3com S9505 Operating instructions

H3C S9500 Series Routing Switches

Operation Manual

Hangzhou H3C Technologies Co., Ltd.

http://www.h3c.com

Manual Version: T2-08163E-20071125-C-1.01

Product Version: S9500-CMW310-R1278

No part of this manual may be reproduced or transmitted in any form or by any means

without prior written consent of Hangzhou H3C Technologies Co., Ltd.

Trademarks

H3C, , Aolynk, , H

3

Care,

, TOP G, , IRF, NetPilot,

Neocean, NeoVTL, SecPro, SecPoint, SecEngine, SecPath, Comware, Secware,

Storware, NQA, VVG, V

2

G, V

n

G, PSPT, XGbus, N-Bus, TiGem, InnoVision and

HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd.

All other trademarks that may be mentioned in this manual are the property of their

respective owners.

Notice

The information in this document is subject to change without notice. Every effort has

been made in the preparation of this document to ensure accuracy of the contents, but

all statements, information, and recommendations in this document do not constitute

the warranty of any kind, express or implied.

To obtain the latest information, please access:

http://www. h3c.com

Technical Support

customer_service@h3c.com

http://www. h3c.com

About This Manual

Related Documentation

The related manuals are listed in the following table.

Manual Description

H3C S9500 Series Routing Switches

Installation Manual

It provides information for the system

installation, booting, hardware/software

maintenance & monitoring.

H3C S9500 Series Routing Switches

Command Manual

It introduces all commands available in

the S9500, as well as a command index.

Organization

H3C S9500 Series Routing Switches Operation Manual consists of the following parts:

Part Contents

1 Getting Started This module profiles the access types and steps to the

S9500 series

2 Port This module focuses on the configuration on Ethernet

ports, POS ports, RPR ports, link aggregation, and IDS

cooperation.

3 VLAN-QinQ This module elaborates on the configuration on VLAN,

GARP, GVRP, super VLAN and QinQ.

4 Network Protocol This module details the configuration on network

protocols, including IP address configuration, ARP

configuration, DHCP relay configuration, DNS

configuration and IP performance configuration

5 Routing Protocol This module concentrates on the configuration on

routing protocols, including static route configuration,

RIP configuration, OSPF configuration, IS-IS

configuration, BGP configuration and IP routing policy

configuration

6 Multicast Protocol This module presents the configuration on

IGMP-Snooping, IGMP, multicast VLAN, PIM-DM,

PIM-SM, MSDP and MBGP

7 QACL This module introduces the configuration on QoS/ACL

feature.

Part Contents

8 MPLS This module introduces the configuration on MPLS and

BGP/MPLS VPN features..

9 STP This module introduces the configuration on STP

feature.

10 Security This module presents the configuration on 802.1x, AAA

and RADIUS protocols, HABP, and HWTACACS

protocol.

11 Reliability This module focuses on VRRP and HA configurations.

12 System Management This module details the configuration involved in

system management and maintenance, including file

management, system maintenance, SNMP, RMON,

NTP protocol, SSH terminal services, and network

management.

13 PoE This module focuses on power over Ethernet (PoE)

configuration.

14 NAT-URPF-VPLS This module presents the configurations on NAT,

URPF, and VPLS.

15 Integrated

Management

This module introduces the configuration on HGMP V1

16 Appendix This appendix offers the acronyms in this manual

Conventions

The manual uses the following conventions:

I. Command conventions

Convention Description

Boldface

The keywords of a command line are in Boldface.

italic

Command arguments are in italic.

[ ]

Items (keywords or arguments) in square brackets [ ] are

optional.

{ x | y | ... }

Alternative items are grouped in braces and separated by

vertical bars. One is selected.

[ x | y | ... ]

Optional alternative items are grouped in square brackets

and separated by vertical bars. One or none is selected.

{ x | y | ... } *

Alternative items are grouped in braces and separated by

vertical bars. A minimum of one or a maximum of all can be

selected.

Convention Description

[ x | y | ... ] *

Optional alternative items are grouped in square brackets

and separated by vertical bars. Many or none can be

selected.

# A line starting with the # sign is comments.

II. GUI conventions

Convention Description

< >

Button names are inside angle brackets. For example, For

example, click <OK>.

[ ]

Window names, menu items, data table and field names

are inside square brackets. For example, pop up the [New

User] window.

/

Multi-level menus are separated by forward slashes. For

example, [File/Create/Folder].

III. Symbols

Convention Description

Warning

Means be extremely careful; the risk of bodily injury is

present.

Caution

Means be careful. The risk of data loss and damage to

equipment is present.

 Note Means a complementary description.

Operation Manual – Getting Started

H3C S9500 Series Routing Switches Table of Contents

i

Table of Contents

Chapter 1 Product Overview ........................................................................................................1-1

1.1 Product Overview............................................................................................................... 1-1

1.2 Function Features.............................................................................................................. 1-2

Chapter 2 Logging in to Switch ...................................................................................................2-1

2.1 Setting Up Configuration Environment through the Console Port ..................................... 2-1

2.2 Setting up Configuration Environment through Telnet....................................................... 2-2

2.2.1 Connecting a PC to the Switch through Telnet ....................................................... 2-2

2.2.2 Accessing a Switch through another Switch via Telnet .......................................... 2-4

2.3 Setting Up Configuration Environment through Modem Dial-up ....................................... 2-5

Chapter 3 Command Line Interface.............................................................................................3-1

3.1 Command Line Interface ................................................................................................... 3-1

3.2 Command Line View.......................................................................................................... 3-1

3.3 Features and Functions of Command Line ....................................................................... 3-9

3.3.1 Online Help of Command Line................................................................................ 3-9

3.3.2 Displaying Characteristics of Command Line ....................................................... 3-10

3.3.3 History Command of Command Line.................................................................... 3-10

3.3.4 Common Command Line Error Messages............................................................ 3-11

3.3.5 Editing Characteristics of Command Line............................................................. 3-11

Chapter 4 User Interface Configuration......................................................................................4-1

4.1 User Interface Overview .................................................................................................... 4-1

4.2 User Interface Configuration.............................................................................................. 4-2

4.2.1 Entering User Interface View .................................................................................. 4-2

4.2.2 Define the Login Header ......................................................................................... 4-2

4.2.3 Configuring Asynchronous Port Attributes .............................................................. 4-3

4.2.4 Configuring Terminal Attributes............................................................................... 4-4

4.2.5 Managing Users ...................................................................................................... 4-6

4.2.6 Configuring Modem Attributes............................................................................... 4-10

4.2.7 Configuring Redirection......................................................................................... 4-11

4.3 Displaying and Debugging User Interface ....................................................................... 4-12

Chapter 5 Management Interface Configuration........................................................................5-1

5.1 Management Interface Overview....................................................................................... 5-1

5.2 Management Interface Configuration ................................................................................ 5-1

Chapter 6 Password Control Configuration ............................................................................... 6-1

6.1 Introduction to Password Control Configuration ................................................................ 6-1

6.2 Password Control Configuration ........................................................................................ 6-2

6.2.1 Configuration Prerequisites..................................................................................... 6-2

Operation Manual – Getting Started

H3C S9500 Series Routing Switches Table of Contents

ii

6.2.2 Configuration Tasks ................................................................................................ 6-2

6.2.3 System Logging Function........................................................................................ 6-9

6.2.4 Password Control Configuration Example .............................................................. 6-9

Operation Manual – Getting Started

H3C S9500 Series Routing Switches Chapter 1 Product Overview

1-1

Chapter 1 Product Overview

1.1 Product Overview

The H3C S9500 Series Routing Switches (hereinafter referred to as S9500 series) are

a series of large capacity, modularized L2/L3 switches. They are mainly designed for

broadband MAN, backbone, switching core and convergence center of large-sized

enterprise network and campus network. They provide diverse services and can be

used in constructing stable and high-performance IP network. The series include the

following main models:

z S9505 routing switch

z S9508 routing switch

z S9512 routing switch

S9500 series use integrated chassis, which can be subdivided into power supply area,

board area, backplane and fan area.

For S9505, in the board area, there are seven slots: the top two (slot0, slot1)

accommodate SRPU boards, which are in 1+1 redundancy; the remaining five

accommodate LPU boards, which can be hybrid.

For S9508, in the board area, there are 10 slots: the two (slot4, slot5) in the middle

accommodate SRPU boards, which are in 1+1 redundancy; the remaining 8

accommodate LPU boards, which can be hybrid.

For S9512, in the board area, there are 14 slots: the two (slot6, slot7) in the middle

accommodate SRPU boards, which are in 1+1 redundancy; the remaining 12

accommodate LPU boards, which can be hybrid. For specific configurations of the

hybrid boards, refer to the “BGP/MPLS VPN Configuration” section of the MPLS

module.

S9500 series support the following services:

z Internet broadband access

z MAN, enterprise/campus networking

z Providing multicast service and multicast routing and supporting multicast audio

and video services.

Operation Manual – Getting Started

H3C S9500 Series Routing Switches Chapter 1 Product Overview

1-2

1.2 Function Features

Table 1-1 Function features

Features Implementation

VLAN

Supports VLAN compliant with IEEE 802.1Q Standard

Supports port-based VLAN

Supports GARP VLAN Registration Protocol (GVRP)

Supports super VLAN

Supports guest VLAN

STP protocol

Supports Spanning Tree Protocol (STP) / Multiple Spanning Tree

Protocol (MSTP), compliant with IEEE 802.1D/IEEE 802.1s

Standard

Flow control

Supports IEEE 802.3x flow control (full-duplex)

Supports back-pressure based flow control (half-duplex)

Broadcast

Suppression

Supports Broadcast Suppression

Multicast

Supports Internet Group Management Protocol Snooping (IGMP

Snooping)

Supports Internet Group Management Protocol (IGMP)

Supports Protocol-Independent Multicast-Dense Mode (PIM-DM)

Supports Protocol-Independent Multicast-Sparse Mode

(PIM-SM)

Supports Multicast Source Discovery Protocol (MSDP)

Supports Multiprotocol BGP (MBGP)

IP routing

Supports static routing

Supports Routing Information Protocol (RIP) v1/v2

Supports Open Shortest Path First (OSPF)

Supports Border Gateway Protocol (BGP)

Supports Intermediate System-to-Intermediate System

intra-domain routing information exchange protocol (IS-IS)

Supports equivalent routes

Supports policy routing

Supports IP routing policy

DHCP

Supports dynamic host configuration protocol (DHCP) relay

Supports DHCP server

Link

aggregation

Supports link aggregation, including manual aggregation and

dynamic LACP (link aggregation control protocols) aggregation

and static LACP aggregation.

Mirroring

Supports the port-based mirroring

Supports flow mirroring of copying messages to CPU

Operation Manual – Getting Started

H3C S9500 Series Routing Switches Chapter 1 Product Overview

1-3

Features Implementation

Quality of

Service (QoS)

Supports traffic classification

Supports bandwidth control

Supports congestion control

Supports traffic shaping and traffic supervision

Supports queues of different priority on the port

Queue scheduling: supports Strict Priority Queuing (SP),

Weighted Round Robin (WRR), and SP+WRR

Security

features

Supports Multi-level user management and password protect

Supports 802.1X authentication

Supports Packet filtering

Supports AAA/RADIUS/HWTACACS

Supports IDS linkage

MPLS

Supports Multiprotocol Label Switching (MPLS) basic function

Supports MPLS L3 VPN

Supports VLL, including Martini, Kompella and CCC modes

Supports VPLS

Dedicated

service

processing

Supports NAT

Supports URPF

Management

and

Maintenance

Supports command line interface configuration

Supports local configuration via Console port and AUX port

Supports local and remote configuration through Telnet on

Ethernet port

Supports remote configuration through modem dialup via the

AUX port.

Supports SNMP management (Supports RMON (remote

monitoring) MIB Groups 1, 2, 3 and 9)

Supports system logging

Supports level alarms

Supports output of the debugging information

Supports Ping and Tracert

Supports remote maintenance via Telnet and Modem dialup

Supports SSH (secure shell) 2.0

Loading and

updating

Supports to load and upgrade software via XModem protocol

Supports to load and upgrade software via File Transfer Protocol

(FTP) and Trivial File Transfer Protocol (TFTP)

Operation Manual – Getting Started

H3C S9500 Series Routing Switches Chapter 2 Logging in to Switch

2-1

Chapter 2 Logging in to Switch

2.1 Setting Up Configuration Environment through the

Console Port

Step 1: As shown in the figure below, to set up the local configuration environment,

connect the serial port of a PC (or a terminal) to the Console port of the switch with the

Console cable.

Console port

RS-232 Serial port

Console cable

Figure 2-1 Set up the local configuration environment through the Console port

Step 2: Run a terminal emulator (such as Terminal of Windows 3X or HyperTerminal of

Windows 9X) on the computer. Set the terminal communication parameters as follows:

Set “Bits per second” to “9600”, “Data bits” to “8”, “Parity” to “none”, “Stop bits” to “1”,

and “Flow control” to “none”, and select the “VT100” as the terminal type..

Figure 2-2 Set up new connection

Operation Manual – Getting Started

H3C S9500 Series Routing Switches Chapter 2 Logging in to Switch

2-2

Figure 2-3 Configure the port for connection

Figure 2-4 Set communication parameters

Step 3: The switch is powered on. Display self-test information of the switch and prompt

you to press Enter to show the command line prompt such as <H3C>.

Step 4: Input a command to configure the switch or view the operation state. Input a “?”

for help. For details of specific commands, refer to the following chapters.

2.2 Setting up Configuration Environment through Telnet

2.2.1 Connecting a PC to the Switch through Telnet

After you have correctly configured IP address of a VLAN interface for a switch via

Console port (using ip address command in VLAN interface view), and added the port

(that connects to a terminal) to this VLAN (using port command in VLAN view), you can

telnet this switch and configure it.

Operation Manual – Getting Started

H3C S9500 Series Routing Switches Chapter 2 Logging in to Switch

2-3

Step 1: Before logging into the switch through telnet, you need to configure the Telnet

user name and password on the switch through the console port.

 Note:

By default, the password is required for authenticating the Telnet user to log in to the

switch. If a user logs in via the Telnet without password, he will see the prompt “Login

password has not been set !”.

<H3C> system-view

Enter system view , return user view with Ctrl+Z.

[H3C] user-interface vty 0

[H3C-ui-vty0] set authentication password simple xxxx (xxxx is the login

password of Telnet user)

Step 2: To set up the configuration environment, connect the Ethernet port of the PC to

that of the switch via the LAN, as shown in

Figure 2-5.

Workstation

Server

PC ( for configuring the switch

via Telnet )

Ethernet port

Ethernet

Workstation

Server

PC ( for configuring the switch

via Telnet )

Ethernet port

Ethernet

Figure 2-5 Set up configuration environment through telnet

Step 3: Run Telnet on the PC and input the IP address of the VLAN connected to the PC

port, as shown in

Figure 2-6.

Figure 2-6 Run Telnet

Operation Manual – Getting Started

H3C S9500 Series Routing Switches Chapter 2 Logging in to Switch

2-4

Step 4: The terminal displays “Login authentication!” and prompts the user to input the

logon password. After you input the correct password, it displays the command line

prompt (such as <H3C>). If the prompt “All user interfaces are used, please try later!

The connection was closed by the remote host!” appears, it indicates that the maximum

number of Telnet users that can be accessed to the switch is reached at this moment. In

this case, please reconnect later. At most 5 Telnet users are allowed to log on to the

H3C series switches simultaneously.

Step 5: Use the corresponding commands to configure the switch or to monitor the

running state. Enter “?” to get the immediate help. For details of specific commands,

refer to the following chapters.

 Note:

z When configuring the switch via Telnet, do not modify the IP address of it unless

necessary, for the modification might cut the Telnet connection.

z By default, when a Telnet user passes the password authentication to log on to the

switch, he can access the commands at Level 0.

2.2.2 Accessing a Switch through another Switch via Telnet

After a user has logged in to a switch, he or she can configure another switch through

the switch via Telnet. The local switch serves as Telnet client and the peer switch

serves as Telnet server. If the ports connecting these two switches are in a same local

network, their IP addresses must be configured in the same network segment.

Otherwise, the two switches must establish a route that can reach each other.

As shown in the figure below, after you telnet to a switch, you can run telnet command

to log in and configure another switch.

Telnet Client

PC

Telnet Server

Figure 2-7 Provide Telnet Client service

Step 1: Configure the Telnet user name and password on the Telnet Server through the

console port.

Operation Manual – Getting Started

H3C S9500 Series Routing Switches Chapter 2 Logging in to Switch

2-5

 Note:

By default, the password is required for authenticating the Telnet user to log in to the

switch. If a user logs in via the Telnet without password, he will see the prompt “Login

password has not been set !.”.

<H3C> system-view

System View: return to User View with Ctrl+Z

[H3C] user-interface vty 0

[H3C-ui-vty0] set authentication password simple xxxx (xxxx is the login

password of Telnet user)

Step 2: The user logs in the Telnet Client (switch). For the login process, refer to the

section describing “Connecting a PC to the Switch through Telnet”.

Step 3: Perform the following operations on the Telnet Client:

<H3C> telnet xxxx (xxxx can be the hostname or IP address of the Telnet Server.

If it is the hostname, you need to use the ip host command to specify.)

Step 4: Enter the preset login password and you will see the prompt such <H3C>. If the

prompt “All user interfaces are used, please try later! The connection was closed by the

remote host!” appears, it indicates that the maximum number of Telnet users that can

be accessed to the switch is reached at this moment. In this case, please connect later.

Step 5: Use the corresponding commands to configure the switch or view it running

state. Enter “?” to get the immediate help. For details of specific commands, refer to the

following chapters.

2.3 Setting Up Configuration Environment through Modem

Dial-up

Step 1: The modem user is authenticated via the Console port of the switch before he

or she logs in to the switch through a dial-up Modem.

 Note:

By default, the password is required for authenticating the Modem user to log in to the

switch. If a user logs in via the Modem without password, he or she will see the prompt

“Login password has not been set !.”.

<H3C> system-view

System View: return to User View with Ctrl+Z..

[H3C] user-interface aux 0

Operation Manual – Getting Started

H3C S9500 Series Routing Switches Chapter 2 Logging in to Switch

2-6

[H3C-ui-aux0] set authentication password simple xxxx (xxxx is the login

password of the Modem user.)

Step 2: As shown in the figure below, to set up the remote configuration environment,

connect the Modems to a PC (or a terminal) serial port and the switch AUX port

respectively.

Modem

Telephone line

Modem

Modem serial port line

Remote tel:

82882285

AUX port

PSTN

Modem

Telephone line

Modem

Modem serial port line

Remote tel:

82882285

AUX port

PSTN

Figure 2-8 Set up remote configuration environment

Step 3: Dial for connection to the switch, using the terminal emulator and Modem on the

remote end. The number dialed shall be the telephone number of the Modem

connected to the switch. See the two figures below.

Figure 2-9 Set the dialed number

Operation Manual – Getting Started

H3C S9500 Series Routing Switches Chapter 2 Logging in to Switch

2-7

Figure 2-10 Dial on the remote PC

Step 4: Enter the preset login password on the remote terminal emulator and wait for

the prompt such as <H3C>. Then you can configure and manage the switch. Enter “?”

to get the immediate help. For details of specific commands, refer to the following

chapters.

 Note:

By default, when a Modem user logs in, he can access the commands at Level 0.

Operation Manual – Getting Started

H3C S9500 Series Routing Switches Chapter 3 Command Line Interface

3-1

Chapter 3 Command Line Interface

3.1 Command Line Interface

H3C series switches provide a series of configuration commands and command line

interfaces for configuring and managing the switch. The command line interface has

the following characteristics:

z Local configuration via the Console port and AUX port.

z Local or remote configuration via Telnet.

z Remote configuration through dialing with modem via the AUX port.

z Hierarchy command protection to avoid the unauthorized users accessing switch.

z Enter a “?” to get immediate online help.

z Provide network testing commands, such as Tracert and Ping, to fast troubleshoot

the network.

z Provide various detailed debugging information to help with network

troubleshooting.

z Log in and manage other switch directly, using the Telnet command.

z Provide FTP service for the users to upload and download files.

z Provide the function similar to Doskey to execute a history command.

z The command line interpreter searches for target not fully matching the keywords.

It is ok for you to key in the whole keyword or part of it, as long as it is unique and

not ambiguous.

3.2 Command Line View

H3C series switches provide hierarchy protection for the command lines to avoid

unauthorized user accessing illegally.

Commands are classified into four levels, namely visit level, monitoring level,

configuration level and management level. They are introduced as follows:

z Visit level: Commands of this level involve command of network diagnosis tool

(such as ping and tracert), command of switch between different language

environments of user interface (language-mode) and telnet command etc. The

operation of saving configuration file is not allowed on this level of commands.

z Monitoring level: Commands of this level, including the display command and the

debugging command, are used to system maintenance, service fault diagnosis,

etc. The operation of saving configuration file is not allowed on this level of

commands.

z Configuration level: Service configuration commands, including routing command

and commands on each network layer, are used to provide direct network service

to the user.

Operation Manual – Getting Started

H3C S9500 Series Routing Switches Chapter 3 Command Line Interface

3-2

z Management level: They are commands that influence basis operation of the

system and system support module, which plays a support role on service.

Commands of this level involve file system commands, FTP commands, TFTP

commands, XModem downloading commands, user management commands,

and level setting commands.

At the same time, login users are classified into four levels that correspond to the four

command levels respectively. After users of different levels log in, they can only use

commands at the levels that are equal to or lower than its own level.

In order to prevent unauthorized users from illegal intrusion, user will be identified when

switching from a lower level to a higher level with super [ level ] command. User ID

authentication is performed when users at lower level switch to users at higher level. In

other words, user password of the higher level is needed (Suppose the user has set the

super password [ level level ] { simple | cipher } password.) For the sake of

confidentiality, on the screen the user cannot see the password that he entered. Only

when correct password is input for three times, can the user switch to the higher level.

Otherwise, the original user level will remain unchanged.

Different command views are implemented according to different requirements. They

are related to one another. For example, after logging in the switch, you will enter user

view, in which you can only use some basic functions such as displaying the running

state and statistics information. In user view, key in system-view to enter system view,

in which you can key in different configuration commands and enter the corresponding

views.

The command line provides the following views:

z User view

z System view

z Port view

z VLAN view

z VLAN interface view

z Local-user view

z User interface view

z FTP Client command view

z SFTP Client view

z MST region view

z PIM view

z MSDP view

z IPv4 multicast sub-address family view

z RIP view

z OSPF view

z OSPF area view

z BGP view

z IS-IS view

Operation Manual – Getting Started

H3C S9500 Series Routing Switches Chapter 3 Command Line Interface

3-3

z Route policy view

z Basic ACL view

z Advanced ACL view

z Layer-2 ACL view

z Conform-level view

z WRED index view

z RADIUS server group view

z ISP domain view

z MPLS view

z VPNv4 sub-address family view

z VPN-instance sub-address family view

z BGP-VPNv4 sub-address family view

z MPLS L2VPN view

z L2VPN address family view

z Route-Policy view

z vpn-instance view

z OSPF protocol view

z Remote-peer view

z VSI-LDP view

z VSI view

z HWTACACS view

z Port group view

z Lanswitch view

z HGMP view

The following table describes the function features of different views and the ways to

enter or quit.

Table 3-1 Function feature of command view

Comman

d view

Function Prompt

Command to

enter

Command to exit

User view

Show the basic

information about

operation and

statistics

<H3C>

Enter right after

connecting the

switch

Use quit to end

the disconnection

with the switch

System

view

Configure system

parameters

[H3C]

Key in

system-view in

user view

Use quit or return

to return to user

view

Page is loading ...

3com S9505, S9508 FABRIC, S9512 FABRIC Operating instructions

Related papers

Other documents