3com 4210G NT Configuration manual

3Com Switch 4210G Family

Configuration Guide

Switch 4210G 24-Port

Switch 4210G 48-Port

Switch 4210G NT 24-Port

Switch 4210G NT 48-Port

Switch 4210G PWR 24-Port

Switch 4210G PWR 48-Port

Product Version:

Release 2202

Manual Version:

6W100-20100205

www.3com.com

3Com Corporation

350 Campus Drive, Marlborough,

MA, USA 01752 3064

any form or by any means or used to make any derivative work (such as translation, transformation, or

adaptation) without written permission from 3Com Corporation.

3Com Corporation reserves the right to revise this documentation and to make changes in content from time to

time without obligation on the part of 3Com Corporation to provide notification of such revision or change.

3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied

or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability,

satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or changes in the

product(s) and/or the program(s) described in this documentation at any time.

If there is any software on removable media described in this documentation, it is furnished under a license

agreement included with the product as a separate document, in the hard copy documentation, or on the

removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy,

please contact 3Com and a copy will be provided to you.

UNITED STATES GOVERNMENT LEGEND

If you are a United States government agency, then this documentation and the software described herein are

provided to you subject to the following:

All technical data and computer software are commercial in nature and developed solely at private expense.

Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or

as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are

provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights

only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable.

You agree not to remove or deface any portion of any legend provided on any licensed program or

documentation contained in, or delivered to you in conjunction with, this User Guide.

Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may

not be registered in other countries.

3Com and the 3Com logo are registered trademarks of 3Com Corporation.

All other company and product names may be trademarks of the respective companies with which they are

associated.

ENVIRONMENTAL STATEMENT

It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we

are committed to:

Establishing environmental performance standards that comply with national legislation and regulations.

Conserving energy, materials and natural resources in all operations.

Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental

standards. Maximizing the recyclable and reusable content of all products.

Ensuring that all products can be recycled, reused and disposed of safely.

Ensuring that all products are labelled according to recognized environmental standards.

Improving our environmental record on a continual basis.

End of Life Statement

3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.

Regulated Materials Statement

3Com products do not contain any hazardous or ozone-depleting material.

Environmental Statement about the Documentation

The documentation for this product is printed on paper that comes from sustainable, managed forests; it is fully

biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally-friendly, and the

inks are vegetable-based with a low heavy-metal content.

About This Manual

Organization

3Com Switch 4210G Family Configuration Guide is organized as follows:

Volume Features

00-Product

Overview

Product Overview Acronyms

Ethernet Port Link Aggregation Port Isolation MSTP

LLDP VLAN

Isolate-User-VL

AN

Voice VLAN

01-Access

Volume

GVRP QinQ

BPDU

Tunneling

Port Mirroring

IP Addressing ARP Proxy ARP

ARP Attack

Defense

DHCP Overview

DHCP Relay

Agent

DHCP Client DHCP Snooping

BOOTP Client DNS

IP Performance

Optimization

UDP Helper

02-IP Services

Volume

IPv6 Basics Dual Stack sFlow

03-IP Routing

Volume

IP Routing

Overview

Static Routing

IPv6 Static

Routing

Mulitcast Overview IGMP Snooping Multicast VLAN MLD Snooping

04-Multicast

Volume

IPv6 Multicast

VLAN

QoS Overview

QoS

Configuration

Approaches

Priority Mapping

Traffic Policing,

Traffic Shaping,

and Line Rate

Congestion

Management

Traffic Filtering Priority Marking Traffic Redirecting

05-QoS Volume

Traffic Mirroring

Class-Based

Accounting

User Profile Appendix

AAA 802.1X

EAD Fast

Deployment

HABP

MAC

Authentication

Port Security IP Source Guard SSH2.0

SFTP PKI SSL Public Key

06-Security

Volume

ACL Overview IPv4 ACL IPv6 ACL

ACL Application for

Packet Filtering

Smart Link Monitor Link RRPP DLDP

07-High

Availability

Volume

Ethernet OAM

Connectivity

Fault Detection

Track

Volume Features

Logging In to an

Ethernet Switch

Logging In

Through the

Console Port

Logging In

Through

Telnet/SSH

User Interface

Configuration

Examples

Logging in Through

Web-based

Network

Management

System

Logging In

Through NMS

Specifying

Source for

Telnet Packets

Controlling Login

Users

Basic System

Configuration

Device

Management

File System

Management

FTP

TFTP HTTP HTTPS SNMP

MIB Style RMON

MAC Address

Table

Management

MAC Information

Configuration

System

Maintaining and

Debugging

Information

Center

Hotfix NQA

NTP

Cluster

Management

IRF IPC

08-System

Volume

PoE

Automatic

Configuration

Conventions

The manual uses the following conventions:

Command conventions

Convention Description

Boldface

The keywords of a command line are in Boldface.

italic

Command arguments are in italic.

[ ] Items (keywords or arguments) in square brackets [ ] are optional.

{ x | y | ... }

Alternative items are grouped in braces and separated by vertical bars.

One is selected.

[ x | y | ... ]

Optional alternative items are grouped in square brackets and

separated by vertical bars. One or none is selected.

{ x | y | ... } *

Alternative items are grouped in braces and separated by vertical bars.

A minimum of one or a maximum of all can be selected.

[ x | y | ... ] *

Optional alternative items are grouped in square brackets and

separated by vertical bars. Many or none can be selected.

&<1-n>

The argument(s) before the ampersand (&) sign can be entered 1 to n

times.

# A line starting with the # sign is comments.

GUI conventions

Convention Description

< > Button names are inside angle brackets. For example, click <OK>.

[ ]

Window names, menu items, data table and field names are inside

square brackets. For example, pop up the [New User] window.

/

Multi-level menus are separated by forward slashes. For example,

[File/Create/Folder].

Symbols

Convention Description

Means reader be extremely careful. Improper operation may cause

bodily injury.

Means reader be careful. Improper operation may cause data loss or

damage to equipment.

Means a complementary description.

Related Documentation

In addition to this manual, each 3com Switch 4210G documentation set includes the following:

Manual Description

3Com Switch 4210G Family Command

Reference Guide

Provide detailed descriptions of command line interface

(CLI) commands, that you require to manage your switch.

3Com Switch 4210G Family Getting

Started Guide

This guide provides all the information you need to install

and use the 3Com Switch 4210G Family.

Obtaining Documentation

You can access the most up-to-date 3Com product documentation on the World Wide Web at this URL:

http://www.3com.com.

i

Table of Contents

1 Product Features·······································································································································1-1

Introduction to Product····························································································································1-1

Feature Lists ···········································································································································1-1

2 Features······················································································································································2-1

Access Volume ·······································································································································2-1

IP Services Volume·································································································································2-3

IP Routing Volume ··································································································································2-5

Multicast Volume·····································································································································2-5

QoS Volume············································································································································2-6

Security Volume ······································································································································2-7

High Availability Volume··························································································································2-9

System Volume ·····································································································································2-10

1-1

1 Product Features

Introduction to Product

The 3Com Switches 4210G are Gigabit Ethernet switching products and have abundant service

features. They are designed as distribution and access devices for intranets and metropolitan area

networks (MANs). They can also be used for connecting server groups in data centers.

The 3Com Switches 4210G support the innovative Intelligent Resilient Framework (IRF) technology.

With IRF, multiple 4210G switches can be interconnected as a logical entity to form a new intelligent

network featuring high availability, scalability, and manageability.

Feature Lists

The Switch 4210G supports abundant features and the related documents are divided into the volumes

as listed in

Table 1-1.

Table 1-1 Feature list

Volume Features

00-Product

Overview

Product Overview Acronyms

Ethernet Port Link Aggregation Port Isolation MSTP

LLDP VLAN

Isolate-User-VL

AN

Voice VLAN

01-Access

Volume

GVRP QinQ

BPDU

Tunneling

Port Mirroring

IP Addressing ARP Proxy ARP

ARP Attack

Defense

DHCP

DHCP Relay

Agent

DHCP Client DHCP Snooping

BOOTP Client DNS

IP Performance

Optimization

UDP Helper

02-IP Services

Volume

IPv6 Basics Dual Stack sFlow

03-IP Routing

Volume

IP Routing

Overview

Static Routing

IPv6 Static

Routing

Mulitcast Overview IGMP Snooping Multicast VLAN MLD Snooping

04-Multicast

Volume

IPv6 Multicast

VLAN

1-2

Volume Features

QoS Overview

QoS

Configuration

Approaches

Priority Mapping

Traffic Policing,

Traffic Shaping,

and Line Rate

Congestion

Management

Traffic Filtering Priority Marking Traffic Redirecting

05-QoS Volume

Traffic Mirroring

Class-Based

Accounting

User Profile Appendix

AAA 802.1X

EAD Fast

Deployment

HABP

MAC

Authentication

Port Security IP Source Guard SSH2.0

SFTP PKI SSL Public Key

06-Security

Volume

ACL Overview IPv4 ACL IPv6 ACL

ACL Application for

Packet Filtering

Smart Link Monitor Link RRPP DLDP

07-High

Availability

Volume

Ethernet OAM

Connectivity

Fault Detection

Track

Logging In to an

Ethernet Switch

Logging In

Through the

Console Port

Logging In

Through

Telnet/SSH

User Interface

Configuration

Examples

Logging in Through

Web-based

Network

Management

System

Logging In

Through NMS

Specifying

Source for

Telnet Packets

Controlling Login

Users

Basic System

Configuration

Device

Management

File System

Management

FTP

TFTP HTTP HTTPS SNMP

MIB Style RMON

MAC Address

Table

Management

MAC Information

Configuration

System

Maintaining and

Debugging

Information

Center

Hotfix NQA

NTP

Cluster

Management

IRF IPC

08-System

Volume

PoE

Automatic

Configuration

2-1

2 Features

The following sections provide an overview of the main features of each module supported by the

Switch 4210G.

Access Volume

Table 2-1 Features in Access volume

Features Description

Ethernet Port

This document describes:

z Combo Port Configuration

z Basic Ethernet Interface Configuration

z Configuring Flow Control on an Ethernet Interface

z Configuring the Suppression Time of Physical-Link-State Change on

an Ethernet Interface

z Configuring Loopback Testing on an Ethernet Interface

z Configuring a Port Group

z Configuring an Auto-negotiation Transmission Rate

z Configuring Storm Suppression

z Setting the Interval for Collecting Ethernet Interface Statistics

z Enabling Forwarding of Jumbo Frames

z Enabling Loopback Detection on an Ethernet Interface

z Configuring the MDI Mode for an Ethernet Interface

z Testing the Cable on an Ethernet Interface

z Configuring the Storm Constrain Function on an Ethernet Interface

Link aggregation

Link aggregation aggregates multiple physical Ethernet ports into one

logical link. This document describes:

z Basic Concepts of Link Aggregation

z Configuring a Static Aggregation Group

z Configuring a Dynamic Aggregation Group

z Configuring an Aggregate Interface

z Configuring a Load Sharing Mode for Load-Sharing Link Aggregation

Groups

Port Isolation

The port isolation feature allows you to isolate different ports within the

same VLAN. This document describes:

z Introduction to Port Isolation

z Configuring the Isolation Group

MSTP

MSTP is used to eliminate loops in a LAN. It is compatible with STP and

RSTP. This document describes:

z Introduction to MSTP

z Configuring MSTP

2-2

Features Description

LLDP

LLDP enables a device to maintain and manage its own and its immediate

neighbor’s device information, based on which the network management

system detects and determines the conditions of the communications

links. This document describes:

z Introduction to LLDP

z Performing Basic LLDP Configuration

z Configuring CDP Compatibility

z Configuring LLDP Trapping

VLAN

Using the VLAN technology, you can partition a LAN into multiple logical

LANs. This document describes:

z Introduction to VLAN

z Types of VLAN

z Isolate-user-vlan configuration

z Introduction and Configuration of Voice VLAN

Isolate-User-VLAN

Configuration

An isolate-user-VLAN adopts a two-tier VLAN structure. In this approach,

two types of VLANs, isolate-user-VLAN and secondary VLAN, are

configured on the same device. This document describes:

z Overview

z Configuring Isolate-User-VLAN

z Displaying and Maintaining Isolate-User-VLAN

Voice VLAN

Configuration

A voice VLAN is configured specially for voice traffic. After assigning the

ports connecting to voice devices to a voice VLAN, you can configure

quality of service (QoS) parameters for the voice traffic, thus improving

transmission priority and ensuring voice quality. This document describes:

z Overview

z Configuring a Voice VLAN

z Displaying and Maintaining Voice VLAN

GVRP

GVRP is a GARP application. This document describes:

z GARP/GVRP overview

z GVRP configuration

z GARP Timers configuration

QinQ

As defined in IEEE802.1Q, 12 bits are used to identify a VLAN ID, so a

device can support a maximum of 4094 VLANs. The QinQ feature

extends the VLAN space by allowing Ethernet frames to travel across the

service provider network with double VLAN tags. This document

describes:

z Introduction to QinQ

z Configuring basic QinQ

z Configuring Selective QinQ

z Configuring the TPID Value in VLAN Tags

BPDU Tunneling

BPDU tunneling enables transparently transmission of customer network

BPDU frames over the service provider network. This document

describes:

z Introduction to BPDU Tunneling

z Configuring BPDU Tunneling

Port Mirroring

Port mirroring copies packets passing through a port to another port

connected with a monitoring device for packet analysis to help implement

network monitoring and troubleshooting. This document describes:

z Port Mirroring overview

z Local port mirroring configuration

z Remote port mirroring configuration

2-3

IP Services Volume

Table 2-2 Features in the IP Services volume

Features Description

IP Address

An IP address is a 32-bit address allocated to a network interface on a

device that is attached to the Internet. This document describes:

z Introduction to IP addresses

z IP address configuration

ARP

Address Resolution Protocol (ARP) is used to resolve an IP address into a

data link layer address. This document describes:

z ARP Overview

z Configuring ARP

z Configuring Gratuitous ARP

z Proxy ARP and Local Proxy ARP configuration

Proxy ARP

If a host sends an ARP request for the MAC address of another host that

actually resides on another network , the device in between must be able

to respond to the request with the MAC address of the receiving interface

to allow Layer 3 communication between the two hosts. This is achieved

by proxy ARP. This document describes:

z Proxy ARP Overview

z Configuring Proxy ARP

ARP Attack Defense

Currently, ARP attacks and viruses are threatening LAN security. The

device can provide multiple features to detect and prevent such attacks.

This document describes:

z Configuring ARP Source Suppression

z Configuring ARP Defense Against IP Packet Attacks

z Configuring ARP Active Acknowledgement

z Configuring Source MAC Address Based ARP Attack Detection

z Configuring ARP Packet Source MAC Address Consistency Check

z Configuring ARP Packet Rate Limit

z Configuring ARP Detection

DHCP Overview

DHCP is built on a client-server model, in which the client sends a

configuration request and then the server returns a reply to send

configuration parameters such as an IP address to the client. This

document describes:

z Introduction to DHCP

z DHCP Address Allocation

z DHCP Message Format

z DHCP Options

z Protocols and Standards

DHCP Relay Agent

Via a relay agent, DHCP clients communicate with a DHCP server on

another subnet to obtain configuration parameters. Thus, DHCP clients on

different subnets can contact the same DHCP server for ease of

centralized management and cost reduction. This document describes:

z Introduction to DHCP Relay Agent

z Configuring the DHCP Relay Agent

DHCP Client

With the DHCP client enabled on an interface, the interface will use DHCP

to obtain configuration parameters such as an IP address from the DHCP

server. This document describes:

z Introduction to DHCP Client

z Enabling the DHCP Client on an Interface

2-4

Features Description

DHCP Snooping

As a DHCP security feature, DHCP snooping can ensure DHCP clients to

obtain IP addresses from authorized DHCP servers and record IP-to-MAC

mappings of DHCP clients.This document describes:

z DHCP Snooping Overview

z Configuring DHCP Snooping Basic Functions

z Configuring DHCP Snooping to Support Option 82

BOOTP Client

After you specify an interface of a device as a BOOTP client, the interface

can use BOOTP to get information (such as IP address) from the BOOTP

server. This document describes:

z Introduction to BOOTP Client

z Configuring an Interface to Dynamically Obtain an IP Address Through

BOOTP

DNS

Used in the TCP/IP application, Domain Name System (DNS) is a

distributed database which provides the translation between domain name

and the IP address. This document describes:

z Configuring the DNS Client

z Configuring the DNS Proxy

IP Performance

Optimization

In some network environments, you need to adjust the IP parameters to

achieve best network performance. This document describes:

z Enabling Reception and Forwarding of Directed Broadcasts to a

Directly Connected Network

z Configuring TCP Attributes

z Configuring ICMP to Send Error Packets

UDP Helper

UDP Helper functions as a relay agent that converts UDP broadcast

packets into unicast packets and forwards them to a specified server. This

document describes:

z UDP Helper overview

z UDP Helper configuration

IPv6 Basics

Internet protocol version 6 (IPv6), also called IP next generation (IPng),

was designed by the Internet Engineering Task Force (IETF) as the

successor to Internet protocol version 4 (IPv4). This document describes:

z IPv6 overview

z Basic IPv6 functions configuration

z IPv6 NDP configuration

z PMTU discovery configuration

z IPv6 TCP properties configuration

z ICMPv6 packet sending configuration

z IPv6 DNS Client configuration

Dual Stack

A network node that supports both IPv4 and IPv6 is called a dual stack

node. A dual stack node configured with an IPv4 address and an IPv6

address can have both IPv4 and IPv6 packets transmitted. This document

describes:

z Dual stack overview

z Dual stack configuration

sFlow

Based on packet sampling, Sampled Flow (sFlow) is a traffic monitoring

technology mainly used to collect and analyze traffic statistics. This

document describes:

z sFlow Overview

z sFlow Configuration

2-5

IP Routing Volume

Table 2-3 Features in the IP Routing volume

Features Description

IP Routing Overview

This document describes:

z Introduction to IP routing and routing table

z Routing protocol overview

Static Routing

A static route is manually configured by the administrator. The proper

configuration and usage of static routes can improve network

performance and ensure bandwidth for important network applications.

This document describes:

z Static route configuration

z Detecting Reachability of the Static Route’s Nexthop

IPv6 Static Routing

Static routes are special routes that are manually configured by network

administrators. Similar to IPv4 static routes, IPv6 static routes work well in

simple IPv6 network environments. This document describes:

z IPv6 static route configuration

Multicast Volume

Table 2-4 Features in Multicast volume

Features Description

Multicast Overview

This document describes the main concepts in multicast:

z Introduction to Multicast

z Multicast Models

z Multicast Architecture

z Multicast Packets Forwarding Mechanism

IGMP Snooping

Running at the data link layer, IGMP Snooping is a multicast control

mechanism on the Layer 2 Ethernet switch and it is used for multicast

group management and control. This document describes:

z Configuring Basic Functions of IGMP Snooping

z Configuring IGMP Snooping Port Functions

z Configuring IGMP Snooping Querier

z Configuring IGMP Snooping Policy

Multicast VLAN Multicast VLAN configuration

MLD Snooping

Multicast Listener Discovery Snooping (MLD Snooping) is an IPv6

multicast constraining mechanism that runs on Layer 2 devices to

manage and control IPv6 multicast groups. This document describes:

z Configuring Basic Functions of MLD Snooping

z Configuring MLD Snooping Port Functions

z Configuring MLD Snooping Querier

z Configuring MLD Snooping Policy

IPv6 Multicast VLAN IPv6 Multicast VLAN configuration

2-6

QoS Volume

Table 2-5 Features in the QoS ACL volume

Features Description

QoS Overview

For network traffic, the Quality of Service (QoS) involves bandwidth, delay,

and packet loss rate during traffic forwarding process. This document

describes:

z Introduction to QoS

z Introduction to QoS Service Models

z QoS Techniques Overview

QoS Configuration

Approaches

Two approaches are available for you to configure QoS: policy-based and

non policy-based. This document describes:

z QoS Configuration Approach Overview

z Configuring a QoS Policy

Priority Mapping

The priorities of a packet determine its transmission priority. There are two

types of priority: priorities carried in packets and priorities locally assigned

for scheduling only.

When a packet enters the device from a port, the device assigns a set of

QoS priority parameters to the packet based on a certain priority and

sometimes may modify its priority, according to certain rules depending on

device status. This process is called priority mapping.

Traffic Policing, Traffic

Shaping, and Line

Rate

This document describes:

z Traffic Policing, Traffic Shaping, and Line Rate Overview

z Configuring Traffic Policing

z Configuring GTS

z Configuring the Line Rate

Congestion

Management

The key to congestion management is how to define a dispatching policy

for resources to decide the order of forwarding packets when congestion

occurs. This document describes:

z Configuring SP Queuing

z Configure WRR Queuing

z Configuring WFQ Queuing

z Configuring SP+WRR Queues

Traffic Filtering

This document describes how to filter in or filter out a class of traffic by

associating the class with a traffic filtering action.

Priority Marking

This document describes how to marking the priority of the packets by

associating a class with a behavior configured with the priority marking

action

Traffic Redirecting

Traffic redirecting is the action of redirecting the packets matching the

specific match criteria to a certain location for processing. This document

describes how to configure traffic redirecting.

Traffic Mirroring

Traffic mirroring is the action of copying the specified packets to the

specified destination for packet analyzing and monitoring. This document

describes how to configure traffic mirroring.

Class-Based

Accounting

Class-based accounting collects statistics on a per-traffic class basis. This

document describes how to configure class-based accounting.

User Profile

User profile provides a configuration template to save predefined

configurations. This document describes:

z Creating a User Profile

z Configuring a User Profile

z Enabling a User Profile

2-7

Features Description

Appendix

This document describes:

z Acronym

z Default Priority Mapping Tables

z Introduction to Packet Precedences

Security Volume

Table 2-6 Features in the Security volume

Features Description

AAA

Authentication, Authorization and Accounting (AAA) provide a uniform

framework used for configuring these three security functions to

implement the network security management. This document describes:

z Introduction to AAA, RADIUS and HWTACACS

z AAA configuration

z RADIUS configuration

z HWTACACS configuration

802.1X

IEEE 802.1X (hereinafter simplified as 802.1X) is a port-based network

access control protocol that is used as the standard for LAN user access

authentication. This document describes:

z 802.1X overview

z 802.1X configuration

z 802.1X Guest-VLAN configuration

EAD Fast Deployment

In conjunction with 802.1X, EAD Fast Deployment can have an access

switch to force all attached devices to download and install the EAD client

before permitting them to access the network. This document describes:

z EAD Fast Deployment overview

z EAD Fast Deployment configuration

HABP

On an HABP-capable switch, HABP packets can bypass 802.1X

authentication and MAC authentication, allowing communication among

switches in a cluster. This document describes:

z Introduction to HABP

z HABP configuration

MAC Authentication

MAC authentication provides a way for authenticating users based on

ports and MAC addresses; it requires no client software to be installed on

the hosts. This document describes:

z RADIUS-Based MAC Authentication

z Local MAC Authentication

Port Security

Port security is a MAC address-based security mechanism for network

access controlling. It is an extension to the existing 802.1X authentication

and MAC authentication. This document describes:

z Enabling Port Security

z Setting the Maximum Number of Secure MAC Addresses

z Setting the Port Security Mode

z Configuring Port Security Features

z Configuring Secure MAC Addresses

z Ignoring Authorization Information from the Server

2-8

Features Description

IP Source Guard

By filtering packets on a per-port basis, IP source guard prevents illegal

packets from traveling through, thus improving the network security. This

document describes:

z Configuring a Static Binding Entry

z Configuring Dynamic Binding Function

SSH2.0

SSH ensures secure login to a remote device in a non-secure network

environment. By encryption and strong authentication, it protects the

device against attacks. This document describes:

z Configuring Asymmetric Keys

z Configuring the Device as an SSH Server

z Configuring the Device as an SSH Client

SFTP

SFTP uses the SSH connection to provide secure data transfer. This

document describes:

z SFTP Overview

z Configuring an SFTP Server

z Configuring an SFTP Client

PKI

The Public Key Infrastructure (PKI) is a hierarchical framework designed

for providing information security through public key technologies and

digital certificates and verifying the identities of the digital certificate

owners. This document describes PKI related configuration.

SSL

Secure Sockets Layer (SSL) is a security protocol providing secure

connection service for TCP-based application layer protocols, this

document describes SSL related configuration.

Public Key

Configuration

This document describes Public Key Configuration.

ACL Overview

ACLs are sets of rules (or sets of permit or deny statements) that decide

what packets can pass and what should be rejected based on matching

criteria. This document provides the introduction of IPv4 ACL and IPv6

ACL.

IPv4 ACL

This document describes:

z Creating a Time Range

z Configuring a Basic IPv4 ACL

z Configuring an Advanced IPv4 ACL

z Configuring an Ethernet Frame Header ACL

z Copying an IPv4 ACL

IPv6 ACL

This document describes:

z Creating a Time Range

z Configuring a Basic IPv6 ACL

z Configuring an Advanced IPv6 ACL

z Copying an IPv6 ACL

ACL Application for

Packet Filtering

You can apply an ACL to the inbound or outbound direction of an

ethernet interface or VLAN interface to filter received or sent packets

such as Ethernet frames, IPv4 packets, and IPv6 packets. This document

describes:

z Filtering Ethernet Frames

z Filtering IPv4 Packets

z Filtering IPv6 Packets

z Configuring Packet Filtering Statistics Function

2-9

High Availability Volume

Table 2-7 Features in the High Availability volume

Features Description

Smart Link

Smart Link is a solution for active-standby link redundancy backup and

rapid transition in dual-uplink networking. This document describes:

z Smart Link Overview

z Configuring a Smart Link Device

z Configuring an Associated Device

Monitor Link

Monitor link is a port collaboration function used to enable a device to be

aware of the up/down state change of the ports on an indirectly connected

link. This document describes:

z Monitor Link Overview

z Configuring Monitor Link

RRPP

RRPP is a link layer protocol designed for Ethernet rings. RRPP can

prevent broadcast storms caused by data loops when an Ethernet ring is

healthy, and rapidly restore the communication paths between the nodes

after a link is disconnected on the ring. This document describes:

z RRPP overview

z Creating an RRPP Domain

z Configuring Control VLANs

z Configuring Protected VLANs

z Configuring RRPP Rings

z Configuring RRPP Ports

z Configuring RRPP Nodes

z Activating an RRPP Domain

z Configuring RRPP Timers

z Configuring an RRPP Ring Group

DLDP

In the use of fibers, link errors, namely unidirectional links, are likely to

occur. DLDP is designed to detect such errors. This document describes:

z DLDP Introduction

z Enabling DLDP

z Setting DLDP Mode

z Setting the Interval for Sending Advertisement Packets

z Setting the DelayDown Timer

z Setting the Port Shutdown Mode

z Configuring DLDP Authentication

z Resetting DLDP State

Ethernet OAM

Ethernet OAM is a tool monitoring Layer-2 link status. It helps network

administrators manage their networks effectively. This document

describes:

z Ethernet OAM overview

z Configuring Basic Ethernet OAM Functions

z Configuring Link Monitoring

z Enabling OAM Loopback Testing

Connectivity Fault

Detection

Connectivity fault detection is an end-to-end, per-VLAN link-layer OAM

mechanism for link connectivity detection, fault verification, and fault

location. This document describes:

z Connectivity Fault Detection Overview

z Basic Configuration Tasks

z Configuring CC on MEPs

z Configuring LB on MEPs

z Configuring LT on MEPs

2-10

Features Description

Track

The track module is used to implement collaboration between different

modules through established collaboration objects. The detection

modules trigger the application modules to perform certain operations

through the track module. This document describes:

z Track Overview

z Configuring Collaboration Between the Track Module and the

Detection Modules

z Configuring Collaboration Between the Track Module and the

Application Modules

System Volume

Table 2-8 Features in the System volume

Features Description

Logging In to an

Ethernet Switch

Switch supports two types of user interfaces. This document describes:

z Supported User Interfaces

z Users and User Interfaces

z User Interface Number

z Common User Interface Configuration

Logging In Through the

Console Port

To log in through the Console port is the most common way to log in to a

switch. It is also the prerequisite to configure other login methods. This

document describes:

z Introduction

z Setting Up the Connection to the Console Port

z Console Port Login Configuration

z Configuring Command Authorization

z Configuring Command Accounting

Logging In Through

Telnet/SSH

You can telnet to a remote switch to manage and maintain the switch. To

achieve this, you need to configure both the switch and the Telnet

terminal properly. This document describes:

z Introduction

z Logging In Through SSH

z Configuring Command Authorization

z Configuring Command Accounting

User Interface

Configuration Examples

This document describes:

z User Authentication Configuration Example

z Command Authorization Configuration Example

z Command Accounting Configuration Example

Logging in Through

Web-based Network

Management System

An switch 4210G has a built-in Web server. You can log in to an switch

4210G through a Web browser and manage and maintain the switch

intuitively by interacting with the built-in Web server. This document

describes:

z Introduction

z Web Server Configuration

z Displaying Web Users

z Configuration Example

2-11

Features Description

Logging In Through

NMS

You can also log in to a switch through an NMS (network management

station), and then configure and manage the switch through the agent

module on the switch. This document describes:

z Introduction

z Connection Establishment Using NMS

Specifying Source for

Telnet Packets

To improve security and make it easier to manage services, you can

specify source IP addresses/interfaces for Telnet clients. This document

describes:

z Introduction

z Specifying Source IP address/Interface for Telnet Packets

z Displaying the source IP address/Interface Specified for Telnet

Packets

Controlling Login Users

Multiple ways are available for controlling different types of login users.

This document describes:

z Introduction

z Controlling Telnet Users

z Controlling Network Management Users by Source IP Addresses

z Controlling Web Users by Source IP Addresses

Basic System

Configuration

Basic system configuration involves the configuration of device name,

system clock, welcome message, user privilege levels and so on. This

document describes:

z Configuration display

z Basic configurations

z CLI features

Device Management

Through the device management function, you can view the current

condition of your device and configure running parameters. This

document describes:

z Device management overview

z Configuring the Exception Handling Method

z Rebooting a device

z Configuring the scheduled automatic execution function

z Upgrading Device Software

z Disabling Boot ROM Access

z Configuring a detection interval

z Clearing the 16-bit interface indexes not used in the current system

z Identifying and diagnosing pluggable transceivers

File System

Management

A major function of the file system is to manage storage devices, mainly

including creating the file system, creating, deleting, modifying and

renaming a file or a directory and opening a file. This document

describes:

z File system management

z Configuration File Management

FTP Configuration

The File Transfer Protocol (FTP) is an application layer protocol for

sharing files between server and client over a TCP/IP network. This

document describes:

z FTP Overview

z Configuring the FTP Client

z Configuring the FTP Server

2-12

Features Description

TFTP Configuration

The Trivial File Transfer Protocol (TFTP) provides functions similar to

those provided by FTP, but it is less complex than FTP in interactive

access interface and authentication. This document describes:

z TFTP Overview

z Configuring the TFTP Client

HTTP Configuration

Hypertext Transfer Protocol (HTTP) is used for transferring web page

information across the Internet. This document describes the HTTP

configuration.

HTTPS Configuration

The Secure HTTP (HTTPS) refers to the HTTP protocol that supports the

Security Socket Layer (SSL) protocol. This document describes the

HTTPS configuration.

SNMP

Simple network management protocol (SNMP) offers a framework to

monitor network devices through TCP/IP protocol suite. This document

describes:

z SNMP overview

z Basic SNMP function configuration

z SNMP log configuration

z Trap configuration

MIB Style

3Com private MIB involves two styles, 3Com compatible MIB and 3Com

new MIB. To implement NMS’s flexible management of the device, the

device allows you to configure MIB style, that is, you can switch between

the two styles of MIBs. However, you need to ensure that the MIB style of

the device is the same as that of the NMS. This document describes the

MIB style configuration.

RMON

RMON provides an efficient means of monitoring subnets and allows

SNMP to monitor remote network devices in a more proactive and

effective way. This document describes:

z RMON overview

z RMON configuration

MAC Address Table

Management

A switch maintains a MAC address table for fast forwarding packets. This

document describes:

z MAC address table overview

z Configuring MAC Address Entries

z Disabling MAC Address Learning on a VLAN

z Configuring MAC Address Aging Timer

z Configuring the MAC Learning Limit

MAC Information

Configuration

To monitor a network, you need to monitor users joining and leaving the

network. This document describes:

z Overview

z Configuring MAC Information

System Maintenance

and Debugging

For the majority of protocols and features supported, the system provides

corresponding debugging information to help users diagnose errors. This

document describes:

z Maintenance and debugging overview

z Maintenance and debugging configuration

Page is loading ...

3com 4210G NT Configuration manual

This manual is also suitable for

3com 4210G NT Configuration manual

Related papers

Other documents