3COM FAMILY 4210, FAMILY 5500G, FAMILY 5500, FAMILY 4200G User Manual

3Com® Stackable Switch
Family

Advanced Configuration Guide

3Com Switch 5500
3Com Switch 5500G
3Com Switch 4500
3Com Switch 4200G
3Com Switch 4210

www.3Com.com
Part Number: 10016492 Rev. AB
Published: February 2008

3Com Corporation
350 Campus Drive
Marlborough, MA
USA 01752-3064

Copyright © 2006-2008, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any
form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without
written permission from 3Com Corporation.

3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time
without obligation on the part of 3Com Corporation to provide notification of such revision or change.

3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or
expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality,
and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s)
described in this documentation at any time.

If there is any software on removable media described in this documentation, it is furnished under a license agreement
included with the product as a separate document, in the hard copy documentation, or on the removable media in a
directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will
be provided to you.

UNITED STATES GOVERNMENT LEGEND

If you are a United States government agency, then this documentation and the software described herein are provided to
you subject to the following:

All technical data and computer software are commercial in nature and developed solely at private expense. Software is
delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or as a “commercial item”
as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Com’s standard commercial
license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or
FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided
on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.

Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered
in other countries.

3Com and the 3Com logo are registered trademarks of 3Com Corporation.

Cisco is a registered trademark of Cisco Systems, Inc.

Funk RADIUS is a registered trademark of Funk Software, Inc.

Aegis is a registered trademark of Aegis Group PLC.

Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows NT are
registered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of Novell, Inc. UNIX is a
registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd.

IEEE and 802 are registered trademarks of the Institute of Electrical and Electronics Engineers, Inc.

All other company and product names may be trademarks of the respective companies with which they are associated.

ENVIRONMENTAL STATEMENT

It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we are committed
to:

Establishing environmental performance standards that comply with national legislation and regulations.

Conserving energy, materials and natural resources in all operations.

Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards.
Maximizing the recyclable and reusable content of all products.

Ensuring that all products can be recycled, reused and disposed of safely.

Ensuring that all products are labelled according to recognized environmental standards.

Improving our environmental record on a continual basis.

End of Life Statement

3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.

Regulated Materials Statement

3Com products do not contain any hazardous or ozone-depleting material.

CONTENTS

ABOUT THIS GUIDE

Conventions 9
Related Documentation 9
Products Supported by this Document 10

1 LOGIN CONFIGURATION GUIDE

Logging In from the Console Port 13
Logging In Through Telnet 15
Configuring Login Access Control 18

2 VLAN CONFIGURATION GUIDE

Configuring Port-Based VLAN 21
Configuring Protocol-Based VLAN 23

3 IP ADDRESS CONFIGURATION GUIDE

IP Address Configuration Guide 27

4 VOICE VLAN CONFIGURATION GUIDE

Configuring Voice VLAN 29
Precautions 32

5 GVRP CONFIGURATION GUIDE

Configuring GVRP 33

6 PORT BASIC CONFIGURATION GUIDE

Configuring the Basic Functions of an Ethernet Port 39

7 LINK AGGREGATION CONFIGURATION GUIDE

Configuring Link Aggregation 41

8 PORT ISOLATION CONFIGURATION GUIDE

Configuring Port Isolation 45

4 3COM STACKABLE SWITCHES ADVANCED CONFIGURATION GUIDE

9 PORT SECURITY CONFIGURATION GUIDE

Configuring Port Security autolearn Mode 47
Configuring Port Security mac-authentication Mode 48
Configuring Port Security userlogin-withoui Mode 51
Configuring Port Security mac-else-userlogin-secure-ext Mode 55

10 PORT BINDING CONFIGURATION GUIDE

Configuring a Port Binding 59

11 MAC ADDRESS TABLE MANAGEMENT CONFIGURATION GUIDE

MAC Address Table Management 61

12 DLDP CONFIGURATION GUIDE

Configuring DLDP 63

13 AUTO DETECT CONFIGURATION GUIDE

Auto Detect Implementation in Static Routing 67
Auto Detect Implementation in VRRP 69
Auto Detect Implementation in VLAN Interface Backup 72

14 MSTP CONFIGURATION GUIDE

Configuring MSTP 77
Configuring VLAN-VPN Tunneling 80
Configuring RSTP 83
Configuring Digest Snooping and Rapid Transition 88

15 ROUTING CONFIGURATION GUIDE

Configuring Static Routes 93
Configuring RIP 95
Configuring OSPF 98
Configuring OSPF DR Election 102
Configuring a (Totally) Stub Area 106
Configuring a (Totally) NSSA Area 111
Configuring OSPF Route Summarization 117
Configuring OSPF Virtual Link 126
Configuring Routing Policies 128

16 MULTICAST CONFIGURATION GUIDE

Configuring IGMP Snooping 135
Configuring IGMP Snooping Only 138
Configuring Multicast VLAN 142
Configuring PIM-SM plus IGMP plus IGMP Snooping 146
Configuring PIM-DM plus IGMP 155

Configuring Anycast RP Application 159

17 802.1X CONFIGURATION GUIDE

Configuring 802.1x Access Control 165

18 AAA CONFIGURATION GUIDE

Configuring RADIUS Authentication for Telnet Users 169
Configuring Dynamic VLAN Assignment with RADIUS Authentication 171
Configuring Local Authentication for Telnet Users 173
Configuring HWTACACS Authentication for Telnet Users 174
Configuring EAD 176

19 MAC AUTHENTICATION CONFIGURATION GUIDE

Configuring MAC Authentication 179

20 VRRP CONFIGURATION GUIDE

Single VRRP Group Configuration 183
Multiple VRRP Groups Configuration 186
VRRP Interface Tracking 188
VRRP Port Tracking 191

Contents 5

21 DHCP CONFIGURATION GUIDE

DHCP Server Global Address Pool Configuration Guide 195
DHCP Server Interface Address Pool Configuration Guide 198
DHCP Relay Agent Configuration Guide 199
DHCP Snooping Configuration Guide 201
DHCP Accounting Configuration Guide 203
DHCP Client Configuration Guide 205

22 ACL CONFIGURATION GUIDE

Configuring Basic ACLs 207
Configuring Advanced ACLs 208
Configuring Ethernet Frame Header ACLs 209
Configuring User-Defined ACLs 211

23 QOS/QOS PROFILE CONFIGURATION GUIDE

Configuring Traffic Policing and LR 215
Configuring Priority Marking and Queue Scheduling 217
Configuring Traffic Redirection and Traffic Accounting 220
Configuring QoS Profile 222

24 WEB CACHE REDIRECTION CONFIGURATION GUIDE

Configuring Web Cache Redirection 225

6 3COM STACKABLE SWITCHES ADVANCED CONFIGURATION GUIDE

25 MIRRORING CONFIGURATION GUIDE

Local Port Mirroring Configuration 229
Remote Port Mirroring Configuration 231
Traffic Mirroring Configuration 236

26 XRN CONFIGURATION GUIDE

XRN Fabric Configuration 239

27 CLUSTER CONFIGURATION GUIDE

Cluster Configuration 247
Network Management Interface Configuration 251
Cluster Configuration in Real Networking 254

28 POE/POE PROFILE CONFIGURATION GUIDE

PoE Configuration 259
PoE Profile Configuration 261

29 UDP HELPER CONFIGURATION GUIDE

UDP Helper Configuration Guide 265

30 SNMP-RMON CONFIGURATION GUIDE

SNMP Configuration 267
RMON Configuration 269

31 NTP CONFIGURATION GUIDE

NTP Client/Server Mode Configuration 271
NTP Symmetric Peers Mode Configuration 272
NTP Broadcast Mode Configuration 273
NTP Multicast Mode Configuration 275
NTP Client/Server Mode with Authentication Configuration 276

32 SSH CONFIGURATION GUIDE

Configuring the Switch to Act as the SSH Server and Use Password
Authentication 279

Configuring the Switch to Act as the SSH Server and Use RSA Authentication 283
Configuring the Switch to Act as the SSH Client and Use Password

Authentication 290
Configuring the Switch to Act as the SSH Client and Use RSA Authentication 292
Configuring the Switch to Act as the SSH Client and Not to Support First-Time

Authentication 295
Configuring SFTP 300

33 FTP AND TFTP CONFIGURATION GUIDE

Configuring a Switch as FTP Server 305

Contents 7

Configuring a Switch as FTP Client 307
Configuring a Switch as TFTP Client 309

34 INFORMATION CENTER CONFIGURATION GUIDE

Outputting Log Information to a Unix Log Host 311
Outputting Log Information to a Linux Log Host 313
Outputting Log and Trap Information to a Log Host Through the Same Channel 314
Outputting Log Information to the Console 317
Displaying the Time Stamp with the UTC Time Zone 318
Use of the Facility Argument in Log Information Output 319

35 VLAN-VPN CONFIGURATION GUIDE

Configuring VLAN-VPN 321
Configuring BPDU Tunnel 324

36 REMOTE-PING CONFIGURATION GUIDE

Remote-ping Configuration 327

37 DNS CONFIGURATION GUIDE

Static Domain Name Resolution Configuration Guide 329
Dynamic Domain Name Resolution Configuration Guide 330

38 ACCESS MANAGEMENT CONFIGURATION GUIDE

Configuring Access Management 333
Configuring Access Management with Port Isolation 335

8 3COM STACKABLE SWITCHES ADVANCED CONFIGURATION GUIDE

ABOUT THIS GUIDE

Provides advanced configuration examples for the 3Com stackable switches,
which includes the following:

■ 3Com Switch 5500

■ 3Com Switch 5500G

■ 3Com Switch 4500

■ 3Com Switch 4200G

■ 3Com Switch 4210

This guide is intended for Qualified Service personnel who are responsible for
configuring, using, and managing the switches. It assumes a working knowledge
of local area network (LAN) operations and familiarity with communication
protocols that are used to interconnect LANs.

n

Always download the Release Notes for your product from the 3Com World Wide
Web site and check for the latest updates to software and product
documentation:

http://www.3com.com

Conventions Table 1 lists icon conventions that are used throughout this guide.

Tab l e 1 Notice Icons

Icon Notice Type Description

Information note Information that describes important features or

Related Documentation

n

Caution Information that alerts you to potential loss of data

c

Warning Information that alerts you to potential personal

w

The following manuals offer additional information necessary for managing your
Stackable Switch. Consult the documents that apply to the switch model that you
are using.

instructions.

or potential damage to an application, system, or
device.

injury.

■ 3Com Switch Family Command Reference Guides — Provide detailed

descriptions of command line interface (CLI) commands, that you require to
manage your Stackable Switch.

10 ABOUT THIS GUIDE

■ 3Com Switch Family Configuration Guides— Describe how to configure your

Stackable Switch using the supported protocols and CLI commands.

■ 3Com Switch Family Quick Reference Guides — Provide a summary of

command line interface (CLI) commands that are required for you to manage
your Stackable Switch .

■ 3Com Stackable Switch Family Release Notes — Contain the latest information

about your product. If information in this guide differs from information in the
release notes, use the information in the Release Notes.

These documents are available in Adobe Acrobat Reader Portable Document
Format (PDF) on the 3Com World Wide Web site:

http://www.3com.com/

Products Supported by this Document

Tab le 2 Supported Products

Product Orderable

Description

SKU

4210 3CR17331-91 Switch 4210 9-Port
4210 3CR17332-91 Switch 4210 18-Port
4210 3CR17333-91 Switch 4210 26-Port
4210 3CR17334-91 Switch 4210 52-Port
4210 3CR17341-91 Switch 4210 PWR 9-Port
4210 3CR17342-91 Switch 4210 PWR 18-Port
4210 3CR17343-91 Switch 4210 PWR 26-Port
4500 3CR17561-91 Switch 4500 26-Port
4500 3CR17562-91 Switch 4500 50-Port
4500 3CR17571-91 Switch 4500 PWR 26-Port
4500 3CR17572-91 Switch 4500 PWR 50-Port
5500 3CR17161-91 Switch 5500-EI 28-Port
5500 3CR17162-91 Switch 5500-EI 52-Port
5500 3CR17171-91 Switch 5500-EI PWR 28-Port

5500 3CR17172-91 Switch 5500-EI PWR 52-Port
4200G 3CR17660-91 Switch 4200G 12-Port
4200G 3CR17661-91 Switch 4200G 24-Port
4200G 3CR17662-91 Switch 4200G 48-Port
4200G 3CR17671-91 Switch 4200G PWR 24-Port
5500G 3CR17250-91 Switch 5500G-EI 24 Port
5500G 3CR17251-91 Switch 5500G-EI 48-Port
5500G 3CR17252-91 Switch 5500G-EI PWR 24-Port
5500G 3CR17253-91 Switch 5500G-EI PWR 48-Port

Products Supported by this Document 11

12 ABOUT THIS GUIDE

1

PC Switch

RS-232

Configuration cable

Console port

LOGIN CONFIGURATION GUIDE

n

Logging In from the Console Port

Network Diagram

Networking and

Configuration

Requirements

Applicable Products

Unless otherwise specified, all the switches used in the following configuration
examples and configuration procedures are Switch 5500 (release V03.02.04).

You can log in locally from the console port to configure and maintain your switch,
including configuring other login modes. The default login mode on the Switch
5500 is local console login.

Figure 1 Logging in from the console port to configure Telnet login

As shown in Figure 1, use a console cable to connect the serial port of your
PC/terminal to the console port of the switch. Log into the switch from the AUX
user interface on the console port to configure Telnet login. The current user level
is manage level (level 3).

Product series Software version Hardware version

Switch 5500 Release V03.02.04 All versions

Switch 5500G Release V03.02.04 All versions

Switch 4500 Release V03.03.00 All versions

Switch 4210 Release V03.01.00 All versions

Configuration Procedure

■ Configure common attributes for Telnet login

# Set the level of commands accessible to the VTY 0 user to 2.

[3Com] user-interface vty 0
[3Com-ui-vty0] user privilege level 2

# Enable the Telnet service on VTY 0.

[3Com-ui-vty0] protocol inbound telnet

# Set the number of lines that can be viewed on the screen of the VTY 0 user to

30.

[3Com-ui-vty0] screen-length 30

14 CHAPTER 1: LOGIN CONFIGURATION GUIDE

# Set the history command buffer size to 20 for VTY 0.

[3Com-ui-vty0] history-command max-size 20

# Set the idle-timeout time of VTY 0 to 6 minutes.

[3Com-ui-vty0] idle-timeout 6

■ Configure an authentication mode for Telnet login

The following three authentication modes are available for Telnet login: none,
password, and scheme.

The configuration procedures for the three authentication modes are described
below:

1 Configure not to authenticate Telnet users on VTY 0.

[3Com] user-interface vty 0
[3Com-ui-vty0] authentication-mode none

2 Configure password authentication for Telnet login on VTY 0, and set the

password to 123456 in plain text.

[3Com] user-interface vty 0
[3Com-ui-vty0] authentication-mode password
[3Com-ui-vty0] set authentication password simple 123456

3 Configure local authentication in scheme mode for login users.

# Create a local user named guest and enter local user view.

[3Com] local-user guest

# Set the authentication password to 123456 in plain text.

[3Com-luser-guest] password simple 123456

# Set the service type to Telnet and the user level to 2 for the user guest.

[3Com-luser-guest] service-type telnet level 2
[3Com-luser-guest] quit

# Enter VTY 0 user interface view.

[3Com] user-interface vty 0

# Set the authentication mode to scheme for Telnet login on VTY 0.

[3Com-ui-vty0] authentication-mode scheme
[3Com-ui-vty0] quit

# Specify the domain system as the default domain, and configure the domain to
adopt local authentication in scheme mode.

[3Com] domain default enable system
[3Com] domain system
[3Com-isp-system] scheme local

Logging In Through Telnet 15

Complete Configuration ■ Telnet login configuration with the authentication mode being none

user-interface vty 0

authentication-mode none
user privilege level 2
history-command max-size 20
idle-timeout 6 0
screen-length 30
protocol inbound telnet

■ Telnet login configuration with the authentication mode being password

user-interface vty 0

user privilege level 2
set authentication password simple 123456
history-command max-size 20
idle-timeout 6 0
screen-length 30
protocol inbound telnet

■ Telnet login configuration with the authentication mode being scheme

#
domain system
#
local-user guest

password simple 123456
level 3

#
user-interface vty 0

authentication-mode scheme
user privilege level 2
history-command max-size 20
idle-timeout 6 0
screen-length 30
protocol inbound telnet

Precautions None

Logging In Through Te ln et

You can telnet to your switch to manage and maintain it remotely.

16 CHAPTER 1: LOGIN CONFIGURATION GUIDE

Network Diagram Figure 2 Telneting to the switch to configure console login

Ethernet

User PC running Telnet

Ethernet1/0/ 1

Networking and

Configuration

Requirements

Applicable Products

Configuration Procedure

As shown in Figure 2, telnet to the switch to configure console login. The current
user level is manage level (level 3).

Product series Software version Hardware version

Switch 5500 Release V03.02.04 All versions

Switch 5500G Release V03.02.04 All versions

Switch 4500 Release V03.03.00 All versions

Switch 4210 Release V03.01.00 All versions

■ Common configuration for console login

# Specify the level of commands accessible to the AUX 0 user interface to 2.

[3Com] user-interface aux 0
[3Com-ui-aux0] user privilege level 2

# Set the baud rate of the console port to 19200 bps.

[3Com-ui-aux0] speed 19200

# Set the number of lines that can be viewed on the screen of the AUX 0 user to

30.

[3Com-ui-aux0] screen-length 30

# Set the history command buffer size to 20 for AUX 0.

[3Com-ui-aux0] history-command max-size 20

# Set the idle-timeout time of AUX 0 to 6 minutes.

[3Com-ui-aux0] idle-timeout 6

■ Configure the authentication mode for console login

Logging In Through Telnet 17

The following three authentication modes are available for console login: none,
password, and scheme. The configuration procedures for the three authentication
modes are described below:

1 Configure not to authenticate console login users.

[3Com] user-interface aux 0
[3Com-ui-aux0] authentication-mode none

2 Configure password authentication for console login, and set the password to

123456 in plain text.

[3Com] user-interface aux 0
[3Com-ui-aux0] authentication-mode password
[3Com-ui-aux0] set authentication password simple 123456

3 Configure local authentication in scheme mode for console login.

# Create a local user named guest and enter local user view.

[3Com] local-user guest

# Set the authentication password to 123456 in plain text.

[3Com-luser-guest] password simple 123456

# Set the service type to Terminal and the user level to 2 for the user guest.

[3Com-luser-guest] service-type terminal level 2
[3Com-luser-guest] quit

# Enter AUX 0 user interface view.

[3Com] user-interface aux 0

# Set the authentication mode to scheme for console login.

[3Com-ui-aux0] authentication-mode scheme

Complete Configuration ■ Console login configuration with the authentication mode being none

#
user-interface aux 0

user privilege level 2
history-command max-size 20
idle-timeout 6 0
speed 19200
screen-length 30

■ Console login configuration with the authentication mode being password

#
user-interface aux 0

authentication-mode password

user privilege level 2
set authentication password simple 123456
history-command max-size 20
idle-timeout 6 0
speed 19200
screen-length 30

18 CHAPTER 1: LOGIN CONFIGURATION GUIDE

Switch

10.110.100.46
Host A

IP netw ork

Host B

10.110.100.52

■ Console login configuration with the authentication mode being scheme

#
local-user guest

password simple 123456
service-type terminal

level 2
#
user-interface aux 0

authentication-mode scheme

user privilege level 2

history-command max-size 20

idle-timeout 6 0

speed 19200

screen-length 30

Precautions None

Configuring Login Access Control

Network Diagram Figure 3 Network diagram for login access control

Networking and

Configuration

As shown in Figure 3, configure the switch to allow only Telnet/SNMP/WEB users
at 10.110.100.52 and 10.110.100.46 to log in.

Requirements

Applicable Products

Product series Software version Hardware version

Switch 5500 Release V03.02.04 All versions

Switch 5500G Release V03.02.04 All versions

Switch 4500 Release V03.03.00 All versions

Switch 4210 Release V03.01.00 All versions

Configuration Procedure # Create basic ACL 2000 and enter basic ACL view.

[3Com] acl number 2000 match-order config
[3Com-acl-basic-2000]

# Define ACL rules to allow only Telnet/SNMP/WEB users at 10.110.100.52 and

10.110.100.46 to log into the switch.

Configuring Login Access Control 19

[3Com-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[3Com-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[3Com-acl-basic-2000] rule 3 deny source any
[3Com-acl-basic-2000] quit

# Reference ACL 2000 to control Telnet login by source IP address.

[3Com] user-interface vty 0 4
[3Com-ui-vty0-4] acl 2000 inbound

# Reference ACL 2000 to control SNMP login by source IP address.

[3Com] snmp-agent community read aaa acl 2000
[3Com] snmp-agent group v2c groupa acl 2000
[3Com] snmp-agent usm-user v2c usera groupa acl 2000

# Reference ACL 2000 to control WEB login by source IP address.

[3Com] ip http acl 2000

Complete Configuration ■ Configuration for Telnet login control by source IP address

#
acl number 2000

rule 1 permit source 10.110.100.52 0
rule 2 permit source 10.110.100.46 0

rule 3 deny
#
user-interface vty 0 4

acl 2000 inbound

■ Configuration for SNMP login control by source IP address

#
acl number 2000

rule 1 permit source 10.110.100.52 0

rule 2 permit source 10.110.100.46 0

rule 3 deny
#

snmp-agent community read aaa acl 2000

snmp-agent group v2c groupa acl 2000

snmp-agent usm-user v2c usera groupa acl 2000

■ Configuration for WEB login control by source IP address

#

ip http acl 2000
#
acl number 2000

rule 1 permit source 10.110.100.52 0

rule 2 permit source 10.110.100.46 0

rule 3 deny

Precautions None

20 CHAPTER 1: LOGIN CONFIGURATION GUIDE

2

Server

Eth1/0/12Eth1/0/11

Et h1/0 /10

Eth1/0/1 Eth1/0/2

Et h1/0 /3

Server Host

Host

VLAN CONFIGURATION GUIDE

Configuring Port-Based VLAN

Network Diagram

Networking and

Configuration

Requirements

The VLAN technology allows you to divide a broadcast LAN into multiple distinct
broadcast domains, each as a virtual workgroup. Port-based VLAN is the simplest
approach to VLAN implementation. The idea is to assign the ports on a switch to
different VLANs, confining the propagation of the packets received on a port
within the particular VLAN. Thus, separation of broadcast domains and division of
virtual groups are achieved.

Figure 4 Network diagram for port-based VLAN configuration

Switch A and Switch B are connected each to a server and workstation. To
guarantee data security for the servers, you need to isolate the servers from the
workstations by creating VLANs. Allow the devices within a VLAN to communicate
with each other but not directly with the devices in another VLAN.

Applicable Products

Configuration Procedure # Create VLAN 101 on Switch A and add Ethernet 1/0/1 to VLAN 101.

Product series Software version Hardware version

Switch 5500 Release V03.02.04 All versions

Switch 5500G Release V03.02.04 All versions

Switch 4500 Release V03.03.00 All versions

Switch 4210 Release V03.01.00 All versions

[SwitchA] vlan 101
[SwitchA-vlan101] port Ethernet 1/0/1

# Create VLAN 201 on Switch A and add Ethernet 1/0/2 to VLAN 201.

22 CHAPTER 2: VLAN CONFIGURATION GUIDE

[SwitchA-vlan101] quit
[SwitchA] vlan 201
[SwitchA-vlan201] port Ethernet 1/0/2

# Configure Ethernet 1/0/3 of Switch A to be a trunk port and to permit the
packets carrying the tag of VLAN 101 or VLAN 201 to pass through.

[SwitchA-vlan201] quit
[SwitchA] interface Ethernet 1/0/3
[SwitchA-Ethernet1/0/3] port link-type trunk
[SwitchA-Ethernet1/0/3] port trunk permit vlan 101 201

# Create VLAN 101 on Switch B, and add Ethernet 1/0/11 to VLAN 101.

[SwitchB] vlan 101
[SwitchB-vlan101] port Ethernet 1/0/11

# Create VLAN 201 on Switch B, and add Ethernet 1/0/12 to VLAN 201.

[SwitchB-vlan101] quit
[SwitchB] vlan 201
[SwitchB-vlan201] port Ethernet 1/0/12

# Configure Ethernet 1/0/10 of Switch B to be a trunk port and to permit the
packets carrying the tag of VLAN 101 or VLAN 201 to pass through.

[SwitchB-vlan201] quit
[SwitchB] interface Ethernet 1/0/10
[SwitchB-Ethernet1/0/10] port link-type trunk
[SwitchB-Ethernet1/0/10] port trunk permit vlan 101 201

Complete Configuration ■ Configuration on Switch A

#
vlan 101
#
vlan 201
#
interface Ethernet1/0/1

port access vlan 101
#
interface Ethernet1/0/2

port access vlan 201
#
interface Ethernet1/0/3

port link-type trunk

port trunk permit vlan 1 101 201

■ Configuration on Switch B

#
vlan 101
#
vlan 201
#
interface Ethernet1/0/10

port link-type trunk

port trunk permit vlan 1 101 201

Configuring Protocol-Based VLAN 23

IP Host

Eth 1/0/10

Et h1/0 /11 Et h1/0 /12

Workroom

AppleTalk Host

IP Server AppleTalk Server

#
interface Ethernet1/0/11

port access vlan 101
#
interface Ethernet1/0/12

port access vlan 201

Precautions ■ After you assign the servers and the workstations to different VLANs, they

cannot communicate with each other. For them to communicate, you need to
configure a Layer 3 VLAN interface for each of them on the switches.

■ After you telnet to an Ethernet port on a switch to make configuration, do not

remove the port from its current VLAN. Otherwise, your Telnet connection will
be disconnected.

Configuring Protocol-Based VLAN

Network Diagram

Protocol-based VLAN, or protocol VLAN, is another approach to VLAN
implementation other than port-based VLAN. With protocol VLAN, the switch
compares each packet received without a VLAN tag against the protocol templates
based on the encapsulation format and the specified field. If a match is found, the
switch tags the packet with the corresponding VLAN ID. Thus, the switch can
assign packets to a VLAN by protocol.

Figure 5 Network diagram for protocol-based VLAN configuration

Networking and

Configuration

Requirements

Applicable Products

Configure the switch to automatically assign IP packets and Appletalk packets of
the workroom to different VLANs, ensuring that the workstations can
communicate with their respective servers properly.

Product series Software version Hardware version

Switch 5500 Release V03.02.04 All versions

Switch 5500G Release V03.02.04 All versions

Switch 4500 Release V03.03.00 All versions

24 CHAPTER 2: VLAN CONFIGURATION GUIDE

Configuration Procedure # Create VLAN 100 and VLAN 200; add Ethernet 1/0/11 to VLAN 100 and

Ethernet 1/0/12 to VLAN 200.

1 Create VLAN 100 and add Ethernet1/0/11 to VLAN 100.

[3Com] vlan 100
[3Com-vlan100] port Ethernet 1/0/11

2 Create VLAN 200 and add Ethernet 1/0/12 to VLAN 200.

[3Com-vlan100] quit
[3Com] vlan 200
[3Com-vlan200] port Ethernet 1/0/12

# Configure protocol templates and bind them to ports.

3 Create a protocol template for VLAN 200 to carry Appletalk and a protocol

template for VLAN 100 to carry IP.

[3Com-vlan200] protocol-vlan at
[3Com-vlan200] quit
[3Com] vlan 100
[3Com-vlan100] protocol-vlan ip

4 Create a user-defined protocol template for VLAN 100 to carry ARP for IP

communication, assuming that Ethernet_II encapsulation is used.

[3Com-vlan100] protocol-vlan mode ethernetii etype 0806

5 Configure Ethernet 1/0/10 to be a hybrid port and to remove the outer VLAN tag

6 Bind Ethernet 1/0/10 to protocol template 0 and protocol template 1 of VLAN

n

Complete Configuration #

when forwarding packets of VLAN 100 and VLAN 200.

[3Com-vlan100] quit
[3Com] interface Ethernet 1/0/10
[3Com-Ethernet1/0/10] port link-type hybrid
[3Com-Ethernet1/0/10] port hybrid vlan 100 200 untagged

100, and protocol template 0 of VLAN 200.

When configuring a protocol template, you can assign a number to the template.
If you fail to do that, the system automatically assigns the lowest available number
to the template. Thus, in this configuration example, the two protocol templates
for VLAN 100 are automatically numbered 0 and 1, and the protocol template for
VLAN 200 is numbered 0.

[3Com-Ethernet1/0/10] port hybrid protocol-vlan vlan 100 0 to 1
[3Com-Ethernet1/0/10] port hybrid protocol-vlan vlan 200 0

vlan 100

protocol-vlan 0 ip

protocol-vlan 1 mode ethernetii etype 0806
#
vlan 200

protocol-vlan 0 at
#
interface Ethernet1/0/10

port link-type hybrid

port hybrid vlan 1 100 200 untagged

port hybrid protocol-vlan vlan 100 0

port hybrid protocol-vlan vlan 100 1

Configuring Protocol-Based VLAN 25

port hybrid protocol-vlan vlan 200 0
#
interface Ethernet1/0/11

port access vlan 100
#
interface Ethernet1/0/12

port access vlan 200

Precautions Because IP depends on ARP for address resolution in Ethernet, you are

recommended to configure the IP and ARP templates in the same VLAN and
associate them with the same port to prevent communication failure.

Up to five protocol templates can be bound to a port.

26 CHAPTER 2: VLAN CONFIGURATION GUIDE

3

Vlan-int1

172.16.1.1/ 24

172.16.2.1/ 24 sub

172.16.1.0/24

172.16.1.2/24

172.16.2.0/24

172.16. 2.2/24

Host A

Host B

Switch

IP ADDRESS CONFIGURATION GUIDE

IP Address Configuration Guide

Network Diagram

If you want to manage a remote Ethernet switch through network management
or telnet, you need to configure an IP address for the remote switch and ensure
that the local device and the remote switch are reachable to each other.

A 32-bit IP address identifies a host on the Internet. Generally, a VLAN interface on
a switch is configured with one primary and four secondary IP addresses.

Figure 6 Network diagram for IP address configuration

Networking and

Configuration

Requirements

Applicable Products

As shown in the above figure, the port in VLAN 1 on Switch is connected to a LAN
in which hosts belong to two network segments: 172.16.1.0/24 and

172.16.2.0/24. It is required to enable the hosts in the LAN to communicate with
external networks through Switch, and to enable the hosts in the two network
segments to communicate with each other.

Product series Software version Hardware version

Switch 5500 Release V03.02.04 All versions

Switch 5500G Release V03.02.04 All versions

Switch 4500 Release V03.03.00 All versions

28 CHAPTER 3: IP ADDRESS CONFIGURATION GUIDE

Configuration Procedure Assign a primary and secondary IP addresses to VLAN-interface 1 of Switch to

ensure that all the hosts on the LAN can access external networks through Switch.
Set Switch as the gateway on all the hosts of the two network segments to ensure
that they can communicate with each other.

# Assign a primary IP address and a secondary IP address to VLAN-interface 1.

<Switch> system-view
[Switch] interface Vlan-interface 1
[Switch-Vlan-interface1] ip address 172.16.1.1 255.255.255.0
[Switch-Vlan-interface1] ip address 172.16.2.1 255.255.255.0 sub

# Set the gateway address to 172.16.1.1 on the hosts in subnet 172.16.1.0/24,
and to 172.16.2.1 on the hosts in subnet 172.16.2.0/24.

# Ping Host B on Host A to verify the connectivity.

Complete Configuration #

interface Vlan-interface 1

ip address 172.16.1.1 255.255.255.0
ip address 172.16.2.1 255.255.255.0 sub

#

Precautions ■ You can assign at most five IP addresses to an interface, among which one is

the primary IP address and the others are secondary IP addresses. A newly
specified primary IP address overwrites the previous one.

■ The primary and secondary IP addresses of an interface cannot reside on the

same network segment; an IP address of a VLAN interface must not be on the
same network segment as that of a loopback interface on a device.

■ A VLAN interface cannot be configured with a secondary IP address if the

interface has obtained an IP address through BOOTP or DHCP.

4

VOICE VLAN CONFIGURATION GUIDE

Configuring Voice VLAN

Network Diagram

In automatic mode, the switch configured with voice VLAN checks the source
MAC address of each incoming packet against the voice device vendor OUI. If a
match is found, the switch assigns the receiving port to the voice VLAN and tags
the packet with the voice VLAN ID automatically.

When the port joins the voice VLAN, a voice VLAN aging timer starts. If no voice
packets have been received before the timer expires, the port leaves the voice
VLAN.

In manual mode, you need to manually assign a port to or remove the port from
the voice VLAN.

Figure 7 Network diagram for voice VLAN in automatic mode

PC

IP Phone1

(Tag)

000f-e234-1234

Gateway

Eth1/0/1

SwitchA SwitchB

Eth1/0/2

Voice

VoIP Network

Networking and

Configuration

Requirements

Server

IP Phone2

(Untag)

Oui:000f-2200-0000

As shown in Figure 7, PC is connected to Ethernet 1/0/1 of Switch A through IP
phone 1, and IP phone 2 is connected to Ethernet 1/0/2 of Switch A. IP phone 1
sends out voice traffic with the tag of the voice VLAN, while IP phone 2 sends out
voice traffic without any VLAN tag. Configure voice VLAN to satisfy the following
requirements:

■ VLAN 2 functions as the voice VLAN for transmitting voice traffic, and set the

aging time of the voice VLAN to 100 minutes. VLAN 6 transmits user service
data.

■ Ethernet 1/0/1 and Ethernet 1/0/2 can recognize voice traffic automatically.

Service data from PC and voice traffic are assigned to different VLANs and then
transmitted to the server and the voice gateway respectively through Switch B.

30 CHAPTER 4: VOICE VLAN CONFIGURATION GUIDE

■ As the OUI address of IP phone 2 is not in the default voice device vendor OUI

list of the switch, you need to add its OUI address 000f-2200-0000. In addition,
configure its description as IP Phone2.

Applicable Products

Product series Software version Hardware version

Switch 5500 Release V03.02.04 All versions

Switch 5500G Release V03.02.04 All versions

Switch 4500 Release V03.03.00 All versions

Configuration Procedure # Create VLAN 2 and VLAN 6.

<SwitchA> system-view
[SwitchA] vlan 2
[SwitchA-vlan2] quit
[SwitchA] vlan 6
[SwitchA-vlan6] quit

# Set the aging time for the voice VLAN.

[SwitchA] voice vlan aging 100

# Add 000f-2200-0000 to the OUI address list and configure its description as IP
Phone2.

[SwitchA] voice vlan mac-address 000f-2200-0000 mask ffff-ff00-0000
description IP Phone2

# Configure VLAN 2 as the voice VLAN.

[SwitchA] voice vlan 2 enable

# Set the voice VLAN operation mode on Ethernet 1/0/1 to automatic. This step is
optional, because the default operation mode of the voice VLAN is automatic.

[SwitchA] interface Ethernet 1/0/1
[SwitchA-Ethernet1/0/1] voice vlan mode auto

# Configure Ethernet 1/0/1 as a trunk port.

[SwitchA-Ethernet1/0/1] port link-type trunk

# Set VLAN 6 as the default VLAN of Ethernet 1/0/1 and configure Ethernet 1/0/1
to permit the packets of VLAN 6 to pass through. (PC data will be transmitted in
the VLAN.)

n

[SwitchA-Ethernet1/0/1] port trunk pvid vlan 6
[SwitchA-Ethernet1/0/1] port trunk permit vlan 6

# Enable voice VLAN on Ethernet 1/0/1.

[SwitchA-Ethernet1/0/1] voice vlan enable

■ After the configuration above, PC data is automatically assigned to the default

VLAN of Ethernet 1/0/1 (namely the service VLAN) for transmission. When IP