3Com Corporation reserves the right to revise this documentation and to make changes in content from time
to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either
implied or expressed, including, but not limited to, the implied warranties, terms or conditions of
merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or
changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license
agreement included with the product as a separate document, in the hard copy documentation, or on the
removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy,
please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein
are provided to you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense.
Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995)
or
as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are
provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited
rights only as provided in DFAR 252.227-7015 (Nov
applicable. You agree not to remove or deface any portion of any legend provided on any licensed program
or documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may
not be registered in other countries.
3Com, the 3Com logo, are registered trademarks of 3Com Corporation.
Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and
Windows NT are registered trademarks of Microsoft
States and other countries, licensed exclusively through X/Open Company, Ltd.
All other company and product names may be trademarks of the respective companies with which they are
associated.
1995) or FAR 52.227-14 (June 1987), whichever is
Corporation. UNIX is a registered trademark in the United
CONTENTS
ABOUT THIS GUIDE
Conventions 1
SYSTEM ACCESS
Product Overview 3
Function Features 3
Configuring the Switch 8800 4
Setting Terminal Parameters 5
Configuring Through Telnet 7
Configuring Through a Dial-up Modem 10
Configuring the User Interface 11
Command Line Interface 19
Command Line View 19
Features and Functions of the Command Line 22
PORT CONFIGURATION
Ethernet Port Overview 27
Configuring Ethernet Ports 27
Example: Configuring the Default VLAN ID of the Trunk Port 34
Troubleshooting VLAN Port Configuration 34
Configuring Link Aggregation 34
Load Sharing 35
Port State 36
Configuring Link Aggregation 36
Example: Link Aggregation Configuration 38
VLAN CONFIGURATION
VLAN Overview 39
Configuring VLANs 39
Common VLAN Configuration Tasks 39
Adding Ethernet Ports to a VLAN 40
Configuring GARP/GVRP 42
Configuring GVRP 44
NETWORK PROTOCOL OPERATION
Configuring IP Address 49
Subnet and Mask 50
Configuring an IP Address 50
Troubleshooting an IP Address Configuration 52
Configuring Address Resolution Protocol (ARP) 52
Configuring ARP 52
DHCP Relay 54
Configuring DHCP Relay 55
Troubleshooting a DHCP Relay Configuration 58
IP Performance 59
Configuring TCP Attributes 59
Displaying and Debugging IP Performance 59
Troubleshooting IP Performance 60
IPX Configuration 61
IPX Address Structure 61
Routing Information Protocol 61
Service Advertising Protocol 61
IP ROUTING PROTOCOL OPERATION
IP Routing Protocol Overview 63
Selecting Routes Through the Routing Table 64
Routing Management Policy 65
PIM-DM Configuration Example 191
Configuring PIM-SM 192
PIM-SM Operating Principles 193
Preparing to Configure PIM-SM 194
Configuring PIM-SM 195
GMRP 203
Configuring GMRP 204
QOS/ACL OPERATION
ACL Overview 207
ACLs Activated Directly on Hardware 207
ACLs Referenced by Upper-level Modules 207
ACLs Supported 208
Configuring ACLs 208
Configuring Time Range 209
Defining and Applying a Flow Template 209
Defining ACLs 211
Activating ACLs 212
Displaying and Debugging ACL Configurations 213
ACL Configuration Example 213
Basic ACL Configuration Example 214
L2 ACL Configuration Example 215
QoS Configuration 216
QoS Configuration 219
Configuration Examples 229
Traffic Policing Configuration Example 229
Traffic Shaping Configuration Example 231
Port Mirroring Configuration Example 231
Traffic Priority Configuration Example 232
Traffic Redirection Configuration Example 233
Queue Scheduling Configuration Example 234
WRED Parameters Configuration Example 235
Traffic Statistics Configuration Example 235
Configuring Logon User ACL Control 236
Configuring ACL for Telnet Users 236
Configuration Example 237
Configuring ACL for SNMP Users 238
Configuration Example 239
STP OPERATION
STP Overview 241
Configuring STP 241
Designating Switches and Ports 242
Calculating the STP Algorithm 242
Generating the Configuration BPDU 243
Selecting the Optimum Configuration BPDU 243
Designating the Root Port 243
Configuring the BPDU Forwarding Mechanism 245
MSTP Overview 246
MSTP Concepts 246
MSTP Principles 249
Configuring MSTP 249
Configuring the MST Region for a Switch 250
Specifying the Switch as Primary or Secondary Root Switch 251
Configuring the MSTP Operating Mode 252
Configuring the Bridge Priority for a Switch 253
Configuring the Max Hops in an MST Region 253
Configuring the Switching Network Diameter 254
Configuring the Time Parameters of a Switch 255
Configuring the Max Transmission Speed on a Port 256
Configuring a Port as an Edge Port 257
Configuring the Path Cost of a Port 257
Configuring the Priority of a Port 259
Configuring the Port Connection with the Point-to-Point Link 260
Configuring the mCheck Variable of a Port 261
Configuring the Switch Security Function 262
Enabling MSTP on the Device 263
Enabling or Disabling MSTP on a Port 263
Displaying and Debugging MSTP 264
AAA AND RADIUS OPERATION
IEEE 802.1x 265
802.1x System Architecture 265
Configuring 802.1x 267
Configuring the AAA and RADIUS Protocols 274
Configuring AAA 276
Configuring the RADIUS Protocol 279
Troubleshooting AAA and RADIUS 289
RELIABILITY
VRRP Overview 291
Configuring VRRP 292
Enable Pinging the Virtual IP Address 292
Setting Correspondence Between Virtual IP and MAC Addresses 293
Adding and Deleting a Virtual IP Address 293
Configuring the Priority of Switches 294
Configuring Preemption and Delay for a Switch 294
Configuring Authentication Type and Authentication Key 295
Configuring the VRRP Timer 295
Configuring a Switch to Track an Interface 296
Displaying and Debugging VRRP 296
Troubleshooting VRRP 299
SYSTEM MANAGEMENT
File System 301
Using a Directory 301
Managing Files 302
Formatting Storage Devices 302
Setting the Prompt Mode of the File System 302
Configuring File Management 303
FTP 304
TFTP 306
Managing the MAC Address Table 307
Configuring the MAC Address Table 308
Managing Devices 312
Rebooting the Switch 8800 312
Designating the File for the Next Boot 312
Displaying Devices 313
Maintaining and Debugging the System 313
Configuring System Basics 314
Displaying System Information and State 315
Debugging the System 315
Testing Tools for Network Connection 317
Logging Function 318
SNMP 322
SNMP Versions and Supported MIB 322
Configuring SNMP 323
This guide describes the 3Com® Switch 8800 and how to configure it in version
3.0 of the software.
ConventionsTa bl e 1 lists icon conventions that are used throughout this book.
Ta bl e 1 Notice Icons
IconNotice TypeDescription
Information
note
Information that describes important features or
instructions.
CautionInformation that alerts you to potential loss of data
WarningInformation that alerts you to potential personal
or potential damage to an application, system, or
device.
injury.
Ta bl e 2 lists the text conventions used in this book.
Ta bl e 2 Text Conventions
ConventionDescription
Screen displaysThis typeface represents information as
Keyboard key namesIf you must press two or more keys
Press Ctrl+Alt+Del The words “enter” and type”
When you see the word “enter” in this guide, you
must type something, and then press Return or Enter.
Do not press Return or Enter when an instruction
simply says “type.”
Italics are used to:Emphasize a point.
Denote a new term at the place where it is defined in
the text.
Identify menu names, menu commands, and software
button names. Examples:
Click OK.Words in bold
Boldface type is used to highlight command names.
For example, “Use the display user-interface
command to...”
it appears on the screen.
simultaneously, the key names are
linked with a plus sign (+), for example:
Words in italics
Identify command variables.
From the Help menu, select
Contents.
2ABOUT THIS GUIDE
SYSTEM ACCESS
1
This chapter covers the following topics:
■ Product Overview
■ Configuring the Switch 8800
■ Setting Terminal Parameters
■ Command Line Interface
Product OverviewThe 3Com Switch 8800 is a large capacity, modular wire speed Layer 2/Layer 3
switch. It is designed for IP metropolitan area networks (MAN), large-sized
enterprise networks, and campus network users.
The Switch 8800 has an integrated chassis structure. The chassis contains a I/O
module area, fan area, power supply area, and a power distribution area. In the
I/O module area, there are seven, ten, or fourteen slots. Two slots are reserved for
the switch Fabric modules, and the remaining slots are for the I/O modules. You
can install different interface modules for different networks; the slots support a
mixed set of modules.
The Switch 8800 supports the following services:
■ MAN, enterprise/campus networking
■ Multicast service and multicast routing functions and support audio and video
multicast service.
Function FeaturesTa bl e 1 lists and describes the function features that the Switch 8800 supports.
Ta bl e 1 Function Features
FeaturesSupport
VLANVLANs compliant with IEEE 802.1Q standard
STP protocolSpanning Tree Protocol (STP)
Flow controlIEEE 802.3x flow control (full-duplex)
Rapid Spanning Tree Protocol (RSTP)
Multiple Spanning Tree Protocol (MSTP), compliant with IEEE
802.1D/IEEE 802.1s Standard
Back-pressure based flow control (half-duplex)
Internet Group Management Protocol (IGMP) Snooping
Internet Group Management Protocol (IGMP)
Protocol-Independent Multicast-Dense Mode (PIM-DM)
Protocol-Independent Multicast-Sparse Mode (PIM-SM)
4CHAPTER 1: SYSTEM ACCESS
Console port
Table 1 Function Features (continued)
FeaturesSupport
IP routingStatic route
RIP v1/v2
OSPF
BGP (in advanced software)
IS-IS (in advanced software)
IP routing policy
Bandwidth control
Priority
Queues of different priority on the port
Queue scheduling: supports strict priority (SP), weighted round
robin (WRR), committed access route (CAR) queueing
Command line interface configuration
Configuration through the console and AUX ports
Local or remote configuration by Telnet
Remote configuration by dialing the modem through the AUX port
SNMP
System log
Level alarms
Output of the debugging information
PING and Tracert
Remote maintenance with Telnet and modem
Loading and upgrading software using the File Transfer Protocol
(FTP) and Trivial File Transfer Protocol (TFTP)
Configuring the
Switch 8800
On the Switch 8800, you can set up the configuration environment through the
console port. To set up the local configuration environment:
1 Plug the DB-9 or DB-25 female plug of the console cable into the serial port of the
PC or the terminal where the switch is to be configured.
2 Connect the RJ-45 connector of the console cable to the console port of the
switch, as shown in
Figure 1 Setting Up the Local Configuration Environment Through the Console Port
Figure 1.
RS-232 Serial port
Console cable
Setting Terminal Parameters5
Setting Terminal
Parameters
To set terminal parameters:
1 Start the PC and select Start > Programs > Accessories > Communications >
HyperTerminal.
2 The HyperTerminal window displays the Connection Description dialog box, as
shown in
Figure 2 Set Up the New Connection
Figure 2.
3 Enter the name of the new connection in the Name field and click OK. The dialog
box, shown in
Figure 3 displays.
4 Select the serial port to be used from the Connect using dropdown menu.
Figure 3 Properties Dialog Box
6CHAPTER 1: SYSTEM ACCESS
5 Click OK. The Port Settings tab, shown in Figure 4, displays and you can set serial
port parameters. Set the following parameters:
■ Baud rate = 9600
■ Databit = 8
■ Parity check = none
■ Stopbit = 1
■ Flow control = none
Figure 4 Set Communication Parameters
6 Click OK. The HyperTerminal dialogue box displays, as shown in Figure 5.
7 Select Properties.
Figure 5 HyperTerminal Window
Setting Terminal Parameters7
8 In the Properties dialog box, select the Settings tab, as shown in Figure 6.
9 Select VT100 in the Emulation dropdown menu.
10 Click OK.
Figure 6 Settings Tab
Configuring Through
Te ln e t
Setting the Terminal Parameters is described in the following sections:
■ Configuring Through Telnet
■ Configuring Through a Dial-up Modem
■ Configuring the User Interface
Before you can telnet to a Switch 8800 and configure it, you must:
1 Configure the IP address of a VLAN interface for the Switch 8800 through the
console port (using the ip address command in VLAN interface view)
2 Add the port (that connects to a terminal) to this VLAN (using the port command
in VLAN view)
3 Log in to the Switch 8800
Tasks for Configuring through Telnet are described in the following sections:
■ Connecting the PC to the Switch 8800
■ Connecting Two Switch 8800 Systems
8CHAPTER 1: SYSTEM ACCESS
1 Authenticate the Telnet user through the console port before the user logs in by
2 Enter system view, return to user view by pressing Ctrl+Z.
3 To set up the configuration environment, connect the Ethernet port of the PC to
Connecting the PC to the Switch 8800
To connect the PC and Switch 8800 through Telnet:
Te ln e t.
By default, a password is required for authenticating the Telnet user to log in the
Switch 8800. If a user logs in by Telnet without a password, the user sees the
message:
(xxxx is the preset login password of Telnet user)
that of the Switch 8800 through the LAN. See
Figure 7 Setting Up the Configuration Environment Through Telnet
Figure 7.
Workstation
Switch 8800
Ethernet port
Ethernet
WorkstationServer
4 Run Telnet on the PC by selecting Start > Run from the Windows desktop and
entering Teln et in the Open field, as shown in
Figure 8 Run Telnet
PC (for configuring
the switch through Telnet)
Figure 8. Click OK.
The terminal displays User Access Verification and prompts you for the logon
password.
5 Enter the password. The terminal displays the command line prompt (<SW8800>).
If the message, Too many users! appears, try to reconnect later. At most, 5
Telnet users are allowed to log on to a Switch 8800 simultaneously.
Setting Terminal Parameters9
6 Use the appropriate commands to configure the Switch 8800 or to monitor the
operational state. Enter
? to get immediate help. For details on specific
commands, refer to the chapters in this guide.
When configuring the Switch 8800 by Telnet, do not modify the IP address unless
necessary, because the modification might terminate the Telnet connection. By
default, after passing the password authentication and logging on, a Telnet user
can access the commands at login level 0.
Connecting Two Switch 8800 Systems
Before you can telnet the Switch 8800 to another Switch 8800, as shown in
Figure 9, you must:
1 Configure the IP address of a VLAN interface for the Switch 8800 through the
console port (using the ip address command in VLAN interface view)
2 Add the port (that connects to a terminal) to this VLAN (using the port command
in VLAN view)
3 Log in to the Switch 8800
After you telnet to a Switch 8800, you can run the telnet command to log in and
configure another Switch 8800.
Figure 9 Provide Telnet Client Service
PC
Telnet client
Telnet server
1 Authenticate the Telnet user through the console port on the Telnet Server (Switch
8800) before login.
By default, a password is required for authenticating the Telnet user to log in the
Switch 8800. If a user logs into Telnet without password, the system displays the
following message:
Login password has not been set!
2 Enter system view, return to user view by pressing Ctrl+Z.
<SW8800>system-view
[SW8800]user-interface vty 0
[SW8800-ui-vty0]set authentication password simple/cipher xxxx (xxxx
is the preset login password of Telnet user)
3 Log in to the Telnet client (Switch 8800). For the login process, see “Connecting
the PC to the Switch 8800”.
4 Perform the following operations on the Telnet client:
<SW8800>telnet xxxx
(XXXX can be the hostname or IP address of the Telnet Server. If it is the hostname,
you need to use the ip host command to specify it).
5 Enter the preset login password. The Switch 8800 prompt (<SW8800>) displays. If
the message,
Too many users! displays, try to connect later.
10CHAPTER 1: SYSTEM ACCESS
6 Use the appropriate commands to configure the Switch 8800 or view its
operational state. Enter
? to get immediate help. For details on a specific
command, refer to the appropriate chapter in this guide.
Configuring Through a
Dial-up Modem
To configure your router with a dial-up modem through the AUX port:
1 Authenticate the modem user through the console port of the Switch 8800 before
the user logs in to the switch through a dial-up modem.
By default, a password is required for authenticating the modem user to log in to
the Switch 8800. If a user logs in through the modem without a password, the
user sees the message,
Password required, but none set.
a Enter system view, return user view with Ctrl+Z.
<SW8800>system-view
[SW8800]user-interface aux 0
[SW8800-ui-aux0]set authentication password simple/cipher xxxx (xxxx
is the preset login password of the Modem user.)
b Using the modem command, you can configure the console port to modem
mode.
[SW8800-ui-aux0]modem
2 To set up the remote configuration environment, connect the modems to a PC (or
a terminal) serial port and to the Switch 8800 console port, as shown in
Set Up
Remote Configuration Environment.
Figure 10 Set Up Remote Configuration Environment
Modem serial port line
Modem
Telephone line
PST
Console port
Modem
Remote telephone:
555-5555
3 Dial for a connection to the switch, using the terminal emulator and modem on
the remote end. Dial the telephone number of the modem connected to the
Switch 8800. See
Figure 11 and Figure 12.
Figure 11 Set the Dialed Number
Setting Terminal Parameters11
Figure 12 Dial the Remote PC
4 Enter the preset login password on the remote terminal emulator and wait for the
<SW8800>prompt.
5 Use the appropriate commands to configure the Switch 8800 or view its
operational state. Enter
? to get immediate help. For details on a specific
command, refer to the appropriate chapter in this guide.
Configuring the User
Interface
By default, after login, a modem user can access the commands at Level 0.
User interface configuration is another way to configure and manage port data.
The Switch 8800 supports the following configuration methods:
■ Local configuration through the console port
■ Remote configuration through Telnet on the Ethernet port
12CHAPTER 1: SYSTEM ACCESS
■ Remote configuration through a modem through the console port.
There are two types of user interfaces:
■ AUX user interface is used to log in the Switch 8800 through a dial-up modem.
A Switch 8800 can only have one AUX port.
■ VTY user interface is used to telnet the Switch 8800.
For the Switch 8800, the AUX port and Console port are the same port. There is
only the type of AUX user interface.
The user interface is numbered by absolute number or relative number.
To number the user interface by absolute number:
■ The AUX user interface is the first interface — user interface 0.
■ The VTY is numbered after the AUX user interface. The absolute number of the
first VTY is the AUX user interface number plus 1.
To number the user interface by relative number, represented by interface +
number assigned to each type of user interface:
■ AUX user interface = AUX 0.
■ The first VTY interface = VTY 0, the second one = VTY 1, and so on.
Tasks for configuring the user interface are described in the following sections:
■ Entering the User Interface View
■ Configuring the Attributes of the AUX (Console) Port
■ Configuring the Terminal Attributes
■ Managing Users
■ Configuring the Attributes of a Modem
■ Configuring Redirection
■ Displaying and Debugging User Interface
Entering the User Interface View
Use the user-interface command (see Tab le 2) to enter a user interface view. You
can enter a single user interface view or multi-user interface view to configure one
or more user interfaces.
Perform the following configuration in system view.
Ta bl e 2 Enter User Interface View
OperationCommand
Enter a single user interface view or multi user
interface views
user-interface [ type ] first-number [
last-number ]
Configuring the Attributes of the AUX (Console) Port
Use the speed, flow control, parity, stop bit, and data bit commands (see
Ta bl e 3) to configure these attributes of the AUX (Console) port.
Setting Terminal Parameters13
Perform the following configurations in user interface (AUX user interface only)
view.
Ta bl e 3 Configure the Attributes of the AUX (Console) Port
OperationCommand
Configure the transmission speed on AUX
(Console) port. By default, the transmission
speed is 9600bps
Restore the default transmission speed on
AUX (Console) port
Configure the flow control on AUX (Console)
port. By default, no flow control is performed
on the AUX (Console) port
Restore the default flow control mode on AUX
(Console) port
Configure parity mode on the AUX (Console)
port. By default, there is no parity bit on the
AUX (Console) port
Restore the default parity modeundo parity
Configure the stop bit of AUX (Console) port.
By default, AUX (Console) port supports 1
stop bit
Restore the default stop bit of AUX (Console)
port
Configure the data bit of AUX (Console) port.
By default, AUX (Console) port supports 8
data bits.
Restore the default data bit of AUX (Console)
port
speed speed-value
undo speed
flow-control { hardware | none |
software }
undo flow-control
parity { even | mark | none | odd | space }
stopbits { 1 | 1.5 | 2 }
undo stopbits
databits { 7 | 8 }
undo databits
Configuring the Terminal Attributes
The following commands can be used for configuring the terminal attributes,
including enabling/disabling terminal service, disconnection upon timeout,
lockable user interface, configuring terminal screen length and history command
buffer size.
Perform the following configuration in user interface view. Perform the lock
command in user view.
Enabling and Disabling Terminal Service After the terminal service is
disabled on a user interface, you cannot log in to the Switch 8800 through the
user interface. However, if a user logged in through the user interface before
disabling the terminal service, the user can continue operation. After the user logs
out, the user cannot log in again. In this case, the user can log in to the Switch
through the user interface only when the terminal service is enabled again. Use
the commands described in
Ta bl e 4 Enabling and Disabling Terminal Service
OperationCommand
Enable terminal serviceshell
Disable terminal serviceundo shell
Ta bl e 4 to enable or disable terminal service.
14CHAPTER 1: SYSTEM ACCESS
By default, terminal service is enabled on all the user interfaces.
Note the following points:
■ For the sake of security, the undo shell command can only be used on the user
interfaces other than the AUX user interface.
■ You cannot use this command on the user interface through which you log in.
■ You must confirm your privilege before using the undo shell command in any
legal user interface.
Configuring idle-timeout By default, idle-timeout is enabled and set to 10
minutes on all the user interfaces. The idle-timeout command is described in
Ta bl e 5.
Locking the User Interface The lock command locks the current user interface
and prompts the user to enter a password. This makes it impossible for others to
operate in the interface after the user leaves. The lock command is described in
Ta bl e 6.
Ta bl e 6 Lock User Interface
OperationCommand
Lock user interfacelock
Setting the Screen Length If a command displays more than one screen of
information, you can use the screen length command to determine how many
lines are displayed on a screen so that information can be separated in different
screens and you can view it more conveniently. The screen-length command is
described in
Ta bl e 7 Setting Screen Length
OperationCommand
Set the screen lengthscreen-length screen-length (screen-length
Restore the default screen lengthundo screen-length
Ta bl e 7.
0 indicates to disable screen display separation
function.)
By default, the terminal screen length is 24 lines.
Setting the History-Command Buffer Size
Ta bl e 8 describes the history-command max-size command.
By default, the size of the history-command max-size command buffer is 10.
Ta bl e 8 Set the History Command Buffer Size
OperationCommand
Set the history command buffer sizehistory-command max-size value
Setting Terminal Parameters15
Table 8 Set the History Command Buffer Size
OperationCommand
Restore the default history command buffer
size
undo history-command max-size
Managing Users
The management of users includes, the setting of the user logon authentication
method, the level of command a user can use after logging on, the level of
command a user can use after logging on from the specific user interface, and the
command level.
Configuring the Authentication Method The authentication-mode
command configures the user login authentication method that allows access to
an unauthorized user.
Ta bl e 9 describes the authentication-mode command.
Perform the following configuration in user interface view.
Ta bl e 9 Configure Authentication Method
OperationCommand
Configure the authentication methodauthentication-mode { password | scheme
}
Configure no authenticationauthentication-mode none
By default, terminal authentication is not required for users who log in through
the console port, whereas a password is required for authenticating modem and
Telnet users when they log in.
To configure authentication for modem and Telnet users:
1 Configure local password authentication for the user interface.
When you set the password authentication mode, you must also configure a login
password to log in successfully.
Ta bl e 10 describes the set authentication
password command.
Perform the following configuration in user interface view.
Ta bl e 10 Configure the Local Authentication Password
OperationCommand
Configure the local authentication passwordset authentication password { cipher |
Remove the local authentication passwordundo set authentication password
simple } password
Configure for password authentication when a user logs in through a VTY 0 user
interface and set the password to 3Com:
2 Configure the local or remote authentication username and password.
Use the authentication-mode scheme command to perform local or remote
authentication of username and password. The type of the authentication
depends on your configuration. For detailed information, see
“AAA and RADIUS
Operation”
16CHAPTER 1: SYSTEM ACCESS
3 Set the Switch 8800 to allow user access without authentication.
Perform username and password authentication when a user logs in through the
VTY 0 user interface and set the username and password to zbr and 3Com
respectively:
By default, the password is required for authenticating the modem and Telnet
users when they log in. If the password has not been set, when a user logs in, the
following message displays,
Login password has not been set!
If the authentication-mode none command is used, the modem and Telnet
users are not required to enter a password.
Set the Command Level after Login The following command is used for
setting the command level used after a user logs in.
Perform the following configuration in local-user view.
Ta bl e 11 Set Command Level Used After a User Logs In
OperationCommand
Set the command level used after a user
logging in
Restore the default command level used after
a user logging in
By default, a Telnet user can access the commands at Level 1 after logon.
Setting the Command Level Used after a User Logs in from a User Interface
Use the user privilege level command to set the command level, after a user
logs in from a specific user interface, so that a user is able to execute the
commands at that command level.
Ta bl e 12 describes the user privilege level
command.
Perform the following configuration in user interface view.
Ta bl e 12 Set Command Level After User Login
OperationCommand
Set command level used after a user logging
in from a user interface
Restore the default command level used after
a user logging in from a user interface
user privilege level level
undo user privilege level
By default, a user can access the commands at Level 3 after logging in through the
AUX user interface, and the commands at Level 0 after logging in through the VTY
user interface.
Setting Terminal Parameters17
When a user logs in to the switch, the command level that the user can access
depends on two points. One is the command level that the user can access, the
other is the set command level of the user interface. If the two levels are different,
the former is taken. For example, the command level of VTY 0 user interface is 1,
however, user Tom has the right to access commands of level 3; if Tom logs in from
VTY 0 user interface, he can access commands of level 3 and lower.
Setting Command Priority The command-privilege level command sets the
priority of a specified command in a certain view. The command levels include
visit, monitoring, configuration, and management, which are identified with
command level 0 through 3, respectively. An administrator assigns authority
according to user requirements. See
Ta bl e 13.
Perform the following configuration in system view.
Ta bl e 13 Set Command Priority
OperationCommand
Set the command priority in a specified view.command-privilege level level view view
command
Restore the default command level in a
specified view.
undo command-privilegeview view
command
Configuring the Attributes of a Modem
You can use the commands described in Tab le 14 to configure the attributes of a
modem when logging in to the Switch through the modem.
Perform the following configuration in user interface view.
Ta bl e 14 Configure Modem
OperationCommand
Set the interval since the system receives the
RING until CD_UP
Restore the default interval since the system
receives the RING until CD_UP
Configure auto answermodem auto-answer
Configure manual answerundo modem auto-answer
Configure to allow call-inmodem call-in
Configure to bar call-inundo modem call-in
Configure to permit call-in and call-out.modem both
Configure to disable call-in and call-outundo modem both
modem timer answer seconds
undo modem timer answer
Configuring Redirection
The send Command can be used for sending messages between user
interfaces. See
Ta bl e 15.
18CHAPTER 1: SYSTEM ACCESS
Perform the following configuration in user view.
Ta bl e 15 Configure to Send Messages Between User Interfaces
OperationCommand
Configure to send messages between
different user interfaces.
send { all | number | type number }
The auto-execute Command is used to run a command automatically after
you log in. The command is automatically executed when you log in again. See
Ta bl e 16.
This command is usually used to execute the telnet command automatically on a
terminal, which connects the user to a designated device.
Perform the following configuration in user interface view.
Ta bl e 16 Configure Automatic Command Execution
OperationCommand
Configure to automatically run the command auto-execute commandtext
Configure not to automatically run the
command
undo auto-execute command
After applying the auto-execute command, the user interface can no longer be
used to carry out the routine configurations for the local system.
Make sure that you will be able to log in to the system in some other way and
cancel the configuration before you use the auto-execute command and save
the configuration.
Telnet 10.110.100.1 after the user logs in through VTY0 automatically.:
When a user logs on by VTY 0, the system will run telnet 10.110.100.1
automatically.
Displaying and Debugging User Interface
After creating the previous configuration, execute the display command in all
views to display the user interface configuration, and to verify the effect of the
configuration. Execute the free command in user view to clear a specified user
interface.
Ta bl e 17 Display and Debug User Interface
OperationCommand
Clear a specified user interfacefree user-interface [ type ] number
Display the user application information of the
user interface
Display the physical attributes and some
configurations of the user interface
display users [ all ]
display user-interface [ type number ] [
number ] [summary]
See Ta bl e 17.
Command Line Interface19
Command Line
Interface
The Switch 8800 provides a series of configuration commands and command line
interfaces for configuring and managing the Switch 8800. The command line
interface has the following features.
■ Local configuration through the console and AUX ports.
■ Local or remote configuration through Telnet.
■ Remote configuration through a dial-up Modem through the AUX port to log
in to the Switch 8800.
■ Hierarchy command protection to prevent unauthorized users from accessing
the switch.
■ Access to online Help by entering ?.
■ Network test commands, such as Tracert and Ping, for rapid troubleshooting of
the network.
■ Detailed debugging information to help with network troubleshooting.
■ Ability to log in and manage other Switch 8800s directly, using the telnet
command.
■ FTP service for the users to upload and download files.
■ Ability to view previously executed commands.
■ The command line interpreter that searches for a target not fully matching the
keywords. You can enter the whole keyword or part of it, as long as it is unique
and not ambiguous.
Configuring a Command Line Interface is described in the following sections:
■ Command Line View
■ Features and Functions of the Command Line
Command Line ViewThe Switch 8800 provides hierarchy protection for the command lines to prevent
unauthorized users from accessing the switch illegally.
There are four levels of commands:
■ Visit level — involves commands for network diagnosis tools (such as ping and
tracert), command of the switch between different language environments of
user interface (language-mode) and the telnet command. Saving the
configuration file is not allowed on this level of commands.
■ Monitoring level — includes the display command and the debugging
command for system maintenance, service fault diagnosis, and so on. Saving
the configuration file is not allowed on this level of commands.
■ Configuration level — provides service configuration commands, such as the
routing command and commands on each network layer that are used to
provide direct network service to the user.
■ Management level — influences the basic operation of the system and the
system support module which plays a support role for service. Commands at
this level involve file system commands, FTP commands, TFTP commands,
XModem downloading commands, user management commands, and level
setting commands.
20CHAPTER 1: SYSTEM ACCESS
Login users are also classified into four levels that correspond to the four
command levels. After users of different levels log in, they can only use commands
at their own, or lower, levels.
To prevent unauthorized users from illegal intrusion, users are identified when
switching from a lower level to a higher level with the super [ level ] command.
User ID authentication is performed when users at a lower level switch to users at
a higher level. Only when correct password is entered three times, can the user
switch to the higher level. Otherwise, the original user level remains unchanged.
Command views are implemented according to requirements that are related to
one another. For example, after logging in to the Switch 8800, you enter user
view, in which you can only use some basic functions, such as displaying the
operating state and statistics information. In user view, key in system-view to
enter system view, in which you can key in different configuration commands and
enter the corresponding views.
The command line provides the following views:
■ User view
■ System view
■ Ethernet Port view
■ VLAN view
■ VLAN interface view
■ Local-user view
■ User interface view
■ FTP client view
■ PIM view
■ RIP view
■ OSPF view
■ OSPF area view
■ Route policy view
■ Basic ACL view
■ Advanced ACL view
■ Layer-2 ACL view
■ RADIUS server group view
■ ISP domain view
■ BGP view
■ ISIS view
The relation diagram of the views is shown in Figure 13.
Figure 13 Relation Diagram of the Views
Ethernet port view
User interface view
VLAN view
VLAN interface view
User view
System
view
RIP view
OSPF view
Route policy view
OSPF area view
Basic ACL view
Advanced ACL view
Interface-based ACL view
Layer-2 ACL view
FTP client view
Local-user view
PIM view
RADIUS server group view
Command Line Interface21
ACL
IS-IS view
Ta bl e 18 describes the function features of different views.
For all views, use the quit command to return to system view and use the return
command to return to user view.
Ta bl e 18 Function Feature of Command View
Command viewFunctionPromptCommand to enter
User view Show basic infor-
System view Configure system
Ethernet Port viewConfigure Ethernet
VLAN viewConfigure VLAN
VLAN interface view Configure IP interface
mation about
operation and
statistics
parameters
port parameters
parameters
parameters for a
VLAN or a VLAN
aggregation
BGP view
<SW8800>Enter right after
connecting the switch
[SW8800]Key in system-view
in user view
[SW8800-Gigabit
Ethernet1/1/1]
[SW8800-Gigabit
Ethernet1/1/1]
[SW8800Vlan1]
[SW8800-Vlan-in
terface1]
100M Ethernet port
view
Gigabit Ethernet port
view
Enter vlan1 in
System view
Enter interfacevlan-interface 1
in
System view
22CHAPTER 1: SYSTEM ACCESS
Table 18 Function Feature of Command View (continued)
Command viewFunctionPromptCommand to enter
Local-user view Configure local user
parameters
User interface view Configure user
interface parameters
FTP Client viewConfigure FTP Client
[SW8800-useruser1]
Enter local-user
user1 in System view
[SW8800-ui0]Enter user-interface
0 in System view
[ftp]Enter ftp in user view
parameters
PIM viewConfigure PIM
parameters
RIP viewConfigure RIP
parameters
OSPF viewConfigure OSPF
parameters
OSPF area viewConfigure OSPF area
parameters
Route policy viewConfigure route policy
parameters
[SW8800-PIM]Enter pim in System
view
[SW8800-rip]Enter rip in System
view
[SW8800-ospf]Enter ospf in System
view
[SW8800-ospf-0.
0.0.1]
[SW8800-routepolicy]
Enter area 1 in OSPF
view
Enter route-policy
policy1 permitnode
10 in System view
Basic ACL viewDefine the rule of
basic ACL
Advanced ACL viewDefine the rule of
advanced ACL
Layer-2 ACL viewDefine the rule of
layer-2 ACL
RADIUS server group
view
Configure radius
parameters
ISP domain viewConfigure ISP domain
parameters
[SW8800-aclbasic-2000]
[SW8800-acl-adv
-3000]
[SW8800-acllink-4000]
Enter aclnumber
2000 in System view
Enter aclnumber
3000 in System view
Enter aclnumber
4000 in System view
[SW8800-radius-1]Enter radiusscheme
1 in System view
[SW8800-isp-163
.net]
Enter domain
isp-163.net in System
view
Features and Functions
of the Command Line
Tasks for configuring the features and functions of the command line are
described as follows:
■ Online Help
■ Common Command Line Error Messages
■ History Command
■ Editing Features of the Command Line
■ Displaying Features of the Command Line
Online Help
The command line interface provides full and partial online Help modes.
You can get the help information through these online help commands, which are
described as follows.
■ Enter ? in any view to get all the commands in it and corresponding
descriptions.
<SW8800>?
User view commands:
language-mode Specify the language environment
pingPing function
Loading...
+ 326 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.