H3C SR6608 FAQ

Brand: H3C

Model: SR6608

Type: FAQ

This manual is also suitable for

H3C SR6600/SR6600-X Routers

FAQ

No part of this manual may be reproduced or transmitted in any form or by

any means without prior written consent of Hangzhou H3C Technologies Co.,

Ltd.

The information in this document is subject to change without notice.

Contents

Hardware ·······················································································1

Q. What models does H3C SR6600 Router Series include? ······························································ 1

Q. What MPUs are available for the router? ···················································································· 1

Q. What line cards are available for the router? ··············································································· 1

Q. What power modules are available for the router? ······································································· 2

Q. Are the power modules on the router hot swappable? ·································································· 2

Q. Can the router adjust the fan speed automatically? ······································································ 2

Q. Are the cards/interface modules on the router hot swappable? ······················································· 2

Q. How are the interfaces numbered on the router? ········································································· 2

Q. Does the router support active/standby MPU switchover? ····························································· 3

Q. What is the operating temperature and upper and lower temperature thresholds of the router? ············ 3

Q. How do I identify the card serial number or manufacture information? ············································· 3

Q. What is intelligent power management? ····················································································· 4

Q. What cards and interface modules are available for the router? ······················································ 4

Q. What transceiver modules available for the router? ······································································ 4

Q. Do the router LPUs support interface type changing between POS and GE? ···································· 4

Q. Does the router support switching fabric modules? ······································································ 4

Software ·························································································4

Q. Does the BootWare support forward compatibility? ······································································ 4

Q. How do I view the system version information and operation time information? ································· 4

Q. Can I delete the Comware system software image file after the upgrade is completed? ······················ 4

Q. Can I view deleted files? ········································································································· 4

Q. How can I empty the recycle bin? ····························································································· 5

Q. Is software hotfix supported? ··································································································· 5

Q. What should I do before installing patches? ················································································ 5

Q. Why doesn't the router display the current startup configuration file? ··············································· 5

System management and maintenance ················································5

Q. Information displayed on the console terminal is incorrect sometimes. Why? ···································· 5

Q. Data loss occurred after I logged in to the router through the console port. What should I do?·············· 6

Q. How can I clear a Telnet connection? ························································································ 6

Q. Can a Telnet user's username contain the at sign (@)? ································································ 6

Q. I cleared the packet statistics on an interface by using the reset counters interface command. Why does

the MIB browser show that the error packet count is still the same? ······················································· 6

Q. How do I format the Flash or CF card from the BootWare? ···························································· 6

Q. Does the router relearn MAC address, ARP, and route entries after an active/standby switchover? ······ 7

Q. Why should I wait for all LPUs to operate correctly before I save the running configuration? ················ 7

Q. Can the router operate as a TFTP server? ················································································· 7

IRF ································································································7

Q. Are all H3C SR6600 routers IRF capable? ················································································· 7

Q. Do all SR6600 service modules support IRF? ············································································· 7

Q. Can an H3C SR6600 router form an IRF fabric with any devices in the same series? ························· 7

Q. How many chassis can an H3C SR6600 IRF fabric have? ····························································· 8

Q. What topologies does an H3C SR6600 IRF fabric support? ··························································· 8

Q. What restrictions should I follow when I bind a physical interface to or remove it from an IRF port in IRF

mode? ······································································································································· 8

Q. Does an SR6600 IRF fabric support multichassis Ethernet link aggregation? ···································· 9

Q. Can I set up an IRF connection that has multiple links? ································································ 9

Q. Can IRF member chassis use duplicate member IDs? ·································································· 9

Q. Can I use an intermediate device to connect IRF physical interfaces? ············································· 9

Q. What physical interfaces can be used for IRF connection? ···························································· 9

Q. Can I remove both the MPUs in a subordinate chassis? ······························································· 9

Q. Are there any requirements for the intermediate device in LACP MAD? ··········································· 9

Q. Why are service interfaces that were shut down by MAD still down after an IRF merge? ····················· 9

Q. Why doesn't the running configuration on a reunified IRF fabric include the configuration that I made on

one chassis after an IRF split? ······································································································ 10

Network security and attack prevention ··············································· 10

Q. What attack prevention types does the router support? ······························································· 10

Q. Does the router support local authentication before RADIUS authentication? ·································· 10

Q. Why cannot a user log in to an ACS authentication server through a console port when the router uses

RADIUS authentication? ·············································································································· 10

Q. Why can the level for the RADIUS server (the router) only be 1 when it connects to an ACS server? ·· 10

Q. Does the router support local authentication when the HWTACACS authentication fails? ·················· 11

Q. Can the router be connected to a TACACS server that runs third-party TACACS server software? ····· 11

Q. Does the reply from a RADIUS server include the Login-Service option after the authentication succeeds?

Q. How do I set the user role?···································································································· 11

Q. What is the relationship between the levels authorized by an SR6600 HWTACACS server and the levels

authorized by a Cisco ACS server? ······························································································· 11

Q. Which user role is assigned to a Telnet user: The user role configured in VTY user interface or the user

role configured on a RADIUS server or a HWTACACS server? ··························································· 11

Q. How do I prevent gateway spoofing when the router acts as a gateway? ······································· 12

IP forwarding services ····································································· 12

Q. Does the router support cross-card port mirroring? ···································································· 12

Q. Does the router support remote port mirroring? ········································································· 12

Q. What tunneling technologies does the router support? ································································ 12

Q. What protocols and features does BFD support on the router? ····················································· 12

Q. What interfaces can be used for link aggregation? ····································································· 12

Q. Does the router support cross-card link aggregation? ································································· 13

IP routing ······················································································ 13

Q. Does the router support configuring blackhole routes? ······························································· 13

Q. Is the OSPF cost of a Layer 3 Ethernet interface on the router relevant to the interface rate? ············· 13

Q. What are the preferences of different routing protocols? ····························································· 13

Q. Does the router discard the matching packets when the PBR-based forwarding fails? ······················ 14

Q. What is the compatibility between routing protocols and the GR, NSR, FRR, and BFD features? ········ 14

MPLS ·························································································· 14

Q. Which MPLS features are supported by the router? ··································································· 14

IP multicast ··················································································· 14

Q. Which IGMP versions are supported by the router? ··································································· 15

Q. Are static RPs supported by the router? ··················································································· 15

Q. Are static multicast routes supported by the router? ··································································· 15

Q. How do I deny multicast packets from an illegal multicast source? ················································ 15

Q. Are multicast group policies supported by the router? ································································· 15

Q. The RPF check fails after the MSDP peer switchover in inter-domain multicast routing. What are the

possible reasons? ······················································································································ 16

Q. Is BIDIR-PIM or IPv6 BIDIR-PIM supported by the router? ·························································· 16

Q. Is inter-AS MD VPN supported by the router? ··········································································· 16

Q. Is IP multicast unavailable if I configure both of VPLS and IP multicast on the same interface of the

router? ····································································································································· 16

NAT ···························································································· 16

Q. Which cards can support NAT? ······························································································ 16

Q. How does the router perform NAT?························································································· 16

Q. Why routing protocols are not recommended to be configured on the interface with Easy IP configured?

VXLAN ························································································· 17

Q. Do all types of cards support VXLAN? ····················································································· 17

Q. Can I use the router as a VXLAN IP gateway? ·········································································· 17

Q. Can I use VXLAN for Layer 2 forwarding on the router? ······························································ 17

iii

OpenFlow ····················································································· 17

Q. Which cards do not support OpenFlow? ·················································································· 17

Q. Which OpenFlow version does the router support? ···································································· 17

Q. Does OpenFlow support controlling Layer 2 forwarded packets? ·················································· 17

Q. Does OpenFlow support controlling MPLS forwarded packets? ···················································· 17

Q. Does the OpenFlow forwarding process depend on the normal forwarding process? ························ 17

Q. Does OpenFlow support VLAN interfaces?··············································································· 18

H3C SR6600/SR6600-X Routers FAQ

Hardware

This section contains the most frequently asked questions about the router hardware.

Q. What models does H3C SR6600 Router Series include?

A. H3C SR6600 Router Series includes the following models:

•

SR6600 models: SR6604, SR6608, and SR6616.

•

SR6602-X models: SR6602-X1 and SR6602-X2.

•

SR6600-X models: SR6604-X, SR6608-X, and SR6616-X.

Table 1 SR6600 Router Series models

Model

MPU slot

LPU slot

Fan tray slot

Power module slot

SR6604 2 2 1 2

SR6608 2 4 1 2

SR6616 2 8 1 4

SR6602-X1 0 1 1 2

SR6602-X2 0 1 1 2

SR6604-X 2 2 1 2

SR6608-X 2 4 1 2

SR6616-X 2 8 1 4

Q. What MPUs are available for the router?

A. The RT-RPE-X3 MPU is available for the SR6600 routers. A BKEC carrier is required to install an

MPU on the router.

The RT-RSE-X3 MPU is available for the SR6600-X routers. No carrier is required to install an MPU

on the router.

Q. What line cards are available for the router?

A. The router supports FIP and SAP modules.

•

FIP modules—Lower FIP modules than FIP-600 are full-service multi-core forwarding

modules. FIP-600 and above modules are full-service forwarding modules that use Appllo

chips. FIP modules provide interface modules slots and need to work in conjunction with

interface modules.

•

SAP modules—Full-service modules that use fixed interfaces and do not provide interface

module slots.

Q. What power modules are available for the router?

A. The following power modules are available for the router:

Model

Voltage range

Quantity

LSWM1AC300

• AC input: 100 VAC to

240 VAC

• High-voltage DC

input: 240 VDC

• SR6602-X1: 1 to 2

• SR6602-X2: 1 to 2

LSWM1DC300 –48 VDC to –60 VDC

PSR650-D

–48 VDC to –60 VDC

• SR6604: 1 to 2

• SR6608: 1 to 2

• SR6616: 1 to 4

• SR6604-X: 1 to 2

• SR6608-X: 1 to 2

• SR6616-X: 1 to 4

PSR1200-D

PSR650-A

• AC input: 100 VAC to

240 VAC

• High-voltage DC

input: 240 VDC

• SR6604: 1 to 2

• SR6608: 1 to 2

• SR6616: 1 to 4

• SR6604-X: 1 to 2

• SR6608-X: 1 to 2

• SR6616-X: 1 to 4

PSR1200-A

CAUTION:

Do not install AC and DC power modules on the same router.

Q. Are the power modules on the router hot swappable?

A. Yes. Make sure the maximum output power of the power modules available on the router is larger

than the total power consumption. Reserve 20% of the power as a best practice.

Q. Can the router adjust the fan speed automatically?

A. Yes. The router can automatically adjust the fan speed based on the card temperature.

Q. Are the cards/interface modules on the router hot swappable?

A. Yes.

Q. How are the interfaces numbered on the router?

A. In IRF mode, the interfaces on the router are numbered in the interface-type A/B/C/D format. In

standalone mode, the interfaces on the router are numbered in the interface-type B/C/D format.

•

A—Chassis ID.

•

B—Slot number.

•

C—Subslot number. If the card has no subslot, the subslot number is 0.

•

D—Interface number.

Q. Does the router support active/standby MPU switchover?

A. Yes. The standby MPU automatically takes over when the active MPU fails to ensure service

continuity.

For a successful active/standby switchover, make sure the active and standby MPUs use the same

software version.

Q. What is the operating temperature and upper and lower temperature thresholds of the router?

A. The operating temperature of the router is in the range of 0°C (32°F) to 45°C (113°F).

You can use the display environment command to display the router temperature statistics,

including the current temperature and temperature thresholds.

•

When the temperature drops below the lower threshold or reaches the warning threshold, the

router displays a log message and a trap.

•

When the temperature reaches the alarm threshold, the router repeatedly displays log and trap

messages. It also alerts the user to the high-temperature condition through LEDs on the panel.

Q. How do I identify the card serial number or manufacture information?

A. Use the display device manuinfo command on the router. The following is a sample command

output.

<H3C>display device manuinfo

Chassis self:

The operation is not supported on the specified chassis.

Slot 0 CPU 0:

DEVICE_NAME:RT-RSE-X3

DEVICE_SERIAL_NUMBER:210231A1U5B13C900098

MAC_ADDRESS:5CDD-70A2-C654

MANUFACTURING_DATE:2014-02-11

VENDOR_NAME: H3C

Slot 3 CPU 0:

DEVICE_NAME: FIP-240

DEVICE_SERIAL_NUMBER: 210231A2MGB13C900008

MAC_ADDRESS:NONE

MANUFACTURING_DATE:NONE

VENDOR_NAME: H3C

Q. What is intelligent power management?

A. Intelligent power management powers on or off cards based on the remaining power and the power

consumptions of the operating cards and shuts down non-operating cards.

Q. What cards and interface modules are available for the router?

A. See H3C SR6600/SR6600-X Routers Interface Module Guide.

Q. What transceiver modules available for the router?

A. See H3C SR6600/SR6600-X Routers Interface Module Guide.

Q. Do the router LPUs support interface type changing between POS and GE?

A. Only the HIM-TS8P interface module supports interface type changing between POS and GE.

Q. Does the router support switching fabric modules?

A. The SR6600-X routers support the SFE-X1 switching fabric module. The SR6600 routers support

the SFE-L1 switching fabric module.

Software

This section contains the most frequently asked questions about the router software.

Q. Does the BootWare support forward compatibility?

A. Yes. The BootWare is released together with the Comware software. You do not need to upgrade

the BootWare separately. For an SR6602-X1 or SR6602-X2 router or an RSE-X2 MPU to migrate

from Comware 5 to Comware 7, you must follow the BootWare upgrade steps listed in the release

notes to upgrade the BootWare first.

Q. How do I view the system version information and operation time information?

A. Use the display version command. This command displays information about the current

BootWare version, Comware system software version, and system operation time.

Q. Can I delete the Comware system software image file after the upgrade is completed?

A. No. The file contains the software images for MPUs and the software images for LPUs. MPUs and

LPUs read these images during startup.

Q. Can I view deleted files?

A. Yes if the files were deleted by a delete command without the /unreserved option. A delete

command with the /unreserved option permanently deletes files. A delete command without

the /unreserved option moves commands to the recycle bin.

To view the commands in the recycle bin, use the dir /all command. The name of a file in the

recycle bin is placed in brackets ([ ]).

You can use the undelete command to restore commands from the recycle bin.

Q. How can I empty the recycle bin?

A. Use the reset recycle-bin command. If a file in the recycle bin is corrupt, use the reset recycle-bin

command with the /force option to delete the file.

Q. Is software hotfix supported?

A. Yes.

Q. What should I do before installing patches?

A. Before installing patches, perform the following tasks:

•

Save the patch image file in the same directory on the same type of storage medium (flash or

CF card) on the MPUs.

•

Specify the path of the patch image file for the patch file location argument.

Q. Why doesn't the router display the current startup configuration file?

A. The router does not display the current startup configuration file at the first startup:

<Sysname>display startup

MainBoard:

Current saved-configuration file: NULL

Next main startup saved-configuration file: flash:/startup.cfg

Next backup startup saved-configuration file: NULL

Slot 1:

Current saved-configuration file: NULL

Next main startup saved-configuration file: flash:/startup.cfg

Next backup startup saved-configuration file: NULL

System management and maintenance

This section contains the most frequently asked questions about system management and

maintenance.

Q. Information displayed on the console terminal is incorrect sometimes. Why?

A. If nothing is displayed on the console terminal, examine the following:

•

Whether the power system is operating correctly.

•

Whether the MPUs are operating correctly.

•

Whether the console cable is connected to the console port correctly.

If no problem is found, the reason might be one of the following:

•

The access port specified for the terminal is different from the port to which the console cable

is connected.

•

Settings on the configuration terminal are incorrect.

•

The cable has a problem.

If garbled characters are displayed on the terminal, settings on the configuration terminal might be

incorrect.

The correct terminal settings are as follows:

•

Bits per second—9600 bps

•

Flow control—None

•

Parity—None

•

Stop bits—1

•

Data bits—8

•

Terminal display type—VT100

If you are running the terminal software SecureCRT, you must deselect the DTR/DSR option and

RTS/CTS option for flow control. By default, the RTS/CTS option is selected for flow control.

Q. Data loss occurred after I logged in to the router through the console port. What should I do?

A. Perform the following tasks:

1. Enter console user interface view.

2. Use the speed command to change the data rate to 115200 bps.

3. Close the connection.

4. Initiate a new console connection.

Q. How can I clear a Telnet connection?

A. Use the free user-interface vty number command in user view.

Q. Can a Telnet user's username contain the at sign (@)?

A. The username of a Telnet user that is configured on the router cannot contain the at sign (@).

Q. I cleared the packet statistics on an interface by using the reset counters interface command. Why

does the MIB browser show that the error packet count is still the same?

A. The MIB browser shows the values of the hardware counters. The reset counters interface

command does not reset the hardware counters. This command clears only the statistics calculated

by software.

Q. How do I format the Flash or CF card from the BootWare?

A. To format the Flash or CF card:

1. Access the extended BootWare menu.

2. Access the storage media management menu and select the storage medium to be formatted.

3. Format the storage medium.

For example, to format the Flash on an RSE-X3 MPU:

1. Power on or reboot the router.

The startup information appears. (Details not shown.)

2. Press Ctrl + B as prompted to enter the extended BootWare menu.

==========================<EXTENDED-BOOTWARE MENU>==========================

|<1> Boot System |

|<2> Enter Serial SubMenu |

|<3> Enter Ethernet SubMenu |

|<4> File Control |

|<5> Restore to Factory Default Configuration |

|<6> Skip Current System Configuration |

|<7> BootWare Operation Menu |

|<8> Skip Authentication for Console Login |

|<9> Storage Device Operation |

|<0> Reboot |

============================================================================

Ctrl+Z: Access EXTEND-ASSISTANT MENU

Ctrl+F: Format File System

Enter your choice(0-9):

3. Enter 9 to access the storage media management menu. Follow the displayed instructions to

specify the operating storage medium and then return to the extended BootWare menu.

4. Press Ctrl+F to format the Flash.

Q. Does the router relearn MAC address, ARP, and route entries after an active/standby switchover?

A. The router relearns route entries, but it does not relearn MAC address entries and ARP entries.

The switchover does not interrupt MAC-based forwarding or ARP services because the MAC

address table and the ARP table are backed up on the standby MPU. The impact on routing-based

forwarding services depends on the configuration of GR and NSR:

•

If GR or NSR is configured, the switchover will not interrupt forwarding services.

•

If GR and NSR are not configured, the switchover will interrupt forwarding services.

Q. Why should I wait for all LPUs to operate correctly before I save the running configuration?

A. The configuration is saved on the Flash or CF card. During startup, the router configures LPUs by

loading the configuration to memory. If you execute the save command before the process is

completed, the incomplete configuration in memory will be saved to the Flash to replace the

complete configuration, resulting in configuration loss.

Q. Can the router operate as a TFTP server?

A. No.

IRF

This section contains the most frequently asked questions about IRF.

Q. Are all H3C SR6600 routers IRF capable?

A. Yes, all H3C SR6600 routers are IRF capable.

Q. Do all SR6600 service modules support IRF?

A. Yes.

Q. Can an H3C SR6600 router form an IRF fabric with any devices in the same series?

A. No. When you set up an IRF fabric, follow these hardware restrictions and guidelines:

•

The H3C SR6604, SR6608, and SR6616 routers can form an IRF fabric with each other. The

routers cannot form an IRF fabric with any other devices.

•

The H3C SR6604-X, SR6608-X, and SR6616-X routers can form an IRF fabric with each other.

The routers cannot form an IRF fabric with any other devices.

•

The H3C SR6602-X1 and SR6602-X2 routers can form an IRF fabric with each other. The

routers cannot form an IRF fabric with any other devices.

Q. How many chassis can an H3C SR6600 IRF fabric have?

A. An H3C SR6600 IRF fabric can have a maximum of two member chassis.

Q. What topologies does an H3C SR6600 IRF fabric support?

A. An H3C SR6600 IRF fabric only supports the daisy-chain topology. It does not support the ring

topology.

Q. What restrictions should I follow when I bind a physical interface to or remove it from an IRF port in

IRF mode?

A. In IRF mode, you must shut down a physical interface before you bind it to or remove it from an IRF

port. After the physical interface is bound to or removed from the IRF port, use the undo shutdown

command to bring up the physical interface. You cannot shut down the interface if one of the

following conditions exists:

•

The interface is the only member interface of a subordinate chassis in an IRF port binding.

•

Among all interfaces of a subordinate chassis in an IRF port binding, only the interface is in up

state.

Q. Does an SR6600 IRF fabric support multichassis Ethernet link aggregation?

A. Yes.

Q. Can I set up an IRF connection that has multiple links?

A. Yes, you can bind multiple physical links into one IRF connection. These links aggregate

automatically. You do not need to create a link aggregation group as you do for creating an Ethernet

link aggregation.

Q. Can IRF member chassis use duplicate member IDs?

A. No. You must assign a unique IRF member ID to each member chassis before setting up an IRF

fabric. If a chassis has different member IDs on its active MPU and standby MPU, the standby MPU

will reboot automatically with the member ID on the active MPU.

Q. Can I use an intermediate device to connect IRF physical interfaces?

A. No. To ensure the network stability, use fibers or cables to directly connect the IRF physical

interfaces. No intermediate device is allowed for IRF connection.

Q. What physical interfaces can be used for IRF connection?

A. Only fixed ports on interface modules can be used as IRF physical interfaces.

Q. Can I remove both the MPUs in a subordinate chassis?

A. No. Each subordinate chassis must have an MPU to communicate with the global active MPU and

manage forwarding on the local chassis. If you remove both the MPUs on a subordinate chassis, its

interface modules cannot communicate with each other to forward cross-module traffic correctly.

For an SR6600 IRF fabric, if you remove both the MPUs on a subordinate chassis, the IRF fabric

splits.

Q. Are there any requirements for the intermediate device in LACP MAD?

A. When you configure LACP MAD, make sure the intermediate device meets the following

requirements:

•

The intermediate device is a Comware-based H3C device that can process the LACPDUs that

convey the ActiveID field for MAD.

•

If the intermediate device is also an IRF fabric, assign the two IRF fabrics different domain IDs

for correct split detection.

Q. Why are service interfaces that were shut down by MAD still down after an IRF merge?

A. If you reboot the active fabric instead of the recovery IRF fabric to complete an IRF merge, the

service interfaces that were shut down by MAD cannot be restored automatically. You must use

the mad restore command to restore their original physical state.

To avoid this issue, reboot the recovery IRF fabric instead of the active IRF fabric to complete an

IRF merge.

Q. Why doesn't the running configuration on a reunified IRF fabric include the configuration that I made

on one chassis after an IRF split?

A. When an IRF fabric merges, the chassis in the Recovery-state IRF fabric reboots with the running

configuration on the active IRF fabric. The configuration you made on the recovery IRF fabric will not

take effect.

Network security and attack prevention

This section contains the most frequently asked questions about network security and attack

prevention.

Q. What attack prevention types does the router support?

A. The router supports protection against ARP, network layer, and transport layer attacks, as shown

in Table 2.

Table 2 Attack prevention types

Attack prevention types

Description

ARP attack

ARP source suppression Prevents IP attack packets from fixed sources.

ARP black hole routing Prevents IP attack packets from sources that are not fixed.

ARP active

acknowledgement

Prevents user spoofing.

Source MAC-based ARP

attack detection

Prevents ARP packet attacks from the same source MAC.

ARP packet source MAC

consistency check

Prevents attacks from ARP packets whose source MAC

address in the Ethernet header is different from the sender

MAC address in the message body.

Network layer

uRPF check Protects a network against source spoofing attacks.

TTL attack prevention

Prevents an attack by disabling sending ICMP time

exceeded messages.

Transport layer

SYN flood attack

prevention

Enables the server to directly return a SYN ACK message

upon receiving a TCP connection request, without

establishing a half-open TCP connection.

Q. Does the router support local authentication before RADIUS authentication?

A. No. Local authentication can be performed only when no response is received from the RADIUS

server.

Q. Why cannot a user log in to an ACS authentication server through a console port when the router

uses RADIUS authentication?

A. The user can log in to an ACS server through a console port only when you clear the Login-Service

option for the ACS server configuration.

Q. Why can the level for the RADIUS server (the router) only be 1 when it connects to an ACS server?

A. The symptom might occur when one of the following conditions exists:

•

The 2011/002 private attributes for the ACS server are not complete.

•

The Login-Service attribute for the ACS server is not configured.

Q. Does the router support local authentication when the HWTACACS authentication fails?

A. The router supports local authentication when the HWTACACS authentication fails because the

server is not reachable.

The router does not support local authentication when the HWTACACS authentication fails because

of an incorrect username or password.

Q. Can the router be connected to a TACACS server that runs third-party TACACS server software?

A. As long as the TACACS server is configured with the standard RADIUS protocol, the router can be

connected to the server. The servers include ACS servers from Cisco and TACACS servers open to

public (for example, free TACACS servers).

Q. Does the reply from a RADIUS server include the Login-Service option after the authentication

succeeds?

A. It depends on whether a service type is specified on the server. If a service type is specified on the

server, the reply includes the Login-Service option. If no service type is specified on the server, the

reply does not include the Login-Service option.

Q. How do I set the user role?

A. You can set the user role in one of the following ways:

•

Execute the user-role command in user line view or user line class view to assign a user role

to a user line. Users who log in through the user line will get the user role.

•

Execute the authorization-attribute user-role command in local user view to specify a user

role for the local user account.

•

If AAA remote authentication is used, set the user role on the remote server.

Q. What is the relationship between the levels authorized by an SR6600 HWTACACS server and the

levels authorized by a Cisco ACS server?

A. The levels 0 to 16 authorized by an SR6600 HWTACACS server correspond to the levels 0 to 16

authorized by a Cisco ACS server.

Q. Which user role is assigned to a Telnet user: The user role configured in VTY user interface or the

user role configured on a RADIUS server or a HWTACACS server?

A. The user role configured on a RADIUS server or a HWTACACS server is assigned. Both the default

user roles are network-operator.

For example, if the user role network-admin or level 15 is configured in VTY user interface, and no

user role is configured on the server, the user role network-operator is assigned to the Telnet user.

If no user role is configured in VTY user interface, and the user role level 15 is configured on the

server, the user role level 15 is assigned to the Telnet user.

The user role configured in VTY user interface is assigned only after the authentication-mode

none command or the password command is executed.

Q. How do I prevent gateway spoofing when the router acts as a gateway?

A. When receiving an ARP packet from the router that acts as a gateway, the router sends a gratuitous

ARP packet to modify the spoofed ARP entries. If a large number of attack packets exist, the router

detects the incoming interface of the attack packets. It captures the packets, obtains the packet

signature, and applies an ACL to the interface to filter out subsequent attack packets.

IP forwarding services

This section contains the most frequently asked questions about IP forwarding services.

Q. Does the router support cross-card port mirroring?

A. The local mirroring group supports cross-card port mirroring. The mirroring source and destination

can reside on different cards or interface cards of a router.

Q. Does the router support remote port mirroring?

A. No.

Q. What tunneling technologies does the router support?

A. The router supports the following tunneling technologies:

•

IPv6 over IPv4 tunneling—Enables IPv6 packets to traverse IPv4 networks and enables

isolated IPv6 networks to communicate.

•

IPv4 over IPv4 tunneling/GRE tunneling—Creates VPN to ensure communication security.

•

MPLS TE tunneling—Implements traffic engineering to prevent network congestion.

Q. What protocols and features does BFD support on the router?

A. BFD supports the following protocols and features:

•

IPv4 routing protocols, including RIP, OSPF, IS-IS, and BGP.

•

IPv6 routing protocols, including OSPFv3, IPv6 IS-IS, and IPv6 BGP.

•

LDP LSP.

•

MPLS TE.

•

Static routing, policy-based routing, and Track.

•

IP FRR and MPLS TE FRR.

•

VRRP.

•

PIM DR.

•

Primary and backup PWs of VPLS.

•

LACP.

•

Interface and subinterface.

Q. What interfaces can be used for link aggregation?

A. You can aggregate the physical Ethernet interfaces on an FIP-600 or SAP-4EXP card.

You can aggregate the physical Ethernet interfaces and Layer 3 Ethernet subinterfaces on any card

except an FIP-600 or SAP-4EXP card.

Q. Does the router support cross-card link aggregation?

A. Yes. You can use interfaces on any cards for cross-card link aggregation except an FIP-600 or

SAP-4EXP card.

IP routing

This section contains the most frequently asked questions about IP routing.

Q. Does the router support configuring blackhole routes?

A. Yes. A blackhole route is a static route whose output interface is Null 0. The router discards the

matching packets without sending ICMP messages to notify the source host. To prevent IP attacks,

you can configure blackhole routes to discard packets destined for specific destinations. The

following example shows how to configure a blackhole route:

<Sysname>system-view

[Sysname]ip route-static 1.1.1.1 32 null 0 preference 1

Q. Is the OSPF cost of a Layer 3 Ethernet interface on the router relevant to the interface rate?

A. Yes. By default, a Layer 3 Ethernet interface automatically computes its OSPF cost according to the

interface rate with the following formula: Interface OSPF cost = Bandwidth reference value (100

Mbps) / Interface rate (Mbps).

If the calculated cost is greater than 65535, the value of 65535 is used. If the calculated cost is

smaller than 1, the value of 1 is used.

Q. What are the preferences of different routing protocols?

A. Routing protocols, including static routing, each have a preference by default. If they find multiple

routes to the same destination, the router selects the route with the highest preference as the

optimal route. The preference of a direct route is always 0 and cannot be changed. You can

configure a preference for each static route and each dynamic routing protocol. Table 3 lists the

route types and default preferences. The smaller the value, the higher the preference.

Table 3 Route types and default route preferences

Route type

Preference

Direct route 0

OSPF 10

IS-IS 15

Static route 60

RIP 100

OSPF ASE 150

OSPF NSSA 150

IBGP 255

EBGP 255

Unknown (route from an untrusted source) 256

Q. Does the router discard the matching packets when the PBR-based forwarding fails?

A. No. If the PBR-based forwarding fails because of nonexistent next hop, the router forwards the

matching packets based on the IP routing table.

Q. What is the compatibility between routing protocols and the GR, NSR, FRR, and BFD features?

A. The following matrix shows the GR, NSR, FRR, and BFD features and routing protocol compatibility:

Routing

protocol

GR NSR FRR BFD

IPv4 static route

N/A

Yes

IPv6 static route

N/A

Yes

RIP

Yes Yes

Yes

RIPng

Yes Yes

Yes

OSPF

Yes

OSPFv3

Yes

IS-IS

Yes

IPv6 IS-IS

Yes

BGP

Yes

IPv6 BGP

Yes

MPLS

This section contains the most frequently asked questions about MPLS.

Q. Which MPLS features are supported by the router?

A. The router supports the following MPLS features:

•

MPLS data forwarding, LSP, and LDP.

•

Acting as an ingress, egress, or a transit LSR.

•

MPLS TE and RSVP-TE.

•

MPLS L2VPN and VPLS.

•

MPLS L3VPN.

•

MPLS L2VPN access to L3VPN.

IP multicast

This section contains the most frequently asked questions about IP multicast.

Q. Which IGMP versions are supported by the router?

A. The router supports IGMPv1, IGMPv2, and IGMPv3. By default, the router runs IGMPv2.

Q. Are static RPs supported by the router?

A. Yes. You can use the static-rp rp-address [ acl-number | bidir | preferred ] *command to configure

a static RP. You can also use this command to define the multicast group range to which the static

RP is designated and to give priority to the static RP.

When you configure a static RP, follow these restrictions and guidelines:

•

If you specify the preferred keyword, the static RP takes priority. The dynamic RP takes effect

only if the static RP fails. If you do not specify the preferred keyword, the dynamic RP takes

priority.

•

You must configure the same static RP for all routers in the PIM domain.

Q. Are static multicast routes supported by the router?

A. Yes. You can configure static multicast routes to create or change RPF routes.

Q. How do I deny multicast packets from an illegal multicast source?

A. You can configure an ACL to permit multicast packets only from legal sources. For example, to

permit only packets from the source 99.100.100.4 to the group 225.1.1.1, follow these steps:

1. Configure an ACL.

[Sysname] acl number 3000

[Sysname-acl-adv-3000] rule 0 permit ip source 99.100.100.4 0 destination 225.1.1.1

[Sysname-acl-adv-3000] rule 1 deny ip

2. Configure a multicast source policy that uses ACL 3000.

[Sysname-pim] source-policy 3000

Q. Are multicast group policies supported by the router?

A. Yes. You can configure a multicast group policy by using the igmp group-policy ipv4-acl-number

[ version-number ] command in one of the following views:

•

Layer 3 Ethernet interface view

•

Layer 3 Ethernet subinterface view

•

Layer 3 aggregate interface view

•

Layer 3 aggregate subinterface view

When you configure a rule in the IPv4 ACL, follow these restrictions and guidelines:

•

For the rule to take effect, do not specify the vpn-instance vpn-instance option.

•

In a basic ACL, the source source-address source-wildcard option specifies a multicast group

address.

•

In an advanced ACL, the source source-address source-wildcard option specifies a multicast

source address. The destination dest-address dest-wildcard option specifies a multicast

group address.

•

To match the following IGMP reports, set the source source-address source-wildcard option to

0.0.0.0:

 IGMPv1 and IGMPv2 reports.

 IGMPv3 IS_EX and IGMPv3 TO_EX reports that do not carry multicast source addresses.

•

Among the other optional parameters, only the fragment keyword and

the time-range time-range-name option take effect.

Q. The RPF check fails after the MSDP peer switchover in inter-domain multicast routing. What are the

possible reasons?

A. The RPF check fails due to either of the following reasons:

•

The configuration for the static RPF peer is not correct. For example, the filtering policy for the

static RPF peer is incorrect.

•

Loops exist between MSDP peers, causing packets to arrive at non-RPF interfaces.

Q. Is BIDIR-PIM or IPv6 BIDIR-PIM supported by the router?

A. Yes.

Q. Is inter-AS MD VPN supported by the router?

A. Yes.

Q. Is IP multicast unavailable if I configure both of VPLS and IP multicast on the same interface of the

router?

A. Yes. Do not configure both of VPLS and IP multicast on the same interface of the router.

NAT

This section contains the most frequently asked questions about NAT.

Q. Which cards can support NAT?

A. All cards support NAT on the router.

Q. How does the router perform NAT?

A. The router can perform traditional NAT and twice NAT:

•

Traditional NAT applies to the interface that connects the public network. It translates the

source IP addresses of outgoing packets and destination IP addresses of incoming packets.

•

Twice NAT translates the destination IP address on the receiving interface and the source IP

address on the sending interface. The receiving and sending interfaces are both NAT

interfaces. Twice NAT allows VPNs with overlapping addresses to access each other.

Page is loading ...

H3C SR6608 FAQ

Brand: H3C

Model: SR6608

Type: FAQ

This manual is also suitable for

Download PDF

report

H3C SR6608 FAQ

This manual is also suitable for

H3C SR6608 FAQ

Related papers

Other documents