configuration BPDU. The blocked port can receive BPDUs but cannot in the blocked state - they receive BPDUs but do not forward BPDUs or user traffic. A tree-shape topology forms upon successful election of the root bridge - 3Com 3CRBSG2893 | User Guide - Page 213
0, 0, AP1}. Device B finds that the received configuration BPDU is superior to the configuration BPDU of the local port {1, 0, 1, BP1}, and updates the configuration BPDU of BP1. BP1: {0, 0, 0, AP1} z Port BP2 receives the configuration BPDU of Device C BP2: {1, 0, 1, BP2} {2, 0, 2, CP2}. Device - 3Com 3CRBSG2893 | User Guide - Page 214
periodic CP2: {0, 5, 1, BP2} configuration BPDUs from Device A. Device C does not launch an update process after comparison. After comparison: z Because the root path cost of CP2 (9) (root path cost of the BPDU (5) plus path cost corresponding to CP2 (4)) is smaller than the root path cost of CP1 - 3Com 3CRBSG2893 | User Guide - Page 215
Figure 1-3 The final calculated spanning tree Device A With priority 0 AP1 5 BP1 BP2 Device B With priority 1 AP2 4 CP2 Device C With priority 2 The spanning tree calculation process in this example is only a simplified process. The BPDU forwarding mechanism in STP z Upon network initiation, - 3Com 3CRBSG2893 | User Guide - Page 216
, even if it is a port on a point-to-point link or an edge port, which directly connects to a user terminal rather than to another device or a shared LAN segment. Although RSTP supports rapid network convergence, it has the same drawback as STP does: All bridges within a LAN share the same spanning - 3Com 3CRBSG2893 | User Guide - Page 217
z MSTP supports mapping VLANs to MST instances (MSTIs) by means of a VLAN-to-MSTI mapping table. MSTP can reduce communication overheads and resource usage by mapping multiple VLANs to one MSTI. z MSTP divides a switched network into multiple regions, each containing multiple spanning trees that are - 3Com 3CRBSG2893 | User Guide - Page 218
Jointly constituted by ISTs and the CST, the CIST is a single spanning tree that connects all devices in a switched network. In Figure 1-4, for example, the ISTs in all MST regions plus the inter-region CST constitute the CIST of the entire network. MSTI Multiple spanning trees can be generated in - 3Com 3CRBSG2893 | User Guide - Page 219
Figure 1-4, if a device in region A0 is interconnected with the first port of a device in region D0 and the common root bridge of the entire switched network is located in region A0, the first port of that device in region D0 is the boundary port of region D0. Roles of ports - 3Com 3CRBSG2893 | User Guide - Page 220
; z Discarding: the port does not learn MAC addresses or forwards user traffic. A port can have different port states in different MSTIs. A port state is not exclusively associated with a port role. Table 1-6 lists the port state(s) supported by each port role. ("√" indicates that the port state is - 3Com 3CRBSG2893 | User Guide - Page 221
Table 1-6 Ports states supported by different port roles Port state Forwarding Learning Discarding Root Designated port/master port port √ √ √ √ √ √ Port role Boundary port √ √ √ Alternate port - - √ Backup port - - √ How MSTP - 3Com 3CRBSG2893 | User Guide - Page 222
Task Remarks Configuring an MST Region Optional Configure the MST region-related parameters and VLAN-to-MSTI mappings. By default, the MST region-related parameters adopt the default values, and all VLANs in an MST region are mapped to MSTI 0. Configuring MSTP Globally Required Enable MSTP - 3Com 3CRBSG2893 | User Guide - Page 223
Description Region Name MST region name The MST region name is the bridge MAC address of the device by default. Revision Level Revision level of the MST region Manual Instance ID VLAN ID Manually add VLAN-to-MSTI mappings. Click Apply to add the VLAN-to-MSTI mapping entries to the list below - 3Com 3CRBSG2893 | User Guide - Page 224
MSTP BPDUs, and automatically migrates to STP-compatible mode when detecting that it is connected with a device running STP. The working mode is RSTP by default. Set the maximum number of hops in an MST region to restrict the region size. The setting can take effect only when it is configured - 3Com 3CRBSG2893 | User Guide - Page 225
Item Bridge Diameter Description Any two stations in a switched network are interconnected through a specific path composed of a series of devices. The bridge diameter (or the network diameter) is the number of devices on the path composed of the most - 3Com 3CRBSG2893 | User Guide - Page 226
Configuring MSTP on a Port Select Network > MSTP from the navigation tree, and then click Port Setup to enter the page for configuring MSTP on ports, as shown in Figure 1-9. Figure 1-9 MSTP configuration on a port Table 1-10 describes the configuration items of configuring MSTP on a port. Table 1- - 3Com 3CRBSG2893 | User Guide - Page 227
balancing. The device can automatically calculate the default path cost; alternatively, you can also manually configure path cost for ports. Point to Therefore, you are recommended to use the default value. Set whether the port migrates to the MSTP mode. In a switched network, if a port on an MSTP - 3Com 3CRBSG2893 | User Guide - Page 228
, and blocked ports may transit to the forwarding state, causing loops in the network. The loop guard function is used to address such a problem. Return to MSTP configuration task list. Displaying MSTP Information of a Port Select Network > MSTP from the navigation tree, and then click Port Summary - 3Com 3CRBSG2893 | User Guide - Page 229
MAC addresses and forwards user traffic The port is in learning state: The port learns MAC addresses but does not forward user traffic The port is the port The port ID displayed is insignificant for a port that does not support port priority. Whether the port is an edge port: z Config indicates the - 3Com 3CRBSG2893 | User Guide - Page 230
of VLAN 10, VLAN 20, VLAN 30, and VLAN 40 are forwarded along MSTI 1, MSTI 2, MSTI 3, and MSTI 0 respectively. z Switch A and Switch B operate at the distribution layer; Switch C and Switch D operate at the access layer. VLAN 10 and VLAN 20 are terminated on the distribution layer devices, and VLAN - 3Com 3CRBSG2893 | User Guide - Page 231
:" next to a link in the figure is followed by the VLANs the packets of which are permitted to pass this link. Configuration procedure 1) Configure Switch A. # Configure an MST region. z Select Network > MSTP from the navigation tree to enter the page shown in Figure 1-12. Figure 1-12 The Region tab - 3Com 3CRBSG2893 | User Guide - Page 232
Figure 1-13 Configure an MST region z Set the region name to example. z Set the revision level to 0. z Select the Manual radio button. z Select 1 in the Instance ID drop-down list. z Set the VLAN ID to 10. z Click Apply to map VLAN 10 to MSTI 1 and - 3Com 3CRBSG2893 | User Guide - Page 233
B. # Configure an MST region. (The procedure here is the same as that of configuring an MST region on Switch A.) # Configure MSTP globally. z Select Network > MSTP from the navigation tree, and then click Global to enter the page for configuring MSTP globally. See Figure 1-14. z - 3Com 3CRBSG2893 | User Guide - Page 234
C. # Configure an MST region. (The procedure here is the same as that of configuring an MST region on Switch A.) # Configure MSTP globally. z Select Network > MSTP from the navigation tree, and then click Global to enter the page for configuring MSTP globally. See Figure 1-14. z - 3Com 3CRBSG2893 | User Guide - Page 235
Figure 1-15 Configure MSTP globally (on Switch D) z Select Enable in the Enable STP Globally drop-down list. z Select MSTP in the Mode drop-down list. z Click Apply. Guidelines Follow these guidelines when - 3Com 3CRBSG2893 | User Guide - Page 236
z Configure ports that are directly connected to terminals as boundary ports and enable BPDU guard for them. In this way, these ports can rapidly transit to the forwarding state, and the network security can be ensured. 1-29 - 3Com 3CRBSG2893 | User Guide - Page 237
Table of Contents 1 Link Aggregation and LACP Configuration 1-1 Overview 1-1 Basic Concepts of Link Aggregation 1-1 Link Aggregation Modes 1-3 Load Sharing Mode of an Aggregation Group 1-4 Configuring Link Aggregation and LACP 1-4 Configuration Task List 1-4 Creating a Link Aggregation Group - 3Com 3CRBSG2893 | User Guide - Page 238
Layer 3 aggregate interface. The current device only supports Layer 2 aggregation interface. Aggregation group An aggregation group assign only Layer 3 Ethernet interfaces to the group. The current device only supports Layer 2 aggregation group States of the member ports in an aggregation group A - 3Com 3CRBSG2893 | User Guide - Page 239
VLAN Whether a port has joined an isolation group Permitted VLAN IDs, default VLAN, link type (trunk, hybrid, or access), ,tag mode may affect the select state of link aggregation member ports and thus the ongoing service. To prevent unconsidered change, a message warning of the hazard will be - 3Com 3CRBSG2893 | User Guide - Page 240
Link Aggregation Modes Depending on the link aggregation procedure, link aggregation operates in one of the following two modes: z Static aggregation mode z Dynamic aggregation mode Static aggregation mode LACP is disabled on the member ports in a static aggregation group. In a static aggregation - 3Com 3CRBSG2893 | User Guide - Page 241
To keep these configurations consistent, you should configure the port manually. z Because changing a port attribute or class-two configuration affects services, you are recommended to do that with caution. Load Sharing Mode of an Aggregation Group Every link aggregation group created on 3Com Switch - 3Com 3CRBSG2893 | User Guide - Page 242
local system and link aggregation member ports. Changes of LACP priorities affect the selected/unselected state of link aggregation member ports. The default port LACP priority and system LACP priority are both 32768. Displaying Information of LACP-Enabled Ports Optional Perform the task to view - 3Com 3CRBSG2893 | User Guide - Page 243
Figure 1-1 Create a link aggregation group Table 1-4 describes the configuration items of creating a link aggregation group. Table 1-4 Configuration items of creating a link aggregation group Item Description Enter Link Aggregation Interface ID Assign an ID to the link aggregation group to be - 3Com 3CRBSG2893 | User Guide - Page 244
Link Aggregation from the navigation tree. The Summary tab is displayed by default, as shown in Figure 1-2. Figure 1-2 Display information of an aggregate interface group (Only selected ports can transmit and receive user data) Number of unselected ports in each link aggregation group (Unselected ports - 3Com 3CRBSG2893 | User Guide - Page 245
Dynamic aggregation group configuration task list. Displaying Information of LACP-Enabled Ports Select Network > LACP from the navigation tree. The Summary tab is displayed by default, as shown in Figure 1-4. 1-8 - 3Com 3CRBSG2893 | User Guide - Page 246
Figure 1-4 Display the information of LACP-enabled ports The upper part of the page displays a list of all LACP-enabled ports on the device and information about them. To view information about the partner port of a LACP-enabled port, select it in the port list, and then click View Details. - 3Com 3CRBSG2893 | User Guide - Page 247
is inactive (that is, unselected) for receiving/transmitting user data. For the meanings of the reason codes, see state machine of the sending system is using the default operational partner information. z H indicates that the receive shown in Figure 1-5, Switch A and Switch B are connected to - 3Com 3CRBSG2893 | User Guide - Page 248
Figure 1-5 Network diagram for static link aggregation configuration Configuration procedure You can create a static or dynamic link aggregation group to achieve load balancing. 1) Approach 1: Create a static link aggregation group # Create static link aggregation group 1. Select Network > Link - 3Com 3CRBSG2893 | User Guide - Page 249
must be the same as the reference port in port attributes, and class-two configurations. To keep these configurations consistent, you should configure the port manually. 1-12 - 3Com 3CRBSG2893 | User Guide - Page 250
z Reference port: Select a port as the reference port from the ports that are in up state and with the same class-two configurations as the corresponding aggregate interface. The selection order is as follows: full duplex/high speed, full duplex/low speed, half duplex/high speed, and half duplex/low - 3Com 3CRBSG2893 | User Guide - Page 251
Table of Contents 1 LLDP 1-1 Overview 1-1 Background 1-1 Basic Concepts 1-1 Operating Modes of LLDP 1-5 How LLDP Works 1-5 Compatibility of LLDP with CDP 1-6 Protocols and Standards 1-6 Configuring LLDP 1-6 LLDP Configuration Task List 1-6 Enabling LLDP on Ports 1-7 Configuring LLDP - 3Com 3CRBSG2893 | User Guide - Page 252
1 LLDP Overview Background In a heterogeneous network, it is important that different types of network devices from different vendors can discover one other and exchange configuration for interoperability and management sake. This calls for a standard configuration exchange platform. To address the - 3Com 3CRBSG2893 | User Guide - Page 253
Field Source MAC address Type Data FCS Description The MAC address of the sending port. If the port does not have a MAC address, the MAC address of the sending bridge is used. The Ethernet type for the upper layer protocol. It is 0x88CC for LLDP. LLDP data. Frame check sequence, a 32-bit CRC value - 3Com 3CRBSG2893 | User Guide - Page 254
by network management, and the interface number and OID (object identifier) associated with the address. 2) IEEE 802.1 organizationally specific TLVs Table 1-4 IEEE 802.1 organizationally specific TLVs Type Port VLAN ID Port And Protocol VLAN ID Description PVID of the sending port Port and - 3Com 3CRBSG2893 | User Guide - Page 255
supported on the port Currently, 3Com Switch 2900 supports receiving but not sending protocol identity TLVs. 3) IEEE 802.3 organizationally specific TLVs Table 1-5 IEEE 802.3 organizationally specific for voice over IP (VoIP), such Firmware Revision Allows a MED endpoint to advertise its firmware - 3Com 3CRBSG2893 | User Guide - Page 256
re-initializes. To prevent LLDP from being initialized too frequently at times of frequent operating mode change, an initialization delay, which is user configurable, is introduced. With this delay mechanism, a port must wait for the specified interval before it can initialize LLDP after the LLDP - 3Com 3CRBSG2893 | User Guide - Page 257
With this mechanism, a specific number of LLDPDUs are compatibility for your device to work with Cisco IP phones. As your LLDP-enabled device cannot recognize Cisco Discovery configuration task list Task Remarks Enabling LLDP on Ports Optional By default, LLDP is enabled on ports. Make sure that LLDP - 3Com 3CRBSG2893 | User Guide - Page 258
compatibility is disabled. z Device information polling and trapping are disabled. z All TLVs except the Location Identification TLV are advertised. Required By default, global LLDP is disabled. To enable LLDP to work on a port, enable LLDP both globally and on the port. Displaying LLDP Information - 3Com 3CRBSG2893 | User Guide - Page 259
Figure 1-4 The Port Setup tab Return to LLDP Configuration Task List. Configuring LLDP Settings on Ports Select Network > LLDP from the navigation tree to enter the Port Setup tab, as shown in Figure 1-4. You can configure LLDP settings on ports individually or in batch. 1-8 - 3Com 3CRBSG2893 | User Guide - Page 260
z To configure LLDP settings on ports individually, click the icon for the port you are configuring. On the page displayed as shown in Figure 1-5, you can modify or view the LLDP settings of the port. Figure 1-5 The page for modifying LLDP settings on a port z To configure LLDP settings on ports in - 3Com 3CRBSG2893 | User Guide - Page 261
Figure 1-6 The page for modifying LLDP settings on ports in batch Table 1-8 describes the port LLDP configuration items. Table 1-8 Port LLDP configuration items Item Description Interface Name Displays the name of the port or ports you are configuring. DLDP State Basic Settings LLDP - 3Com 3CRBSG2893 | User Guide - Page 262
and its format (a numeric or character string in the TLV). If no management address is specified, the main IP address of the lowest VLAN carried on the port is used. If no main IP address is assigned to the VLAN, 127.0.0.1 is used. Select to include the PVID TLV in transmitted LLDPDUs - 3Com 3CRBSG2893 | User Guide - Page 263
capabilities TLV in transmitted LLDPDUs. Select to include the hardware revision TLV, firmware revision TLV, software revision TLV, serial number TLV, manufacturer name TLV , set the device type, which can be a DHCP server, switch or LLDP-MED endpoint, country code, and network device address. - 3Com 3CRBSG2893 | User Guide - Page 264
the product of the TTL multiplier and the LLDPDU transmit interval is less than 255 seconds for CDP-compatible LLDP to work properly with Cisco IP phones. Set the number of LLDPDUs sent each time fast LLDPDU transmission is triggered. 1-13 - 3Com 3CRBSG2893 | User Guide - Page 265
less than 255 seconds for CDP-compatible LLDP to work properly with Cisco IP phones. Set the minimum interval for sending traps. With the LLDP trapping than the TTL to ensure that the LLDP neighbors can receive LLDPDUs to update information about the device you are configuring before it is aged out. - 3Com 3CRBSG2893 | User Guide - Page 266
1-10 Local information of an LLDP-enabled port Field Description Port ID subtype Power port class Port power classification Media policy type PoE PSE power source Port ID type, which can be z Interface alias z Port component z MAC address z Network address z Interface name z Agent circuit ID - 3Com 3CRBSG2893 | User Guide - Page 267
1-11 LLDP neighbor information of an LLDP-enabled port Field Chassis type Chassis ID Port ID type Port ID System capabilities supported Description Chassis ID type. Available options include: z Chassis component z Interface alias z Port component z MAC address z Network address z Interface name - 3Com 3CRBSG2893 | User Guide - Page 268
service of LLDP belong to this category. z Class II: A media endpoint device. The class II endpoint devices support class III endpoint devices directly support end users of the IP communication system. Providing all capabilities of the neighbor. FirmwareRev Firmware version of the neighbor. - 3Com 3CRBSG2893 | User Guide - Page 269
Field Asset tracking identifier PoE PSE power source Port PSE priority Description Asset ID advertised by the neighbor. This ID is used for the purpose of inventory management and asset - 3Com 3CRBSG2893 | User Guide - Page 270
the discovery service of LLDP belong to this category. z Class II: A media endpoint device. The class II endpoint devices support the media endpoint device. The class III endpoint devices directly support end users of the IP communication system. Providing all capabilities of generic and media - 3Com 3CRBSG2893 | User Guide - Page 271
1-14, a network management station is connected to Switch A over Ethernet and Switch A is connected to a MED device and Switch B through ports GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 respectively. Configure LLDP on Switch A and Switch B so that the network management station can determine - 3Com 3CRBSG2893 | User Guide - Page 272
Configuration procedure 1) Configure Switch A # Enable LLDP on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2. (Optional. By default, LLDP is enabled on Ethernet ports.) # Set the LLDP operating mode to Rx on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2. z Select Network > LLDP from the - 3Com 3CRBSG2893 | User Guide - Page 273
Figure 1-16 The page for setting LLDP on multiple ports z Select Rx from the LLDP Operating Mode dropdown list. z Click Apply. # Enable global LLDP. z Click the Global Setup tab, as shown in Figure 1-17. Figure 1-17 The Global Setup tab 1-22 - 3Com 3CRBSG2893 | User Guide - Page 274
z Select Enable from the LLDP Enable dropdown list. z Click Apply. 2) Configure Switch B # Enable LLDP on port GigabitEthernet 1/0/1. (Optional. By default, LLDP is enabled on Ethernet ports.) # Set the LLDP operating mode to Rx on GigabitEthernet 1/0/1. z Select Network > LLDP from the navigation - 3Com 3CRBSG2893 | User Guide - Page 275
1-20. Figure 1-20 The Status Information tab # Tear down the link between Switch A and Switch B. # Display the status information of port GigabitEthernet1/0/2 on Switch A. z Click Refresh. The updated status information of port GigabitEthernet 1/0/2 shows that no neighbor device is connected to the - 3Com 3CRBSG2893 | User Guide - Page 276
shown in Figure 1-22, port GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 of Switch A are each connected to a Cisco IP phone. On Switch A configure VLAN 2 as a voice VLAN and configure CDP-compatible LLDP to enable the Cisco IP phones to automatically configure the voice VLAN, thus confining their - 3Com 3CRBSG2893 | User Guide - Page 277
Figure 1-24 The page for configuring ports z Select Trunk in the Link Type drop-down list. z Click to select port GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 from the chassis front panel. z Click Apply. # Configure the voice VLAN function on the two ports. z Select Network > Voice VLAN from the - 3Com 3CRBSG2893 | User Guide - Page 278
and GigabitEthernet 1/0/2 from the chassis front panel. z Click Apply. # Enable LLDP on ports GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2. If LLDP is enabled (the default), skip this step. # Set both the LLDP operating mode and the CDP operating mode to TxRx on ports GigabitEthernet 1/0/1 and - 3Com 3CRBSG2893 | User Guide - Page 279
Figure 1-26 The Port Setup tab 1-28 - 3Com 3CRBSG2893 | User Guide - Page 280
Figure 1-27 The page for modifying LLDP settings on ports z Select TxRx from the LLDP Operating Mode dropdown list. z Select TxRx from the CDP Operating Mode dropdown list. z Click Apply. # Enable global LLDP and CDP compatibility of LLDP. z Click the Global Setup tab, as shown in Figure 1-28. - 3Com 3CRBSG2893 | User Guide - Page 281
Configuration verification # Display information about LLDP neighbors on Switch A. Display information about LLDP neighbors on Switch A after completing the configuration. You can see that Switch A has discovered the Cisco IP phones attached to ports GigabitEthernet1/0/1 and GigabitEthernet1/0/2 and - 3Com 3CRBSG2893 | User Guide - Page 282
Table of Contents 1 IGMP snooping 1-1 Overview 1-1 Principle of IGMP Snooping 1-1 IGMP Snooping Related Ports 1-1 Work Mechanism of IGMP Snooping 1-2 Protocols and Standards 1-4 Configuring IGMP Snooping 1-4 Configuration Task List 1-4 Enabling IGMP snooping Globally 1-5 Configuring IGMP - 3Com 3CRBSG2893 | User Guide - Page 283
without IGMP Snooping Multicast packet transmission when IGMP Snooping runs Source Multicast router Source Multicast router Layer 2 switch Layer 2 switch Host A Receiver Host B Multicast packets Host C Receiver Host A Receiver Host B Host C Receiver IGMP Snooping Related Ports As - 3Com 3CRBSG2893 | User Guide - Page 284
all its member ports in the IGMP snooping forwarding table. z Whenever mentioned in this document, a router port is a port on the switch that leads the switch to a Layer 3 multicast device, rather than a port on a router. z Unless otherwise specified, router ports and member ports mentioned in this - 3Com 3CRBSG2893 | User Guide - Page 285
in the VLAN except the receiving port and performs the following to the receiving port: z The switch resets the aging timer for the receiving port if the port is in the router port list; z The switch adds the receiving port to the router port list if it is not in the list and - 3Com 3CRBSG2893 | User Guide - Page 286
switch receives a group-specific the switch discards switch does not immediately remove the port from the outgoing port list; instead, the switch resets specific query, the switch group-specific query switch resets the aging timer of the member port. z If no IGMP report in response to the group-specific - 3Com 3CRBSG2893 | User Guide - Page 287
Display IGMP Snooping Multicast Entry Information Required Enable IGMP snooping in the VLAN and configure the IGMP snooping version and querier feature. By default, IGMP snooping is disabled in a VLAN. z IGMP snooping must be enabled globally before it can be enabled in a VLAN. z When you enable - 3Com 3CRBSG2893 | User Guide - Page 288
Table 1-2 IGMP snooping configuration items Item IGMP snooping Description Globally enable or disable IGMP snooping. Return to IGMP snooping configuration task list. Configuring IGMP Snooping in a VLAN Select Network > IGMP Snooping in the navigation tree to enter the basic configuration page - 3Com 3CRBSG2893 | User Guide - Page 289
the function of dropping unknown multicast data enabled, the switch drops all the unknown multicast data received. z With the function IGMP querier-related function can be implemented because a Layer 2 device does not support IGMP. To address this issue, you can enable IGMP snooping querier on a - 3Com 3CRBSG2893 | User Guide - Page 290
forwarding table entry. Then, when receiving IGMP group-specific queries for that multicast group, the switch will not forward them to that port. In VLANs enter the basic configuration page shown in Figure 1-3. Click the plus sign (+) in front of Show Entries to display information about IGMP - 3Com 3CRBSG2893 | User Guide - Page 291
Configuration Examples Network requirements z As shown in Figure 1-8, Router A connects to a multicast source (Source) through Ethernet 1/2, and to Switch A through Ethernet 1/1. z The multicast source sends multicast data to group 224.1.1.1. Host A is a receiver of the multicast group. z IGMPv2 - 3Com 3CRBSG2893 | User Guide - Page 292
detailed configuration steps are omitted. 2) Configure Router A Enable IP multicast routing, enable PIM-DM on each interface, and enable IGMP on Ethernet 1/1. The detailed configuration steps are omitted. 3) Configure Switch A # Create VLAN 100 and add GigabitEthernet 1/0/1 through GigabitEthernet - 3Com 3CRBSG2893 | User Guide - Page 293
Figure 1-9 Create VLAN 100 z Type the VLAN ID 100. z Click Apply to complete the operation. z Click the Modify Port tab to enter the configuration page shown in Figure 1-10. 1-11 - 3Com 3CRBSG2893 | User Guide - Page 294
Figure 1-10 Add a port to the VLAN z Select GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 in the Select Ports field. z Select the Untagged radio button for Select membership type. z Type the VLAN ID 100. z Click Apply to complete the operation. # Enable IGMP snooping - 3Com 3CRBSG2893 | User Guide - Page 295
Figure 1-11 Enable IGMP snooping globally z Select Enable and click Apply to globally enable IGMP snooping. # In VLAN 100, enable IGMP snooping and the function of dropping unknown multicast data. z Click the icon corresponding to VLAN 100 to enter its configuration page and perform the following - 3Com 3CRBSG2893 | User Guide - Page 296
the operation. Configuration verification # Display the IGMP snooping multicast entry information on Switch A. z Select Network > IGMP Snooping in the navigation tree to enter the basic configuration page. z Click the plus sign (+) in front of Show Entries in the basic VLAN configuration page to - 3Com 3CRBSG2893 | User Guide - Page 297
.1.1.1) to view details about this entry, as shown in Figure 1-15. Figure 1-15 Details about an IGMP snooping multicast entry As shown above, GigabitEthernet 1/0/3 of Switch A is listening to multicast streams destined for multicast group 224.1.1.1. 1-15 - 3Com 3CRBSG2893 | User Guide - Page 298
Table of Contents 1 Routing Configuration 1-1 Overview 1-1 Routing Table 1-1 Static Route 1-1 Default Route 1-2 Configuring IPv4 Routing 1-2 Displaying the IPv4 Active Route Table 1-2 Creating an IPv4 Static Route 1-3 Static Route Configuration Examples 1-4 Precautions 1-8 i - 3Com 3CRBSG2893 | User Guide - Page 299
document refers to a switch supporting routing function. Overview Routers interface: Specifies the interface through which a matching IP packet is to be forwarded. z Nexthop: Specifies may be found by various routing protocols or manually configured, and routing protocols and static routes have - 3Com 3CRBSG2893 | User Guide - Page 300
packet will be sent to the source to report that the destination is unreachable. You can configure the default route, an IPv4 static default route has both its destination IP address and mask configured as 0.0.0.0. Configuring IPv4 Routing Displaying the IPv4 Active Route Table Select Network > IPv4 - 3Com 3CRBSG2893 | User Guide - Page 301
Field Preference Next Hop Interface Description Preference value for the IPv4 route The smaller the number, the higher the preference. Nexthop IP address of the IPv4 route Outgoing interface of the IPv4 route. Packets destined for the specified network segment will be sent out the interface. - 3Com 3CRBSG2893 | User Guide - Page 302
C as the next hop. 3) On Switch C, configure a default route with Switch B as the next hop. Configuration procedure 1) Configure the IP addresses of the interfaces (omitted) 2) Configure IPv4 static routes # Configure a default route to Switch B on Switch A. z After you log in to the web interface - 3Com 3CRBSG2893 | User Guide - Page 303
1-4 Configure a default route Make the following configurations on the page: z Type 0.0.0.0 for Destination IP Address. z Select 0 (0.0.0.0) from the Mask drop-down list. z Type 1.1.4.2 for Next Hop. z Click Apply. # Configure a static route to Switch A and Switch C respectively on Switch B. z After - 3Com 3CRBSG2893 | User Guide - Page 304
drop-down list. z Type 1.1.4.1 for Next Hop. z Click Apply. z Type 1.1.3.0 for Destination IP Address. z Select 24 (255.255.255.0) from the Mask drop-down list. z Type 1.1.5.6 for Next Hop. z Click Apply. # Configure a default route to Switch B on Switch C. z After you log in to the Web interface of - 3Com 3CRBSG2893 | User Guide - Page 305
1-6 Configure a default route z Type 0.0.0.0 for Destination IP Address. z Select 0 (0.0.0.0) from the Mask drop-down list. z Type 1.1.5.5 for Next Hop. z Click Apply. Verify the configuration # Display the route table. Enter the IPv4 route page of Switch A, Switch B, and Switch C respectively to - 3Com 3CRBSG2893 | User Guide - Page 306
static routes. Currently, the Web interface does not support configuration of the default preference. 2) When configuring a static route, the static route does not take effect if you specify the next hop address first and then configure it as the IP address of a local interface, such as a VLAN - 3Com 3CRBSG2893 | User Guide - Page 307
DHCP Relay Agent on an Interface 2-5 Configuring and Displaying Clients' IP-to-MAC Bindings 2-6 DHCP Relay Agent Configuration Example 2-6 3 DHCP DHCP Snooping 3-1 Application Environment of Trusted Ports 3-2 DHCP Snooping Support for Option 82 3-3 DHCP Snooping Configuration Task List 3-3 - 3Com 3CRBSG2893 | User Guide - Page 308
IP addresses need to be changed accordingly. Therefore, related configurations on hosts become more complex. The Dynamic Host Configuration Protocol (DHCP) was introduced to solve these problems Address Allocation Allocation Mechanisms DHCP supports three mechanisms for IP address allocation. 1-1 - 3Com 3CRBSG2893 | User Guide - Page 309
z Manual allocation: The network administrator assigns an IP address to a client like a WWW server, and DHCP conveys the assigned address to the client. z Automatic allocation: DHCP assigns a permanent IP address to a client. z Dynamic allocation: DHCP assigns an IP address to a client for a limited - 3Com 3CRBSG2893 | User Guide - Page 310
half lease duration elapses, the DHCP client sends to the DHCP server a DHCP-REQUEST unicast to extend the lease duration. Upon availability of the IP address, the DHCP server returns a DHCP-ACK unicast confirming that the client's lease duration has been extended, or a DHCP-NAK unicast denying the - 3Com 3CRBSG2893 | User Guide - Page 311
z Option 67: Bootfile name option. It specifies the bootfile name to be assigned to the client. z Option 150: TFTP server IP address option. It specifies the TFTP server IP address to be assigned to the client. z Option 121: Classless route option. It specifies a list of classless static routes (the - 3Com 3CRBSG2893 | User Guide - Page 312
The Option 82 supporting server can also use such information to define individual assignment policies of IP address and other supports two sub-options: sub-option 1 (Circuit ID) and sub-option 2 (Remote ID). Option 82 has no unified definition. Its padding formats vary with vendors. By default - 3Com 3CRBSG2893 | User Guide - Page 313
on each subnet, which is not practical. DHCP relay agent solves the problem. Via a relay agent, DHCP clients communicate with a DHCP server on agent. Figure 2-1 DHCP relay agent application DHCP client DHCP client IP network DHCP relay agent DHCP client DHCP client DHCP server No matter - 3Com 3CRBSG2893 | User Guide - Page 314
giaddr field of the message with its IP address and forwards the message to the the DHCP server returns an IP address and other configuration parameters advanced DHCP parameters. By default, global DHCP is disabled. work in the DHCP server mode by default. z You can enable either the DHCP - 3Com 3CRBSG2893 | User Guide - Page 315
can dynamically record clients' IP-to-MAC bindings after clients get IP addresses. It also supports static bindings, that is, you can manually configure IP-to-MAC bindings on the DHCP relay agent, so that users can access external network using fixed IP addresses. By default, no static binding is - 3Com 3CRBSG2893 | User Guide - Page 316
Service Enable or disable global DHCP. Unauthorized Server Detect Enable or disable unauthorized DHCP server detection. There are unauthorized DHCP servers on networks, which reply DHCP clients with wrong IP IP address from dynamic client entries. To solve this problem enter the default DHCP Relay - 3Com 3CRBSG2893 | User Guide - Page 317
default DHCP Relay page shown in Figure 2-3. In the Interface Config field, the DHCP relay agent state of interfaces is displayed. Click the icon of a specific outside networks via the DHCP relay agent. This prevents invalid IP address configuration. Correlate the interface with a DHCP server group. - 3Com 3CRBSG2893 | User Guide - Page 318
IP-to-MAC Bindings Select Network > DHCP from the navigation tree to enter the default DHCP Relay page shown in Figure 2-3. In the User Information field, click the User on the DHCP relay agent (Switch A) connects to the network where DHCP clients reside. The IP address of VLAN-interface 1 is 10. - 3Com 3CRBSG2893 | User Guide - Page 319
diagram for DHCP relay agent configuration Configuration procedure 1) Specify IP addresses for interfaces (omitted) 2) Configure the DHCP relay agent # Enable DHCP. z Select Network > DHCP from the navigation tree to enter the default DHCP Relay page. Perform the following operations, as shown - 3Com 3CRBSG2893 | User Guide - Page 320
Figure 2-9 Enable DHCP z Click on the Enable radio button next to DHCP Service. z Click Apply. # Configure a DHCP server group. z In the Server Group DHCP server group z Type 1 for Server Group ID. z Type 10.1.1.1 for IP Address. z Click Apply. # Enable the DHCP relay agent on VLAN-interface 1. 2-8 - 3Com 3CRBSG2893 | User Guide - Page 321
z In the Interface Config field, click the icon of VLAN-interface 1, and then perform the following operations, as shown in Figure 2-11. Figure 2-11 Enable the DHCP relay agent on an interface and correlate it with a server group z Click on the Enable radio button next to DHCP Relay. z Select 1 for - 3Com 3CRBSG2893 | User Guide - Page 322
ports to record DHCP snooping entries, including MAC addresses of clients, IP addresses obtained by the clients, ports that connect to DHCP clients can be configured as trusted or untrusted, ensuring the clients to obtain IP addresses from authorized DHCP servers. z Trusted: A trusted port forwards - 3Com 3CRBSG2893 | User Guide - Page 323
from the DHCP server, so that the DHCP client can obtain an IP address from the authorized DHCP server. Configuring trusted ports in a cascaded ports, which are indirectly connected to DHCP clients, from recording clients' IP-to-MAC bindings upon receiving DHCP requests. Figure 3-2 Configure trusted - 3Com 3CRBSG2893 | User Guide - Page 324
Option 82. By default, an interface is untrusted and DHCP snooping does not support Option 82. You need to specify the ports connected to the authorized DHCP servers as trusted to ensure that DHCP clients can obtain valid IP addresses. The trusted port and the port connected to the DHCP client - 3Com 3CRBSG2893 | User Guide - Page 325
Task Remarks Displaying Clients' Optional IP-to-MAC Bindings Display clients' IP-to-MAC bindings recorded by DHCP snooping. Enabling DHCP Snooping Select Network > DHCP from the navigation tree, and then click the DHCP Snooping tab to - 3Com 3CRBSG2893 | User Guide - Page 326
Option 82 Support Option 82 Strategy Description This field displays the name of a specific interface. User Information button to view clients' IP-to-MAC bindings recorded by DHCP snooping, as shown in Figure 3-5. Figure 3-5 DHCP snooping user information Table 3-3 describes DHCP snooping user - 3Com 3CRBSG2893 | User Guide - Page 327
user information configuration items Item Description IP Address MAC Address This field displays the IP IP-to-MAC binding is generated dynamically. z Static: The IP-to-MAC binding is configured manually. Currently, static bindings are not supported z Configure Switch B to record clients' IP-to-MAC - 3Com 3CRBSG2893 | User Guide - Page 328
Figure 3-7 Enable DHCP snooping z Click on the Enable radio button next to DHCP Snooping. # Configure DHCP snooping functions on GigabitEthernet 1/0/1. z Click the icon of GigabitEthernet 1/0/1 on the interface list. Perform the following operations on the DHCP Snooping Interface Configuration page - 3Com 3CRBSG2893 | User Guide - Page 329
on GigabitEthernet 1/0/2 z Click on the Untrust radio button for Interface State. z Click on the Enable radio button next to Option 82 Support. z Select Replace for Option 82 Strategy. z Click Apply. # Configure DHCP snooping functions on GigabitEthernet 1/0/3. z Click the icon of GigabitEthernet - 3Com 3CRBSG2893 | User Guide - Page 330
z Click on the Untrust radio button for Interface State. z Click on the Enable radio button next to Option 82 Support. z Select Replace for Option 82 Strategy. z Click Apply. 3-9 - 3Com 3CRBSG2893 | User Guide - Page 331
Table of Contents 1 Service Management 1-1 Overview 1-1 Configuring Service Management 1-2 i - 3Com 3CRBSG2893 | User Guide - Page 332
against attacks such as IP spoofing and plain text password interception. SFTP service The secure file transfer protocol (SFTP) is a new feature in SSH2.0. SFTP uses the SSH connection to provide secure data transfer. The device can serve as the SFTP server, allowing a remote user to log in to - 3Com 3CRBSG2893 | User Guide - Page 333
management configuration items FTP Telnet SSH Item Enable FTP service ACL Enable Telnet service Enable SSH service Description Specifies whether to enable the FTP service. The FTP service is disabled by default. Associates the FTP service with an ACL. Only the clients that pass the ACL filtering - 3Com 3CRBSG2893 | User Guide - Page 334
enable the HTTPS service. service The HTTPS service is disabled by default. Port Number Sets the port number for HTTPS service. You can view button in front of HTTPS. Sets the PKI domain for the HTTPS service. You can configure the available PKI domains by selecting Authentication > PKI - 3Com 3CRBSG2893 | User Guide - Page 335
Table of Contents 1 Diagnostic Tools 1-1 Overview 1-1 Ping 1-1 Trace Route 1-1 Diagnostic Tool Operations 1-2 Ping Operation 1-2 Trace Route Operation 1-3 i - 3Com 3CRBSG2893 | User Guide - Page 336
device. 2) The first hop (the Layer 3 device that first receives the packet) responds by sending a TTL-expired ICMP message to the source, with its IP address encapsulated. In this way, the source device can get the address of the first Layer 3 device. 3) The source device sends a packet with a TTL - 3Com 3CRBSG2893 | User Guide - Page 337
Diagnostic Tool Operations Ping Operation The Web interface supports the IPv4 ping operations only. Select Network > Diagnostic Tools from the navigation tree to enter the ping configuration page, as shown in Figure 1-1. Figure 1-1 Ping - 3Com 3CRBSG2893 | User Guide - Page 338
supports trace route on IPv4 addresses only. z Before performing the trace route operation on the Web interface, on the device execute the commands of ip ttl-expires enable and ip 1-3. Figure 1-3 Trace Route configuration page Type the destination IP address in the Trace Route text box, and click - 3Com 3CRBSG2893 | User Guide - Page 339
Table of Contents 1 ARP Management 1-1 ARP Overview 1-1 ARP Function 1-1 ARP Message Format 1-1 ARP Operation 1-2 ARP Table 1-2 Managing ARP Entries 1-3 Displaying ARP Entries 1-3 Creating a Static ARP Entry 1-4 Static ARP Configuration Example 1-4 Gratuitous ARP 1-8 Introduction to - 3Com 3CRBSG2893 | User Guide - Page 340
an Ethernet MAC address (or physical address). In an Ethernet LAN, when a device sends data to another device, it uses ARP to translate the IP address of the destination device to the corresponding MAC address. ARP Message Format ARP messages are classified into ARP requests and ARP replies. Figure - 3Com 3CRBSG2893 | User Guide - Page 341
the MAC address of Host B to its ARP table. Meanwhile, Host A encapsulates the IP packet and sends it out. Figure 1-2 ARP address resolution process If Host A is not is automatically created and maintained by ARP. It can get aged, be updated by a new ARP packet, or be overwritten by a static ARP - 3Com 3CRBSG2893 | User Guide - Page 342
ARP entry is manually configured and maintained. It cannot get aged or be overwritten by a dynamic ARP entry. Using static ARP entries enhances communication security. After a static ARP entry is specified, only a specific MAC address is associated with the specified IP address. Attack packets - 3Com 3CRBSG2893 | User Guide - Page 343
Network > ARP Management from the navigation tree to enter the default ARP Table page shown in Figure 1-3. Click Add to enter Figure 1-5, hosts are connected to Switch A, which is connected to Router B through interface GigabitEthernet 1/0/1 belonging to VLAN 100. The IP address of Router B is 192 - 3Com 3CRBSG2893 | User Guide - Page 344
Figure 1-5 Network diagram for configuring static ARP entries Configuration procedure # Create VLAN 100. z Select Network > VLAN from the navigation tree, click the Add tab, and then perform the following operations, as shown in Figure 1-6. Figure 1-6 Create VLAN 100 z Type 100 for VLAN ID. z Click - 3Com 3CRBSG2893 | User Guide - Page 345
Figure 1-7 Add GigabitEthernet 1/0/1 to VLAN 100 z Select interface GigabitEthernet 1/0/1 in the Select Ports field. z Click on the Untagged radio button in the Select membership type field. z Type 100 for VLAN IDs. z Click Apply. A configuration progress dialog box appears, as shown in Figure 1-8. - 3Com 3CRBSG2893 | User Guide - Page 346
ID. z Select the Configure Primary IPv4 Address checkbox. z Click on the Manual radio botton. z Type 192.168.1.2 for IPv4 Address. z Select 24 ( z Select Network > ARP Management from the navigation tree to enter the default ARP Table page. Click Add Perform the following operations, as shown in - 3Com 3CRBSG2893 | User Guide - Page 347
Gratuitous ARP In a gratuitous ARP packet, the sender IP address and the target IP address are both the IP address of the device issuing the packet, the sender devices about the change of its MAC address so that they can update their ARP entries. A device receiving a gratuitous ARP packet adds the - 3Com 3CRBSG2893 | User Guide - Page 348
ARP requests from another network segment. Disabled by default. Periodical gratuitous ARP packets sending settings Select interfaces for This function takes effect only when the link of the interface goes up and an IP address has been assigned to the interface. z If you change the period for - 3Com 3CRBSG2893 | User Guide - Page 349
. As shown in Figure 2-1, Host A communicates with Host C through a switch. After intercepting the traffic between Host A and Host C, a hacker (Host . Upon receiving the ARP replies, the two hosts update the MAC address corresponding to the peer IP address in their ARP tables with the MAC address - 3Com 3CRBSG2893 | User Guide - Page 350
Switch Host A IP_ A MAC_ A Host C IP_C MAC_C Forged ARP reply Forged ARP reply Host B IP_B MAC_B ARP detection mechanism With ARP detection enabled for a specific VLAN, ARP messages arrived on any interface in the VLAN are redirected to the CPU to have their MAC and IP addresses - 3Com 3CRBSG2893 | User Guide - Page 351
DHCP snooping entries, and then 802.1X security entries. To prevent gateway spoofing, ARP detection based on IP-to-MAC binding entries is required. After passing this type of ARP detection, users that can pass ARP detection based on DHCP snooping entries or 802.1X security entries are considered to - 3Com 3CRBSG2893 | User Guide - Page 352
based on specified objects and the ARP detection based on static IP-to-MAC bindings/DHCP snooping entries/802.1X security entries are Select Network > ARP Anti-Attack from the navigation tree to enter the default ARP Detection page shown in Figure 2-2. Figure 2-2 ARP Detection configuration page - 3Com 3CRBSG2893 | User Guide - Page 353
validity check modes, including: z Using DHCP Snooping to validate users z Using Dot1x to validate users z Using Static-Binding entries to guard against spoofing gateway attack: You can configure static IP-to-MAC bindings if you select this mode. For the detailed configuration, refer to Creating - 3Com 3CRBSG2893 | User Guide - Page 354
If an entry with a matching IP address but a different MAC address is found, the ARP packet is considered invalid and discarded. If an entry with both matching IP and MAC addresses is found, the ARP packet is considered valid and can pass the detection. 2-6 - 3Com 3CRBSG2893 | User Guide - Page 355
Table of Contents 1 802.1X 1-1 Overview 1-1 Architecture of 802.1X 1-1 Authentication Modes of 802.1X 1-1 Basic Concepts of 802.1X 1-2 EAP over LANs 1-3 EAP over RADIUS 1-4 802.1X Authentication Triggering 1-5 Authentication Process of 802.1X 1-5 802.1X Timers 1-8 802.1X Extensions 1-9 - 3Com 3CRBSG2893 | User Guide - Page 356
is launched on Client. The client program must support Extensible Authentication Protocol over LAN (EAPOL). z Device services to Device. Server, normally running RADIUS (Remote Authentication Dial-in User Service), serves to perform authentication, authorization, and accounting services for users - 3Com 3CRBSG2893 | User Guide - Page 357
at the device, converted to RADIUS packets either with the Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP) three: z Force-Authorized: Places the port in authorized state, allowing users of the port to access the network without authentication. z Force- - 3Com 3CRBSG2893 | User Guide - Page 358
0x888E. Protocol version: Version of the EAPOL protocol supported by the sender. Type: Type of the EAPOL frame. Table 1-1 lists the types that the device currently supports. Table 1-1 Types of EAPOL frames Type EAP-Packet (a value of 0x00) - 3Com 3CRBSG2893 | User Guide - Page 359
of the EAP packet. Its format is determined by the Code field. EAP over RADIUS Two attributes of RADIUS are intended for supporting EAP authentication: EAP-Message and Message-Authenticator. For information about RADIUS packet format, refer to RADIUS Configuration. EAP-Message The EAP-Message - 3Com 3CRBSG2893 | User Guide - Page 360
authentication requests of clients as a result. To solve this problem, the device also supports EAPOL-Start packets using a broadcast MAC address as the Identity packets to unauthenticated clients periodically (every 30 seconds by default). This method can be used to authenticate clients that cannot - 3Com 3CRBSG2893 | User Guide - Page 361
-Request / Identity ) Handshake response ( EAP-Response / Identity ) Handshake timer ...... EAPOL-Logoff Port unauthorized 1) When a user launches the 802.1X client software and enters the registered username and password, the 802.1X client software generates an EAPOL-Start frame and sends it to - 3Com 3CRBSG2893 | User Guide - Page 362
the password information encapsulated in the packet with that generated by itself. If the two are identical, the authentication server considers the user valid the client to check whether the client is still online. By default, if two consecutive handshake attempts end up with failure, the device - 3Com 3CRBSG2893 | User Guide - Page 363
device that generates the random challenge for encrypting the user password information in EAP termination authentication process. Consequently, the device sends the challenge together with the username and encrypted password information from the client to the RADIUS server for authentication. - 3Com 3CRBSG2893 | User Guide - Page 364
specifies by: z Allowing multiple users to access network services through the same physical port. z Supporting two port access control methods: MAC assigned VLAN is allowed to pass the current port without carrying the tag. The default VLAN ID of the port is that of the assigned VLAN. Note that if - 3Com 3CRBSG2893 | User Guide - Page 365
device. You can change the access rights of users by modifying authorization ACL settings on the RADIUS server the username and password information must be configured on the device and the service type must be method and advanced parameters. By default, 802.1X authentication is disabled globally - 3Com 3CRBSG2893 | User Guide - Page 366
802.1X configuration items Item Description Enable 802.1X Authentication Method Enable or disable 802.1X authentication globally. Specify the authentication method for 802.1X users. Options include CHAP, PAP, and EAP. 1-11 - 3Com 3CRBSG2893 | User Guide - Page 367
will keep quiet for a period of time defined by Quiet Period. During the quiet period, the device will not perform 802.1X authentication on the user. Quiet Period Specify the value of the quiet timer. Retry Times Advanced Specify the maximum number of attempts to send an authentication request to - 3Com 3CRBSG2893 | User Guide - Page 368
function, which is used by the device to periodically detect whether a user is still online. Specify whether to enable periodic re-authentication on the specified port. Guest VLAN Currently, switch 2900 series do not support Guest VLAN function. Return to 802.1X configuration procedure. 1-13 - 3Com 3CRBSG2893 | User Guide - Page 369
update the authorization information of the users. z All users belong to default domain test. RADIUS authentication is performed. If RADIUS accounting fails, the switch gets the corresponding user , refer to RADIUS Configuration. 1) Configure the IP addresses of the interfaces. (omitted) 2) Configure - 3Com 3CRBSG2893 | User Guide - Page 370
Figure 1-13 Global 802.1X configuration Perform the following configurations as shown in Figure 1-13. z Select the check box before Enable 802.1X. z Select the authentication method as CHAP. z Click Apply to finish the operation. # Enable and configure 802.1X on port GigabitEthernet 1/0/1. z In the - 3Com 3CRBSG2893 | User Guide - Page 371
in Figure 1-15. z Select Authentication Server as the server type. z Enter the primary server IP address 10.1.1.1. z Select active as the primary server's status. z Enter the secondary server IP address 10.1.1.2. z Select active as the secondary server's status. z Click Apply. # Configure the RADIUS - 3Com 3CRBSG2893 | User Guide - Page 372
z Enter the secondary server IP address 10.1.1.1. z Select active as the secondary server's status. z Click Apply to finish the operation. # Configure the scheme used for communication between the device and - 3Com 3CRBSG2893 | User Guide - Page 373
Figure 1-18. Figure 1-18 Create an ISP domain z Enter test in the Domain Name textbox. z Select Enable to use the domain as the default domain. z Click Apply to finish the operation. # Configure the AAA authentication method for the ISP domain. z Select the Authentication tab. Perform the following - 3Com 3CRBSG2893 | User Guide - Page 374
as shown in Figure 1-21. Figure 1-21 Configure the AAA authorization method for the ISP domain z Select the domain name test. z Select the Default AuthZ checkbox and then select RADIUS as the authorization mode. z Select system from the Name drop-down list to use it as the authorization scheme - 3Com 3CRBSG2893 | User Guide - Page 375
z Select the domain name test. z Select the Default Accounting checkbox and then select RADIUS as the accounting mode IP address is 10.0.0.1. z Configure the authentication server to assign ACL 3000. z Enable 802.1X for port GigabitEthernet 1/0/1 and configure ACL 3000 on the switch. After a user - 3Com 3CRBSG2893 | User Guide - Page 376
configuration Perform the following configurations as shown in Figure 1-24. z Select Authentication Server as the server type. z Enter the primary server IP address 10.1.1.1. z Enter the primary server UDP port number 1812. z Select active as the primary server status. z Click Apply. # Configure the - 3Com 3CRBSG2893 | User Guide - Page 377
as the primary server status. z Click Apply to finish the operation. # Configure the scheme to be used for communication between the switch and the RADIUS servers. z Select the RADIUS Setup tab to enter the RADIUS parameter configuration page. Figure 1-26 RADIUS parameter configuration Perform - 3Com 3CRBSG2893 | User Guide - Page 378
the following configurations, as shown in Figure 1-27. z Enter test in the Domain Name textbox. z Select Enable to use the domain the default domain. z Click Apply to finish the operation. # Configure the AAA authentication method for the ISP domain. z Select the Authentication tab. Figure 1-28 - 3Com 3CRBSG2893 | User Guide - Page 379
AAA authorization method for the ISP domain Perform the following configuration as shown in Figure 1-30. z Select the domain name test. z Select the Default AuthZ checkbox and then select RADIUS as the authorization mode. z Select system from the Name drop-down list to use it as the authorization - 3Com 3CRBSG2893 | User Guide - Page 380
Optional checkbox, and then select Enable for this parameter. z Select the Default Accounting checkbox and then select RADIUS as the accounting mode. z Select Configure an ACL # Create ACL 3000 that denies packets with destination IP address 10.0.0.1. z From the navigation tree, select QoS > ACL - 3Com 3CRBSG2893 | User Guide - Page 381
z Click Apply to finish the operation. # Configure the ACL to deny packets with destination IP address 10.0.0.1. z Select the Advanced Setup tab. Figure 1-33 ACL rule configuration Perform the following configurations, as shown in Figure 1-33. z Select 3000 from the - 3Com 3CRBSG2893 | User Guide - Page 382
z Enter 0.0.0.0 in the Destination Wildcard text box. z Click Add to finish the operation. 5) Configure the 802.1X feature # Enable the 802.1X feature globally. z From the navigation tree, select Authentication > 802.1X to enter the 802.1X configuration page. Figure 1-34 Global 802.1X globally - 3Com 3CRBSG2893 | User Guide - Page 383
the operation. Configuration verification # After the user passes authentication and gets online, use the The ping page appears. z Enter the destination IP address 10.0.0.1. z Click Start to start the specific port are enabled. 2) Do not change the timer parameters of global 802.1X from their default - 3Com 3CRBSG2893 | User Guide - Page 384
Table of Contents 1 AAA Configuration 1-1 Overview 1-1 Introduction to AAA 1-1 Introduction to ISP Domain 1-2 Configuring AAA 1-2 Configuration Prerequisites 1-2 Configuration Task List 1-2 Configuring an ISP Domain 1-3 Configuring Authentication Methods for the ISP Domain 1-4 Configuring - 3Com 3CRBSG2893 | User Guide - Page 385
access and print the files in the server. z Accounting: Records all network service usage information of users, including the service type, start and end time, and traffic. In this way, accounting can wants employees to be authenticated before they access specific resources, you only need to 1-1 - 3Com 3CRBSG2893 | User Guide - Page 386
ISP domain name. In a networking scenario with multiple ISPs, an access device may connect users of different ISPs. As users of different ISPs may have different user attributes (such as username and password structure, service type, and rights), you need to configure ISP domains to distinguish the - 3Com 3CRBSG2893 | User Guide - Page 387
for various types of users. By default, all types of users use local accounting. AAA user types include LAN access users (such as 802.1X authentication users and MAC authentication users), login users (such as SSH, Telnet, FTP, terminal access users), and Command users. Configuring an ISP Domain - 3Com 3CRBSG2893 | User Guide - Page 388
Figure 1-2 Domain Setup page Table 1-2 describes the configuration items for creating an ISP domain. Table 1-2 ISP domain configuration items Item Domain Name Default Domain Description Type the ISP domain name, which is for identifying the domain. You can type a new domain name to create a - 3Com 3CRBSG2893 | User Guide - Page 389
scheme to be used. z Not Set: Uses the default authentication methods. Configure the authentication method and secondary authentication method for login users. Options include: z Local: Performs local authentication. z None: All users are trusted and no authentication is performed. Generally, this - 3Com 3CRBSG2893 | User Guide - Page 390
authorization method and secondary authorization method for all types of users. Options include: z Local: Performs local authorization. z None: All users are trusted and authorized. A user gets the corresponding default rights of the system. z RADIUS: Performs RADIUS authorization. You need to - 3Com 3CRBSG2893 | User Guide - Page 391
login users. Options include: z Local: Performs local authorization. z None: All users are trusted and authorized. A user gets the corresponding default for such a user fails, the device will not send real-time accounting updates for the user any more. Configure the default accounting method and - 3Com 3CRBSG2893 | User Guide - Page 392
You need to specify the RADIUS scheme to be used. z Not Set: Uses the default accounting methods. Configure the accounting method and secondary accounting method for login users. Options include: z Local: Performs local accounting. z None: Performs no accounting. z RADIUS: Performs RADIUS accounting - 3Com 3CRBSG2893 | User Guide - Page 393
as shown in Figure 1-7. Figure 1-7 Configure a local user z Enter telnet as the username. z Select Management as the access level. z Enter abcd as the password. z Enter abcd to confirm the password. z Select Telnet Service as the service type. z Click Apply. # Configure ISP domain test. z Select - 3Com 3CRBSG2893 | User Guide - Page 394
AAA authentication as shown in Figure 1-9. Figure 1-9 Configure the ISP domain to use local authentication z Select the domain test. z Select the Login AuthN check box and select the authentication method Local. z Click Apply. A configuration progress dialog box appears, as shown in Figure 1-10 - 3Com 3CRBSG2893 | User Guide - Page 395
as shown in Figure 1-11. Figure 1-11 Configure the ISP domain to use local authorization z Select the domain test. z Select the Login AuthZ check box and select the authorization method Local. z Click Apply. A configuration progress dialog box appears. z After the configuration progress is - 3Com 3CRBSG2893 | User Guide - Page 396
the accounting method Local. z Click Apply. A configuration progress dialog box appears. z After the configuration process is complete, click Close. Now, if you telnet to the switch and enter username telnet@test and password abcd, you should be serviced as a user in domain test. 1-12 - 3Com 3CRBSG2893 | User Guide - Page 397
Table of Contents 1 RADIUS 1-1 Overview 1-1 Introduction to RADIUS 1-1 Client/Server Model 1-1 Security and Authentication Mechanisms 1-2 Basic Message Exchange Process of RADIUS 1-2 RADIUS Packet Format 1-3 Extended RADIUS Attributes 1-5 Protocols and Standards 1-6 Configuring RADIUS 1-6 - 3Com 3CRBSG2893 | User Guide - Page 398
the RADIUS server maintains three databases, namely, Users, Clients, and Dictionary, as shown in Figure 1-1. Figure 1-1 RADIUS server components z Users: Stores user information such as the usernames, passwords, applied protocols, and IP addresses. z Clients: Stores information about RADIUS clients - 3Com 3CRBSG2893 | User Guide - Page 399
intercepted on insecure networks, RADIUS encrypts passwords before transmitting them. A RADIUS server supports multiple user authentication methods. Moreover, a RADIUS server can act as the client of another AAA server to provide authentication proxy services. Basic Message Exchange Process of - 3Com 3CRBSG2893 | User Guide - Page 400
Description From the client to the server. A packet of this type carries user information for the server to authenticate the user. It must contain the User-Name attribute and can optionally contain the attributes of NAS-IP-Address, User-Password, and NAS-Port. From the server to the client. If all - 3Com 3CRBSG2893 | User Guide - Page 401
14 15 16 17 18 19 20 Attribute User-Name User-Password CHAP-Password NAS-IP-Address NAS-Port Service-Type Framed-Protocol Framed-IP-Address Framed-IP-Netmask Framed-Routing Filter-ID Framed-MTU Framed-Compression Login-IP-Host Login-Service Login-TCP-Port (unassigned) Reply_Message Callback-Number - 3Com 3CRBSG2893 | User Guide - Page 402
Specific Session-Timeout Idle-Timeout Termination-Action Called-Station-Id Calling-Station-Id NAS-Identifier Proxy-State Login-LAT-Service Login-LAT-Node Login Tunnel-Connection Tunnel-Password ARAP-Password ARAP-Features ARAP-Zone-Access ARAP-Security ARAP-Security-Data Password-Retry Prompt Connect - 3Com 3CRBSG2893 | User Guide - Page 403
include: z RFC 2865: Remote Authentication Dial In User Service (RADIUS) z RFC 2866: RADIUS Accounting z RFC 2867: RADIUS Accounting Modifications for Tunnel Protocol Support z RFC 2868: RADIUS Attributes for Tunnel Protocol Support z RFC 2869: RADIUS Extensions Configuring RADIUS Configuration - 3Com 3CRBSG2893 | User Guide - Page 404
Servers Configuring RADIUS Accounting Servers Required Configure the information related to the primary and secondary RADIUS authentication servers. By default, no RADIUS authentication server is configured. Optional Configure the information related to the primary and secondary RADIUS accounting - 3Com 3CRBSG2893 | User Guide - Page 405
. If no primary server is specified, the text box displays 0.0.0.0. To remove the previously configured primary server, enter 0.0.0.0 in the text box. The specified IP address of the primary server cannot be the same as that of the secondary server. Primary Server UDP Port Specify the UDP port of - 3Com 3CRBSG2893 | User Guide - Page 406
Server Shared Key Confirm Authentication Shared Key Accounting Server Shared Key Confirm Accounting Shared Key NAS-IP Timeout Interval Description Specify the type of the RADIUS server supported by the device, including: z extended: Specifies an extended RADIUS server (usually an iMC server). That - 3Com 3CRBSG2893 | User Guide - Page 407
is specified, the device will send the accounting information of online users to the RADIUS server every the specified interval. The value of isp-name is used by the device to determine the ISP domain to which a user belongs. If a RADIUS server does not accept a username including an ISP domain name - 3Com 3CRBSG2893 | User Guide - Page 408
). On the RADIUS server (an iMC server, using the default port for authentication and accounting), the Telnet user's username and password and the shared key expert have been configured for packet exchange with the switch. On the switch, it is required to configure the shared key for packet exchange - 3Com 3CRBSG2893 | User Guide - Page 409
Accounting Server as the server type. z Enter 10.110.91.146 as the IP address of the primary accounting server. z Enter 1813 as the UDP port status. z Click Apply. # Configure the parameters for communication between the switch and the RADIUS servers. z Select the RADIUS Setup tab and perform the - 3Com 3CRBSG2893 | User Guide - Page 410
Figure 1-10 Configure RADIUS parameters z Select extended as the server type. z Select the Authentication Server Shared Key check box and enter expert in the text box. z Enter expert in the Confirm Authentication Shared Key text box. z Select the Accounting Server Shared Key check box and enter - 3Com 3CRBSG2893 | User Guide - Page 411
the Domain Name textbox. z Select Enable to use the domain as the default domain. z Click Apply. # Configure the AAA authentication method for the ISP in Figure 1-12. z Select the domain name test. z Select the Default AuthN checkbox and then select RADIUS as the authentication mode. z Select system - 3Com 3CRBSG2893 | User Guide - Page 412
AAA authorization method for the ISP domain Perform the following configurations, as shown in Figure 1-14. z Select the domain name test. z Select the Default AuthZ checkbox and then select RADIUS as the authorization mode. z Select system from the Name drop-down list to use it as the authorization - 3Com 3CRBSG2893 | User Guide - Page 413
checkbox and then select Enable. z Select the Default Accounting checkbox and then select RADIUS as the accounting is being used by users. 2) After accounting starts, update-accounting and stop-accounting be removed. 4) RADIUS does not support accounting for FTP users. 5) If the iMC server is used - 3Com 3CRBSG2893 | User Guide - Page 414
Table of Contents 1 Users 1-1 Overview 1-1 Configuring Users 1-1 Configuring a Local User 1-1 Configuring a User Group 1-3 i - 3Com 3CRBSG2893 | User Guide - Page 415
you to configure local users and user groups. Local user A local user represents a set of user attributes configured on a device (such as the user password, service type, and authorization attribute), and is uniquely identified by the username. For a user requesting a network service to pass local - 3Com 3CRBSG2893 | User Guide - Page 416
Specify a name for the local user. Specify and confirm the password of the local user. The settings of these two fields must be the same. Select a user group for the local user. For information about user group configuration, refer for Configuring a User Group. Select the service types for the local - 3Com 3CRBSG2893 | User Guide - Page 417
by the access device to restrict the access of the local user after the user passes authentication. Specify the user profile for the local user. Currently, switch 2900 series do not support user-profile configuration. Every authorization attribute has its definite application environments and - 3Com 3CRBSG2893 | User Guide - Page 418
to users of the user group after the users pass authentication. Specify the ACL to be used by the access device to control the access of users of the user group after the users pass authentication. Specify the user profile for the user group. Currently, switch 2900 series do not support user - 3Com 3CRBSG2893 | User Guide - Page 419
Table of Contents 1 PKI Configuration 1-1 PKI Overview 1-1 PKI Terms 1-1 Architecture of PKI 1-2 Applications of PKI 1-2 Operation of PKI 1-3 Configuring PKI 1-3 Configuration Task List 1-3 Creating a PKI Entity 1-6 Creating a PKI Domain 1-7 Generating an RSA Key Pair 1-10 Destroying the - 3Com 3CRBSG2893 | User Guide - Page 420
users to obtain certificates, use certificates, and revoke certificates. By leveraging digital certificates and relevant services like certificate distribution and blacklist publication, PKI supports standard of ITU-T_X.509. This manual involves two types of certificates: local certificate - 3Com 3CRBSG2893 | User Guide - Page 421
repository, as shown in Figure 1-1. Figure 1-1 PKI architecture Entity An entity is an end user of PKI products or services, such as a person, an organization, a device like a router or a switch, or a process running on a computer. CA A certificate authority (CA) is a trusted authority responsible - 3Com 3CRBSG2893 | User Guide - Page 422
the LDAP server to provide directory navigation service, and notifies the entity that the certificate, while the CA approves the request, updates the CRLs and publishes the CRLs on the List There are two PKI certificate request modes: z Manual: In manual mode, you need to retrieve a CA certificate, - 3Com 3CRBSG2893 | User Guide - Page 423
manually Task Creating a PKI Entity Remarks Required Create a PKI entity and configure the identity information. A certificate is the binding of a public key and an entity, where an entity is the collection of the identity information of a user local RSA key pair. By default, no local RSA key pair - 3Com 3CRBSG2893 | User Guide - Page 424
information. A certificate is the binding of a public key and an entity, where an entity is the collection of the identity information of a user. A CA identifies a certificate applicant by entity. The identity settings of an entity must be compliant to the CA certificate issue policy. Otherwise - 3Com 3CRBSG2893 | User Guide - Page 425
a CRL and display its contents. Creating a PKI Entity Select Authentication > PKI from the navigation tree. The PKI entity list page is displayed by default, as shown in Figure 1-2. Click Add on the page to enter the PKI entity configuration page, as shown in Figure 1-3. Figure 1-2 PKI entity - 3Com 3CRBSG2893 | User Guide - Page 426
and can be resolved to an IP address. For example, www.whatever.com is an FQDN, where www indicates the host name and whatever.com the domain name. Country/Region Return to Configuration task list for requesting a certificate manually. Return to Configuration task list for requesting a certificate - 3Com 3CRBSG2893 | User Guide - Page 427
Figure 1-5 PKI domain configuration page Table 1-4 describes the configuration items for creating a PKI domain. Table 1-4 PKI domain configuration items Item Domain Name CA Identifier Entity Name Institution Description Type the name for the PKI domain. Type the identifier of the trusted CA. An - 3Com 3CRBSG2893 | User Guide - Page 428
Password Hash Fingerprint Polling Count Polling Interval Enable CRL Checking CRL Update Period Currently, this item does not support domain name resolution. Type the IP address, port number and version of the LDAP server. In a PKI system, the storage of certificates and CRLs is a crucial problem - 3Com 3CRBSG2893 | User Guide - Page 429
a local certificate, and then acquire a CRL through SCEP. Currently, this item does not support domain name resolution. Return to Configuration task list for requesting a certificate manually. Return to Configuration task list for requesting a certificate automatically. Generating an RSA Key Pair - 3Com 3CRBSG2893 | User Guide - Page 430
1-8 Key pair destruction page Return to Configuration task list for requesting a certificate manually. Return to Configuration task list for requesting a certificate automatically. Retrieving a Certificate You can download an existing CA certificate or local certificate from the CA server and save - 3Com 3CRBSG2893 | User Guide - Page 431
path to the file and select the partition of the device for saving the file. Password Enter the password for protecting the private key, which was specified when the certificate was exported. After Certificate details Return to Configuration task list for requesting a certificate manually. 1-12 - 3Com 3CRBSG2893 | User Guide - Page 432
Item Description Domain Name Select the PKI domain for the certificate. Password Enable Offline Mode Type the password for certificate revocation. Select this check box to request a certificate information page Return to Configuration task list for requesting a certificate manually. 1-13 - 3Com 3CRBSG2893 | User Guide - Page 433
Retrieving and Displaying a CRL Select Authentication > PKI from the navigation tree, and then select the CRL tab to enter the page displaying CRLs, as shown in Figure 1-13. Figure 1-13 CRL page z Click Retrieve CRL to retrieve the CRL of a domain. z Then, click View CRL for the domain to display - 3Com 3CRBSG2893 | User Guide - Page 434
for requesting a certificate manually. Return to Configuration task 15, configure the Switch working as the PKI entity, so that: z The Switch submits a local The other attributes may use the default values. # Configure extended attributes function, and adding the IP address list for SCEP autovetting - 3Com 3CRBSG2893 | User Guide - Page 435
is synchronous to that of the CA, so that the Switch can request certificates and retrieve CRLs properly. 2) Configure Switch # Create a PKI entity. z Select Authentication > PKI from the navigation tree. The PKI entity list page is displayed by default. Click Add on the page, as shown in Figure - 3Com 3CRBSG2893 | User Guide - Page 436
in the format of http://host:port/Issuing Jurisdiction ID, where Issuing Jurisdiction ID is the hexadecimal string generated on the CA. z Select Manual as the certificate request mode. z Click Display Advanced Config to display the advanced configuration items. z Select the Enable CRL Checking check - 3Com 3CRBSG2893 | User Guide - Page 437
z Select the Certificate tab, and then click Create Key, as shown in Figure 1-20, and perform the configuration as shown in Figure 1-21. Figure 1-20 Certificate list Figure 1-21 Generate an RSA key pair z Click Apply to generate an RSA key pair. # Retrieve the CA certificate. z Select the - 3Com 3CRBSG2893 | User Guide - Page 438
perform the following configurations as shown in Figure 1-25. Figure 1-24 Certificate list Figure 1-25 Request a local certificate z Select torsa as the PKI domain. z Select Password and then type challenge-word as the - 3Com 3CRBSG2893 | User Guide - Page 439
# Retrieve the CRL. z After retrieving a local certificate, select the CRL tab. z Click Retrieve CRL of the PKI domain of torsa, as shown in Figure 1-26. Figure 1-26 Retrieve the CRL Configuration Guidelines When configuring PKI, note that: 1) Make sure the clocks of entities and the CA are - 3Com 3CRBSG2893 | User Guide - Page 440
Table of Contents 1 Port Isolation Group Configuration 1-1 Overview 1-1 Configuring a Port Isolation Group 1-1 Port Isolation Group Configuration Example 1-2 i - 3Com 3CRBSG2893 | User Guide - Page 441
save VLAN resources, port isolation is introduced to isolate ports within a VLAN, allowing for great flexibility and security. Currently: z 3Com Switch 2900 series support only one isolation group that is created automatically by the system as isolation group 1. You can neither remove the isolation - 3Com 3CRBSG2893 | User Guide - Page 442
group as the uplink port. Select port(s) The uplink port is not supported on 3Com Switch 2900.series Select the port(s) you want to assign to the isolation users Host A, Host B, and Host C are connected to GigabitEthernet 1/0/2, GigabitEthernet 1/0/3, and GigabitEthernet 1/0/4 of Switch. z Switch - 3Com 3CRBSG2893 | User Guide - Page 443
Figure 1-3 Configure isolated ports for an isolation group z Select Isolate port for the port type. z Select GigabitEthernet 1/0/2, GigabitEthernet 1/0/3, and GigabitEthernet 1/0/4 on the chassis front panel. z Click Apply. A configuration progress dialog box appears. z After the configuration - 3Com 3CRBSG2893 | User Guide - Page 444
Table of Contents 1 Authorized IP Configuration 1-1 Overview 1-1 Configuring Authorized IP 1-1 Authorized IP Configuration Example 1-2 Authorized IP Configuration Example 1-2 i - 3Com 3CRBSG2893 | User Guide - Page 445
to be selected by selecting QoS > ACL IPv4. IPv6 Associate the Telnet service with an IPv6 ACL. ACL( Not You can configure the IPv6 ACL to be selected by selecting QoS > ACL Supported ) IPv6. IPv4 ACL Associate the HTTP service with an IPv4 ACL. You can configure the IPv4 ACL to be selected - 3Com 3CRBSG2893 | User Guide - Page 446
Example Network requirements In Figure 1-2, configure Switch to deny telnet and HTTP requests from Host A , while permit telnet and HTTP requests from Host B. Figure 1-2 Network diagram for authorized IP Configuration procedure # Create an ACL. z Select QoS > ACL IPv4 from the navigation - 3Com 3CRBSG2893 | User Guide - Page 447
the page: z Select 2001 from the Select Access Control List (ACL) drop-down list. z Select Permit from the Operation drop-down list. z Select the Source IP Address check box and then type 10.1.1.3. z Type 0.0.0.0 in the Source Wildcard text box. z Click Add. # Configure authorized - 3Com 3CRBSG2893 | User Guide - Page 448
Figure 1-5 Configure authorized IP Make the following configurations on the page: z Select 2001 for IPv4 ACL in the Telnet field. z Select 2001 for IPv4 ACL in the Web(HTTP) field. z Click Apply. 1-4 - 3Com 3CRBSG2893 | User Guide - Page 449
Table of Contents 1 ACL Configuration 1-1 ACL Overview 1-1 Introduction to IPv4 ACL 1-1 Effective Period of an ACL 1-2 ACL Step 1-3 Configuring an ACL 1-3 Configuration Task List 1-3 Configuring a Time Range 1-4 Creating an IPv4 ACL 1-5 Configuring a Rule for a Basic IPv4 ACL 1-5 - 3Com 3CRBSG2893 | User Guide - Page 450
2999 Advanced IPv4 ACL 3000 to 3999 Ethernet frame header ACL 4000 to 4999 Matching criteria Source IP address Source IP address, destination IP address, protocol carried over IP, and other Layer 3 or Layer 4 protocol header information Layer 2 protocol header fields such as source MAC address - 3Com 3CRBSG2893 | User Guide - Page 451
In case of a tie, compare packets against the rule configured first. 1) Sort rules by the protocol carried over IP. A rule with no limit to the protocol type (that is, configured with the ip keyword) has the lowest precedence. Rules each of which has a single specified protocol type are of the same - 3Com 3CRBSG2893 | User Guide - Page 452
does not support ACL step configuration. Meaning of the step The step defines the difference between two neighboring numbers that are automatically assigned to ACL rules by the device. For example, with a step of 5, rules are automatically numbered 0, 5, 10, 15, and so on. By default, the step - 3Com 3CRBSG2893 | User Guide - Page 453
Configuring a Time Range Select QoS > Time Range from the navigation tree and then select the Create tab to enter the time range configuration page, as shown in Figure 1-1. Figure 1-1 The page for creating a time range Table 1-4 describes the configuration items for creating a time range. Table - 3Com 3CRBSG2893 | User Guide - Page 454
Return to IPv4 ACL configuration task list. Creating an IPv4 ACL Select QoS > ACL IPv4 from the navigation tree and then select the Create tab to enter the IPv4 ACL configuration page, as shown in Figure 1-2. Figure 1-2 The page for creating an IPv4 ACL Table 1-5 describes the configuration items - 3Com 3CRBSG2893 | User Guide - Page 455
ACL. Table 1-6 Configuration items for a basic IPv4 ACL rule Item Select Access Control List (ACL) Rule ID Operation Check Fragment Check Logging Source IP Address Source Wildcard Description Select the basic IPv4 ACL for which you want to configure rules. Available ACLs are basic IPv4 ACLs that - 3Com 3CRBSG2893 | User Guide - Page 456
Item Time Range Description Select the time range during which the rule takes effect. Available time ranges are those that have been configured. Return to IPv4 ACL configuration task list. Configuring a Rule for an Advanced IPv4 ACL Select QoS > ACL IPv4 from the navigation tree and then select - 3Com 3CRBSG2893 | User Guide - Page 457
number, and number of matched packets. IP Address Filter Source IP Address Source Wildcard Destination IP Address Destination Wildcard Select the Source IP Address option and type a source IPv4 ICMP Code fields. Otherwise, the two fields will take the default values, which cannot be changed. 1-8 - 3Com 3CRBSG2893 | User Guide - Page 458
second must not. Specify the DSCP priority. Specify the ToS preference. Specify the IP precedence. If you specify the ToS precedence or IP precedence when you specify the DSCP precednece, the specified TOS or IP precedence does not take effect. Select the time range during which the rule takes - 3Com 3CRBSG2893 | User Guide - Page 459
Figure 1-5 The page for configuring a rule for an Ethernet frame header ACL Table 1-8 describes the configuration items for creating a rule for an Ethernet frame header IPv4 ACL. Table 1-8 Configuration items for an Ethernet frame header IPv4 ACL rule Item Select Access Control List (ACL) Rule - 3Com 3CRBSG2893 | User Guide - Page 460
Type Filter Item Protocol Type Protocol Mask Time Range Description Select the Protocol Type option and specify the link layer protocol type by configuring the following two items: z Protocol Type: Indicates the frame type. It corresponds to the type-code field of Ethernet_II and Ethernet_SNAP - 3Com 3CRBSG2893 | User Guide - Page 461
applications such as WWW, E-Mail and FTP, network users are experiencing new services, such as tele-education, telemedicine, video telephone, and preferential service during congestion. The emerging applications demand higher service performance of IP networks. Better network services during packets - 3Com 3CRBSG2893 | User Guide - Page 462
efficiency z Network resource (memory in particular) exhaustion and even system breakdown It is obvious that congestion hinders resource assignment for traffic and thus degrades service performance. Congestion is unavoidable in switched networks and multi-user application environments. To improve - 3Com 3CRBSG2893 | User Guide - Page 463
polices particular flows entering or leaving a device according to configured specifications and can be applied in both inbound and outbound directions of IP precedence bits in the type of service (ToS) field of the IP packet header, or other header information such as IP addresses, MAC addresses, IP - 3Com 3CRBSG2893 | User Guide - Page 464
to RFC 2474, the ToS field of the IP header is redefined as the differentiated services (DS) field, where a DSCP value is represented IP Precedence IP Precedence (decimal) 0 1 2 3 4 5 6 7 IP Precedence (binary) 000 001 010 011 100 101 110 111 Description Routine priority immediate flash flash - 3Com 3CRBSG2893 | User Guide - Page 465
link share of other traffic. The class is suitable for preferential services requiring low delay, low packet loss, low jitter, and high limit is degraded to the BE class. Currently, all IP network traffic belongs to this class by default. Table 2-2 Description on DSCP values DSCP value (decimal) - 3Com 3CRBSG2893 | User Guide - Page 466
, and then uses a certain precedence algorithm to send the traffic. Each queuing algorithm is used to handle a particular network traffic problem and has significant impacts on bandwidth resource assignment, delay, and jitter. In this section, two common hardware queue scheduling algorithms Strict - 3Com 3CRBSG2893 | User Guide - Page 467
queuing SP queuing is specially designed for mission-critical applications, which require preferential service to reduce response delay when congestion occurs. Figure 2-6 Schematic diagram for SP queuing A typical switch provides eight queues per port. As shown in Figure 2-6, SP queuing classifies - 3Com 3CRBSG2893 | User Guide - Page 468
Figure 2-7 Schematic diagram for WRR queuing A typical switch provides eight output queues per port. WRR assigns each queue long time. Another advantage of WRR queuing is that while the queues are scheduled in turn, the service time for each queue is not fixed, that is, if a queue is empty, the next - 3Com 3CRBSG2893 | User Guide - Page 469
evaluation is performed on each arriving packet. In each evaluation, if the number of tokens in the bucket is enough, the traffic conforms to the specification and the corresponding tokens for forwarding the packet are taken away; if the number of tokens in the bucket is not enough, it means that - 3Com 3CRBSG2893 | User Guide - Page 470
the packet a set of predefined parameters (including the 802.1p precedence, DSCP values, IP precedence, and local precedence). z For more information about 802.1p precedence, DSCP values, and IP precedence, refer to Packet Precedences. z Local precedence is a locally significant precedence that the - 3Com 3CRBSG2893 | User Guide - Page 471
to Queue: DSCP-to-local-precedence mapping table, which is applicable to only IP packets. Table 2-4 through Table 2-5 list the default priority mapping tables. Table 2-4 The default CoS to DSCP/CoS to Queue mapping table Input CoS value 0 1 2 3 4 5 6 7 Local precedence (Queue) 2 0 0 8 1 16 - 3Com 3CRBSG2893 | User Guide - Page 472
Input DSCP value 48 to 55 56 to 63 Local precedence (Queue) 6 6 7 7 CoS In the default DSCP to DSCP mapping table, an input value yields a target value equal to it. QoS Configuration Configuration Task Lists Configuring a QoS policy A QoS policy involves - 3Com 3CRBSG2893 | User Guide - Page 473
Configure a traffic behavior Configure a policy Apply the policy Task Remarks Creating a Traffic Behavior Required Create a traffic behavior. Configuring actions for a behavior Configuring Traffic Mirroring and Traffic Redirecting for a Traffic Behavior Configuring Other Actions for a Traffic - 3Com 3CRBSG2893 | User Guide - Page 474
Table 2-9 Priority mapping table configuration task list Task Configuring Priority Mapping Tables Remarks Required Set priority mapping tables. Configuring priority trust mode Perform the task in Table 2-10 to configure priority trust mode: Table 2-10 Priority trust mode configuration task list - 3Com 3CRBSG2893 | User Guide - Page 475
Table 2-11 Configuration items of creating a class Item Description Classifier Name Specify a name for the classifier to be created. Operator Specify the logical relationship between rules of the classifier. z and: Specifies the relationship between the rules in a class as logic AND. That is, - 3Com 3CRBSG2893 | User Guide - Page 476
between different DSCP values is OR. After such configurations, all the DSCP values are arranged in ascending order automatically. IP Precedence Define a rule to match IP precedence values. If multiple such rules are configured for a class, the new configuration does not overwrite the previous one - 3Com 3CRBSG2893 | User Guide - Page 477
VLAN VLAN Customer VLAN ACL IPv4 Description Define a rule to match service VLAN IDs. If multiple such rules are configured for a class, the new configuration does not overwrite the previous one. You can configure multiple VLAN IDs - 3Com 3CRBSG2893 | User Guide - Page 478
Table 2-13 Configuration items of creating a behavior Behavior name Item Description Specify a name for the behavior to be created. Return to QoS policy configuration task list. Configuring Traffic Mirroring and Traffic Redirecting for a Traffic Behavior Select QoS > Behavior from the navigation - 3Com 3CRBSG2893 | User Guide - Page 479
Configuring Other Actions for a Traffic Behavior Select QoS > Behavior from the navigation tree and click Setup to enter the page for setting a traffic behavior, as shown in Figure 2-15. Figure 2-15 The page for setting a traffic behavior Table 2-15 describes the configuration items of configuring - 3Com 3CRBSG2893 | User Guide - Page 480
Table 2-15 Configuration items of configuring other actions for a traffic behavior Item Description Please select a behavior Select an existing behavior in the drop-down list. Filter Configure the packet filtering action. After selecting the Filter option, select one item in the following drop - 3Com 3CRBSG2893 | User Guide - Page 481
Figure 2-17 The page for setting a policy Table 2-17 describes the configuration items of configuring classifier-behavior associations for the policy. Table 2-17 Configuration items of configuring classifier-behavior associations for the policy Item Please select a policy Classifier Name Behavior - 3Com 3CRBSG2893 | User Guide - Page 482
Figure 2-18 The page for applying a policy to a port Table 2-18 describes the configuration items of applying a policy to a port. Table 2-18 Configuration items of applying a policy to a port Item Description Please select a policy Select a created policy in the drop-down list. Direction - 3Com 3CRBSG2893 | User Guide - Page 483
: z Enable: Enables WRR on selected ports. z Not Set: Restores the default queuing algorithm on selected ports. Select the queue to be configured. Its value range is 0 to 7, but only 0 to 3 is user configurable and 4 to 7 are reserved. Specify the group the current queue is - 3Com 3CRBSG2893 | User Guide - Page 484
Figure 2-20 The page for configuring line rate on a port Table 2-20 describes the configuration items of configuring line rate on a port. Table 2-20 Configuration items of configuring line rate on a port Item Description Please select an interface type Select the types of interfaces to be - 3Com 3CRBSG2893 | User Guide - Page 485
settings of the current priority mapping table on the page. To restore the priority mapping table to the default, click Apply. Figure 2-22 The page for configuring DSCP to DSCP mapping table Return to Priority mapping table configuration task list. Configuring Priority Trust Mode - 3Com 3CRBSG2893 | User Guide - Page 486
Figure 2-23 The page for configuring port priority Figure 2-24 The page for modifying port priority Table 2-22 describes the port priority configuration items. Table 2-22 Port priority configuration items Item Description Interface The interface to be configured. Priority Set a local - 3Com 3CRBSG2893 | User Guide - Page 487
Return to Priority trust mode configuration task list. Configuration Guidelines When configuring QoS, note that: When an ACL is referenced to implement QoS, the actions defined in the ACL rules, deny or permit, do not take effect; actions to be taken on packets matching the ACL depend on the traffic - 3Com 3CRBSG2893 | User Guide - Page 488
Example Network requirements As shown in Figure 3-1, in the network, the FTP server at IP address 10.1.1.1/24 is connected to the Switch, and the clients access the FTP server through GigabitEthernet 1/0/1 of the Switch. Configure an ACL and a QoS policy as follows to prevent the hosts from - 3Com 3CRBSG2893 | User Guide - Page 489
Figure 3-2 Define a time range covering 8:00 to 18:00 every day z Type the time range name test-time. z Select the Periodic Time Range option, set the Start Time to 8:00 and the End Time to 18:00, and then select the checkboxes Sun through Sat. z Click Apply. 2) Define an IPv4 ACL for traffic to the - 3Com 3CRBSG2893 | User Guide - Page 490
Figure 3-3 Create an advanced IPv4 ACL z Type the ACL number 3000. z Click Apply. # Define an ACL rule for traffic to the FTP server. z Click Advance Setup. Perform configuration as shown in Figure 3-4. 3-3 - 3Com 3CRBSG2893 | User Guide - Page 491
list. z Select the Rule ID option, and type rule ID 2. z Select Permit in the Operation drop-down list. z Select the Destination IP Address option, and type IP address 10.1.1.1 and destination wildcard mask 0.0.0.0. z Select test-time in the Time Range drop-down list. z Click Add. 3) Configure a QoS - 3Com 3CRBSG2893 | User Guide - Page 492
z Select QoS > Classifier from the navigation tree and click Create. Perform configuration as shown in Figure 3-5. Figure 3-5 Create a class z Type the class name class1. z Click Create. # Define classification rules. z Click Setup. Perform configuration as shown in Figure 3-6. 3-5 - 3Com 3CRBSG2893 | User Guide - Page 493
Figure 3-6 Define classification rules z Select the class name class1 in the drop-down list. z Select the ACL IPv4 option, and select ACL 3000 in the following drop-down list. z Click Apply. A configuration progress dialog box appears, as shown in Figure 3-7. 3-6 - 3Com 3CRBSG2893 | User Guide - Page 494
Figure 3-7 Configuration progress dialog box z After the configuration is complete, click Close on the dialog box. # Create a traffic behavior. z Select QoS > Behavior from the navigation tree and click Create. Perform configuration as shown in Figure 3-8. Figure 3-8 Create a traffic behavior z Type - 3Com 3CRBSG2893 | User Guide - Page 495
Figure 3-9 Configure actions for the behavior z Select behavior1 in the drop-down list. z Select the Filter option, and then select Deny in the following drop-down list. z Click Apply. A configuration progress dialog box appears. z After the configuration is complete, click Close on the dialog box. - 3Com 3CRBSG2893 | User Guide - Page 496
Figure 3-10 Create a policy z Type the policy name policy1. z Click Create. # Configure classifier-behavior associations for the policy. z Click Setup. Perform configuration as shown in Figure 3-11. Figure 3-11 Configure classifier-behavior associations for the policy z Select policy1. z Select - 3Com 3CRBSG2893 | User Guide - Page 497
Figure 3-12 Apply the QoS policy in the inbound direction of GigabitEthernet 1/0/1 z Select policy1 in the Please select a policy drop-down list. z Select Inbound in the Direction drop-down list. z Select port GigabitEthernet 1/0/1. z Click Apply. A configuration progress dialog box appears. z After - 3Com 3CRBSG2893 | User Guide - Page 498
Table of Contents 1 PoE Configuration 1-1 PoE Overview 1-1 Advantages 1-1 Composition 1-1 Protocol Specification 1-2 Configuring PoE 1-2 Configuring PoE Ports 1-3 Displaying Information About PSE and PoE Ports 1-4 PoE Configuration Example 1-5 i - 3Com 3CRBSG2893 | User Guide - Page 499
applied to IP telephones, PoE system is powered by the PoE power. PSE A PSE is a device supplying power for PDs. A PSE can be built-in (Endpoint) or external (Midspan). A built-in PSE is integrated in a switch or router, and an external PSE is independent from a switch or router. The PSEs of 3Com - 3Com 3CRBSG2893 | User Guide - Page 500
power to PDs. 3Com Baseline Switch 2920-SFP Plus only support for signal mode. PD A PD is a device accepting power from the PSE, including IP phones, wireless APs, Specification The protocol specification related to PoE is IEEE 802.3af. Configuring PoE Before configure PoE, make sure that the PoE - 3Com 3CRBSG2893 | User Guide - Page 501
PD connected to a PoE port if the PoE port is not enabled with the PoE function. z You are allowed to enable PoE for a PoE port if the PoE port will not result in PoE power overload; otherwise, you are not allowed to enable PoE for the PoE port. By default, PoE is disabled on a PoE port. Power Max - 3Com 3CRBSG2893 | User Guide - Page 502
but their configurations will remain unchanged. When you change the priority of a PoE port from critical to a lower level, the PDs connecting to other PoE ports will have an opportunity of being powered. By default, the power priority of a PoE port is low. z 19 watts guard band is reserved for each - 3Com 3CRBSG2893 | User Guide - Page 503
PoE summary PoE Configuration Example Network requirements z As shown in Figure 1-4, GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are connected to IP telephones. z GigabitEthernet 1/0/11 is connected to AP whose maximum power does not exceed 9000 milliwatts. z The power supply priority of IP - 3Com 3CRBSG2893 | User Guide - Page 504
tree and click the Setup tab to perform the following configurations, as shown in Figure 1-5. Figure 1-5 Configure the PoE ports supplying power to the IP telephones z Click to select ports GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 from the chassis front panel. z Select Enable from the Power - 3Com 3CRBSG2893 | User Guide - Page 505
Configure the PoE port supplying power to AP z Click to select port GigabitEthernet 1/0/11 from the chassis front panel. z Select Enable from the Power State drop-down list. z Select the check box before Power Max and type 9000. z Click Apply. After the configuration takes effect, the IP telephones
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
-
317
-
318
-
319
-
320
-
321
-
322
-
323
-
324
-
325
-
326
-
327
-
328
-
329
-
330
-
331
-
332
-
333
-
334
-
335
-
336
-
337
-
338
-
339
-
340
-
341
-
342
-
343
-
344
-
345
-
346
-
347
-
348
-
349
-
350
-
351
-
352
-
353
-
354
-
355
-
356
-
357
-
358
-
359
-
360
-
361
-
362
-
363
-
364
-
365
-
366
-
367
-
368
-
369
-
370
-
371
-
372
-
373
-
374
-
375
-
376
-
377
-
378
-
379
-
380
-
381
-
382
-
383
-
384
-
385
-
386
-
387
-
388
-
389
-
390
-
391
-
392
-
393
-
394
-
395
-
396
-
397
-
398
-
399
-
400
-
401
-
402
-
403
-
404
-
405
-
406
-
407
-
408
-
409
-
410
-
411
-
412
-
413
-
414
-
415
-
416
-
417
-
418
-
419
-
420
-
421
-
422
-
423
-
424
-
425
-
426
-
427
-
428
-
429
-
430
-
431
-
432
-
433
-
434
-
435
-
436
-
437
-
438
-
439
-
440
-
441
-
442
-
443
-
444
-
445
-
446
-
447
-
448
-
449
-
450
-
451
-
452
-
453
-
454
-
455
-
456
-
457
-
458
-
459
-
460
-
461
-
462
-
463
-
464
-
465
-
466
-
467
-
468
-
469
-
470
-
471
-
472
-
473
-
474
-
475
-
476
-
477
-
478
-
479
-
480
-
481
-
482
-
483
-
484
-
485
-
486
-
487
-
488
-
489
-
490
-
491
-
492
-
493
-
494
-
495
-
496
-
497
-
498
-
499
-
500
-
501
-
502
-
503
-
504
-
505
 |
 |
3Com Baseline Switch 2900 Family
User Guide
Baseline Switch 2920-SFP Plus
Baseline Switch 2928-SFP Plus
Baseline Switch 2952-SFP Plus
Baseline Switch 2928-PWR Plus
Baseline Switch 2928-HPWR Plus
Manual Version:
6W10
2
-2009
0
810
www.3com.com
3Com Corporation
350 Campus Drive, Marlborough,
MA, USA 01752 3064